Slashdot Mirror
Convicted Terrorist Relied On Single-Letter Cipher
Hugh Pickens writes "The Register reports that the majority of the communications between convicted terrorist Rajib Karim and Bangladeshi Islamic activists were encrypted with a system which used Excel transposition tables which they invented themselves. It used a single-letter substitution cipher invented by the ancient Greeks that had been used and described by Julius Caesar in 55BC. Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim rejected the use of a sophisticated code program called 'Mujhaddin Secrets' which implements all the AES candidate cyphers, 'because "kaffirs," or non-believers, know about it so it must be less secure.'"
Remember this kids: always use a proper database for your crap encryption scheme.
http://michaelsmith.id.au
News at 11!
I have been meaning to get around to watching Four Lions for a while.
Required check for any story posted on this date. This one *isn't* an april fools joke - original story is dated March 22 (so not just legit, but a little late too...)
that extremists are usually complete idiots.
I would say that once his emails are being read he's screwed. Either he has AES encrypted files which take a lot of expensive equipment to decrypt (and fail to do so in a reasonable time) resulting in lots of surveillance to catch most of the people involved or he forces some poor graduate to use excel and give away the rest of the 'cell'.
I don’t think once your emails are being intercepted you have much hope of carrying out a terrorist attack anyway.
"BA jihadist relied on Jesus-era encryption"
hahahahahahaha "Jesus-era" hahahahahaha
According to Bruce Schneier, there are two types of cryptography - that which will keep secrets safe from your little sister, and that which will keep secrets safe from your government.
I don't think this counts as either.
Fail.
Why doesn't the gene pool have a life guard?
Security through obscurity at its finest.
ib ib, zpv dbo'u sfbe uijt!
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
No lines!
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
... everyone knows you don't roll your own crypto.
I guess this is further support for the theory that the ignorant have too much confidence in what they think they know.
========
CINC, 4th Penguin Legion
I dread coming to slashdot every year on this date. For several years it was cringe-worthy so the last couple I made it a point to not even bother. Glad I decided to have a look this morning! Always good to start the day with a LOL.
Etsay emthay upway ethay ombbay, Abdulway. Ethay amelcay iesflay atway idnightmay.
If Slashdot were chemistry it would look like this:Cadaverine
"No, dude, seriously. The non-believers know about that one two."
Problem solved.
In this case it works out well for the good-guys, but failure to talk someone else's language is a problem you see a lot in I.T.
Is the person's concern irrelevant? Maybe.
Does the person's irrelevant concern apply equally to their broken system? Maybe.
NSA dude: Eway etgay ignalsay.
TFA says he was an IT employee at British Airways. He was a dumb terrorist but also, a lousy IT professional, thinking that his substitution cypher was better than AES.
As they say: even worse than an idiot, is an idiot with initiative.
moi
Imagine that a significant percentage of ./ is sock-puppets and bots. It's possible.. Posting an otherwise reasonable comment today, or yesterday is a fair indication of your true nature and a bug in your code.
I wonder if anyone informed him that 256-bit AES has about the same number of possible combinations as there are atoms in the universe? Although he probably would have used a password that you could crack with a dictionary attack. These people truly are stuck in ancient times.
You are off your rocker. For one thing the Red Crescent is the Islamic version of the Red Cross.
Many encryption algorithms/protocols were invented by Jews, which obviously would be an anathema to the jihadists.
Monstar L
How about using a one-time pad. It is unbreakable (in a theoretical setting, of course). But better than 40BC tech.
I take my children to see Madonna(..), but I never for once ever thought I was in the same business.Chris Rea.
security through obscurity but never security through religion. Or wait, no, nm yea I have.
Usually, transparency is a good thing. In this case though, wouldn't the smart play have been to let sleeping dogs lie? Karim can't have been the only terrorist to rely on breakable encryption.
Only an hour left here of the 1st. One article appears to be new news the rest make it look good.
Though The Canterbury distro is just terrible
http://www.opensuse.org/
https://www.archlinux.org/
http://www.debian.org/
Can you imagine the holy wars at least 3 different packing systems 4 different kenels and everything from stable to sid all in one distro.
