Passive E-Mail Monitoring Leads To Arrest 921
www.2advanced.net writes "The world's first arrest resulting from passive monitoring of electronic communications is being reported by Globe Technology. In the article, sources reveal that 'an e-mail message intercepted by NSA spies precipitated a massive investigation by intelligence officials in several countries that culminated in the arrest of nine men in Britain and one in suburban Orleans, Ont. -- 24-year-old software developer Mohammed Momin Khawaja, who has since been charged with facilitating a terrorist act and being part of a terrorist group.'"
Orleans (Score:5, Interesting)
Today it's a different Story (Score:5, Funny)
The US should watch the Canadian border (Score:3, Insightful)
Our politicians still don't think we have a terrorist problem. Our politicians think the Americans are the cause of all their terrorist problems. Our politicians think that if the Americans would just be nice to everyone all the time, everything would be just fine.
So, while we raise taxes for 'anti-terrorism' the money actually goes into a big pot and is spent on anything but solutions that the governm
Apathetic... (Score:3, Insightful)
Apathetic Canadians are no worse than apathetic US Citizens. US politicians have no problem with terrorists, as it only creates more jobs (defense spending == jobs). More jobs means less to complain about, and (finally) less to complain about leads to apathetic citizens. The US voting system allows far more control and granularity on whom we put in office, and frankly I think US citizens (in general) are far less likely to pay attention to important issues and vote along issue lines.
Already the US presi
Re: (Score:3, Insightful)
Re:Jobs (Score:5, Insightful)
Land Mines have a military use. Did you forget that? Until there is a reliable method for smart mine or other area suppresion weapon like FireStorm, they are the most effective way to prevent an adversary from moving across land.
The idea that politicians want to keep land mines to ensure jobs is ridiculous. Upon what facts do you base that statement? Do you have any idea how few people are actually employed making them?
Regarding the Kyoto treaty, have you ever read it? American factories were to be restricted with regard to their emissions yet Chinese, Indian and Eastern European factories were not. When was the last time you visited an industrial complex in one of those areas? They're horrible with all kinds of unfiltered liquid and gaseous emissions. How long have you been reading Slashdot? Haven't you ever seen the articles about disassembly of circuit boards in China?
Kyoto hid under the cloak of global warming which is really just a political thing. Sure, people can affect the environment to some extent but thinking we are destroying the environment is not only scientifically invalid, it's almost unspeakably arrogant and naive. We live in the middle of a planet-sized filter which recycles virtually everything within itself. We can't predict the weather 5 days in advance yet global warming zealots claim to understand environmental cycles?!?! Riiiight.
The Kyoto accord was NOT ratified by the non-U.S. countries who tried to get the U.S. to commit to follow it. Would American companies have been forced to shut down or move operations overseas? Yes. Think, where would they have moved manufacturing? Probably to countries which were exempted from the accord. How, exactly, would moving production from the U.S. to areas which were to be exempt from environmental limitations contribute to a cleaner environment?
The Kyoto accord was an attempt to hobble American industry by countries which are not able to match the U.S. level of productivity because of their political environments.
As much as possible, producers of any product or service want to be as physically close to their customers as possible. Transportation and time differences cost money, real money.
Your comments were pure socialist rhetoric. THey have no basis in the reality of our physical world which is subject to the law of diminishing returns.
Re:+1 Ane (Score:5, Insightful)
The phrase usually means "people who are seeking employment but haven't found it." That is a very useful number. Those who aren't seeking, don't get counted. If you want to be counted, show up where they're counting.
Re:The US should watch the Canadian border! (Score:3, Funny)
Re:The US should watch the Canadian border (Score:5, Insightful)
-PCB
Re:The US should watch the Canadian border (Score:3, Interesting)
Then why do gas prices continue to increase, if we wanted oil we would have gone after Saudi since that's where the majority of the 9/11 terrorists came from and they finance terrorist 'charities', justification present. Or we could have simply lifted sanctions and Iraq would have been more then happy to sell us some. I do agree that the war wasn't much about terrorism since the links are weak between Saddam and Al-Qaeda, I think it was more personal/family grudge
Re:The US should watch the Canadian border (Score:4, Insightful)
Further, it has greatly reinforced perceptions that the US invaded a muslim country for oil, and that the US does not care about the lives of anyone other than it's own citizens. This is exactly what terrorist leaders have been saying about the US for years. Now they have proof, and as a result, far more support.
