Passive E-Mail Monitoring Leads To Arrest

www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"

Orleans Is Ottawa

[Anonymous Coward]

Orleans is part of the city of Ottawa- they almalgamated in Jan. 2000, but it's still not part of the postal system yet.

It's been a huge blow up about the man being arrested- apparently they took one of his brothers out of school (Ottawa U) to question him, and brought in the entire family for questioning on a raid. It's kind of a touchy subject around here right now.

Before putting on your tinfoil hat...

[dmoore]

I know this story is probably going to get a lot of people riled up. However, it is still my understanding that the NSA goes to great pains to avoid intercepting any communication that comes from a U.S. citizen. They are strictly prohibited from doing so.

If you are a U.S. citizen, your main privacy concerns should be with the FBI and the DoJ with their powers granted by the Patriot Act.

Echelon

[Anonymous Coward]

OK, everybody should look up Echelon and read about it. This comes as no surprise to anyone who has heard of it.

Also, the Canadian agency responsible for signals intelligence (equivalent to the NSA) called the "Canadian Security Establishment" is known to be a participant in Echelon collection.

You are being watched.

Re:Orleans

[thekiddd]

Once you are on the ST. REGIS MOHAWK RESERVATION, Canadian or American side you are home free, there is no boarder checks because it is a sovereign nation. And cheep cigarettes.

Re:Sigh

[hazem]

Actually... it has apparently been declassified:

From http://www.interesting-people.org/archives/interes ting-people/200110/msg00157.html [interesting-people.org]

Out of curiosity I went hunting for info on the United States Signals
Intelligence Directives (USSIDs) I had to be aware of in a former line of work.

Much to my surprise, USSID 18, which outlines procedures for the NSA's
collection of data on "U.S. persons" was declassified just over a year ago.

I thought the document might be of interest to IPers, especially at this time.

An introduction, and links to the archives can be found at:

http://cipherwar.com/news/00/nsa_surveillance.htm

(From the site above:)

In the aftermath of revelations in the 1970s about NSA interception of the
communications of anti-war and other political activists new procedures
were established governing the interception of communications involving
Americans. The version of USSID 18 currently in force was issued in July
1993 and "prescribes policies and procedures and assigns responsibilities
to ensure that the missions and functions of the United States SIGINT
System (USSS) are conducted in a manner that safeguards the constitutional
rights of U.S. persons."

(And a bit from USSID 18, itself - any errors in transcription are my fault:)

SECTION 1 - PREFACE

1.1. (U) The Fourth Amendment ot the Unites States Constitution protects
all U.S. persons anywhere in the world and all persons within the United
States from unreasonable searches and seizures by any person or agency
acting on behalf of the U.S. Government. The Supreme Court has ruled that
the interception of electronic communications is a search and seizure
within the meaning of the Fourth Amendment. It is therefore mandatory that
signals intelligence (SIGINT) operations be conducted pursuant to
procedures which meet the reasonableness requirements of the fourth
amendment.

1.2. (U) In determining whether United States SIGING System (USSS)
operations are "reasonable," it is necessary to balance the U.S.
Government's need for foreign intelligence information and the privacy
interests of persons protected by the Fourth Amendment. Striking that
balance has consumed much time and effort by all branches of the United
States Government. The results of that effort are reflected in the
references listed in Section 2 below. Together, these references require
the minimization of U.S. person information collected, processed, retained
or disseminated by the USSS. The purpose of this document is to implement
these minimization requirements.

1.3. (U) Several themes run throughout this USSID. The most important is
that intelligence operation and the protection of constitutional rights are
not incompatible. It is not necessary to deny legitimate foreign
intelligence collection or suppress legitimate foreign intelligence
information to protect the Fourth Amendment rights of U.S. Persons.

1.4. (U) Finally, these minimization procedures implement the
constitutional principle of "reasonableness" by giving different categories
of individuals and entities different levels of protection. These levels
range from the stringent protection accorded U.S. citizens and permanent
resident aliens in the United States to provisions relating to foreign
diplomats in the U.S. These differences reflect yet another main theme of
these procedures, that is, that the focus of all foreign intelligence
operation is on foreign entities and persons.