A slightly different application would have made this the strongest encryption ever.
I read this story a few days ago. What strikes me is that I had invented better a encryption scheme when I was 16. See, I had read somewhere that certain letters (such as 'e') show up more times in English than other letters (such as 'x'). I also read that using frequency analysis is one way you can break single letter cipers. So, I did something that I was (was) rather proud of.
I found out the most frequent letters, and instead instead of having single letter ciper, I replaced each one with more than one other character. So, 'e' might have been '6', 'j' and 'q', while 's' in this scheme might have been '3', 'f' and 'o' (or whatever). I was attempting to foil any frequency analysis that someone (who I don't know) might have done on my secret messages.
Only trouble was, the first version of the program had a bug. I think it was underscore was replaced with the wrong character in the decryption phase. Once I caught that though, it was all good.
Of course, a couple of years latter I learnt about PGP and GPG and RSA and all that good stuff. I no longer rely on home-built faulty encryption that requires both parties to have the code to decrypted the message.
Appended to the end of comments you post. The maximum is 120 characters.
Is this the April-fools-day message? If not. It has been proven that terrorists can be as stupid as governments. What a relieve.
So while they're certainly dangerous they're not the world toppling danger they're made out to be. Far more dangerous are the corrupt governments around the world with proper armies, proper weapons and very smart intelligence people.
They'd rather use a cipher created by ancient pagans than one created by a nominally Christian culture (Christianity being allegedly a protected, semi-respected religion under Sharia).
Yeah, one day in undergrad I decided I wanted to make my own polyalphabetic substitution cipher, so I sat down and basically reinvented the Vignere cipher (actually the Gronsfeld cipher, which is identical except that the key is numeric. Also FWIW I was not in a technical major).
This story is made ironic by the fact that the Arabs were responsible for many historic advances in the history of pre-modern cryptography.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
If you believe this story, you are a fucking idiot.
Obvious propaganda.
Anyone interesting enough to be an actual threat is not this dumb. And if the gov had been scaring you about idiots like this before? Maybe you should not listen to the gov so much...
is that the guy who suggested it was 'Anlaki'
There is no cure for stupidity....
The word "Kaffir" is extremely offensive in South Africa where it was once used by whites to refer to blacks. I suggest updating the article to exclude this word to protect you from Julius Malema who vowed to bring down twitter. He might just put his sights on slashdot.
http://www.independent.co.uk/news/world/africa/ill-close-down-twitter-says-ridiculed-anc-youth-league-leader-2125687.html
It pretty much all went downhill for this guy once muslims taught christians about basic concepts like zero and algebra....
Surely his history book covered this in the 'awesomeness of historical Islam' section?
--Q
Some old ciphers can be pretty secure, but for the fact their key space means a computer (and not even a powerful one, your mobile phone is more than a match for colossus these days) can brute force them in a matter of seconds. But in Vietnam POW camps they used a playfair modification called tap code to communicate in the camp without the camp guards ever cracking it, and the security of that is nil, even if they keyed the grids, it only takes a bit of pairwise frequency analysis to solve.
Also FWIW I was not in a technical major
This story is made ironic by the fact that the Arabs were responsible for many historic advances in the history of pre-modern cryptography.
I guess you weren't in a geography major either, since calling a Bangladeshi Arab is... weird.
Abdul to NSA dude: ouyay avehay onay hancecay otay urvivesay. akemay ouryay imetay!
The Arabs weren't. These advances were done by the people conquered by the Arabs. It's an easy mistake to do, but a mistake nonetheless; being invaded by the arabs is actually one of the worst thing that could happen to your country in terms of scientific advance.
wholly owned by the chosen ones murderous media mogality; the bad history channel? bill nye? the depopulation channel includead. eugenics today channel? the tax/kill the poor channel? fake news world wide channels? 1800 god channels? etc.. we must focus, on the images? single digit? that's how many we're supposed to have?
In John Le Carré's A Perfect Spy the Soviet agent gives his British mole recruit a copy of Grimmelshausen's Simplicissimus before he even recruits him. This becomes a limitation because sigint eventually reveals that the communication with the mole has to be based on a single one time cipher. (Le Carré is in a position to know about this stuff.)
