Slashdot Mirror
Bin Laden's Sneakernet Email System
Hugh Pickens writes "Osama bin Laden was a prolific writer who put together a painstaking email system that thwarted the US government's best eavesdroppers despite having no Internet access in his hideout. Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer, save it using a thumb-sized flash drive that he passed to a trusted courier, who would head for a distant Internet cafe. At that location, the courier would plug the drive into a computer, copy bin Laden's message into an email and send it. Intelligence officials are wading through thousands of the email exchanges after around 100 flash drives were seized from the compound by US Navy Seals."
Why couldn't he just use Tor? Heckuva lot simpler and less vulnerable to betrayal by associates.
Information theory is life. The rest is just the KL divergence.
RFC 1149?
This post may or may not contain cancer causing materials.
How is that painstaking? That's like calling writing a telegram painstaking.
Merely delayed it. A bullet in the head is a bullet in the head.
This post comes with a double-your-money-back guarantee!
Any offense taken to this post is at your sole discretion.
Kind of like mail over UUCP then. (Yes, I am showing my age)
Never email donotemail@WeAreSpammers.com
They called it painstaking because the courier was forced to use hotmail to forward the emails.
I was about to submit this from New Scientist:
Yet he never discovered that flash drives are rewritable...
Totally explains why he took forever to accept FB friend requests.
Yeah, I can see OBL typing on his White MacBook Pro.
Am I eval()? - http://www.monst3r.com.br
Although people seem amazed about this, it's not the first time that this has happened.
Back in '98, I worked on a network where it was against Government regulations to connect it in any way to the Internet, and an 'air gap' was required between the two. I was one of a very small team that wrote a system (using Zip disks for storage) that pulled data from a mail server on our secure network and pushed it to a mail server on the Internet, and vice versa. It had very high latency - people were assigned to do the mail drop only twice a day - but it worked well.
Now, I may not be all in on the IT/Security lingo, but this seems to be over selling it a bit. Or at least giving it a much cooler name than it really is.
All he was doing was saving a text file and then having someone else email it from an internet cafe? I think a 10 year old could come up with this simple scheme. But I guess it was simple and effective.
All I can say is that I am glad he wasn't sophisticated enough to use PGP with a strong passphrase.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
"Hey, are you headed to the Internet cafe? Could you send this for me? I'd love to go myself, but you know, the $25000000 bounty..."
"You ALWAYS use that excuse! 'I'd love to go to the grocery store, but my bounty...I'd love to go to the laundromat, but my bounty...'"
"Oh, and could you print out the latest Digg articles?"
"...fuck it, I'm calling the Americans."
How can I believe you when you tell me what I don't want to hear?
.... trying to be covert on his emails, he was just THAT tired of spam.
Fascism: An authoritarian and nationalistic right-wing system of government and social organization. See also: NAZI's
Gotta love schizophrenics.
There is a war going on for your mind.
courier could have been pasting just PGP armoured blobs. Or maybe he did encrypt buy his password was "infidel".
I can certainly see why there would be the need to disclose personal information about some of the recipients/senders of these email exchanges.
Of course, knowing that Bin Laden is no dummy, you have to wonder if any of them are faked. You know he had plenty of time to plan all kinds of things out.. so why not fake a few of them to stick it to his enemies after he's gone? He had to know that he'd eventually be caught and misinformation can be just as powerful as information.
My beliefs do not require that you agree with them.
Now the TSA will demand to inspect, copy, or seize removable media crossing such vulnerable public infrastructure as airports, train and bus stations, and sidewalks. Schumer and Lieberman will introduce legislation to require 3G transmitters in all thumb drives.
> "thwarted the US government's best eavesdroppers despite having no Internet access in his hideout."