From a World Islamic Front statement [fas.org], 1998:
First, for over seven years the United States has been occupying the lands of Islam in the holiest of places, the Arabian Peninsula, plundering its riches, dictating to its rulers, humiliating its people, terrorizing its neighbors, and turning its bases in the Peninsula into a spearhead through which to fight the neighboring Muslim peoples.
If some people have in the past argued about the fact of the occupation, all the people of the Peninsula have now acknowledged it. The best proof of this is the Americans' continuing aggression against the Iraqi people using the Peninsula as a staging post, even though all its rulers are against their territories being used to that end, but they are helpless.
Second, despite the great devastation inflicted on the Iraqi people by the crusader-Zionist alliance, and despite the huge number of those killed, which has exceeded 1 million... despite all this, the Americans are once against trying to repeat the horrific massacres, as though they are not content with the protracted blockade imposed after the ferocious war or the fragmentation and devastation.
So here they come to annihilate what is left of this people and to humiliate their Muslim neighbors.
Third, if the Americans' aims behind these wars are religious and economic...
Probably the worst thing I've ever seen a US leader do on an international stage was when Bush painted the war on terror as good versus evil. By doing this he did not have to examine the motivation behind the "evildoers", and he could simply say that they are evil and are attacking the US because the US is "good". This is exactly the same mindset that terrorists have, and exactly the same mindset that has led to some of the worst atrocities that human beings have ever committed.Re:The US should watch the Canadian border (Score:4, Insightful)
It is impossible. A weak country can do this. A strong country can not. Sooner or later someone will ask for help against someone else. A weak country can say: "We can't". A strong one will have to take sides...
You can't be nice to Palestinians and Israelis at once, for example -- the want each other dead. Even a weaker country like Canada can't do so honestly...
The hatred started well before "Bush and his lunacy". Your trolling flamebait conveniently forgets, that "9/11" happened only 9 months into Bush's presidency -- after 8 years under Clinton...
According to bin Laden's ravings, "9/11" was our punishment for deploying in the holy land of Saudi Arabia, which we did to protect Kuwait -- a Muslim nation, BTW. Was that war also "a lunacy" to you?
You can not justify this hatred and you can not negotiate with such people.
So stop your pitiful preaching -- there are better ways to attack Bush.
BTW, Clinton/Gore did not get the majority vote either, AFAIK.
Re:The US should watch the Canadian border (Score:5, Informative)
Not from the "mainstream" press, but excellent articles detailing of how Iraq switching from the U.S. dollar (approved by OPEC in the early 70's as the official currency for oil) to the Euro for oil could seriously harm the U.S. economy.
Not Oil, but Dollars vs. Euros [globalpolicy.org]
Iraq, the Dollar and the Euro [theglobalist.com]
Re:The US should watch the Canadian border (Score:5, Insightful)
What he is suggesting is don't be surprised that groups of people around the world grow to hate the US so much that they WILL fly airplanes into buildings. Not because of the actions of individual Americans, but because of the ongoing actions of every American Government for 50 years. How many despots do they have to put in power (or return to power, like in Iran) before the common people of the country start hating them? How many death squads and murderous rebel groups should they support and fund (Nicaragua and El Salvador) before the regular folks stop believing the "peace and freedom" tripe they claim to espouse.
Do you know what day today is, sparky? It is the 10th anniversary of the start of the genocide in Rawanda. 800 000 people killed in 100 days. That's faster than the Nazis did it at Auchwitz and Treblinka. You know what else? Canadian General Romeo Dalaire had been begging the UN, the US and the other major powers for more troops and more equipment for 3 months prior to this infamous date because he had been tipped off of the impending genocide. He was even forbidden to use the troops and equipment he had to confiscate the weapons he had found, which probably would have prevented the genocide. And do you know what the US did to help? They (along with Britain and France) VETOED a UN Security Council resolution that would have sent the troops and equipment to Rawanda and allowed General Dalaire to conduct opperations. The US signed the death warrant of 800 000 innocent civilians, because preventing genocide is not in the best interests of the US. Why aren't you crying for them? They most certainly did not diserve to die. Too bad there wasn't oil in Kigali, the 1st Marine Expiditionary Force would have been in there in a heart beat....
