Passive E-Mail Monitoring Leads To Arrest 921
www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"
Orleans (Score:5, Interesting)
GMail (Score:1, Interesting)
seems Googles new "free" email service could be abused like this as they will still retain emails even if you close your account
of course we trust google now, but as they are a US based company this will seem like a goldmine for Asscroft and his chums who will have unprecedented access via the magic word "terrorism"
Somebody forgot to use encryption! (Score:5, Interesting)
Whatever the NSA is doing to monitor all the traffic, I'm sure the RIAA and MPAA are drooling at the prospect of using this technology to catch so-called copyright violators. Civilian applications for a military technology, natch!
Re:Shouldn't this be YRO? (Score:5, Interesting)
Your ignorance is worse (Score:5, Interesting)
Cap'n Crunch goes orbital? (OT?) (Score:2, Interesting)
That is so cool if it is true. Have the phreakers been hitting comm satellites? Anyplace to find overviews of how they do it?
Re:Yeah right... (Score:5, Interesting)
I don't know where i read this. A terrorist group was using hotmail to plot terrorist attacks. One terrorist in Pakistan would compose a message and save it in the drafts folder without sending it. The other terrorist across the world would log into the same account and read the message from the drafts folder.
Unbelievable (Score:2, Interesting)
Re:Yeah right... (Score:3, Interesting)
Re:Yeah right... (Score:5, Interesting)
Hey, these are the same dipshits that confused AM/PM on their bomb in Spain, and blew themselves up in Gaza because they didn't account for daylight savings time.
I am sure that some of them try to use encryption, but:
1. I would guess a mojroity of the traffic is in the clear, "security through nonchalance and obfuscation"
2. What makes you think that the encryption systems available to the general public aren't easily cracked by the boys in Virginia and Maryland?
Yea (Score:2, Interesting)
As to finding out the terrorists great, just remember that the US was founded by people that could be called terrorists.
US Law? (Score:5, Interesting)
Apply American laws to events occuring in America. The United States is big, but it's not everything in the world. How DARE they presume to police the world and its communications.
Re:Orleans (Score:5, Interesting)
For those of you who have no idea where Orleans is in Ontario, its very close to Ottawa
Orleans is part of Ottawa [ottawa.on.ca] actually - one of the east end suburbs.
Also, the guy alledgedly was planning something in the UK, not the US, so the proximity to the US border isn't really an issue. Besides, something like 90% or our population is within a few hours of the US border.
Re:Nice to hear (Score:5, Interesting)
Possibly not - obviously the various PATRIOT acts have changed the landscape somewhat, but hasn't it traditionally been against the law for the US government to monitor US citizens without a warrant? Echelon was established in the aftermath of the 2nd World War, and basically provided a mechanism for spying on your own citizens: Canada spies on US citizens, and alerts the US authorities, and vice verca. Insert any combination of UK, Australia and NZ governments here for the full horror.
In other words - the NSA probably don't need to monitor you. They'll find out the naughty things you're plotting, regardless!
Re:Somebody forgot to use encryption! (Score:3, Interesting)
Re:Doh... (Score:2, Interesting)
E-Mail is public? (Score:5, Interesting)
Don't send anything in the email that you don't want printed in the classified ads of the local paper. Because sending email is like sending a postcard. Every postman between here and there can read what you've said.
What makes me wonder is that these "terrorist" were sending email that was unencrypted? [tinfoil hat] Or maybe, the NSA were able to get backdoors to encryption technology and that what what is passively being listened to. [/tinfoil]
Come on now dude. (Score:3, Interesting)
Just look at this guy's name.
Mohammed Momin Khawaja
Consider the number of known Al-Queda operatived who have the first name Mohammed. It wouldn't surprise me in the least if the NSA, FBI, and CIA routinely monitored the communications of everyone in the western hemisphere who has an Arabic name.
They can't have that much spam to weed through.
LK
Re:Yea (Score:5, Interesting)
Terrorists target civilians, remain anonymous as often as possible, and their goal is often annihilation rather than separation.
Re:Before putting on your tinfoil hat... (Score:5, Interesting)
Although NSA is technically prohibited from performing incercepts on U.S. citizens, they do not shy away from operating against non-citizens here in the U.S. An interesting tale in those books is how, back in the day that Western Union was the only way to transmit internationally, NSA leaned on them to in effect "Bcc" the U.S. Gov't on all incoming / outgoing faxes from the U.N. without the knowledge of our friends or allies. Sweet.
