Slashdot Mirror
Al-Qaeda Used Basic Codes, Calling Cards, Hotmail
jd writes "In startling revelations, convicted terrorist Ali Saleh Kahlah al-Marri admitted that Al Qaeda used public telephones, pre-paid calling cards, search engines and Hotmail. Al-Marri 'used a '10-code' to protect the [phone] numbers — subtracting the actual digits in the phone numbers from 10 to arrive at a coded number.' The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring — which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems. FindLaw has a copy of al-Marri's plea agreement (the tech-related information begins on page 12), and the LA Times has further details on his case."
The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring â" which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems.
No, no I don't know that they have problems. You have presented little to no proof they have problems. So your suggestion is that they not only wiretap the whole US but also break into every e-mail account they suspect of terrorist activity?
Yes, sometimes the simplest precautions can thwart the greatest and most expensive intelligence gathering equipment and teams. You have to live with that. I am not defending their actions to wiretap all or even part of the United States but, please, tell us how they were supposed to know that this was the Hotmail account they wanted to crack without doing anything illegal to get this information. I mean, hindsight is 20/20 but you apparently have some gift so tell us how you would have known which e-mail account to crack into. Boy, it sure must be easy to criticize a case when you know just enough details to make you a genius investigator.
I guess I didn't expect to find the kind of stupidity on the front page of Slashdot complaining that the National Security Agency's civilian e-mail surveillance isn't up to snuff while sneaking in a jab about their phone surveillance being too pervasive.
My work here is dung.
While the rise of Al Qaeda and the need to keep on top of terrorist networks helped put the NSA in the spotlight, the scope of its interception capabilities has expanded regardless of the threat of terrorism. James Bamford's Body of Secrets charts the rise of massive interception in the 1990s and links much of the NSA's activity to economic espionage against foreign businesses, as Clinton wanted to "level the playing field." The NSA was just returning to the happy-go-lucky violation of privacy for the gain of a few that Carter put at bay in the 1970s.
Certainly there's been plenty of ink spilled about how a more serious attempt to stop Al Qaeda would involve greater human intelligence, but the CIA found its clandestine services cut just as the NSA became favoured.
Ok thats it! We need to ban public telephones, pre-paid calling cards, search engines and Hotmail! I have also heard that the terrorist eat food! If we ban all production of food we will starve those bastards to death! Who is with me!
John Carmack fan, browsing at +5 since 1999.
On TV, intelligence agencies can break any code before the commercial break. In real life, it's a little bit different.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
SIGINT isn't the right tool for tracking terrorist cells anyway. They don't generate enough signals.
I mean, you can tap and analyze every cable satellite and radio transmission in the world and still be completely oblivious to a small group of people in a basement somewhere.
What's needed is informers, agents and detective work.
If we could just somehow get most everyone in the world addicted to frequently publishing short bursts of information on a public channel, more specifically answers to the "What are you up to?" question ...
Twitter is the NSA's answer to wiretapping allegations. That's why it's able to grow so quickly without a business model.
10: INPUT "WHO ARE THE INFIDELS", A$
20: PRINT "1. DEATH TO ", A$
30: INPUT "ARE THE PEOPLE STILL ENRAGED?", B$
40: IF B$ = "N" or "n" THEN GOTO 10
50: PRINT "2.
60: PRINT "3. Profit!"
70: END
I don't know where this concept came from that this crime had to be high tech.
I know, I know, the initial response from some was that the alleged terrorists weren't smart enough to come up with this and some morons ate that up. Even this past winter I had someone tell me that the terrorist plot was too sophisticated for a non-government entity.
There is nothing surprising about this. Aside from piloting the planes this plan had all the sophistication of a junior high word problem in a mathematics course.
"If Habbib leaves Boston at 7:20 AM and Mohammad leaves Washington D.C. at 7:35 AM what time will they get to The World Trade Center?"
Dedicated Cthulhu Cultist since 4523 BC.