So, here's my question: by having an intermediary go to the internet cafe, Bin Laden could avoid being seen. However, how does this avoid eavesdropping? It seems to me that if they ever find one of Bin Laden's emails (by sniffing packets or by capturing one of his email targets and tracing back his email to the original IP address), then you could get back to the original internet cafe. Depending on the number of internet cafes in the area, you could start monitoring traffic and figure out which guy was sending them. Then, you could follow the guy to see where he went, which would lead you to Bin Laden. Also, if you infect the computers in the local internet cafes with a keylogger, you could get into Bin Laden's email accounts. By using the intermediary, Bin Laden only added a step or two to the whole procedure and avoided being seen in an internet cafe himself. It wasn't some sort of foolproof method for sending emails.
The same could be done if you got a massive botnet out there. send your encrypted payload, it bounces around the world for a while before getting sent. also have random hacked email servers used as incoming points...
"bin.laden@sales.cisco.com" would be used this week, "deathtoamerica@whitehouse.com" for next week, etc......
there are a lot of ways to stay ahead of the feds while being online. The courier setup is a nice old skool setup.. have level 1 couriers hand off to level2, who hands off to level 3 who does the email send and retrieve, and then hands off to courier level 4 who hands to a different level 3 who get's it to level 2., etc.... but people can be followed and tracked because they are not random. you CAN randomize internet traffic if you set up a good botnet and a set of lightly hacked servers.
You can easily hack a server and put something in there that is NOT causing problems but acts as a relay for a S2S comms channel to hand off communication in a round robin or even random way. and if it's small messages like email it could go un-noticed on a server for years.
Kind of like old school hacker tricks we used to use in the 80's and 90's. back to back modems on a timer in office buildings as a data relay point to hide your location. Call into ABC insurance fax line 1 after 2am and the modem answers, send the ATDT command to connect out Zimmer Imports voice line to the next hop... I had some that went undetected for a very long time. In fact I'll bet there are a couple that I personally placed that are still there but inactive because of the phone lines being disconnected..
Do not look at laser with remaining good eye.
It would be a lot easier to wardrive around and log into open wireless access points, or hack into weakly secured ones. Internet cafes in Pakistan could easily have CIA cameras, or at minimum witnesses who could identify you in a photo lineup. I'm pretty sure that the CIA is working with Microsoft to take a closer look at low-usage or short-lived Hotmail accounts opened from Pakistani, Afghani and Yemeni internet cafe IP addresses. That wouldn't even be such a hard thing to do.
Fox news, is that you?
{"responseData": null, "responseDetails": "Don't be evil.", "responseStatus": 406}
How does this matter at all? You GNUkids seriously need to shut the fuck up from time to time.
You can easily hack a server and put something in there that is NOT causing problems but acts as a relay for a S2S comms channel to hand off communication in a round robin or even random way. and if it's small messages like email it could go un-noticed on a server for years.
His method worked for 10 years with none of that work. You have to remember that Bin Laden is not an uber l33t haxxor or anything. The botnet method you describe would involve the inclusion of people unlike the sort he'd normally trust anyways, probably a money trail, intermediaries, etc. All weaknesses. And it's not like they never find people who create and manage botnets as it is. Imagine how fast we'd infiltrate each botnet and catch every operator if they were, "Enemy of the World #1".
From http://en.wikipedia.org/wiki/Sneakernet:
The theoretical capacity of a Boeing 747 filled with Blu-Ray discs is 595,520,000 Gigabits, resulting in a 37,000 Gbit/s flight from New York to Los Angeles.
Have gnu, will travel.
Why? Let's check possible scenarios:
1) They have indeed found loads of data, disks, CDs and DVDs, hundreds of thumb drives and so on. They can now do one of two things:
a) Go through that data and come up with press releases every few days to keep the media interested in this. The news will spread everywhere. Every terrorist who even suspects his name, e-mail adress or similar among this data will now immediately try to cover his tracks, abandon accounts, change his location and generally get away. Rather silly to warn them, isn't it?
b) Keep silent, don't tell anyone about what they've found and try to track down whoever they can find with this silently. That would be clever.