You never know who is listening... (Score:3, Interesting)
If you were scanning all e-mails, would you put your resources on mails that looked encrypted or those that look like junk mail?
wardriving analogy (Score:3, Interesting)
And that's on top of all the arguments about whether broadcasting information through the Internet is/should be/isnt/shouldnt be private.
Can you be accused of being a voyeur if the person you're looking at is walking around in public naked?
SSLed? GPGed? (Score:2, Interesting)
Was this guy using SSL for his mail (end to end)?
Better yet GPG?
I don't think the NSA could crack a 2048 bits GPG key. Not in a million years.
Re:Shouldn't this be YRO? (Score:3, Interesting)
If you wanted to communicate something to a person without the message being picked up, you get the person to sign up to porn and spam lists with their e-mail.
When you want them to launch their attack, or to come over for some hawt loving behind their husband's back, you register an e-mail as anonymously as possible, and send them a spam e-mail containing your message. I've recieved 100s of e-mails along the lines of: and To the untrained eye, this is meaningless, not as easily flagged as an "encrypted" e-mail or as obvious as "Move every zig! For great justice!" and it has the added benefit of getting lost in the shit-storm of real spam.
Of course now I suspect I shall be arrested for facilitating terrorist acts.
Re:US Law? (Score:4, Interesting)
It's a big country with a big military and big economic weight. That's how they Dare it.
I'm not saying I agree with their policy, I just don't neccessarily degree on the grounds you've described. How is the NSA supposed to tell where a particular X is heading before it gets there without reading it?
Your arguement seems to make sense, but it's not quite logical.
Re:Yeah right... (Score:5, Interesting)
-
Re:Sigh (Score:3, Interesting)
Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.
Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investigators would apply for warrants to assemble the packets and read the messages' contents.If we are to believe the NSA, they don't necessarily read contents. They analyze routing, then get a warrant to read the contents.
If we assume that they can crack PGP, etc., then using email encryption may be false security. They don't have to crack every encrypted email, only the ones that get flagged based on routing.Re:Shouldn't this be YRO? (Score:2, Interesting)
Maybe they could use PopFile's [sourceforge.net] Baysian [bayesian.org] filter. Make one bucket called "spam", one called "terrorist", and one called "everything else". Then start training the filter.
Officially, yes; however... (Score:5, Interesting)
When I was in the navy we conducted counter narcotics patrols off the coast of Colombia and Panama. Since the military is not allowed to engage in law enforcement (that pesky Constitution and all) we simply had a Coast Guard team (they're Dept of Transportation and not Defense, so they *can* do law enforcement) that took care of the actual boarding of vessles and law enforcement. In fact, it had to be the Coast Guard person on watch who initiated the request to investivate/board a vessle. There was no "official" cooperation between the military and the Coast Guard on this, but when you get orders on the secure circuit to "think about getting to these coordinates in exactly 12 hours" which result in the Coastie on watch saying "Oh hey -- there's a boat... let's board him!" can you deny that there is unofficial cooperation going on?
(There were further stories about SEALS and other special forces folks who were officially discharged from the military and transferred to "another agency" for two weeks at a time in order to engage in "direct action law enforcement" before "deciding to reenter the military." It's call "sheep-dipping" and is just one more thing for the tin-foil-hatters to worry about...)
I suspect that this is probably what's going on with the NSA et al. If the agency in question either thinks/knows they're looking at a US citizen, they can just drop a pointer to the intel in the inbox of an agency who *can* legally handle it (Oh geez -- I wonder where *that* lead came from?). Or there are teams of "not officially NSA folks" who just happen to be working at NSA alongside the others who are legally allowed to investigate US citizens (similar to Coasties on US Naval vessles for counter-narc activities).
Take your pick as to the method in use or make up another, but I am pretty sure it's going on and will not be going away anytime soon.
Scary. But, inevitable. (Score:3, Interesting)
= 9J =
Re:US Law? (Score:5, Interesting)
That said, police are mainly historians. They go to crime scenes, piece together evidence, and figure out what happened after the fact. That's all well and good, but I would much rather be proactive with threats to the nation and our people and stop attacks before they happen than be "investigators" sifting through dead bodies.
Thanks Lefty (Score:3, Interesting)
The people picked up were in Britain and Canada. It said nothing about them being US Citizens. It did, however, state that the nature of discussions was of terrorist activity (presumably against the US or US interests).
Conveying this to the Canadian and British authorities is a reasonable activity for our National Security Agency. If you want to talk about due process, perhaps you should watch to see what Canada and Britain do with them.
A few reasons... (Score:5, Interesting)
1. You can not brute force a 256+ bit encryption. It'd be like every atom of earth (2^171) solving at 1THz (2^40) for a million years (2^45). So it must be an algorithm attack.