It is the selfish actions of your government that make people hate the US so much they want to fly planes into buildings. The policies of the US government kill and enslave far more people on a daily basis than all the terrorist attacks they have ever suffered combined. Why aren't you upset by that?
No one deserves to die like your friend Amy. Nor do they deserve to be hacked to death with machetes, or murdered and dumped at El Playon because the voted for the wrong party. Don't pretend that the US government condoning the latter has nothing to do with the former. Until you realize that, expect a lot more 9/11-type attacks in your future.
Re:The US should watch the Canadian border (Score:4, Insightful)
The Baltics - by this you mean Kosovo, of course, where the US had to be convinced to do anything by the NATO allies - the US was almost dragged kicking and screaming into that one, so I wouldn't hold it up as an example of the US doing the right thing of it's own accord. Did you know that the Serbs had been doing the same nasty things that they were doing in Kosovo to deserve getting bombed in places like Bosnia and Croatia for about 6 years before Kosovo? Ever heard of Srebeniza? Did you miss all the rape camps and mass graves in Bosnia long before Kosovo? The US role in Kosovo is a matter of "about time" in the rest of the world.
Haiti - amazing how fast the US will react when something is close to home. Personally I'm glad they are there. They should do more of this. Maybe they sent troops to Haiti so thousands of Haitians wouldn't show up on the shores of Florida AGAIN. The only diffeence between Haiti and Rawanda is about 5000 km. So tell me again why they didn't react when they knew a genocide was about to take place?
As for my "whining" well you are entitled to your opinion. Just remember, when it comes to Saddam, who gave him the money, who sold him the weapons and who is on film shaking his hand. If Iraq didn't have oil, the US wouldn't be anywhere near the place, and it is just that simple. If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.
I will "whine" about the selfish and inconsistant way the US acts in the world all I want, thank you. They invade Iraq to free the people from a vicious dictator, yet let 800 000 die in a preventable genocide. They push China to respect human rights, yet help overthrow a democratically elected leader and replace him with military despot who killed thousands (Chile - the Other September 11). They install puppet regimes all over the world because they will be their "friends" against the Soviets, or Al Queda, or whomever is the enemy du jour, rather than trusting the people of those countries decide for themselves.
They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.
But of course, don't listen to me. I'm just a whiner. No one else in the world could possibly share these opinions. All that terrorism is just the result of "evil" or jealousy or something...
Re:The US should watch the Canadian border (Score:4, Informative)
Somalia - did the right thing, but buggered off when the heat was turned up. As a result, Osama bin Laden and his ilk saw that the US would cut and run if attacked. So, OBL decided to attack the US. Result: September 11, 2001. Guess you shoulda stuck it out and done the right thing, huh?
True, OBL saw our withdrawl as a sign of weakness. But it in no way resulted his decision to launch 9/11. If we stayed, he would have used our presence in a Moslem nation as another "saber rattling" point. Had we stuck it out and "done the right thing" you would probabally would accuse us of installing a "puppet regime" to keep the peace. Damned if we do, damned if we don't.
If Iraq didn't have oil, Saddam would not have become the butcher he was, since he wouldn't had all those US dollars to by the weapons with.
Without our support, he wouldn't have had the weapons to attack Iran. And yes, supplying him with Chemical Weapon technology was a mistake. But it didn't take American technology to make him a butcher. Look at his torture chambers: nothing more sophisticated than rope, iron, wooden poles and electric current. How do you apply the Oil + America = brutal dictator argument here? Yes, WMD was used against his own people, but just as many died through small arms fire or other "low cost" means.
They claim to be about justice, yet opt out of the world criminal court in the Hague. You know, the ones trying war crimes and crimes against humanity committed Bosnia, Kosovo and Rawanda.
This is where you are the most misinformed. We opted out of the WCC for a damn good reason. Plain and simple: An American soldier charged by the World Criminal Court would have fewer rights and due process than he would through the U.S. Military Justice System Please read that again, very slowly, and digest it. We opted out not because we don't care about war crimes, or because we're imperialistic nation-building tyrants bent on world domination, or just because we're assholes. We did it to guarantee that American Military justice is not superceeded by a foreign system that provides fewer rights to the accused. Period!!!
All that terrorism is just the result of "evil" or jealousy or something...
