Slashdot Mirror
Al-Qaeda Used Basic Codes, Calling Cards, Hotmail
jd writes "In startling revelations, convicted terrorist Ali Saleh Kahlah al-Marri admitted that Al Qaeda used public telephones, pre-paid calling cards, search engines and Hotmail. Al-Marri 'used a '10-code' to protect the [phone] numbers — subtracting the actual digits in the phone numbers from 10 to arrive at a coded number.' The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring — which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems. FindLaw has a copy of al-Marri's plea agreement (the tech-related information begins on page 12), and the LA Times has further details on his case."
The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring â" which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems.
No, no I don't know that they have problems. You have presented little to no proof they have problems. So your suggestion is that they not only wiretap the whole US but also break into every e-mail account they suspect of terrorist activity?
Yes, sometimes the simplest precautions can thwart the greatest and most expensive intelligence gathering equipment and teams. You have to live with that. I am not defending their actions to wiretap all or even part of the United States but, please, tell us how they were supposed to know that this was the Hotmail account they wanted to crack without doing anything illegal to get this information. I mean, hindsight is 20/20 but you apparently have some gift so tell us how you would have known which e-mail account to crack into. Boy, it sure must be easy to criticize a case when you know just enough details to make you a genius investigator.
I guess I didn't expect to find the kind of stupidity on the front page of Slashdot complaining that the National Security Agency's civilian e-mail surveillance isn't up to snuff while sneaking in a jab about their phone surveillance being too pervasive.
My work here is dung.
While the rise of Al Qaeda and the need to keep on top of terrorist networks helped put the NSA in the spotlight, the scope of its interception capabilities has expanded regardless of the threat of terrorism. James Bamford's Body of Secrets charts the rise of massive interception in the 1990s and links much of the NSA's activity to economic espionage against foreign businesses, as Clinton wanted to "level the playing field." The NSA was just returning to the happy-go-lucky violation of privacy for the gain of a few that Carter put at bay in the 1970s.
Certainly there's been plenty of ink spilled about how a more serious attempt to stop Al Qaeda would involve greater human intelligence, but the CIA found its clandestine services cut just as the NSA became favoured.
Ok thats it! We need to ban public telephones, pre-paid calling cards, search engines and Hotmail! I have also heard that the terrorist eat food! If we ban all production of food we will starve those bastards to death! Who is with me!
John Carmack fan, browsing at +5 since 1999.
On TV, intelligence agencies can break any code before the commercial break. In real life, it's a little bit different.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
This is not a surprise of any kind to those of us who work in the security field. This is another clear cut case of something that used to be called "crating" (no idea if its called the same thing now), which is basically when you get a bunch of really smart people together, stick them on government payroll, and then don't allow them to talk to anyone outside the crate until all they produce is irrelevant garbage.
Then the government complains that their intelligence is crap. The reason their intelligence is crap is straightforward: They underpay people who aren't qualified to do the job in the first place. I'll never forget the CIA's little career day at my University, many a winter moon ago, when I asked the spook behind the little folding card table how much a job in intelligence paid. 33K to start, he said. I laughed and moved on to the next table, where someone in the private sector was offering 100K for a similar, but much more interesting position that I didn't have to move to Virginia to take.
So the CIA guy went home with half a dozen apple-faced applicants who were only too glad to take a ridiculously tiny salary for their huge amounts of effort, all in the name of protecting the American Way.
So really, what they hired were a bunch of pinheads prone to blind patriotism and the eating of ramen noodles.
And now here we are, everyone they couldn't afford to hire telling them that none of this is any sort of surprise, and them being all kinds of surprised. It'd be funny if it wasn't so pathetic.
SIGINT isn't the right tool for tracking terrorist cells anyway. They don't generate enough signals.
I mean, you can tap and analyze every cable satellite and radio transmission in the world and still be completely oblivious to a small group of people in a basement somewhere.
What's needed is informers, agents and detective work.
because they can't break into a Hotmail account, you know they've got problems
Well, presumably they couldn't break into it because they didn't get a warrant. This is a Good Thing in principle. You don't want the government randomly breaking into e-mail accounts that are "suspect" do you? Then there is always the question of how do you know what e-mail it is? Unless they were subscribing to some terrorist newsletter, how do you distinguish a terrorist from an ordinary person?
Taxation is legalized theft, no more, no less.
If we could just somehow get most everyone in the world addicted to frequently publishing short bursts of information on a public channel, more specifically answers to the "What are you up to?" question ...