2. A lot of encryption theory is developed outside the US or in academia as theoretical mathematics. They do not have a monopoly on intelligence, or on trying to crack them.
3. Most encryption protocols rely on well published, well researched topics, like difficulty of factorization as opposed to multiplication. For them to have it would imply that a) such a solution exists and b) that they, but not anyone outside of their community would find it.
4. Most encryption protocols are vastly overengineered compared to the threats. Like, e.g. an opponent with a million times more computing power (-20 bits) or capable of instantly rejecting 99% of the keys (-7 bits) would have nearly no influence on the difficulty.
In short, there's every reason to believe that your favorite three-letter agency will capture the input before encryption or after decryption, due to a flawed implementation, unsecure handshake or through a man-in-the-middle attack than breaking the encryption/algorithm itself.
Kjella
Re:Shouldn't this be YRO? (Score:5, Interesting)
Consider this steganographic method:
1. Take a brief secret message you want to send (less than about 12 characters).
2. Take a standard spam email.
3. Set i to 0.
4. Search for the next occurrence of (the ith character of the secret message) in the spam email.
5. Replace that letter in the spam email with something else, such that the new word which is formed is NOT in the dictionary.
6. Increment i and repeat for the whole secret message.
7. Send the new spam email (with the grotesque misspellings) to intended recipient.
To decrypt:
1. Search the spam email for the first misspelled word and suggest replacements from the dictionary (knowing that exactly one letter was misspelled). Compare with the misspelled word and get all possible candidate letters for that position.
2. Repeat for all such misspelled words.
3. You will now have a (hopefully small) number of possible letters for each position. Do an exhaustive permutation of them all (hopefully it will not be larger than about 10^7) and search for messages with sequences of letters which DO exist in the dictionary.
4. You will now have a small number of candidate decrypted messages. Decide for yourself (context-based) what the intended message was.
I personally know someone who implemented this exact scheme and tried it with a few individual words (he wanted to send one word of secret message per spam email to keep the combinatorial explosion within bounds). Unfortunately most his fake spam emails were deleted by his spam filters. But it's an intriguing idea nonetheless.
My point is: how would you keep track of all that spam and analyze them for such stunts? God knows we have enough spam with intentional misspellings to defeat Bayesian filtering already. Just add strong crypto to the plaintext message before embedding it in the fake spam and we now have much harder problems. Is there even a theoretical way to detect (leave alone decrypt) such messages?
Re:Yeah right... (Score:2, Interesting)
Think about how many terraflops you could buy for a billion dollars and recall the NSAs *annual* budget is much higher. Think about custom processors made to do a bit more useful cracking with each clock tick.
Re:Somebody forgot to use encryption! (Score:5, Interesting)
>
> Anyone remember what algorithm it was? I think it might have been RSA.
It was DES. NSA suggested that IBM make some modifications to the S-boxes that made DES more resistant to differential cryptanalysis.
At the time, nobody (but NSA) knew about differential cryptanalysis. NSA basically told IBM to make the changes, and that it couldn't tell IBM why the changes were required.
At the time (1980s), "informed speculation" in the crypto community was that NSA had weakened DES. When differential cryptanalysis was "discovered" publicly, a lot of smart people with a lot of math degrees under their belts... wound up looking like they had a fair bit of tinfoil on their heads :)
Re:The US should watch the Canadian border (Score:3, Interesting)
Then why do gas prices continue to increase, if we wanted oil we would have gone after Saudi since that's where the majority of the 9/11 terrorists came from and they finance terrorist 'charities', justification present. Or we could have simply lifted sanctions and Iraq would have been more then happy to sell us some. I do agree that the war wasn't much about terrorism since the links are weak between Saddam and Al-Qaeda, I think it was more personal/family grudge but this "No war for oil" stuff is childish and unsubstantiated. Not to mention Saddam wasn't exactly first in line to call with his condolences after 9/11 and I'm sure he wouldn't have been keen on helping us rid the world of terrorists either. Saddam was an evil dictator who deserved to be taken down for a whole host of reasons, but the false pretenses used to justify this war were unnecessary and counterproductive.
Some questions (Score:4, Interesting)
Is the monitoring with the cooperation of the ISPs who control the gateways/routers? Is it mandated that they have the monitoring taps? Or is it unknown to them (NSA are tapping into the signal unbeknownst to the ISPs)?
(I think this has a known answer.) Is is true that pretty much all intercontinental traffic goes through the USA? ARe there any routes eg, Europe to Asia, or other continents that are just direct routes not passing via the USA?
