Passive E-Mail Monitoring Leads To Arrest 921
www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"
Orleans Is Ottawa (Score:1, Informative)
It's been a huge blow up about the man being arrested- apparently they took one of his brothers out of school (Ottawa U) to question him, and brought in the entire family for questioning on a raid. It's kind of a touchy subject around here right now.
Before putting on your tinfoil hat... (Score:5, Informative)
If you are a U.S. citizen, your main privacy concerns should be with the FBI and the DoJ with their powers granted by the Patriot Act.
Echelon (Score:2, Informative)
Also, the Canadian agency responsible for signals intelligence (equivalent to the NSA) called the "Canadian Security Establishment" is known to be a participant in Echelon collection.
You are being watched.
Re:Orleans (Score:2, Informative)
Re:Sigh (Score:5, Informative)
From http://www.interesting-people.org/archives/intere
Out of curiosity I went hunting for info on the United States Signals
Intelligence Directives (USSIDs) I had to be aware of in a former line of work.
Much to my surprise, USSID 18, which outlines procedures for the NSA's
collection of data on "U.S. persons" was declassified just over a year ago.
I thought the document might be of interest to IPers, especially at this time.
An introduction, and links to the archives can be found at:
http://cipherwar.com/news/00/nsa_surveillance.htm
(From the site above:)
In the aftermath of revelations in the 1970s about NSA interception of the
communications of anti-war and other political activists new procedures
were established governing the interception of communications involving
Americans. The version of USSID 18 currently in force was issued in July
1993 and "prescribes policies and procedures and assigns responsibilities
to ensure that the missions and functions of the United States SIGINT
System (USSS) are conducted in a manner that safeguards the constitutional
rights of U.S. persons."
(And a bit from USSID 18, itself - any errors in transcription are my fault:)
SECTION 1 - PREFACE
1.1. (U) The Fourth Amendment ot the Unites States Constitution protects
all U.S. persons anywhere in the world and all persons within the United
States from unreasonable searches and seizures by any person or agency
acting on behalf of the U.S. Government. The Supreme Court has ruled that
the interception of electronic communications is a search and seizure
within the meaning of the Fourth Amendment. It is therefore mandatory that
signals intelligence (SIGINT) operations be conducted pursuant to
procedures which meet the reasonableness requirements of the fourth
amendment.
1.2. (U) In determining whether United States SIGING System (USSS)
operations are "reasonable," it is necessary to balance the U.S.
Government's need for foreign intelligence information and the privacy
interests of persons protected by the Fourth Amendment. Striking that
balance has consumed much time and effort by all branches of the United
States Government. The results of that effort are reflected in the
references listed in Section 2 below. Together, these references require
the minimization of U.S. person information collected, processed, retained
or disseminated by the USSS. The purpose of this document is to implement
these minimization requirements.
1.3. (U) Several themes run throughout this USSID. The most important is
that intelligence operation and the protection of constitutional rights are
not incompatible. It is not necessary to deny legitimate foreign
intelligence collection or suppress legitimate foreign intelligence
information to protect the Fourth Amendment rights of U.S. Persons.
1.4. (U) Finally, these minimization procedures implement the
constitutional principle of "reasonableness" by giving different categories
of individuals and entities different levels of protection. These levels
range from the stringent protection accorded U.S. citizens and permanent
resident aliens in the United States to provisions relating to foreign
diplomats in the U.S. These differences reflect yet another main theme of
these procedures, that is, that the focus of all foreign intelligence
operation is on foreign entities and persons.
Re:Somebody forgot to use encryption! (Score:5, Informative)
Once they suspect illegal activities and start an investigation, there is a lot of way to access the plain text without having to break the encryption algorithm. One easy way, is to break into the target computer and install a key logger. This requires a lot less efforts.
Note that to suspect illegal activities, they can just do some traffic analysis. If they find some pattern (an e-mail is sent from A in CA to B in the UK, then shortly after another e-mail is sent from B in the UK to C in Pakistan, then you have the same path in reverse and the pattern repeat a lot) that trigger their alert, they will monitor A, B and C a little more closely and dig a little deeper to see if it looks suspucious enough for an investigation. Then they start to do active spying and they build their case.
The passive monitoring in that case does not requires an breaking of encryption... it does not even requires to know the plaintext (if the traffic is encrypted).