Twitter is the NSA's answer to wiretapping allegations. That's why it's able to grow so quickly without a business model.
10: INPUT "WHO ARE THE INFIDELS", A$
20: PRINT "1. DEATH TO ", A$
30: INPUT "ARE THE PEOPLE STILL ENRAGED?", B$
40: IF B$ = "N" or "n" THEN GOTO 10
50: PRINT "2.
60: PRINT "3. Profit!"
70: END
While discussing this exact type of crime with a cop (of sorts) who deals with this stuff day to day, his opinion can be summarised as followed:
- Throw away cell phone sim cards are good
- Throw away cell phones are better (Unique ID)
- Letter writing is safer than using a phone
- Having a conversation is safer than writing a letter
I am paraphrasing him now but he said something like "I would never touch a piece of technology if I didn't want to get court."
PS - Terrorist cells are unique and individual.
It's because terrorists are stupid.
I don't know where this concept came from that this crime had to be high tech.
I know, I know, the initial response from some was that the alleged terrorists weren't smart enough to come up with this and some morons ate that up. Even this past winter I had someone tell me that the terrorist plot was too sophisticated for a non-government entity.
There is nothing surprising about this. Aside from piloting the planes this plan had all the sophistication of a junior high word problem in a mathematics course.
"If Habbib leaves Boston at 7:20 AM and Mohammad leaves Washington D.C. at 7:35 AM what time will they get to The World Trade Center?"
Dedicated Cthulhu Cultist since 4523 BC.
But that's hard...
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
If they just look at the NSA's electric bill they will see that the NSA is primarily focued on detecting signals. You'd expect that any terrorist with half a break would avoid using signals.
There is no technological way to fight terrorism, technology helps the troops in the field but it does not do the job. Humans have to do the job. Just like we cannot expect AI or robots to fight crime. Humans have to do the real work.
Let's see the Al Qaeda inbox a moment:
230 dead as storm batters Europe -- Storm Botnet
Make Money Fast ---- Dave Rhodes
REQUEST FOR URGENT BUSINESS RELATIONSHIP ----- Nigel Soladu
LETS BOMB TWIN TOWERS ---- Osama Bin Laden
Magically grow 3"!!! ---- Miraclgrowz
I AM FORMER MINISTER OF FINANCE FOR BANK OF NIGERIA ---- CLEMET OKON
How did they plan anything like this?
Karma Whoring for Fun and Profit.
al-qaeda-mailing-list@hotmail.com might have given it away.
I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
The dastardly part of all this is that the NSA/CIA may not be allowed to disclose all of their successes. Methods and processes that produce good intelligence have to be protected from public disclosure. For all we know, Hotmail has been cracked and the NSA/CIA made a false disclosure to get the terrorists all happy about their ability to elude the vaunted three-letter agencies. I mean, when the FBI makes an arrest based on an informant, they make sure to bust the informant as well, even making sure to smack him around a little so as to allay his concerns.
It's entirely possible that the intelligence organizations suck, but perhaps they have successes that we would not know about for decades. The "secret killing program" in Iraq sounds like one of those things.
A NYC lawyer blogs. http://www.chuangblog.com/
It's not too hard.
Put a bug in their basement.
``Mebbe Microsoft will finally take a tumble for aiding terrorists.''
Unlikely. Now, maybe if it had been Bittorrent. Or tor.
Please correct me if I got my facts wrong.
SIGINT will never be as good as a man on the ground. Our national intelligence agencies have become scared of taking risks. A satellite doesn't risk capture and torture. After all, there are 89 stars in the CIA wall, and no one wants to add another one during peacetime. But you just can't help think what we could have done if we maintained our aggressiveness with HUMINT during peacetime. A white guy named John Walker Lindh was able to walk into Pakistan and get a face-to-face meeting with Bin Laden after a few months. Now Al Qaeda is all on guard so it's tough to compromise them. But peacetime would have been the best time to break into their organizations, though civil liberty folks might freak out.
A NYC lawyer blogs. http://www.chuangblog.com/
how completely clueless it is. Let's see ...
(1) The NSA doesn't wiretap the US. For all the hysteria, the NSA is only looking at calls crossing the border. Inside the US its FBI, and the Feebies are very jealous of that.
And it certainly doesn't wiretap the whole US, because there's so much ohone traffic and 0.999999 of it is uninteresting.