2) They haven't found anything to speak of. Now they can again one of two things:
a) Tell the media and anyone interested they haven't found anything. Terrorists may believe this or not, but they won't be in any hurry to get away. Silly.
b) Despite finding nothing, come up with a media campaign telling all the world they have found a "mother lode" of data and make sure to refresh this lie again and again with made-up stories. The terrorists will now change names, delete accounts, change location, cut communication channels, build new ones, etc. This not only disrupts their organizations, it may also create a certain buzz which makes it easier to catch them. Again, clever idea.
So, what do you think: Have they found a "mother lode of data" or not? I don't think so. Because if they did, they wouldn't tell all the world about that. They would silently analyze that data and act on it. What we're seeing here is a carefully orchestrated campaign as a second choice because they didn't find anything useful.
Schizophrenic? I thought it was bot. Maybe the gp was a schizophrenic bot.
Why would you say that? They're standing tall right along with the rest of the faithful.. They are the seeders.. They deliver the kielbasa
For justice, we must go to Don Corleone
What is the purpose of the Satellite Dish?
http://msnbcmedia.msn.com/j/MSNBC/Components/Photo/_new/pb-110502-osama-compound-5.photoblog900.jpg
Yeah. No Internet. No Phone. No TV.
No truth in the official story.
"Flyin' in just a sweet place,
Never been known to fail..."
What is the purpose of the Satellite Dish?
Looks like an old c-band to me.. Probably to catch the wild feeds of 'Married with Children'... You get a whole week's worth at once without the commercials.. Thank goodness we got 'im before he could blow up Bundy Fountain.
For justice, we must go to Don Corleone
"Osama bin Laden was a prolific writer who put together a painstaking email system that thwarted the US government's best eavesdroppers despite having no Internet access in his hideout" ..
Then why does the Gov need to spy on us all in order to protect us from the terrorists ?
New US bill would require ISPs to retain user info to aid police
For deep security use the drives the professionals use!
Im a young slashdotter, >Government teacher is explaining this story in class >Talks about thumbdrives being walked out of his palace >Instinctively yell out SNEAKER NET!! with a big smile >Whole class looks at me >Dead silence... >Come to slashdot and read the sneaker net headline >*face palm*
news recycled days later from the regular press
Our guy carrying the thumb drive was late. Sorry.
Have gnu, will travel.
Slashdot has always run stories from other sources, I think the book reviews where the first original content that was posted here. Go back and look at old stories, they are third/fourth-hand knowledge almost every time.
Keep it coming baby! Prisoner #416 has always been disruptive and deserves everything he gets!
This little experiment has confirmed the big experiment, and you all are living proof. I really do thank you (mods) for your input. Very very enlightening..
For justice, we must go to Don Corleone
Akin to Password expiration policies, seems like the weakness in Osama's Sneakernet was an overlong cached crednetial (aka courier) that was finally compromised. Would he have had better or worse security if he would have rotated couriers every 90 days with multi-factor authentication (knocks, speech, etc.). Having an old courier (like an old password), seemed a flaw.
Gee fellas, I was wondering when you would get around to 'discovering' that... Waddya find? some TSA guy patting down the kid?
For justice, we must go to Don Corleone
To be fair, it's not clear from the picture that the dish was functional. Who knows what kind of condition the system was in. The house was likely inhabited before Bin Laden was there, and maybe they had used it previously.
Also, the angle of the dish is very low. Satellite dishes point at satellites in geosynchronous orbit, meaning they are organized in a band around the equator. Since Pakistan isn't that far from the equator, it would look at satellites that were more or less overhead. (Yeah, some satellites might appear slightly over the horizon to the east and west.) I just think the fact that the dish is pointed at something like 10 degrees above the horizon might suggest that it's not actually functional.
What is the purpose of the Satellite Dish?
As part of the worldwide conspiracy that includes Obama, the seal team that faked the mission and numerous government bureaucrats who are luckily unable to send an email to wikileaks, let me obfuscate and lie by suggesting this:
If you are hiding for your life and do not want your mansion to stick out, would you invest in a satellite dish, even if you are not going to use it, for fear of surveillance? Maybe even go through the trouble of installling it?