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Thank God most terrorists / criminals are this dumb. Otherwise we'd probably all be dead.
If you *want* to talk secretly, describing messages that will end up with you in jail if they are discovered, use something a bit better than a schoolboy cipher. Seriously, I was doing better than that when I was 11/12 and programming.
When I have idle moments, I try to "counter-think" terrorists in order to see what I would do if I were one. Almost all of the things I come up with are less risk, more impact, cheaper and easier than the things that are reported in the news. Thankfully, it seems that terrorists, on average, consist mainly of dumb people who can't do that.
It's like the criminals who break into banks and don't covre their faces. Catching them is actually less fun than letting them do the crime and seeing how they try to get away with it.
This just goes to show how the whole Patriot Act has nothing to do with catching terrorists. They can barely communicate effectively, most of them just set their underwear on fire, and the rest live in far off lands, yet the nanny state is always local, ever present, and ever watchful... give me a break!
The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
I always thought the Excel menu option "terrorist cell" was a bit suspect.
Money for nothing, pix for free
Infidels are the non believers, usually restricted to the Jews and Christians because they are the people of the Book, but they just don't accept Mohammad. Kaffirs are more like pagans, heathens, idolators. Then there are najis, the dirty. Then there are apostates. The ranking is muslim > infidels > kaffirs > najis > apostates.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
a couple of days ago.
Best Slashdot Co
If you are religious you are on the good path to salvation. And being an asshole.... What did you guys expect? There, fixed that for ya.
If we were really smart we would all agree that the encryption method used by Rajib was super sophisticated and it was due some lucky break and a happenstance it was broken. Publicly proving their cryptography is a joke and thus humiliating them would make the switch to PGP or something. It takes a wise man to let his enemies underestimate his mental powers.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
These people truly are stuck in ancient times.
Just as people who measure an algorithm's strength by its keysize.
Book Ciphers are the best and least likely to ever be broken. No one looks twice at a beat up paperback. Get two copies of the same edition, one for you and one for your friend,then every letter is a page-line-letter. Unless you tell an idiot what book you are using the code can never be broken. You could even use an electronic copy of a book and write a quick program to cipher and de-cipher using the text file. Shove the coded message inside of a *.jpeg you receive in some spam and then send it to about 100 people. Only your friend will hunt for the coded message and be able to decode it. This works great until someone starts cutting your fingers off with pruning shears.
And a really clever person in ancient times would give you key sizes in volume, mass, and dimensions. Bits, not so much. ;-)
I didn't think about this being April Fools Day until I browsed to /..
Funny enough is this guy was labelled as "computer Expert"!!! What a joke
that stopped thi
...bumblers are so dangerous that we must give up our liberty in order to be safe from them?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
when it was realized that "Igpay Atinlay" might be incompatible with the Muslim prohibition of pork.
http://xkcd.com/538/
One of my favorite ones...
Gitmo and Gnomeland Security you can thank for the drugs and wrenches...
If this level of genius keeps surfacing I think they'll crack the mysteries of Invisible Ink any day now!
Max Nomad . Bohemian Griot Publishing, LLC . http://www.bgpublishing.com
That and you can't really even call it "encryption". This is a "substitution cipher" isn't it? So it's "encipherment", not "encryption"?
Encrypted messages rely on a translation that is relative to character position in the message, such that the substitution of a given letter at one position is usually not the same as the substitution for that same letter at any other position.
I read in the article that someone said they employed "five levels of encryption". I wonder how that compares with the effectiveness of say, 5 x rot13? ;)
I work for the Department of Redundancy Department.
or if you're french, "pffft!"
--
"It is now safe to switch off your computer."
as another muslim who believes in a slightly modified version of islam. and that same muslim believes you to be an apostate as well. add some "my religion makes it praiseworthy to kill apostates" and you have a nice recipe for centuries of genocide. isn't religion grand?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If you have a secret and they can't break the code, they'll torture you until you break.
