Paris Terrorists Used Burner Phones, Not Encryption, To Evade Detection

An anonymous reader writes from an article on Ars Technica: New details of the Paris attacks carried out last November reveal that it was the consistent use of prepaid burner phones, not encryption, that helped keep the terrorists off the radar of the intelligence services. As an article in The New York Times reports: "the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims." The article goes on to give more details of how some phones were used only very briefly in the hours leading up to the attacks. "Everywhere they went, the attackers left behind their throwaway phones, including in Bobigny, at a villa rented in the name of Ibrahim Abdeslam. When the brigade charged with sweeping the location arrived, it found two unused cellphones still inside their boxes." At another location used by one of the terrorists, the police found dozens of unused burner phones "still in their wrappers." As The New York Times says, one of the most striking aspects of the phones is that not a single e-mail or online chat message from the attackers was found on them. But rather than trying to avoid discovery by using encryption -- which would in itself have drawn attention to their accounts -- they seem to have stopped using the internet as a communication channel altogether, and turned to standard cellular network calls on burner phones.

shocker!

[ideadman]

I'm shocked, shocked I say!

Re:shocker!

[TheCarp]

At BEST they are playing whack a mole with spies.

Spies do NOTHING to address the underlying causes that make choosing to follow terrorist leaders to ones own death looks reasonable. That is the real problem. Have you ever even taken 2 seconds to imagine yourself growing up under the threat of our bombs? Have you ever pondered what its like to live under the boot of a dictator who was installed and supported by foriegn governments, like ours? Have you ever thought about the generations of bad will we purchased with actions like using and protecting men like this: https://en.wikipedia.org/wiki/... ? Or Overthrowing democratically elected presidents in favor of a King (what do you think Sha means)?

There are a lot of points of view in this world from which terrorism looks like a not that insane option, especially if someone promises to pay your family. That isn't their fault; a lot of that is our own fault.

So Let Up On Apple

[JimSadler]

Sadly people in the US tend to picture the terrorists as being ignorant savages and maybe some of them are but they also have some very intelligent and resourceful people who develop methods of attack and avoidance of detection. I would hate to know how many dollars it takes to bag and tag just one terrorist, other than the ones at the lowest levels of their organizations. I suspect it would be millions of dollars for every real terrorist we stop.

Re:So Let Up On Apple

[tnk1]

They are ignorant savages. They're just not consistently ignorant about everything.

An important thing to remember about your adversaries. They may be simplistic philosophically, but that doesn't prevent them from knowing how to use basic operational security measures using technology which has been designed to be easy to use and portable. Especially when trained and veteran terrorists are making terrorism guides available on a plethora of sites created specifically for the purpose of making effective terrorists out of civilians for one big attack.

Terrorist attacks are hard to stop before they go off, particularly if you don't know who might actually execute one. So a first-time terrorist has a huge advantage if they have kept a relatively low profile. Even a person who is known to be radicalized by locals isn't going to come to the attention of a law enforcement agency unless the locals blow them in. And since most "locals" don't want to get involved, or may even be close to the terrorists or their families, they may be very disinclined, hoping that their friend or relative "would never do such a thing."

Re:So Let Up On Apple

[rbrander]

If only it were that cheap.

It costs millions, not to *kill* each of the ISIS soldiers, but simply to confront them at all.

Do the math: about 20,000 ISIS. And the US military complex, which is already getting about $1T from the taxpayers every year (when you add all defense-related costs), was asked to attack them. They explained that for one thousand billion dollars per year, all they can do is sit at home, eat, and train. No fighting is affordable.

The additional bill for attacking ISIS is about $100B per year. For 20,000 men. That's $5M per ISIS member attacked for one year. With luck, a good many of them will be killed but probably barely 10% of them, and having spent $50M each to kill a few thousand...at least 2000 young boys will turn 17 or 18 and sign up with them during the year, leaving you in about the same strategic position.

Probably ISIS can be beaten - they are so little and weak and have so many enemies in the area besides the West. But that's why nothing ever got better in Afghanistan - it cost $100B a year to kill a few thousand Taliban who were easily replaced.

Re:So Let Up On Apple

[sociocapitalist]

They are ignorant savages.

Yeah they're actually often not at all ignorant :
http://www.economist.com/node/...
http://www.slate.com/articles/...

But if we don't spy on everyone 24/7/365

[WillAffleckUW]

But if we don't accept airport scanning which doesn't detect 98 percent of usable devices, and 24/7 information on every citizen which provides zero usable intel on anyone with a World War I level of training in spycraft, how can we all Live In Fear?