Re:Somebody forgot to use encryption!

[javatips]

With the state of current encryption systems, it is very unlikely... The best approach to break encryption is by breaking the weakest link in the protocol, not the encryption algorithm.

Once they suspect illegal activities and start an investigation, there is a lot of way to access the plain text without having to break the encryption algorithm. One easy way, is to break into the target computer and install a key logger. This requires a lot less efforts.

Note that to suspect illegal activities, they can just do some traffic analysis. If they find some pattern (an e-mail is sent from A in CA to B in the UK, then shortly after another e-mail is sent from B in the UK to C in Pakistan, then you have the same path in reverse and the pattern repeat a lot) that trigger their alert, they will monitor A, B and C a little more closely and dig a little deeper to see if it looks suspucious enough for an investigation. Then they start to do active spying and they build their case.

The passive monitoring in that case does not requires an breaking of encryption... it does not even requires to know the plaintext (if the traffic is encrypted).

Re:Yeah right...

[imsabbel]

Make it a few billion years and you are right on the spot.
Remember: Rc64 needed over 2 YEARS on 200k+ pcs.
128 bit needs 2^64 as much time. Even with asics, future technology and a billion$ budget you cant brute force it.

Algorithm weaknes is another matter, but the general algorithms are open, and hundreds of mathmematicans have scanned them for years and havend found any (of course those with errors are no longer in use).

Re:Quick

[einnor]

I've often wondered just how fast their turn-around time was once you started using words like Great Satan, infidels, chemical, Bin LaCARRIER LOST

That's why emacs has the "M-x spook" command. It prints out a string of phrases likely for the NSA to be searching for. The idea is to put it into all the emails you send. Increases the noise ratio for email-sniffers. Of course, you wouldn't wanna use it if you really were a terrorist.

Re:Nice to hear

[MORTAR_COMBAT!]

there was a research project which apparently was successful in reading some unspoken thoughts, by "listening" to the nerve synapses near the vocal chords.

I've met jackasses like that

[sbma44]

Just go out on the town and keep an eye out for drunk, oily-looking guys wearing thinkgeek gear trying to use techspeak to pick up girls. The last one I ran into tried to pick up my girlfriend with the line "this may shock you, but I.... am a hacker" -- no joking. I introduced myself and eventually he explained to me at great length (and in greatly slurred speech) how he could take down the internet if he wanted. You just have to send fragmented packets to "the root server", apparently. Wonder why no one thought of that before, huh?

Pay these guys no mind. They don't understand the failsafes involved that take care of their kind quite handily. They see an exploit that works on desktops and assume it can be applied to spy satellites. My guess is he's got a few dozen zombie machines and thinks he can SYN flood some telecom satellite with an IP from a chinese block.

These people are idiots. Don't encourage them.

Mathematics is generally no guarantee.

[expro]

There are in many key types, such as RSA which relies on prime number factoring difficulties, where there is no published proof on how hard it has to be to crack the keys, (and no proof on how hard it has to be to find a previously-unknown weakness).

No one has published how to easily crack RSA for long key lengths. A smart mathematician working for NSA could have solved the problem years ago if they can keep a good secret.

And quantum computing seems to be on the horizon as well, and I would not put it past NSA to be ahead of the pack on this, and with quantum computing, you may find all existing key lengths falling to brute force attacks, because problems that were previously solved in exponential time may become linear, and the world may have to move to a completely different scheme if increasing key length only linearly increases the time to crack the key with a quantum computer.

Re:Yea

[silas_moeckel]

They did attack civilian targets (Boston tea party being the most noteable) They did use privaters. They did not fight in the open as was part of war at that time. They were an unconventional force that did attack civilian targets. Granted modern terrorists are a lot worse. Rememebr I said could as in the English government could use that term to describe there opponent. A domestic terroist is only a terroist untill they win then they are liborators and patriots.

Re:Stenography

[trburkholder]

The word is "steganography"

Who told you that this cooperation was illegal?

[sean.peters]

There was no "official" cooperation between the military and the Coast Guard on this, but when you get orders on the secure circuit to "think about getting to these coordinates in exactly 12 hours" which result in the Coastie on watch saying "Oh hey -- there's a boat... let's board him!" can you deny that there is unofficial cooperation going on?

