Slashdot Mirror

← Back to Stories (view on slashdot.org)

Convicted Terrorist Relied On Single-Letter Cipher

Posted by timothy on from the was-the-letter-q? dept.

Hugh Pickens writes "The Register reports that the majority of the communications between convicted terrorist Rajib Karim and Bangladeshi Islamic activists were encrypted with a system which used Excel transposition tables which they invented themselves. It used a single-letter substitution cipher invented by the ancient Greeks that had been used and described by Julius Caesar in 55BC. Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim rejected the use of a sophisticated code program called 'Mujhaddin Secrets' which implements all the AES candidate cyphers, 'because "kaffirs," or non-believers, know about it so it must be less secure.'"

35 of 254 comments (clear)

  1. More spreadsheet abuse by MichaelSmith · · Score: 4, Funny

    Remember this kids: always use a proper database for your crap encryption scheme.

    --
    http://michaelsmith.id.au
    1. Re:More spreadsheet abuse by somersault · · Score: 4, Informative

      Actually considering the story on The Register is from March, I'll stick with hilarious.

      --
      which is totally what she said
    2. Re:More spreadsheet abuse by azalin · · Score: 5, Funny

      In related news: "Microsoft provides Terrorists with software to plan attacks"

      Not that a piece of paper could have done the job as well (or probably better given the use of a halfway decent crypto scheme).

    3. Re:More spreadsheet abuse by WWWWolf · · Score: 4, Insightful

      This is pretty damn hilarious. Though also, probably an April Fool's joke.

      Weirder stuff has happened. There already was some Mafia guy who got caught because he was using Caesar cipher. <predictablejoke>And then there was that one Caesar-based encryption scheme in Adobe DRM. I have problems telling these Mafia guys apart.</predictablejoke>

      Still, pretty hilarious. Even ignoring Kerckhoffs's Principle, there's still a big difference between using a cryptosystem the infidels developed, and a cryptosystem the infidels developed and then then abandoned centuries ago because they broke it and Muslim mathematicians no doubt helped cracking it. People who ignore history will only repeat it. This is also a good example of what happens when you play a high-stakes game of "I have a problem - let's throw a little bit of Excel at it to solve it once and for all".

    4. Re:More spreadsheet abuse by Anonymous Coward · · Score: 4, Informative

      Muslim mathematicians no doubt helped cracking it.

      Close. The Ceasar shift was broken before Islam even began. But the improved version known as the Vigenere cipher was broken (after being considered unbreakable for centuries) by the Arabic scientist Al-Kindi in the ninth century A.D.

    5. Re:More spreadsheet abuse by fuzzyfuzzyfungus · · Score: 4, Interesting

      IIRC, they 'layman's historical introduction to cryptoanalysis' type overviews do often mention that more or less the earliest clearly recognizable use of frequency analysis cropped up among islamic scholars working on the problem of separating authentic Muhammad quotations from the assorted non-canon stuff that had crept in, by examining word frequency distributions across different passages...

      The guy is a moron no matter who cracked the cipher, of course, because it doesn't really matter who, just whether somebody did or not(excluding the edge cases of certain comparatively modern ciphers, that might conceivably have been cracked in private).

    6. Re:More spreadsheet abuse by Narpak · · Score: 2

      Or One Time Pads.

      --
      The Long Now Foundation
    7. Re:More spreadsheet abuse by daem0n1x · · Score: 3, Informative

      I'm glad terrorists are even more retarded than the government officials that try to catch them. Makes me feel a lot safer.

    8. Re:More spreadsheet abuse by DrXym · · Score: 4, Funny

      This and Flight Simulator. MS should be on the terrorist watch list.

    9. Re:More spreadsheet abuse by PopeRatzo · · Score: 5, Funny

      But the improved version known as the Vigenere cipher was broken (after being considered unbreakable for centuries) by the Arabic scientist Al-Kindi in the ninth century A.D.

      It is said that upon breaking the Vigenere cipher, Al-Kindi's first comments were, "Death to America!"

      I think that might be an apocryphal story, though.