Re:Yeah right... (Score:3, Informative)
Remember: Rc64 needed over 2 YEARS on 200k+ pcs.
128 bit needs 2^64 as much time. Even with asics, future technology and a billion$ budget you cant brute force it.
Algorithm weaknes is another matter, but the general algorithms are open, and hundreds of mathmematicans have scanned them for years and havend found any (of course those with errors are no longer in use).
Re:Quick (Score:2, Informative)
That's why emacs has the "M-x spook" command. It prints out a string of phrases likely for the NSA to be searching for. The idea is to put it into all the emails you send. Increases the noise ratio for email-sniffers. Of course, you wouldn't wanna use it if you really were a terrorist.
Re:Nice to hear (Score:3, Informative)
I've met jackasses like that (Score:3, Informative)
Pay these guys no mind. They don't understand the failsafes involved that take care of their kind quite handily. They see an exploit that works on desktops and assume it can be applied to spy satellites. My guess is he's got a few dozen zombie machines and thinks he can SYN flood some telecom satellite with an IP from a chinese block.
These people are idiots. Don't encourage them.
Mathematics is generally no guarantee. (Score:3, Informative)
There are in many key types, such as RSA which relies on prime number factoring difficulties, where there is no published proof on how hard it has to be to crack the keys, (and no proof on how hard it has to be to find a previously-unknown weakness).
No one has published how to easily crack RSA for long key lengths. A smart mathematician working for NSA could have solved the problem years ago if they can keep a good secret.
And quantum computing seems to be on the horizon as well, and I would not put it past NSA to be ahead of the pack on this, and with quantum computing, you may find all existing key lengths falling to brute force attacks, because problems that were previously solved in exponential time may become linear, and the world may have to move to a completely different scheme if increasing key length only linearly increases the time to crack the key with a quantum computer.
Re:Yea (Score:3, Informative)
Re:Stenography (Score:2, Informative)
Who told you that this cooperation was illegal? (Score:3, Informative)
No, I can't deny that cooperation is going on, because it is, and it's perfectly legal. The Posse Comitatus Act [uscg.mil] prohibits the military from conducting law enforcement operations itself, but it specifically permits the military to SUPPORT law enforcement agencies to conduct LEO, especially drug related ones. See the link for more info.
By the way, I was in the Navy as well, and participated in many, many of these operations. The fact that the Navy was actively cooperating with the Coast Guard was widely known and unclassified.
Sean
Re:The US should watch the Canadian border (Score:5, Informative)
Not from the "mainstream" press, but excellent articles detailing of how Iraq switching from the U.S. dollar (approved by OPEC in the early 70's as the official currency for oil) to the Euro for oil could seriously harm the U.S. economy.
Not Oil, but Dollars vs. Euros [globalpolicy.org]
Iraq, the Dollar and the Euro [theglobalist.com]
Re:E-Mail is public? (Score:3, Informative)
Add to that that this guy was a contract worker at our Department of Forieng Affairs and International Trade (DFAIT - same as the US State Department or Brits Foreign Office).
You certainly wouldn't have to know what the message said to be suspicious. Most likely this arrest started with the e-mail from Pakistan to the UK, mentioned in the article. Then good old fashoined, on the ground police foot work (with a good old fashioned on the ground wiretap) uncovered the plot in the UK. They then monitored a bunch of e-mails back and forth between the UK ploters to this one guy working at DFAIT here in Ottawa.
As an Ottawa resident I can tell you, the raid on Khawaja's house was not due to an arrest warrant, it was due to a search warrant. It was all over the local news the day it happened. Khawaja wasn't placed under arrest and charged until the next day. The above would be enough for a search warrant under Canadian law, but not an arrest warrant. I guess the Mounties and the Ottawa police found enough to finally charge him after searching his house.
Now, given our recent experience with the Mahar Arar case, I will hold judgement on Khawaja until his trial and until the evidence is presented. He may be guilty but he may be innocent. I'd sure like to know what that message said.
I also wonder if the US immagration officers were told to look out for an Arab software developer from Ottawa (Khawaja) but grabbed Arar (also an Arab software developer from Ottawa) instead. This could explain why some higher ups in the RCMP are still convince Arar was guilty, despite all the evidence to the contrary.
Seems this case may have been going on for a while...