(2) Could the NSA hack -- could DoJ simply subpoena -- the contents of a hotmail account? You bet ... but which hotmail account? alQaedaDeathtoAmerica@hotmail.com? Or fluffibuni387? Or what?
(3) Now, with prepaid phone cards etc. If I'm getting this, you're saying NSA is bad because they can't get intel from something like a prepaid phone. Now think it through: Achmed al Boomaboom goes into WalMart, and buys condoms, a bag of Fritos, and a prepaid phone. He makes six "busines" calls, talking in code words, calls a hooker, and throws the phone away. How is the NSA supposed to figure out which phone it is, and capture the phone calls, before he pitches the phone.
More to the point, how can they intercept those phone calls without intercepting all calls, or at least all prepaid cell calls?
"...has been based on a false premise."
I think you misspelled 'lie'.
The NSA knows exactly how well SIGINT works against terrorists who use code words, personal ads in newspapers, etc.
The terrorists also know how ineffective the NSA is against such things.
The government selling wiretapping on the basis of catching terrorists is a very transparent lie.
No sig today...
No, but it means spending on people in the field, rather than generating big hi-tech budgets with cool buzz-words, and your own personal fiefdom. Security takes second seat to "oh, shiny." Always has (just look at car designers resistance to incorporating safety features).
You may be onto something.
Have you considered applying for a job at your local government's intelligence agency?
From your keen understanding of codes and cyphers, seems like you may be just the kind of expert they are looking for.
Mit der Dummheit kämpfen Götter selbst vergebens
The FDA will be there shortly to confiscate your unlicensed penicillin.
SIGINT isn't the right tool for tracking terrorist cells anyway. They don't generate enough signals.
Yeah, I think you might be right. I suspect what this really means is that they're incapable of actual, old-style spy-work. Here's what a CIA Near-East operative said:
"The CIA probably doesn't have a single truly qualified Arabic-speaking officer of Middle Eastern background who can play a believable Muslim fundamentalist who would volunteer to spend years of his life with shitty food and no women in the mountains of Afghanistan. For Christ's sake, most case officers live in the suburbs of Virginia. We don't do that kind of thing." A younger case officer boils the problem down even further: "Operations that include diarrhea as a way of life don't happen."
That's from The Atlantic's The Counterterrorist Myth:
http://www.theatlantic.com/doc/200107/gerecht
Pay some unmarried dude 20 million a year to live this shitty life in return for his services and, additionally, pay well some willing prostitues to be shipped in secret CIA planes to have fun with him secretly - call it "operation secret panties". Are there too many religious right-wingers at the CIA for ideas like this to stick?
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
Back last summer, I took a grad school course in Signals Intelligence, and one of the things I had to read was a paper by Matthew Aid titled "All Glory is Fleeting," which was about the use of Sigint prior to 9/11. It was quite a surprising paper, because the one word I would never have thought to use for Al-Qaeda was "incompetent."
But, in fact, in their early years, they were. Up until about 1997 or 1999, their signals discipline was nonexistent. They gave bin Laden a satellite phone (because, frankly, Afghanistan is the worst possible place in the world to try to run an international terrorist "organization" from - I say "organization" because Al-Qaeda doesn't strictly exist as an organization...it is instead a network of networks with very loose ties from one cell to another), and the NSA listened in to every phone call. And, by the way, in these phone calls, the various terrorists talked openly about their operations. So, the NSA passed the information on to the appropriate police force, and terrorist ops went bad, one after the other.
At some point, though, Al-Qaeda clued in to the fact that the satellite phone was being listened to. One story goes that the Washington Post leaked it, and terrorists read the newspapers too. So, the phone went silent, other means of communication were used, and Al-Qaeda ops actually began to work.
Sigint isn't easy to sort through at the best of times, though. You have to first pick out the signal (relevant material) from the noise (irrelevant material and deception), and then figure what the signal actually means. So, if a Saudi under suspicion talks on the phone about going to the United States for a "business meeting," it could mean that he's meeting members of a terrorist cell...or going to an actual business meeting...or he could be cover for somebody else going to the terrorist meeting. Incompetent Al-Qaeda was easy when it came to sorting the signals from the noise - current Al-Qaeda isn't.
Robert B. Marks
Author, Demonsbane in Diablo Archive
El qaeda etc are all fake reasons. They still want to snoop all your internet, wiretap youir phone, log your mobile phone, etc. Call it NWO, Big brother or whatever. The Qaeda reason is just a media buzz-word.