No, I can't deny that cooperation is going on, because it is, and it's perfectly legal. The Posse Comitatus Act [uscg.mil] prohibits the military from conducting law enforcement operations itself, but it specifically permits the military to SUPPORT law enforcement agencies to conduct LEO, especially drug related ones. See the link for more info.

By the way, I was in the Navy as well, and participated in many, many of these operations. The fact that the Navy was actively cooperating with the Coast Guard was widely known and unclassified.

Sean

Re:The US should watch the Canadian border

[The Vulture]

It was most definitely about the oil. But not necessarily the United States getting the oil. The U.S. just needed to stop Iraq from selling oil in Euros [cnn.com] and devaluing the U.S. currency even further.

Not from the "mainstream" press, but excellent articles detailing of how Iraq switching from the U.S. dollar (approved by OPEC in the early 70's as the official currency for oil) to the Euro for oil could seriously harm the U.S. economy.

Not Oil, but Dollars vs. Euros [globalpolicy.org]
Iraq, the Dollar and the Euro [theglobalist.com]

Re:E-Mail is public?

[JohnnyCannuk]

Or, more likely, the very fact this guy was sending obviously encrypted e-mail started the suspicion.

Add to that that this guy was a contract worker at our Department of Forieng Affairs and International Trade (DFAIT - same as the US State Department or Brits Foreign Office).

You certainly wouldn't have to know what the message said to be suspicious. Most likely this arrest started with the e-mail from Pakistan to the UK, mentioned in the article. Then good old fashoined, on the ground police foot work (with a good old fashioned on the ground wiretap) uncovered the plot in the UK. They then monitored a bunch of e-mails back and forth between the UK ploters to this one guy working at DFAIT here in Ottawa.

As an Ottawa resident I can tell you, the raid on Khawaja's house was not due to an arrest warrant, it was due to a search warrant. It was all over the local news the day it happened. Khawaja wasn't placed under arrest and charged until the next day. The above would be enough for a search warrant under Canadian law, but not an arrest warrant. I guess the Mounties and the Ottawa police found enough to finally charge him after searching his house.

Now, given our recent experience with the Mahar Arar case, I will hold judgement on Khawaja until his trial and until the evidence is presented. He may be guilty but he may be innocent. I'd sure like to know what that message said.

I also wonder if the US immagration officers were told to look out for an Arab software developer from Ottawa (Khawaja) but grabbed Arar (also an Arab software developer from Ottawa) instead. This could explain why some higher ups in the RCMP are still convince Arar was guilty, despite all the evidence to the contrary.

Seems this case may have been going on for a while...

Re:Oh, good

[liquidsin]

If you're concerned about monitoring of your chats, try SimpLite [secway.fr]. The free versions support seperate keys for two different logins, and the only restriction on it is that you can only use encryption for one IM protocol (AIM, MSN, ICQ, Yahoo) at a time, although I think the pro version lets you use them all simultaneously. And all of the encryption is done client-side, so there's no need to worry about a third party sharing your keys with the federales. And if you're *really* paranoid, I'd think it'd be trivial to write a plugin for your preferred IM platform that utilizes PKI, encryption outgoing messages with the recipients public key and linking keys to everyone on your buddy list so it can automatically encrypt/decrypt all the trafic transparently.

some incorrect info in article

[Danny Rathjens]

Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.

Evidently they are confusing packet headers(envelope, as they call it) with e-mail headers.
And the counterexample to the second statement is NAT(Network Address Translation).

Re:Yeah right...

[Anonymous Brave Guy]

That makes it almost certain that the NSA has has methods for decrypting common algorithms. Considering their mission it would be irresponcible of them to not reaserch it.

Sure, and considering their mission it would be irresponsible for NASA not to be researching faster-than-light travel. That doesn't mean their few elite engineers and astrophysicists have a secret space ship that can reach Jupiter tomorrow, which the numerous similarly elite engineers and physicists outside their organisation have no idea about, though...

Re:Today it's a different Story

[general_re]

So, did the NSA have a warrant for this?