In a word, well, yes. What is it that Bin Laden wants? Listen to his tapes so generously provided by Al-Jazeera:
and.. oh yes..
There you have it sparky. Al-Qaida exists to further the cause of a militant ultra-radical pan-islamic state. There can be peace in Israel and a Free Palestine - They'll still hate us. The U.S. can shed it's dependancy on foreign oil (something I'm 100% in favor of) and never step foot into a Moslem nation again - They'll still hate us. Until I (and 300m other Americans) start shouting "Ahllau Akbar!", cover our wives with burlap potato sacks, overthrow our government and replace it with some whacko Imam, they will continue to hate us. And I can guarantee that the first fatwah that will come out of Washington is to overthrow the Infidel, Secular, Satanist nation to the north of us. Better start studying your Koran.
Re:Today it's a different Story (Score:4, Informative)
Highly unlikely.
If not, why won't these arrests be thrown out of court?
They weren't arrested by US authorities, nor are they being prosecuted in US courts - the agencies that arrested them, presumably the RCMP and MI5, are not bound by the US constitution, and operate under the laws of their own nations, not those of the United States. Even if they were being extradited to the United States, the law is quite clear - non-resident aliens not within the United States and/or its territories and possesions are not entitled to the protections of the Bill of Rights, specifically, the Fourth Amendment [findlaw.com].
Or don't Canadian and Brittish courts care about search warrants?
The RCMP and MI5 undoubtedly conducted their own investigation, and didn't simply run off to arrest people just because NSA said so. During the course of that investigation, those agencies were bound by whatever laws were in effect in their respective nations. Canada does, IIRC, recognize an exclusionary rule similar to that of the United States, but the UK does not. IIRC, of course - detailed questions should be directed to qualified experts in the laws of those nations. ;)
Or don't warrants apply in international law?
Not the way you apparently think they do, anyway. Had the subjects been American citizens, a warrant for any sort of extended surveillance would have been in order for the NSA, if there were plans to prosecute in the US. The RCMP and MI5 operate according whatever the laws of Canada and the UK say about warrants and surveillance.
Re:Orleans (Score:5, Interesting)
For those of you who have no idea where Orleans is in Ontario, its very close to Ottawa
Orleans is part of Ottawa [ottawa.on.ca] actually - one of the east end suburbs.
Also, the guy alledgedly was planning something in the UK, not the US, so the proximity to the US border isn't really an issue. Besides, something like 90% or our population is within a few hours of the US border.
Re:Orleans (Score:3, Funny)
Its funny, laugh
Doh... (Score:5, Insightful)
Though it really surprises me that the NSA would actually take responsibility for passing along tips.
Generally they just pass stuff to the other three letter organizations and they take it from there.
Re:Doh... (Score:3, Insightful)
Re:Doh... (Score:5, Insightful)
Generally they just pass stuff to the other three letter organizations and they take it from there.
I suspect that with all the attention being paid to the traditional lack of cooperation between the various TLA orgs, they're probably falling all over themselves now to show how cooperative they can be. NSA has always been a little better than the others, as this is its primary function-- it doesn't use (ahem) "field operatives" to the same degree that the FBI and CIA does. The real head-butting goes on between the FBI and CIA. The culture of "cops" vs. that of "spooks" creates a lot of friction. They've never worked well together.
Shouldn't this be YRO? (Score:5, Insightful)
Re:Shouldn't this be YRO? (Score:5, Interesting)
Come on now dude. (Score:3, Interesting)
Just look at this guy's name.
Mohammed Momin Khawaja
Consider the number of known Al-Queda operatived who have the first name Mohammed. It wouldn't surprise me in the least if the NSA, FBI, and CIA routinely monitored the communications of everyone in the western hemisphere who has an Arabic name.
They can't have that much spam to weed through.
LK
Re:Come on now dude. (Score:3, Insightful)
Re:Shouldn't this be YRO? (Score:3, Interesting)
If you wanted to communicate something to a person without the message being picked up, you get the person to sign up to porn and spam lists with their e-mail.
When you want them to launch their attack, or to come over for some hawt loving behind their husband's back, you register an e-mail as anonymously
Re:Shouldn't this be YRO? (Score:5, Interesting)
Consider this steganographic method:
1. Take a brief secret message you want to send (less than about 12 characters).
2. Take a standard spam email.
3. Set i to 0.
4. Search for the next occurrence of (the ith character of the secret message) in the spam email.
5. Replace that letter in the spam email with something else, such that the new word which is formed is NOT in the dictionary.