But that's hard...
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
If they just look at the NSA's electric bill they will see that the NSA is primarily focued on detecting signals. You'd expect that any terrorist with half a break would avoid using signals.
There is no technological way to fight terrorism, technology helps the troops in the field but it does not do the job. Humans have to do the job. Just like we cannot expect AI or robots to fight crime. Humans have to do the real work.
The dastardly part of all this is that the NSA/CIA may not be allowed to disclose all of their successes. Methods and processes that produce good intelligence have to be protected from public disclosure. For all we know, Hotmail has been cracked and the NSA/CIA made a false disclosure to get the terrorists all happy about their ability to elude the vaunted three-letter agencies. I mean, when the FBI makes an arrest based on an informant, they make sure to bust the informant as well, even making sure to smack him around a little so as to allay his concerns.
It's entirely possible that the intelligence organizations suck, but perhaps they have successes that we would not know about for decades. The "secret killing program" in Iraq sounds like one of those things.
A NYC lawyer blogs. http://www.chuangblog.com/
SIGINT will never be as good as a man on the ground. Our national intelligence agencies have become scared of taking risks. A satellite doesn't risk capture and torture. After all, there are 89 stars in the CIA wall, and no one wants to add another one during peacetime. But you just can't help think what we could have done if we maintained our aggressiveness with HUMINT during peacetime. A white guy named John Walker Lindh was able to walk into Pakistan and get a face-to-face meeting with Bin Laden after a few months. Now Al Qaeda is all on guard so it's tough to compromise them. But peacetime would have been the best time to break into their organizations, though civil liberty folks might freak out.
A NYC lawyer blogs. http://www.chuangblog.com/
What an arrogant way of looking at things. Not everyone is motivated by money you know, and just because someone may have a job that pays great doesn't mean they are somehow smarter than someone who's job don't pay so great. It just means they are more concerned with making a buck than with making a difference. Look at all the highly motivated people in the FOSS community, do you fault them for putting so much effort into open source projects for little to (more commonly) no compensation?
Were you part of the investigation? Did you have any inkling of what could've been done to catch them sooner? If they answer is no then you hardly have any right to criticize them. If the answer is yes then what kept from helping out? Oh wait, it was the money, right?
God, schmod. I want my monkey man!
how completely clueless it is. Let's see ...
(1) The NSA doesn't wiretap the US. For all the hysteria, the NSA is only looking at calls crossing the border. Inside the US its FBI, and the Feebies are very jealous of that.
And it certainly doesn't wiretap the whole US, because there's so much ohone traffic and 0.999999 of it is uninteresting.
(2) Could the NSA hack -- could DoJ simply subpoena -- the contents of a hotmail account? You bet ... but which hotmail account? alQaedaDeathtoAmerica@hotmail.com? Or fluffibuni387? Or what?
(3) Now, with prepaid phone cards etc. If I'm getting this, you're saying NSA is bad because they can't get intel from something like a prepaid phone. Now think it through: Achmed al Boomaboom goes into WalMart, and buys condoms, a bag of Fritos, and a prepaid phone. He makes six "busines" calls, talking in code words, calls a hooker, and throws the phone away. How is the NSA supposed to figure out which phone it is, and capture the phone calls, before he pitches the phone.
More to the point, how can they intercept those phone calls without intercepting all calls, or at least all prepaid cell calls?
"...has been based on a false premise."
I think you misspelled 'lie'.
The NSA knows exactly how well SIGINT works against terrorists who use code words, personal ads in newspapers, etc.
The terrorists also know how ineffective the NSA is against such things.
The government selling wiretapping on the basis of catching terrorists is a very transparent lie.
No sig today...
So, let me understand this - you've never actually worked for the CIA, instead rejecting their offer, yet you know exactly what goes inside the CIA based on the fact that you place money as a higher consideration and rejected their offer?