Highly unlikely.

If not, why won't these arrests be thrown out of court?

They weren't arrested by US authorities, nor are they being prosecuted in US courts - the agencies that arrested them, presumably the RCMP and MI5, are not bound by the US constitution, and operate under the laws of their own nations, not those of the United States. Even if they were being extradited to the United States, the law is quite clear - non-resident aliens not within the United States and/or its territories and possesions are not entitled to the protections of the Bill of Rights, specifically, the Fourth Amendment [findlaw.com].

Or don't Canadian and Brittish courts care about search warrants?

The RCMP and MI5 undoubtedly conducted their own investigation, and didn't simply run off to arrest people just because NSA said so. During the course of that investigation, those agencies were bound by whatever laws were in effect in their respective nations. Canada does, IIRC, recognize an exclusionary rule similar to that of the United States, but the UK does not. IIRC, of course - detailed questions should be directed to qualified experts in the laws of those nations. ;)

Or don't warrants apply in international law?

Not the way you apparently think they do, anyway. Had the subjects been American citizens, a warrant for any sort of extended surveillance would have been in order for the NSA, if there were plans to prosecute in the US. The RCMP and MI5 operate according whatever the laws of Canada and the UK say about warrants and surveillance.

Re:The US should watch the Canadian border

[JohnnyCannuk]

Read "Shake Hands with the Devil" By General Romeo Dalaire [amazon.com]....

Re:The US should watch the Canadian border

[bckrispi]

My friend, I understand your passions, and I know that you are not the only one who shares them. However, you are severely misinformed on some of your points.

Somalia - did the right thing, but buggered off when the heat was turned up. As a result, Osama bin Laden and his ilk saw that the US would cut and run if attacked. So, OBL decided to attack the US. Result: September 11, 2001. Guess you shoulda stuck it out and done the right thing, huh?

True, OBL saw our withdrawl as a sign of weakness. But it in no way resulted his decision to launch 9/11. If we stayed, he would have used our presence in a Moslem nation as another "saber rattling" point. Had we stuck it out and "done the right thing" you would probabally would accuse us of installing a "puppet regime" to keep the peace. Damned if we do, damned if we don't.

If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.

Without our support, he wouldn't have had the weapons to attack Iran. And yes, supplying him with Chemical Weapon technology was a mistake. But it didn't take American technology to make him a butcher. Look at his torture chambers: nothing more sophisticated than rope, iron, wooden poles and electric current. How do you apply the Oil + America = brutal dictator argument here? Yes, WMD was used against his own people, but just as many died through small arms fire or other "low cost" means.

They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.

This is where you are the most misinformed. We opted out of the WCC for a damn good reason. Plain and simple: An American soldier charged by the World Criminal Court would have fewer rights and due process than he would through the U.S. Military Justice System Please read that again, very slowly, and digest it. We opted out not because we don't care about war crimes, or because we're imperialistic nation-building tyrants bent on world domination, or just because we're assholes. We did it to guarantee that American Military justice is not superceeded by a foreign system that provides fewer rights to the accused. Period!!!

All that terrorism is just the result of "evil" or jealousy or something...

In a word, well, yes. What is it that Bin Laden wants? Listen to his tapes so generously provided by Al-Jazeera:

1. The destruction of the Zionists and their supporters (the US) and a free Palestinian state.
2. Removal of US troops from the Land of the Prophet
   and.. oh yes..
3. (paraphrased) We will continue our Jihad until every nation of the world declares "There is No god but Allah, and Mohammed is his Prophet".

There you have it sparky. Al-Qaida exists to further the cause of a militant ultra-radical pan-islamic state. There can be peace in Israel and a Free Palestine - They'll still hate us. The U.S. can shed it's dependancy on foreign oil (something I'm 100% in favor of) and never step foot into a Moslem nation again - They'll still hate us. Until I (and 300m other Americans) start shouting "Ahllau Akbar!", cover our wives with burlap potato sacks, overthrow our government and replace it with some whacko Imam, they will continue to hate us. And I can guarantee that the first fatwah that will come out of Washington is to overthrow the Infidel, Secular, Satanist nation to the north of us. Better start studying your Koran.