Do you want to let the terrorists win?

The terrorists want us to Live In Fear!

So we must all Live In Fear to protect ourselves with useless actions that are not helpful in any way!

Re:But if we don't spy on everyone 24/7/365

[tnk1]

It is hard for the government, who everyone likes to turn to for solutions, to admit that the best solution is to mostly do nothing at all, aside from some common sense actions. It doesn't get people elected. It doesn't get big budget approved.

Ultimately, terrorists are hard to nab, especially radicalized first timers. To actually have a decent success rate requires expenditure or mobilization that costs a significant amount of money.

The government is best when it can dissuade attacks by threatening force or other sanctions. Unfortunately, these people don't care if they die, so it is hard to see what sort of sanction you could come up with, short of executing their families or something else they care about. Even then, these people are so messed up that they would think they are earning martyrdom for their families by getting them killed in such a way.

Of course, that said, the nice thing is that there aren't really that many suicidal bombers out there. They are a force to be reckoned with, but most humans, even radicals, are not *that* radical.

You know how to stop terrorism? Stop talking about it. Terrorist acts won't be stopped, but they will be rendered considerably less effective. Terrorism is useful because it causes fear and overreaction. That overreaction can radicalize people and wear down resistance to their aims. By themselves, the terrorists have killed a few thousand people and blown up a few buildings. That's peanuts in a country of 300 million people, so the only way they become powerful is when the media becomes their force multiplier.

There are thousands of people who die every day in the United States to gun violence due to gang killing, some of that is collateral damage where innocents get killed, so it isn't just "thugs".

We don't walk around really thinking about that too much, and consequently most of us don't live in fear of it unless we live up close to it. And why is that? Because it gets ignored in the media. We fear a once in every so-often elementary school shooting more than we fear something that happens multiple times every day, by organized criminal figures with teams of professional or semi-professional killers on their staff.

The catch is this... terrorists will kill people, but if you keep your measured responses targeted at the most effective programs that are aiming at things like education, outreach, and probably a few targeted teams of intelligence types, you decrease the odds of a terrorism death considerably, and without the rights violations. But it does require us to admit that *we cannot stop terrorists from killing some of us*, but also to understand that your risk of death is higher from just getting in a car to drive to work. You're just as likely to be accidentally killed by an gang war as collateral damage.

 

Re:But if we don't spy on everyone 24/7/365

[WillAffleckUW]

It's not the money, it's where you spend it.

Humint works. Most tech is easily defeated. Interrogation using friendly police methods works. Most stuff you see on TV or in movies doesn't work.

But you're right about the not talking about it part. Their objective is to instill Fear in the population. The problem is that the politicians want to manipulate the media to make it appear they're doing something, even if most of what they're doing is just helping create more Fear.

You're at more risk from a teen driving a car, or second hand cigarette smoke.

Technology only works in other places and only when limited to the useful methods. The key vectors are known, and yet we do absolutely nothing about them.

Re:But if we don't spy on everyone 24/7/365

[rtb61]

The 24/7 spying is not about terrorists, it is all about tracking peaceful political activists, those people who do actively effect political change. Also all potential politicians, union leaders, government officials, anyone who could be potentially extorted at a latter date to empower the espionage/military industrial complex. As for the terrorist seeming to be so smart and effectively neutralising the investigative techniques that are being kept secret from the majority, ever consider that they were being too smart, smarter than in fact they should, smarter than they would be without professional assistance and this professional assistance working with the full knowledge of the investigative techniques being applied. The global espionage/military industrial complex worth trillions desperately needs enemies to fight and we know full well they have been purposefully creating them for decades and this corrupt activity is escalating.

Re:New rule

[ArsenneLupin]

That's basically the rule that France (and various neighbouring countries) put into place since the attacks. You now need to show government issued id to buy a prepaid card. Previously sold cards must be registered now, or will be deactivated.

Doesn't matter

[AlphaBro]

Terrorism is just a scapegoat used to target encryption. The siege will continue unabated.

Re:What the fuck is a burner phone?

[R3d+M3rcury]

...or a phone whose battery gets so hot it starts a fire?

Just in case you're not being facetious, a "burner phone" is a phone that you might only use once or a few times before switching to another one. The idea is that by the time the good guys figure out the number you're using and get a warrant to listen to those calls, you've already switched to a different phone and they have to start the whole process all over again.

Re:New rule

that won't work and france knows it, they just want your data regardless. ordinary french citizens might still buy their phones and services in france and willingly cough-up their info, but you really think terrorists and crooks will? open borders and free travel in europe along with cooperative cellular networks across much of the continent means that the phone and prepaid sim you use in france need not be purchased in france.