6. Increment i and repeat for the whole secret message.
7. Send the new spam email (with the grotesque misspellings) to intended recipient.
To decrypt:
1. Search the spam email for the first misspelled word and suggest replacements from the dictionary (knowing that exactly one letter was misspelled). Compare with the misspelled word and get all possible candidate letters for that position.
2. Repeat for all such misspelled words.
3. You will now have a (hopefully small) number of possible letters for each position. Do an exhaustive permutation of them all (hopefully it will not be larger than about 10^7) and search for messages with sequences of letters which DO exist in the dictionary.
4. You will now have a small number of candidate decrypted messages. Decide for yourself (context-based) what the intended message was.
I personally know someone who implemented this exact scheme and tried it with a few individual words (he wanted to send one word of secret message per spam email to keep the combinatorial explosion within bounds). Unfortunately most his fake spam emails were deleted by his spam filters. But it's an intriguing idea nonetheless.
My point is: how would you keep track of all that spam and analyze them for such stunts? God knows we have enough spam with intentional misspellings to defeat Bayesian filtering already. Just add strong crypto to the plaintext message before embedding it in the fake spam and we now have much harder problems. Is there even a theoretical way to detect (leave alone decrypt) such messages?
Re:I don't give a shit. (Score:3, Insightful)
They came for the blahs, but I'm not a blah so I did nothing.
They came for the foos, but I'm not a foo so I said nothing.
Then they came for me, and no one was left to do anything.
Or something along those lines.
So yeah, terrorists today, guys named Jason Straight tomorrow.
You've been warned.
Yeah right... (Score:4, Insightful)
Re:Yeah right... (Score:5, Insightful)
Re:Yeah right... (Score:5, Insightful)
Remember Richard Reid, he of the explosive footwear? Caught when a passenger noticed him trying to set light to his shoes? Anyone with intelligence greater than or equal to that of a bag of hammers would have gone to the toilet and THEN tried to detonate their payload...
The people who plan the operations might be smart, as may the people who instruct the bombers. But sooner or later you've got to communicate with the moron you're exploiting and persuading to blow himself up. At that point you're vulnerable, because he's stupid and easily led and all in all a liability.
Suicide bombers are not stupid (Score:5, Insightful)
Of course there are stupid ones as well but that's true for everything.
Re:Yeah right... (Score:5, Interesting)
I don't know where i read this. A terrorist group was using hotmail to plot terrorist attacks. One terrorist in Pakistan would compose a message and save it in the drafts folder without sending it. The other terrorist across the world would log into the same account and read the message from the drafts folder.
Re:Yeah right... (Score:3, Interesting)
Re:Yeah right... (Score:4, Insightful)
I'm guessing they're not quite to the place where they are cracking codes on the fly... yet.
Re:Yeah right... (Score:5, Funny)
Re:Yeah right... (Score:5, Interesting)
Hey, these are the same dipshits that confused AM/PM on their bomb in Spain, and blew themselves up in Gaza because they didn't account for daylight savings time.
I am sure that some of them try to use encryption, but:
1. I would guess a mojroity of the traffic is in the clear, "security through nonchalance and obfuscation"
2. What makes you think that the encryption systems available to the general public aren't easily cracked by the boys in Virginia and Maryland?
Re:Yeah right... (Score:5, Insightful)
Mathematics.
Re:Yeah right... (Score:3, Insightful)
Re:Yeah right... (Score:5, Interesting)
-
Mathematics is generally no guarantee. (Score:3, Informative)
There are in many key types, such as RSA which relies on prime number factoring difficulties, where there is no published proof on how hard it has to be to crack the keys, (and no proof on how hard it has to be to find a previously-unknown weakness).
No one has published how to easily crack RSA for long key lengths. A smart mathematician working for NSA could have solved the problem years ago if they can keep a good secret.
And quantum computing seems to be on the horizon as well, and I would not put it pa
Re:Mathematics is generally no guarantee. (Score:3, Insightful)
However, what makes you think that terrorists would use public key encryption? Presumably, these people meet in person, in secret, to discuss illegal activities. In such a scenario, they could give each other their passphrase by word of mouth. Public key encryption is only relevant when the medium for transmitting your keys is insecure.