      --
      You are welcome on my lawn.
    10. Re:More spreadsheet abuse by gl4ss · · Score: 2

      breaking a cipher where characters just get replaced with others can be done by hand quite easily by brute forcing(even if the decoder was a very bad guesser and only had an encyclopedia to help him about which words might be even words).

      it's obvious that he thought that he was a computer guru when in fact he had only basic office computer skills and no engineering thought patterns. he didn't really think that what excel was doing was actually pretty simple. he thought his crazy excel sheet was doing some magic like enigma when it was just being much simpler than that.

      what's more, he hadn't read a single book about crypto history and had not even watched modern marvels cryptography ep. but of course reading that such stuff is already older than the muslim faith might have put a lid on his extremism and a dent to his ego. also, some people have no idea that such information isn't actually a secret in the west while there are a few places in the world where it is a "secret" and "forbidden information" if you got caught by local secret police.

      --
      world was created 5 seconds before this post as it is.
    11. Re:More spreadsheet abuse by fuzzyfuzzyfungus · · Score: 3, Interesting

      Being a terrorist grunt is a sucker's game.

      Being a terrorist leader, on the other hand, is pretty much a combination of the best parts of being a cult leader and being an extreme sports enthusiast: Groupies, adulation, adrenaline, explosions, sponsors, probably more burqa-babes than you admit to in public...

    12. Re:More spreadsheet abuse by StormShaman · · Score: 3, Informative

      Wait, huh? Wikipedia says the Vigenère cipher was created in the 16th century.

  2. which proves once again by brezel · · Score: 3, Insightful

    that extremists are usually complete idiots.

    1. Re:which proves once again by TheP4st · · Score: 2

      Or proves that /. readers don't read the article which were published on 22nd March. ;-)

      --
      "I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
    2. Re:which proves once again by EdZ · · Score: 4, Insightful

      The ones holding the pointy end of the stick, yes. They're generally a bit lacking in cognitive faculties. Unfortunately, the ones handing out the sticks are often pretty clever, and rather ruthless in keeping their scam going.

  3. He was considerate to the tax payer by nzac · · Score: 3, Funny

    I would say that once his emails are being read he's screwed. Either he has AES encrypted files which take a lot of expensive equipment to decrypt (and fail to do so in a reasonable time) resulting in lots of surveillance to catch most of the people involved or he forces some poor graduate to use excel and give away the rest of the 'cell'.
    I don’t think once your emails are being intercepted you have much hope of carrying out a terrorist attack anyway.

  4. Two types of cryptography by Karellen · · Score: 3, Insightful

    According to Bruce Schneier, there are two types of cryptography - that which will keep secrets safe from your little sister, and that which will keep secrets safe from your government.

    I don't think this counts as either.

    Fail.

    --
    Why doesn't the gene pool have a life guard?
    1. Re:Two types of cryptography by zippthorne · · Score: 4, Funny

      in this case, it wasn't even that secure...

      He chose a cipher that millions of people crack every day on their way to work, before moving on the the more difficult crossword puzzle....

      --
      Can you be Even More Awesome?!
    2. Re:Two types of cryptography by namgge · · Score: 5, Insightful

      There are two types of cyptography: one that allows the Government to use brute force to break the code, and one that requires the Government to use brute force to break you.

  5. Silly terrorists... by the_raptor · · Score: 4, Insightful

    ... everyone knows you don't roll your own crypto.

    I guess this is further support for the theory that the ignorant have too much confidence in what they think they know.

    --

    ========
    CINC, 4th Penguin Legion
    1. Re:Silly terrorists... by trifish · · Score: 2

      Shhh. Terrorists should actually keep rolling their own crypto. Many innocent lives will be saved. ;-)

  6. Re:Finally a good one! by iDuck · · Score: 2

    The biggest lol is that it's true.. (see date of original article)

  7. Re:Idiots by ShadowRangerRIT · · Score: 2

    Because if terrorists had a reliable key distribution network, they'd already be an army, not a loosely organized criminal band with minimal transportation infrastructure? One time pads are only as good as your distribution system. And the moment you run out of key bits and reuse them, your system is broken.

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
  8. I had better when I was 16 by no+known+priors · · Score: 3, Interesting

    I read this story a few days ago. What strikes me is that I had invented better a encryption scheme when I was 16. See, I had read somewhere that certain letters (such as 'e') show up more times in English than other letters (such as 'x'). I also read that using frequency analysis is one way you can break single letter cipers. So, I did something that I was (was) rather proud of.

    I found out the most frequent letters, and instead instead of having single letter ciper, I replaced each one with more than one other character. So, 'e' might have been '6', 'j' and 'q', while 's' in this scheme might have been '3', 'f' and 'o' (or whatever). I was attempting to foil any frequency analysis that someone (who I don't know) might have done on my secret messages.