Re:net rules. (Score:3, Interesting)
Encryption isn't a problem (Score:1, Interesting)
So the issue is breaking the encryption the first time. Considering that only a very small fraction of a percent of people use encrypted email, it would be easy to break only those keys, once.
If any orginization had the ability to do this, I think it would be the US government. They spend millions of dollars just to see something blow up (bombs, missles, etc) A Patriot missle costs $2.3 million. For that price, I could create a beowlf cluster with a decent abilty to crack encryption, and store keys. I think there budget is much higher then that.
Re:Nice to hear (Score:2, Interesting)
Re:Mathematics is generally no guarantee. (Score:3, Interesting)
Public / private key is in common use. I think a terrorist might use pgp or something likewise using RSA.
I also refer you to the Cryptography FAQ, which states in section 5.6: http://www.faqs.org/faqs/cryptography-faq/part05/ Nobody knows how to prove mathematically that a product cipher is completely secure. I think this generally refers to all block cyphers, but I could be wrong.
I take this to mean that while mathematics can be used to analyze the more-obvious characteristics of a cypher such as apparent randomness of the result and certain classes of mathematical short-circuits, there is no known proof of how hard it has to be to break it or that proves absence of a backdoor or unintentional weakness.
This is consistent with the treatment by cryptographers of cyphers based upon how new they are and how much scrutiny they have undergone, to try to minimize the future likelyhood of discovery of a weakness, but I have never heard of anyone saying a cypher was mathemantically proven to be secure, which would be a very simple criterion (but many initially thought to be secure have been proven insecure, as that is easier to prove).
I clearly gave no credit to RSA. Perhaps you meant NSA. I don't think you or I can know whether NSA has the ability to intercept major breakthroughs of this sort and keep them private. The strongest argument I find against it is not that they couldn't, but only that given today's environment, they don't really need to.
Re:These guys? (Score:3, Interesting)
Besides, we were going to be safe, and try it out on an eyeball we didn't need before we all started doing it. I volunteered my left eyeball because it's a good deal weaker than the right one.
Thank God kids today have the Internet to keep them out of trouble.
maybe better (Score:2, Interesting)
Here's another method--just use file sharing and put your seekrit msg inside some songs/videos. Stego on steroids. It won't matter who else downloads, only you and your email recipient friend know to even look for it. I think between the video part, the audio part, and the ability to insert some random data that will only show up as artifact noise, that this might be possible. You could create particular artifact noise and have it referenced to your normal alphabet/language of choice, then encrypt that. And even the unencrypted words could be within the context of a one time pad.
I'd like to see anyone krak that.....
The other way is what they have been doing anyway for millenia in muslim countries, they use trusted couriers and word of mouth. They keep it inside their religion, and family. Not fool proof, but so far it's been giving the spooks fits. The other thing they have done is gone to the independent cell method, there IS NO terrorist "central command" anymore, not anything of note. That's one thing that any agency can't deal with, very small independent cells down to the ultimate, the cell of one. It cannot be stopped, and no need therefore for messages, encrypted / obfuscated or not..
Begin generic rant just cuz I can:
Now, too bad that NSA (who I am sure actively monitors every single post on slashdot, so they will read this in the clear) won't reveal the identities of all the white guys in suits who had prior knowledge and involvement in 9-11. Like, hey NSA, remember the airline PUTS? RING A BELL DOES IT? Yas know, the ones that paid off for some millions yet NO ONE CAME TO COLLECT THE MONEY YET BECAUSE THE OPTION BECAME PUBLIC KNOWLEDGE? How about THE FATCATS WHO GOT WARNED TO NOT FLY THAT DAY? AIN'T THAT A TAD SUSPICIOUS? How about THE CONNECTED FATCATS WHO DIDN'T SHOW UP FOR WORK THAT DAY IN THE TWIN TOWERS? WHO ORDERED NORAD TO STAND DOWN, WHO CHANGED THE RULES RIGHT BEFORE 9-11? WHY WERE PILOTS ALLOWED TO BE ARMED FOREVER UNTIL JUST A SHORT TIME BEFORE 9-11 AND THE LAW WAS CHANGED? WAZZUP WITH THE COMPANY RUNNING AN "EXERCISE" OF ' HIJACKED PLANES SMACKING INTO BUILDINGS ON 9-11", WE ARE SUPPOSED TO BELIEVE IT'S A COINCIDENCE? HUH?
Stuff like that, there's dozens of interesting un answered questions out there, that seeminly no one in our glorious government "intel" agencies seems to be able to figure out.