If I remember r
Re:Yeah right... (Score:3, Informative)
Remember: Rc64 needed over 2 YEARS on 200k+ pcs.
128 bit needs 2^64 as much time. Even with asics, future technology and a billion$ budget you cant brute force it.
Algorithm weaknes is another matter, but the general algorithms are open, and hundreds of mathmematicans have scanned them for years and havend found any (of course those with errors are no longer in use).
Re:Yeah right... (Score:3, Funny)
A few reasons... (Score:5, Interesting)
1. You can not brute force a 256+ bit encryption. It'd be like every atom of earth (2^171) solving at 1THz (2^40) for a million years (2^45). So it must be an algorithm attack.
2. A lot of encryption theory is developed outside the US or in academia as theoretical mathematics. They do not have a monopoly on intelligence, or on trying to crack them.
3. Most encryption protocols rely on well published, well researched topics, like difficulty of factorization as opposed to multiplication. For them to have it would imply that a) such a solution exists and b) that they, but not anyone outside of their community would find it.
4. Most encryption protocols are vastly overengineered compared to the threats. Like, e.g. an opponent with a million times more computing power (-20 bits) or capable of instantly rejecting 99% of the keys (-7 bits) would have nearly no influence on the difficulty.
In short, there's every reason to believe that your favorite three-letter agency will capture the input before encryption or after decryption, due to a flawed implementation, unsecure handshake or through a man-in-the-middle attack than breaking the encryption/algorithm itself.
Kjella
Re:Yeah right... (Score:3, Insightful)
Jedidiah.
Re:Yeah right... (Score:5, Insightful)
Even if they can't break the encryption, the traffic analysis allows them to figure out who is talking to whom, and that allows them to direct other forms of intelligence gathering.
I've heard of small efforts to confuse and annoy the NSA by the regular use of encrypted email by people with nothing to hide, but such things are difficult to use at the moment, what with the key exchanges, the requirements to use particular mailers, and the fact that many people don't particularly want to participate in that little game, especially since it does leave you open to scrutiny.
Combine that with a previous poster's observation that terrorists are more thugs than criminal masterminds, and yeah, I suspect that most of these efforts (at least at the low levels) do in fact use plaintext email.
Not that that makes the NSA's life easy. There's an awful lot of email out there, and just looking for words like "bomb" in an email is going to be worthless.
This case, I suspect, probably started with one email address that they suspected to be used by a terrorist through some other form of intelligence. That allows them to narrow down the search space.
In other words, I doubt they have any techniques that allow them to take the entire firehose of email and sip out a manageable amount based just on the text. Which means that they're almost certainly not really reading your email, and you can include "I'm going to blow up the President" all you like without incurring the slightest notice, unless they've got some other bead on you already.
Which doesn't mean that they couldn't read your email, if they so chose. They're not allowed to, if you're in the United States, but the capability certainly exists. Which is the remarkable part of this story: them admitting the capability. I really don't know why.
Nice to hear (Score:3, Insightful)
Re:Nice to hear (Score:5, Interesting)
Possibly not - obviously the various PATRIOT acts have changed the landscape somewhat, but hasn't it traditionally been against the law for the US government to monitor US citizens without a warrant? Echelon was established in the aftermath of the 2nd World War, and basically provided a mechanism for spying on your own citizens: Canada spies on US citizens, and alerts the US authorities, and vice verca. Insert any combination of UK, Australia and NZ governments here for the full horror.
In other words - the NSA probably don't need to monitor you. They'll find out the naughty things you're plotting, regardless!
Re:Nice to hear (Score:3, Informative)
Hurray for the good guys! (Score:5, Insightful)
Somebody forgot to use encryption! (Score:5, Interesting)
Whatever the NSA is doing to monitor all the traffic, I'm sure the RIAA and MPAA are drooling at the prospect of using this technology to catch so-called copyright violators. Civilian applications for a military technology, natch!
Re:Somebody forgot to use encryption! (Score:3, Interesting)
Re:Somebody forgot to use encryption! (Score:5, Interesting)
>
> Anyone remember what algorithm it was? I think it might have been RSA.
It was DES. NSA suggested that IBM make some modifications to the S-boxes that made DES more resistant to differential cryptanalysis.