Re:New rule

[Schmorgluck]

Too easy to work around. What we need is properly staffed security services. Enough workforce that the investigations can be efficient without throwing due process down the drain. You can't do that with mass surveillance. Almost all attackers in France had been on the radar of French services at some point. They went off the radar because they were considered less threatening, and France didn't have enough people to keep an eye on them while other individuals seemed more dangerous at the time.

DUH!

[Lumpy]

Honestly the leaders of the world are drooling fucking morons.

we are all lucky that terrorists and thieves are as stupid as our leaders and police are. WE have the FBI wasting resources to get Apple to decrypt a phone with NOTHING ON IT for data THEY ALREADY HAVE. No wonder anyone with any brain cells does not trust police in any way. They are utterly incompetent.

Re:DUH!

[rahvin112]

They've never been interested in the what's on the phone because they know nothing is there. Many of the people involved in the investigation have admitted as such. This case was entirely about precedent and remains so. If the FBI can cement a court victory in this case requiring a private company to build something for the FBI then the FBI can request that of any company or person under threat of imprisonment for contempt of court (you can't appeal contempt of court). A win would grant them basically a gold plated weapon to request anything they want in a criminal case. They could compel any company to develop devices or software to let them do things they couldn't normally do.

And this is a perfect test case for the FBI, they've got a known terrorist here, a phone he didn't own and a bunch of dead civilians. They likely couldn't find a more sympathetic case and they know it, that's why they are using it to try to get the golden bullet. The FBI win's and anyone could be pressed into service of the FBI developing things for their use in investigations of any kind.

Re:New rule

[mikael]

The French do try. If you want a pay-as-you-go phone card (Mobicarte), you have to go to the shop and bring your passport or other ID card. They photocopy it, and bind your SIM card to that phone's IMEI.

Of course, you can just go abroad to the UK, go into any airport duty free and buy a pack of SIM cards there with roaming and data services enabled. Some hotels even sell them in vending machines. You used to get laptop PCMCIA cards for laptops that would let you surf the internet using a regular SIM card. These have been replaced with 3G/4G/5G network USB sticks or smartphones.

WE MUST BAN TEH PREPAID PHONES!

[Paco103]

ZOMG, can you imagine the threat? Why, I just returned from the UK, and when I landed there was a vending machine just FULL of SIM cards. I got a phone number and full service without ANY question, and I don't even have any of the terrorist training. I was just, able to buy something normal without ANY background check or inquiry into my plans. When I came back to the US, I saw another machine offering similar things. This is the way the world ends, not with world war 3, but with anonymous, prepaid cell phone service.

Re:New rule

[worf_mo]

that won't work and france knows it, they just want your data regardless. ordinary french citizens might still buy their phones and services in france and willingly cough-up their info[...]

This has been the rule in Italy for many years: want a SIM card, show your passport or ID card, a photocopy of which will be kept with the registration information. All owners of previously bought SIM cards had to provide the required information to their providers or their cards were deactivated. Citizens have not "coughed-up their info willingly", they were forced to do so.

Unfortunately, organized crime, crooks and the shadier parts of society (including some politicians) don't have to play by these rules. They simply submit(ted) somebody else's ID, either with or without their knowledge.

Re:New rule

[igny]

You now also need to show a government issued id when you steal a phone or apply for a fake id.

Re:New rule

[sociocapitalist]

Too easy to work around. What we need is properly staffed security services. Enough workforce that the investigations can be efficient without throwing due process down the drain. You can't do that with mass surveillance. Almost all attackers in France had been on the radar of French services at some point. They went off the radar because they were considered less threatening, and France didn't have enough people to keep an eye on them while other individuals seemed more dangerous at the time.

What we 'need' to do is to wrap up the war in the middle east and build an infrastructure that gives the kids growing up there some hope for a future that compares favorably to blowing one's self up.

And as far as more security...there's plenty of security already in the airports in Europe - including Brussels - and it didn't do jack to stop the attack today.

We need a long term plan not just "more security forces" that aren't effective against people willing to blow themselves up to make a point.

Re:New rule

[JaredOfEuropa]

A Dutch journalist had a genuine Syrian passport made with the image of the Dutch prime minister (under a different name). He paid a couple of hundred dollars, though. Problem is that several groups in Syria have seized machines and supplies used to make these passports, and they are selling them to anyone who wants one. The Belgian authorities reported many so-called refugees with genuine Syrian passports who all had suspiciously similar stories, and upon further questioning admitted to being from Iraq, Morocco and other places.