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Some of bin Laden's home videos have already been released. So clearly the US has a collection of his recorded data. Exactly what was captured isn't being disclosed yet, reasonably enough.
All the people bin Laden communicated with directly are probably trying to find places to hide. They would have done that regardless of what stories came out after bin Laden was killed.
There have been reprisals from bin Laden's supporters in the Taliban. They just attacked a group of Pakistani army trainees, killing 80. Dumb move. The result will probably be more Pakistani cooperation with the US.
save it using a thumb-sized flash drive that he passed to a trusted courier
And how were those dozens of couriers coming in and out of his hideout during a ten-or-so year span not detected by the local population/police exactly? Doesn't this mean that he was positively harbored, hidden and protected by the whole local population? Didn't the US and the whole West bomb and invade the shit out of Afghanistan exactly because they were providing "safe harbor to terrorists"? So what are we waiting for exactly?
Oh wait a minute... Pakistan just like North Korea does have nuclear weapons. My bad. Nobody's gonna fuck with them. Iran must be horribly jealous.
Yeah, it's interesting.
But whoever thinks it is great to just leak all this hard won intel ... should be keel hauled.
What valuable intel do you think was leaked? The fact that they raided Bin Laden's compound and killed him is already widely known. Do you think people wouldn't figure out that there may have been some sensitive information there, too?
Bow-ties are cool.
Hopefully we will have a leak system working when somebody finally grows a spine and leaks the documents after they age a little bit.... We won't be alive when they finally release this info otherwise.
Democracy Now! - uncensored, anti-establishment news
You're right! And let's continue to not draw attention by moving into a community that houses the training facility for Pakistan intelligence and has controlled movement on the streets.
"Flyin' in just a sweet place,
Never been known to fail..."
Yeah. That would only make sense if Pakistan was less than 100% behind this whole get-Bin-Laden-thing they totally promised everyone they totally were.
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
Odds are that many of Bin Laden's contacts would assume that their identities are compromised whether there was a single thumb drive involved or an entire building of thumb drives, external hard drives and computers. Stating that a large amount of data was found might scare away those who are on the fringe of the organization.
Of course a "mother lode of data" could simply be a few spread sheets of names and locations. I recall reading that more information was collected during this raid than ten years of more conventional information collecting. That wouldn't take much given how long it took to find him.
The Pentagon has released the home videos of Osama bin Laden, “a collection to horrify and stultify the hardest heart.”
The tapes include bin Laden at Alton Towers with his children in the late 1990s, dealing with several screaming toddlers, shouting that if they did not behave they would be going home right now and there would be no ice cream for anyone and swearing that “this place and all such manifestations of Western decadence shall be scoured from the face of the earth.”
Others include shaky-cam video of bin Laden and family in front of the Twin Towers in New York, in which video he clips one of the kids around the ear for being a brat and swears a similar oath of destruction, and a tediously-narrated clip of one of the children using the potty for the first time.
Middle-aged fathers the world around viewed the clips in tears and came to a new understanding, deep within their hearts, of the forces driving radical jihadism.
The Pentagon hopes to study the films for security information. “Another video shows him watching the tape of the child on the potty,” says a spokesman. “From his face, we suspect the next Al-Qaeda target would have been the Sony factory in Japan.”
A spokesman for Alton Towers noted that, as Satanically cursed ground upon which no joy could grow and which was invulnerable to the slights and arrows of mere pathetic mortals, the amusement park would remain open and operational for this summer and all summers for the foreseeable future. “Muwaaaahahahaha,” he added.
http://rocknerd.co.uk
ISI are stooges of the usual International "intelligence" networks. Calling Porter Goss!
"Flyin' in just a sweet place,
Never been known to fail..."
How could the experiment work if I can't see the results? Did you read the links?
Oh, and thanks for your contribution!
For justice, we must go to Don Corleone
Never attribute to malice that which can be adequately explained by stupidity. Much more likely that they're so enthralled by their discovery that they can't help boasting.
insecurity asks the wrong question irritation gives the wrong answer
Recently went closed source, but is still essentially free. Works with a client-server framework. Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.