At the time, nobody (but NSA) knew about differential cryptanalysis. NSA basically told IBM to make the changes, and that it couldn't tell IBM why the changes were required.
At the time (1980s), "informed speculation" in the crypto community was that NSA had weakened DES. When differential cryptanalysis was "discovered" publicly, a lot of smart people with a lot of math degrees under their belts... wound up looking like they had a fair bit of tinfoil on their heads :)
Re:Somebody forgot to use encryption! (Score:3, Insightful)
Re:Somebody forgot to use encryption! (Score:5, Informative)
Once they suspect illegal activities and start an investigation, there is a lot of way to access the plain text without having to break the encryption algorithm. One easy way, is to break into the target computer and install a key logger. This requires a lot less efforts.
Note that to suspect illegal activities, they can just do some traffic analysis. If they find some pattern (an e-mail is sent from A in CA to B in the UK, then shortly after another e-mail is sent from B in the UK to C in Pakistan, then you have the same path in reverse and the pattern repeat a lot) that trigger their alert, they will monitor A, B and C a little more closely and dig a little deeper to see if it looks suspucious enough for an investigation. Then they start to do active spying and they build their case.
The passive monitoring in that case does not requires an breaking of encryption... it does not even requires to know the plaintext (if the traffic is encrypted).
Re:Somebody forgot to use encryption! (Score:3, Funny)
>
> Surely the guys from the NSA reading this now can answer that for us...
The guys from the FBI probably could answer that, and might answer it without even knowing they'd done so. The guys from CIA could, but probably wouldn't, answer it. The guys from NSA definitely can answer that, but are smart enough not to. :)
Clue hierarchy is as follows: NSA > CIA > FBI. Not sure where the UK and Russian Federation int
Terrorism & spam (Score:5, Funny)
US Law? (Score:5, Interesting)
Apply American laws to events occuring in America. The United States is big, but it's not everything in the world. How DARE they presume to police the world and its communications.
Re:US Law? (Score:4, Interesting)
It's a big country with a big military and big economic weight. That's how they Dare it.
I'm not saying I agree with their policy, I just don't neccessarily degree on the grounds you've described. How is the NSA supposed to tell where a particular X is heading before it gets there without reading it?
Your arguement seems to make sense, but it's not quite logical.
Re:US Law? (Score:3, Insightful)
Re:US Law? (Score:5, Interesting)
That said, police are mainly historians. They go to crime scenes, piece together evidence, and figure out what happened after the fact. That's all well and good, but I would much rather be proactive with threats to the nation and our people and stop attacks before they happen than be "investigators" sifting through dead bodies.
Oh, good (Score:5, Insightful)
Seriously, I'd say that it's a pretty reasonable bet that AIM/ICQ/MSN/Yahoo are routinely monitored. They're easy to data-mine (heck, the commercial data from that *alone* is phenomenal -- if people hear on a show that "Debora Mullins and Sandra Walker will be possibly starring in 'Shredded Metal 2', and there's a mass of messages saying "Debora Mullins sucks", that'd be awfully useful to the production company.
As for the NSA/CIA/FBI, messaging services are frequently used, easy to log and data-mine (no speech recognition necessary) systems that provide no end-to-end encryption that pass through a single point -- in the United States.
Jabber is the only reasonably well-designed IM system I've seen, and nobody *uses* Jabber, sadly enough.
Before putting on your tinfoil hat... (Score:5, Informative)
If you are a U.S. citizen, your main privacy concerns should be with the FBI and the DoJ with their powers granted by the Patriot Act.
Re:Before putting on your tinfoil hat... (Score:5, Interesting)
Although NSA is technically prohibited from performing incercepts on U.S. citizens, they do not shy away from operating against non-citizens here in the U.S. An interesting tale in those books is how, back in the day that Western Union was the only way to transmit internationally, NSA leaned on them to in effect "Bcc" the U.S. Gov't on all incoming / outgoing faxes from the U.N. without the knowledge of our friends or allies. Sweet.