Scuttlebutt has it that entire small obscure "connected" companies seemed to take the 9-11 day off, but it's hard to find that story anymore... hmmm.. gee whiz...hmm..wonder why that is...
Who bought 'em NSA? Who put in those orders? Why not make that info public? Oh? what's that you say? It's VERY IMPORTANT WHITE GUYS IN SUITS WHO GIVE YOU YOUR ORDERS WHO BOUGHT THEM?
thanks, we knew that
US intel=paid off and scared hypocrites. Most of them honest and patriotic, I don't intend to demean them on that score, but I will call a spade a spade here, because it don't stop them from being scared - scared into "going along to get along". A lot of them know there's serious high level treason-yes, I said treason- going on, yet only a small handful have had the balls to come forward. Non-boat rockers almost entirely. I have yet to meet anyone connected to any civilian or military agency in the government who isn't aware of serious malfeasance occuring, usually on an ongoing basis. To a man (and woman) they say you "don't rock the boat" about crookedness you might become aware of, because at a minimum it's a career buster, all the way up to you get disappeared, and everything in between.
You won't get em to say it on many internet forums,not too often anyway, no one will admit to being scared at work, etc, but you will hear it sometimes in meatworld if you are persistant and can build some trust.
9-11 = the modern reichstagg fire
Re:Would it change the discussion (Score:1, Interesting)
History tells us that all oppressive governments end abruptly when the populace has had so much oppression that the average person (merchant, farmer, policeman, soldier (even *commanders*)) has had enough, cannot live one more day under the regime, and eventually the pressure is too great, the whole system breaks, you have revolution followed by whatever fills the vacuum left after the revolution.
We're not that pissed yet, get it? The averate person isn't already pushed to the point that it would be better to sacrifice his own life than to live another day under the tyranny. We're so far from that right now, it's ridiculous to even discuss it.
You're free to disagree of course, but, show me the opposition to the status quo. Don't show me a videotape of a couple thousand hippies, that's *counterpoint*, and don't read me a transcript of a UN ambassador, that's *dissent*.
Show me opposition, because the only meaningful state that exists in the absense of opposition is consent. Government governs with the consent of the governed, and what's labeled by the minority as abuse is perfectly acceptable to the overwhelming majority.
Re:antijobs (Score:3, Interesting)
MY military job directly made me a electronics tech and got me 67 college credits; it indirectly broadened my horizons and gave me a sense of repsonsibility that I had been seriously lacking. (it also got me a neat disability pension, but I knew the job was dangerous when I took it, fred).
I'm not saying that it's good that we HAVE to have military forces to assure the peace of our families, and it's definitely not good what those forces are doing right now (or what I did in GW1, for that matter), but that doesn't make the basic concept any less viable.
You have to have someone defending your families, and in order for those defendors to be able to do their job, they have to have equipment that will be effective; it was true in the days of gilgamesh, and its true now.
The problem is letting idiot politicians deciding what those defendors do.
Re:The US should watch the Canadian border (Score:2, Interesting)
We actually dont have a terrorist problem. There is *no* "Terrorist Problem". The Forces of Emmanual Goldstein [whatreallyhappened.com] are *NOT* out to get you.
Turn off your TV pal. Canadaians (and USofAians really) shouldnt be afraid of fascist criminals. Here in reality, people have more to fear from their daily commutes or dying from a fall in the bathtub. While flaming airplanes make good propaganda, I am more concerned by the menace that is my toilet.
While the Terrorists make a very good Enemy in order to stir up fear, they arent actually a concern for every-day Westerners. You, I and the rest of the
What is NOT the correct response is invading foreign nations in reaction for what is really a criminal matter. What is NOT the correct response is for chicken-shit paranoids like yourself to buy the Fox News Rhetoric hook, line and sinker. What is NOT a correct response is to give these simple criminals credibility and prestige amoungst would-be suicide-bombers by making them Enemy #1 and declaring War on Terror(!) Spare me. Exacly the tactic you do NOT want if you are really trying to protect yourself from them... unless, of course, you are interested in the APPEARANCE of threat... hmmmm..?)
The Americans should be reasonablly concerned that 100years of exporting misery and death has a few advocates of said fitlh coming home to roost. Does CANADA (remember, we are NOT the USA -- even the barbarian hordes read a little you know...) have anything to be concerned about? Id say no, there is little chance of anything of real concern happening here. Could it? Sure. Am i going to seek out the first Federal Government who promises me a little temporary Security in Exchange for a little liberty? I fucking think not.
Keep your paranoia worry about Emmanual Goldstein to yourself -- your only encouraging the Real Fascists