Not to mention the logical contradictions in your writeup - the applicants/hire cannot both be 'really smart' (as in your first paragraph) and 'pinheads' (third paragraph). I smell stereotyping and more than a little self aggrandizement.
No, but it means spending on people in the field, rather than generating big hi-tech budgets with cool buzz-words, and your own personal fiefdom. Security takes second seat to "oh, shiny." Always has (just look at car designers resistance to incorporating safety features).
You may be onto something.
Have you considered applying for a job at your local government's intelligence agency?
From your keen understanding of codes and cyphers, seems like you may be just the kind of expert they are looking for.
Mit der Dummheit kämpfen Götter selbst vergebens
Were you part of the investigation? Did you have any inkling of what could've been done to catch them sooner? If they answer is no then you hardly have any right to criticize them. If the answer is yes then what kept from helping out? Oh wait, it was the money, right?
Yeah, here's how you catch terrorists: you train intelligence agents in detective work and in the languages you expect your enemies to use. Then you send people to infiltrate the terrorist cells.
But that requires paying humans a living wage to do real, human work! We can't do that! We'll have to rely on SIGINT machines.
The FDA will be there shortly to confiscate your unlicensed penicillin.
By offering low wages, government agencies thin down the pool of potential workers they can draw from. Of course they have a responsibility to spend wisely, and certainly personnel costs will add up to impressive sums, but this is military and intelligence we're talking about. The US government spends quite a lot on equipment. Personnel and hardware are both assets (although one would hope the human assets are considered less expendable than the material ones), why is it OK to spend significant portions of a country's GDP on one type of asset in order to increase security and then skimp on another type of asset?
SIGINT isn't the right tool for tracking terrorist cells anyway. They don't generate enough signals.
Yeah, I think you might be right. I suspect what this really means is that they're incapable of actual, old-style spy-work. Here's what a CIA Near-East operative said:
"The CIA probably doesn't have a single truly qualified Arabic-speaking officer of Middle Eastern background who can play a believable Muslim fundamentalist who would volunteer to spend years of his life with shitty food and no women in the mountains of Afghanistan. For Christ's sake, most case officers live in the suburbs of Virginia. We don't do that kind of thing." A younger case officer boils the problem down even further: "Operations that include diarrhea as a way of life don't happen."
That's from The Atlantic's The Counterterrorist Myth:
http://www.theatlantic.com/doc/200107/gerecht
Pay some unmarried dude 20 million a year to live this shitty life in return for his services and, additionally, pay well some willing prostitues to be shipped in secret CIA planes to have fun with him secretly - call it "operation secret panties". Are there too many religious right-wingers at the CIA for ideas like this to stick?
Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
Speaking as someone who does work in a gov. agency, as part on the IT (no, not the IT you are thinking, it means something else to spooks), money is important. Yes, we get the plenty of folks willing to take lower pay because they feel like they are doing something with a purpose. But, and this is a big but, there are many people who won't or can't take an entry level position. Think about that rock star coder in Silicon Valley who has gotten bored and wants a new challenge? Could she apply for the CIA? Not if she has a mortgage. Can't do it. She might be willing to take a 30% pay cut to do it. It would be a stretch, but she could make her mortgage, but not the 50% that the service requires. This sort of thing might sound trivial. But there are very talented people making this calculus every day.
The other thing to realize is that the salary of an analyst or officer is really a small percentage of the total cost. It costs something like $400K/year to support many of our overseas officers. If we bumped their salary by $50/year you would certainly attract people from a much wider pool. And the cost would be minimal.
Back last summer, I took a grad school course in Signals Intelligence, and one of the things I had to read was a paper by Matthew Aid titled "All Glory is Fleeting," which was about the use of Sigint prior to 9/11. It was quite a surprising paper, because the one word I would never have thought to use for Al-Qaeda was "incompetent."