As someone who is interested in some of the Analyst jobs at the CIA what are the civilian equivalents?
Competitive Intelligence. Go to some meetings of SCIP if you get the chance. It's not uncommon for ex-CIA/FBI/etc analysts to end up doing competitive intelligence because the skill sets overlap significantly. Having financial/accounting as well as research skills (think library research) and phone skills are basically pre-requisites.
Most large companies have some sort of competitive intelligence group though they call it various things. IBM, Ernst & Young, Price-Waterhouse, Microsoft, Deloitte, Anheuser-Busch, Boeing, and many more. It's essentially a job writing strategy memos and presentations for company big-wigs. Not a bad gig if you have the interest.
No, no I don't know that they have problems. You have presented little to no proof they have problems. So your suggestion is that they not only wiretap the whole US but also break into every e-mail account they suspect of terrorist activity?
Man do I love it, when people arrogantly just interpret things like they want, and then attack others for the meaning of that interpretation... :\
Your problem seems to be, that you did not notice that there is another option, than just doing global wiretapping or e-mail-account cracking on everybody they "suspect".
What i think GP meant, and what I think is right, is that to work as intended, the NSA should have determined the "terrorists" good enough to get a fully acceptable court-order, which then would give them the right to wiretap/crack anything.
Them not doing so is proof of how fucked up they are.
So GP likely did not mean that they ran into any obstacles, but that they got real problems in their "mind".
But of course we're talking about an organization which rapes the constitution, and a bunch of lazy retards not kicking their asses for doing so. Yay.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Amazon reviews are useless when it comes to getting reliable information. And I say that as the author of 1500 Amazon reviews (generally written for my own pleasure and notetaking). Articles in The Atlantic and, more importantly, the European Parliament's 2001 report on ECHELON suffice to show that Bamford was right more often than he was wrong.
That could have been the solution to a lot of the CIA's problems. I wonder if they would have gotten more info out of suspects had they rendered them off to the Netherlands instead of Syria.
Rule of Slashdot #0: You and people like you are not representative of the larger population. - A.C.
But then again, why confuse the author?
I am very small, utmostly microscopic.
What's needed is informers, agents and detective work.
Maybe the NSA should just start posting on 4chan.
I suspect that's the tip of the iceberg. Accusations that US and UK spying agencies (through the Echelon project) were using their power for commercial espionage really began to flow in the 1990s. The European Parliament made a series of public allegations against the US in early 2000 stating that the NSA had intercepted conversations and data and passed it on to the US Commerce Department for use by American firms resulting "stolen sales". The Boeing V. Airbus that you noted is the most famous of these, but probably as large was AT&T using intercepted communications to get a half-share of an Indonesian trade contract which was initially going to NRC of Japan before the NSA got hold of the confidential details and passed them along. Lawsuits and procedings were actually filed in France, Italy and Belgium. Another instance was Raytheon getting hold of confidential information belonging to Thompson-CSF on a US$1.5bn dollar deal with Brazil for satellite imaging. Raytheon got the contract. Enercon - a German wind generator manufacturer - developed a major refinement on generating electricity. When they tried to patent it in the USA, an American corporation had beaten them to the punch. That's an especially interesting case since there were people inside the NSA that confirmed they'd spied on the German company and passed the necessary details on. Other accusations have been made by such companies as BMW and German security experts pegged costs to German industry at a minimum of US$10bn by just the year 2000.
All this apparently came straight from the top.
It's that sort of behaviour, regarded as betrayal by an ally in the European politicians,
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
It's a shame 4chan wasn't around when bin Laden's phone number was published in court documents
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Taking it a bit further, contrary to the claims of "startling" revelations in the simplicity of Al Quaeda counter intelligence techniques it should be of no surprise. And who in the United States intelligence agencies claimed the NSA was not capable of and did not crack these pathetic techniques?
What I'm sure is only a small percentage of the information available in the September 11 Commission report suggests there were bureaucratic blunders rather than outright intelligence failings.
While a wire tap into every phone connected to a super computer for analysis works wonders in a Bat Man movie, somehow I doubt it would be that simple or that effective in real life. I don't recall anyone in Gotham city speaking Arabic or using code words. And more importantly, how many innocent people would have their rights violated not just by the wiretapping but by further investigation and false accusations, and how often would such activity be used for ulterior political motives?