What gives me solace regarding the danger posed by extremists (religious or otherwise) is that almost by definition these people are not terribly smart. If you induce yourself to believe some fairy tale about the afterlife, to the point that you are willing to kill people, you cannot be that rational. Of course the government needs to be watching out for these people (since they are dangerous), but I do not believe it takes all the powers that have been given to the government to keep track and arrest these loonies.
www.meneguzzi.eu/felipe
I think in most case any cipher which prevents the adversary from cracking it within the same day is secure enough.
It's a matter of time, not a matter of how secure the cipher is.
If your cipher is uncrackable, or too secure, then the adversary will be guaranteed to torture you when you get captured.
If the cipher is crackable, but takes weeks, months, or years, this might actually be better for your physical security than the unbreakable code.
Basically the more secure the cipher, the greater the probability that you'll be tortured.
The excuse being that they have to break the terrorists because they can't break the code in time to stop the attacks.
"Be sure to drink your Ovaltine"
generally if it's symmetric it's going to be much harder to crack and there are many different ciphers that are very hard or very time consuming to crack. AES is just one of many.
The problem isn't the cipher. If you use AES then you'll be taken to Gitmo or some blacksite and tortured for the rest of your life until you give up the code. Or they'll take you to a psych ward, drug you, torture you, until you go insane and give up every secret.
This could take weeks, months, years or decades, they have trained psychologists, doctors, and professional torturers who enjoy testing new drugs and techniques.
So it's entirely pointless to try to keep secrets from the feds. The point is to keep secrets from Mallory.
Because if they use a one time pad, and get captured, they will be tortured.
Torture is how the one time pad is broken. You drug them, psychologically destroy them, eventually they'll want the pain to stop and they'll give up the key if they have it.
Because if terrorists had a reliable key distribution network, they'd already be an army, not a loosely organized criminal band with minimal transportation infrastructure? One time pads are only as good as your distribution system. And the moment you run out of key bits and reuse them, your system is broken.
But even if they had a key distribution, they'd have no way to protect the keys and no way to protect the brains that know the keys.
Basically the weakness of the one time pad is the physical security of the brains that remember them, and the physical security of the keys. Because physical security is something the US government has a monopoly on, no terrorist group, gang, or mafia is going to be safe using any encryption cipher and that includes one time pads. The terrorists will be tortured brutally, psychologically and physically, one by one, until they break and give up the keys. The base which stores all the keys will be raided, the computer which generates the keys will be stolen, the fact that it's very difficult to create massive numbers of truly random numbers means that more than likely it will be pseudo-random and if the number generator is stolen so are all the keys.
The one time pad is the most secure cipher on paper, in an academic setting, where there are laws, and rules. In war the one time pad does not work unless one has an army of sophistication and skill as the adversary, which means the one time pad is only useful for governments. It's not a cipher which would be useful for terrorists, gang members, etc.
..that these people are still living in the stone age.
Why even make a contentious point as an AC with no evidence? Is it because you realize blatant racism is wrong, and you don't want or can't handle the criticism? Or do you really think you are convincing someone?
(Really, never understood the logic behind "you're a wonderful person, but because you don't believe in $DIETY I must assume your afterlife will be unpleasant". Makes me wonder if "Hell" is really a beach-front resort, filled with all the nice non-Christians...)
I used International Red Cross a standard prop for forced conversion to Christianity as part of a comedy anecdote, as this is an international running joke - explaining why most islamic revolutionaries started in the first place. Red Crescent would not work in this context as they are hardly likely to, by force or control of food stocks, force people to become Christians. They also have a clean record with respect to this internationally. Please re read the post and context and you will get my meaning. Thank you for taking an interest!
The purpose of existence is to make money.
Cubits.
Right. No, your other right. No, the other other right.
... that's why he chose a Cæsar cipher instead.
> Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim rejected the use of a sophisticated code program[...]
I don't think a guy with a job description of "blow yourself up" cares what HQ thinks.
were in the Muslim world in those days ..Thus they were the "America" of the day. ...with all the
Arguably "America" no longer represents scientific thinking and independence now
intelligent design is science movement and God is truth etc etc !!
Zing.
Regarding the ROT 13 story, this was not an active subvert developed by MIA to "confuse, dismay and throw into disarray,” the Islamic Militia who were subjected to food supply control based forced Christian conversion last year by the Red Cross. Please treat this story as true as of this moment. Thank you for your time ...