But, in fact, in their early years, they were. Up until about 1997 or 1999, their signals discipline was nonexistent. They gave bin Laden a satellite phone (because, frankly, Afghanistan is the worst possible place in the world to try to run an international terrorist "organization" from - I say "organization" because Al-Qaeda doesn't strictly exist as an organization...it is instead a network of networks with very loose ties from one cell to another), and the NSA listened in to every phone call. And, by the way, in these phone calls, the various terrorists talked openly about their operations. So, the NSA passed the information on to the appropriate police force, and terrorist ops went bad, one after the other.
At some point, though, Al-Qaeda clued in to the fact that the satellite phone was being listened to. One story goes that the Washington Post leaked it, and terrorists read the newspapers too. So, the phone went silent, other means of communication were used, and Al-Qaeda ops actually began to work.
Sigint isn't easy to sort through at the best of times, though. You have to first pick out the signal (relevant material) from the noise (irrelevant material and deception), and then figure what the signal actually means. So, if a Saudi under suspicion talks on the phone about going to the United States for a "business meeting," it could mean that he's meeting members of a terrorist cell...or going to an actual business meeting...or he could be cover for somebody else going to the terrorist meeting. Incompetent Al-Qaeda was easy when it came to sorting the signals from the noise - current Al-Qaeda isn't.
Robert B. Marks
Author, Demonsbane in Diablo Archive
Amazon reviews are useless when it comes to getting reliable information. And I say that as the author of 1500 Amazon reviews (generally written for my own pleasure and notetaking). Articles in The Atlantic and, more importantly, the European Parliament's 2001 report on ECHELON suffice to show that Bamford was right more often than he was wrong.
I suspect that's the tip of the iceberg. Accusations that US and UK spying agencies (through the Echelon project) were using their power for commercial espionage really began to flow in the 1990s. The European Parliament made a series of public allegations against the US in early 2000 stating that the NSA had intercepted conversations and data and passed it on to the US Commerce Department for use by American firms resulting "stolen sales". The Boeing V. Airbus that you noted is the most famous of these, but probably as large was AT&T using intercepted communications to get a half-share of an Indonesian trade contract which was initially going to NRC of Japan before the NSA got hold of the confidential details and passed them along. Lawsuits and procedings were actually filed in France, Italy and Belgium. Another instance was Raytheon getting hold of confidential information belonging to Thompson-CSF on a US$1.5bn dollar deal with Brazil for satellite imaging. Raytheon got the contract. Enercon - a German wind generator manufacturer - developed a major refinement on generating electricity. When they tried to patent it in the USA, an American corporation had beaten them to the punch. That's an especially interesting case since there were people inside the NSA that confirmed they'd spied on the German company and passed the necessary details on. Other accusations have been made by such companies as BMW and German security experts pegged costs to German industry at a minimum of US$10bn by just the year 2000.
All this apparently came straight from the top.
It's that sort of behaviour, regarded as betrayal by an ally in the European politicians,
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
It's a shame 4chan wasn't around when bin Laden's phone number was published in court documents
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Exactly.
How does the author propose we detect whether a 10-digit number is a telephone number, or even that it has been shifted in such a manner? The more sophisticated ciphers seem like they would be easier to detect than 10-coding simply because of the nature of telephone numbers as containing little specific information.
The real question is, how many different permutations of 10-digit telephone numbers in suspect areas exist, and how many of these numbers can be decoded from the simply coded telephone number. We know now that it's ten-coded, but even if we assumed some other numerical shift, or even a digit-dependent shift of some kind, we might still be looking at a huge number of possibilities.
I challenge him or her to answer the following questions about the following ten-digit number:
2213684949
Is it a telephone number?
Is it encoded in some way?
How is it encoded?
How do we know that we have guessed the encoding method correctly?
How can we reverse the decoding?
The people who try to trivialize this sort of work are ignorant, and have little to no training in the fields that they lambast.
And on the subject of pay for a different manner of service, why do we try to attract people qualified to teach Mathematics and Science by raising the bar for the qualifications but keeping the pay at the same level for 10 years?
Because taxpayers want something for nothing.
SRSLY.