    Only trouble was, the first version of the program had a bug. I think it was underscore was replaced with the wrong character in the decryption phase. Once I caught that though, it was all good.

    Of course, a couple of years latter I learnt about PGP and GPG and RSA and all that good stuff. I no longer rely on home-built faulty encryption that requires both parties to have the code to decrypted the message.

    --
    Appended to the end of comments you post. The maximum is 120 characters.
  9. Ironic given the role of Arabs in history of crypt by langelgjm · · Score: 3, Interesting

    Yeah, one day in undergrad I decided I wanted to make my own polyalphabetic substitution cipher, so I sat down and basically reinvented the Vignere cipher (actually the Gronsfeld cipher, which is identical except that the key is numeric. Also FWIW I was not in a technical major).

    This story is made ironic by the fact that the Arabs were responsible for many historic advances in the history of pre-modern cryptography.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  10. Re:Invented by Jews. by rhook · · Score: 3, Funny

    We should rename encryption "bacon", then they'd never use it.

  11. Just goes to show... by ZDRuX · · Score: 4, Insightful

    This just goes to show how the whole Patriot Act has nothing to do with catching terrorists. They can barely communicate effectively, most of them just set their underwear on fire, and the rest live in far off lands, yet the nanny state is always local, ever present, and ever watchful... give me a break!

    --
    The magical number is: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  12. Excel for Terrorists? by richie2000 · · Score: 3, Funny

    I always thought the Excel menu option "terrorist cell" was a bit suspect.

    --
    Money for nothing, pix for free
  13. Re:Invented by Jews. by SpiralSpirit · · Score: 2

    obviously you don't understand jews. We'd still us it, we'd just feel guilty. Our mothers would bring it up everytime we saw them.

  14. And we are supposed to believe that these... by John+Hasler · · Score: 2

    ...bumblers are so dangerous that we must give up our liberty in order to be safe from them?

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  15. Re:Kaffir != non believers. by 140Mandak262Jamuna · · Score: 4, Insightful
    First principle in any war is "know thy enemy". One must understand the terminology they use and try to understand their world view. That does not mean we agree with them. Often times most effective counterattacks would come from talking their language and their imagery.

    One of my pet peeves, for example. Saudi Arabia does not permit women to drive. Saudi Arabian government has a deficit and it has external debt. Yes it is true. It is so incomprehensible. The oil wealth of Saudi Arabia does not belong to the people of Saudi Arabia. It is considered to be personal wealth of King Saud, and his descendants, about 5000 sheiks and their families. All the rest get some kind of government dole, but pittance compared to what the sheiks are raking in. They have imported some 500,000 drivers from India, Pakistan, Bangladesh and Phillipines (that is in addition to 1.5 million domestic servants).

    You can talk till you are hoarse about why women should be allowed to drive their cars, based on principles of equality, or economic implications. You will not make any progress. You cant reach them. They would shut you out.

    But, if you knew that Mohammad has ordered all Muslim women to be able to ride horses and camels, you could argue that not allowing women to drive cars contradicts the Hadith, so it is un Islamic. Not that you are going to win. They will come back some argument or another. But they won't be able to shut you out. You will enable a few women there to make similar argument, and who knows, ten years from now, they might relax it a little bit and allow women to drive their sick children to hospitals.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  16. They also discarded a voice scrambling system by Doghouse+Riley · · Score: 3, Funny

    when it was realized that "Igpay Atinlay" might be incompatible with the Muslim prohibition of pork.

  17. Re:not really "encryption" by lgw · · Score: 2

    That and you can't really even call it "encryption". This is a "substitution cipher" isn't it? So it's "encipherment", not "encryption"?

    Encrypted messages rely on a translation that is relative to character position in the message, such that the substitution of a given letter at one position is usually not the same as the substitution for that same letter at any other position.

    Not true: AES will encrypt the same block the same way every time with the same key. AES is typically used in such a way that it produces the results you describe, but the block encyption is still "encryption", whether used sensibly or not.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  18. Re:Religious Extremist....... by Alex+Belits · · Score: 2

    No, it's the other way around. Believing that the only goal of your life is to please and praise some guy called "The Lord" at any cost, means that you are a horrible person regardless of who "The Lord" is, and if he exists in the first place.

    --
    Contrary to the popular belief, there indeed is no God.