The fact is the now public knowledge of Al Quaeda intelligence techniques tells us nothing of the NSA's capabilities or how much they really knew prior to September 11th and illegally wire-tapping an entire nation is likely no silver bullet that will prevent future attacks and as history has shown will likely be used for political reasons.
The summary (I did not RTFA), there is no mention of using IRC. Though in one of the channels the other day, Osama was there!
Here's the transcript as I remember it:
#WindowsHelp
IBeenHiding > mi Windoze crashed, hlp!
j89423432 > fu noob, g00gle it!
IBeenHiding >???? need hlp plz!
j89423432 > ha ha ha !!!!
IBeenHiding > shut up! i am da Al-Queda leadr
j89423432 > ????
IBeenHiding > it is me Osama
j89423432 > F U! No you're not!
IBeenHiding > stop it. I am Osama you ass!
j89423432 > ok i believe u
IBeenHiding > thnk u, kneel b4 me!
j89423432 > look behind u
IBeenHiding > ???? is that u
j89423432 > this is da CIA
IBeenHiding > oh shit!
j89423432 > UR dead!
IBeenHiding has left the chat room
Exactly.
How does the author propose we detect whether a 10-digit number is a telephone number, or even that it has been shifted in such a manner? The more sophisticated ciphers seem like they would be easier to detect than 10-coding simply because of the nature of telephone numbers as containing little specific information.
The real question is, how many different permutations of 10-digit telephone numbers in suspect areas exist, and how many of these numbers can be decoded from the simply coded telephone number. We know now that it's ten-coded, but even if we assumed some other numerical shift, or even a digit-dependent shift of some kind, we might still be looking at a huge number of possibilities.
I challenge him or her to answer the following questions about the following ten-digit number:
2213684949
Is it a telephone number?
Is it encoded in some way?
How is it encoded?
How do we know that we have guessed the encoding method correctly?
How can we reverse the decoding?
The people who try to trivialize this sort of work are ignorant, and have little to no training in the fields that they lambast.
And on the subject of pay for a different manner of service, why do we try to attract people qualified to teach Mathematics and Science by raising the bar for the qualifications but keeping the pay at the same level for 10 years?
Because taxpayers want something for nothing.
SRSLY.
I'm really surprised the postings here are all debating whether or not the methods of communication claimed to be used this guy and his colleagues are secure or not, and debates about NSA.
How about questioning if this is what was actually used? Maybe he's just making it up because he's had enough of the conditions he was kept in and will say anything to get away from Guantanamo Bay. I'm not saying he was tortured, but if you put me in a military prison for five years, flew me out to Morocco for some "hard questioning", repeatedly made me feel like you were going to drown me ("waterboarding"[1]), smacked my head against a wall multiple times ("headbanging"[2]) and locked me in a small cage with insects I had a phobia about and told me they might bite me [3] I might well just say anything I thought you wanted me to.
[1]http://www.telegraph.co.uk/news/worldnews/northamerica/usa/5185835/CIA-waterboarded-Khalid-Sheikh-Mohammed-183-times.html
[2] http://online.wsj.com/article_email/SB123975168816518691-lMyQjAxMDI5MzE5NDcxNTQxWj.html
[3] http://www.dailymail.co.uk/news/worldnews/article-1170857/Obama-wont-prosecute-CIA-agents-used-insects-waterboarding-sleep-deprivation-terror-suspects.html
When the Daily Mail, a right wing newspaper, suggests the US military are echoing interrogation techniques used in Orwell's "1984" then I think we have to be a little bit critical about believing the credibility of the information gathered in this manner.
Kamikaze's were not very effective. I thought any 6th grader knew that. Not to mention that previous plane strikes did not bring down the building either.
Here's some homework for you: devise a plan to bring down a skyscraper. Then execute it. I'd really like to know how that goes for you.
Those who can, do. Those who can't, sue.
Ali Saleh Kahlah al-Marri can for all we know just be making it up as he go just to get a leaner sentence. That and the torture hes been put through sure can make wonders for a captives imagination.
Torture is a very crappy way of getting information and just about as reliable now as it was during the spanish inquisition where many people confessed of being wiches, sorcerers and all sorts of funny things. The inquisition was dismantled because it was ineffective, not because it was evil or inhuman.
Barack Obama is a spineless wimp for not prosecuting the hell out of the former administration and instead letting things like this that excuses torture upfront.
HTTP/1.1 400
221368949 is an Irvine California phone number that has had its digits reversed.
Not that I'm aware of it. I recall that Bush claimed we were but I don't remember Congress actually declaring war.