Re:Oh, good (Score:3, Informative)
some incorrect info in article (Score:4, Informative)
Evidently they are confusing packet headers(envelope, as they call it) with e-mail headers.
And the counterexample to the second statement is NAT(Network Address Translation).
Re:Yeah right... (Score:3, Informative)
Sure, and considering their mission it would be irresponsible for NASA not to be researching faster-than-light travel. That doesn't mean their few elite engineers and astrophysicists have a secret space ship that can reach Jupiter tomorrow, which the numerous similarly elite engineers and physicists outside their organisation have no idea about, though...
Re:Today it's a different Story (Score:4, Informative)
Highly unlikely.
If not, why won't these arrests be thrown out of court?
They weren't arrested by US authorities, nor are they being prosecuted in US courts - the agencies that arrested them, presumably the RCMP and MI5, are not bound by the US constitution, and operate under the laws of their own nations, not those of the United States. Even if they were being extradited to the United States, the law is quite clear - non-resident aliens not within the United States and/or its territories and possesions are not entitled to the protections of the Bill of Rights, specifically, the Fourth Amendment [findlaw.com].
Or don't Canadian and Brittish courts care about search warrants?
The RCMP and MI5 undoubtedly conducted their own investigation, and didn't simply run off to arrest people just because NSA said so. During the course of that investigation, those agencies were bound by whatever laws were in effect in their respective nations. Canada does, IIRC, recognize an exclusionary rule similar to that of the United States, but the UK does not. IIRC, of course - detailed questions should be directed to qualified experts in the laws of those nations. ;)
Or don't warrants apply in international law?
Not the way you apparently think they do, anyway. Had the subjects been American citizens, a warrant for any sort of extended surveillance would have been in order for the NSA, if there were plans to prosecute in the US. The RCMP and MI5 operate according whatever the laws of Canada and the UK say about warrants and surveillance.
Re:The US should watch the Canadian border (Score:3, Informative)
Re:The US should watch the Canadian border (Score:4, Informative)
Somalia - did the right thing, but buggered off when the heat was turned up. As a result, Osama bin Laden and his ilk saw that the US would cut and run if attacked. So, OBL decided to attack the US. Result: September 11, 2001. Guess you shoulda stuck it out and done the right thing, huh?
True, OBL saw our withdrawl as a sign of weakness. But it in no way resulted his decision to launch 9/11. If we stayed, he would have used our presence in a Moslem nation as another "saber rattling" point. Had we stuck it out and "done the right thing" you would probabally would accuse us of installing a "puppet regime" to keep the peace. Damned if we do, damned if we don't.
If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.
Without our support, he wouldn't have had the weapons to attack Iran. And yes, supplying him with Chemical Weapon technology was a mistake. But it didn't take American technology to make him a butcher. Look at his torture chambers: nothing more sophisticated than rope, iron, wooden poles and electric current. How do you apply the Oil + America = brutal dictator argument here? Yes, WMD was used against his own people, but just as many died through small arms fire or other "low cost" means.
They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.
This is where you are the most misinformed. We opted out of the WCC for a damn good reason. Plain and simple: An American soldier charged by the World Criminal Court would have fewer rights and due process than he would through the U.S. Military Justice System Please read that again, very slowly, and digest it. We opted out not because we don't care about war crimes, or because we're imperialistic nation-building tyrants bent on world domination, or just because we're assholes. We did it to guarantee that American Military justice is not superceeded by a foreign system that provides fewer rights to the accused. Period!!!
All that terrorism is just the result of "evil" or jealousy or something...
In a word, well, yes. What is it that Bin Laden wants? Listen to his tapes so generously provided by Al-Jazeera:
and.. oh yes..
There you have it sparky. Al-Qaida exists to further the cause of a militant ultra-radical pan-islamic state. There can be peace in Israel and a Free Palestine - They'll still hate us. The U.S. can shed it's dependancy on foreign oil (something I'm 100% in favor of) and never step foot into a Moslem nation again - They'll still hate us. Until I (and 300m other Americans) start shouting "Ahllau Akbar!", cover our wives with burlap potato sacks, overthrow our government and replace it with some whacko Imam, they will continue to hate us. And I can guarantee that the first fatwah that will come out of Washington is to overthrow the Infidel, Secular, Satanist nation to the north of us. Better start studying your Koran.