Missing In Action?
--
No Spin version of ROT13 used.
That would just be sad if this were an actual encrypted message they were sending. It literally took me about 10 seconds before I found the pattern and started decoding, and didn't even require any paper or notes/etc.
LOL!
The purpose of existence is to make money.
I guess the Romans were Muslim.
"This Einstein, which actually gained a little celebrity by ending up on "World's stupidest criminals"" - by hairyfeet (841228) on Friday April 01, @11:28AM (#35688788)
LMAO - Speaking of "Einstein"? Read this (concerns his relation to YOU):
#1 - YOU DON'T EVEN KNOW THE DIFF. BETWEEN "static" and "dynamic" addressed adbanners, shown here (which even BestBuy techies know):
http://it.slashdot.org/comments.pl?sid=2061048&cid=35681060
AND?
---
#2 - LMAO - YOU BLEW IT AGAIN, & on something ELSE even "Best Buy Techies" know, in DNS local client caches needing to be turned off in Windows with relatively "largish" HOSTS files:
http://it.slashdot.org/comments.pl?sid=2061048&cid=35686054
Yes children - this is what "ITT Tech does for you", where "Pwuffesuh HaiwyPheet" here got his "FINE education" (LOL - NOT! (You're proof, living proof, it makes you a FUCKUP))!
OR, do the above links NOT show that much?
EVEN Funnier still??
---
#3 - You've trolled ME before in the past on HOSTS files, and made THAT same "blunder" before in the past:
http://it.slashdot.org/comments.pl?sid=2061048&cid=35686474
And, tons more... like your "math" one!
http://it.slashdot.org/comments.pl?sid=2061048&cid=35667576
From there downwards, you blew it totally, & with someone you stalk, troll, & libel in myself on HOSTS files posts, constantly!
APK
P.S.=> So - DO YOU STILL WANT TO KEEP STALKING, TROLLING, and yes, EVEN LIBELLING ME (as you tried here http://it.slashdot.org/comments.pl?sid=2061048&cid=35667932 and I shot you down cold, with facts here on that note -> http://it.slashdot.org/comments.pl?sid=2061048&cid=35668740 )?
IF so, well - "it's YOUR funeral"... that's also FAR from the 1st time, & you blew it on the SAME damn points as before AND MANY MORE...
The "infamous they" & iirc, EINSTEIN even said:
"Repeating the same thing over & over & expecting different results is insanity" ...
Funniest part is, in that thread above and others you called ME, 'batshit-insane' (and you're no PHD in Psych):
"But if you weren't completely batshit insane" - by hairyfeet (841228) on Thursday March 31, @05:09AM (#35675892)
TELL You what, when you get these items to YOUR name/credit:
---
1.) PHD in Psychiatry
2.) Years-to-decades of professional experience
3.) A license to practice
4.) A formal examination of myself in a profesional psychiatric environs
---
Then, maybe? You'd be credible, & not libelling me like you like to do, which is against the law.
AND?
Keep repeating from your mistakes shown above then some more, & tell us another good one + refer to EINSTEIN above... lol! apk
No, it's the other way around. Believing that the only goal of your life is to please and praise some guy called "The Lord" at any cost, means that you are a horrible person regardless of who "The Lord" is, and if he exists in the first place.
Contrary to the popular belief, there indeed is no God.
No, it's the other way around. Believing that the only goal of your life is to please and praise some guy called "The Lord" at any cost, means that you are a horrible person regardless of who "The Lord" is, and if he exists in the first place.
Let's be fair - there are plenty of very nice people who just happen to believe in $DIETY. I don't think there's a correlation at all between belief and "goodness". The difference (if there is one) is that some people need that belief that someone is watching them, and some don't.
That does not make either of them less dangerous.
Just imagine that someone involved with nuclear weapons had a hallucination of "The Lord" asking him to play Abraham/Isaac shit on few millions of people.
Contrary to the popular belief, there indeed is no God.
The old truism is that anybody can make a code that they can't break themselves.
One is also left to wonder if the old equipment that terrorists use had left him subjected to the dreaded Pentium FDIV bug? Or did he use it as a feature?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."