Officially, yes; however... (Score:5, Interesting)
When I was in the navy we conducted counter narcotics patrols off the coast of Colombia and Panama. Since the military is not allowed to engage in law enforcement (that pesky Constitution and all) we simply had a Coast Guard team (they're Dept of Transportation and not Defense, so they *can* do law enforcement) that took care of the actual boarding of vessles and law enforcement. In fact, it had to be the Coast Guard person on watch who initiated the request to investivate/board a vessle. There was no "official" cooperation between the military and the Coast Guard on this, but when you get orders on the secure circuit to "think about getting to these coordinates in exactly 12 hours" which result in the Coastie on watch saying "Oh hey -- there's a boat... let's board him!" can you deny that there is unofficial cooperation going on?
(There were further stories about SEALS and other special forces folks who were officially discharged from the military and transferred to "another agency" for two weeks at a time in order to engage in "direct action law enforcement" before "deciding to reenter the military." It's call "sheep-dipping" and is just one more thing for the tin-foil-hatters to worry about...)
I suspect that this is probably what's going on with the NSA et al. If the agency in question either thinks/knows they're looking at a US citizen, they can just drop a pointer to the intel in the inbox of an agency who *can* legally handle it (Oh geez -- I wonder where *that* lead came from?). Or there are teams of "not officially NSA folks" who just happen to be working at NSA alongside the others who are legally allowed to investigate US citizens (similar to Coasties on US Naval vessles for counter-narc activities).
Take your pick as to the method in use or make up another, but I am pretty sure it's going on and will not be going away anytime soon.
Re:Before putting on your tinfoil hat... (Score:3, Insightful)
I'm sure that's a great comfort to the people living in England, France, China, Japan, Israel, Italy, Macedonia, Comoros, The Philippines, Cyprus, Antigua, Nicaragua, Haiti, Kazakhstan, Germany, Serbia, Cuba, Belize, Peru, Lesotho, Hungary, Barbados, Mali, Ecuador, Chile, Romania, Gabon, Mauritania, Greece, Laos, Seychelles, Korea, Tanzania, Russia, Argentina,
Re: Passive E-Mail Monitoring Leads To Arrest (Score:5, Insightful)
The article starts off with a diabolically, highlighting the boast of a mysterious hacker who works as NSA. No names are quoted. The whole thing is given a hollywood-esque charm (the hacker known only as "Mudhen" (mud hen? duh!), a charming pseudonym for NSA - Puzzle Palace).
After adding sufficient soundbites to attract reader's attention, besides making one thing is it one of those devious secrets about NSA, it suddenly changes tone and highlights the achievement of NSA "spies". Charming. Other gems:
"army of cryptographers, chaos theorists"
"that may have pulled in the first piece of evidence"
"massive investigation in several countries "
And then finally a quick rundown on TCP/IP.
One could almost mistake it for communistic propaganda, if only it hailed the fatherland (or the motherland) as well...
ps: don't forget, there are no facts or figures mentioned anywhere in it well.
New Spam Solution (Score:5, Funny)
Re:New Spam Solution (Score:3, Insightful)
opensource this- a program designed to pass messages via spam, undetectable without the key...if 50,000 people get the message, and only one can read it....
release it.. BAM! the government (homeland security) will suddenly find a way to stop spam.
It's sad... (Score:5, Funny)
E-Mail is public? (Score:5, Interesting)
Don't send anything in the email that you don't want printed in the classified ads of the local paper. Because sending email is like sending a postcard. Every postman between here and there can read what you've said.
What makes me wonder is that these "terrorist" were sending email that was unencrypted? [tinfoil hat] Or maybe, the NSA were able to get backdoors to encryption technology and that what what is passively being listened to. [/tinfoil]
You never know who is listening... (Score:3, Interesting)
If you were scanning all e-mails, would you put your resources on mails that looked encrypted or those that look like junk mail?
wardriving analogy (Score:3, Interesting)
And that's on top of all the arguments about whether broadcasting information through the Internet is/should be/isnt/shouldnt be private.
Can you be accused of being a voyeur if the person you're looking at is walking around in public naked?
Scary. But, inevitable. (Score:3, Interesting)
= 9J =
Stenography (Score:5, Funny)
Re:Stenography (Score:4, Funny)
According to dictionary.co that means...
4 entries found for Stenography.
stenography ( P ) Pronunciation Key (st-ngr-f)
n.
The art or process of writing in shorthand.
The art or practice of transcribing speech with a stenograph machine.
Material transcribed in shorthand.
Do you perhaps mean Steganography
encryption probably makes it easier (Score:3, Insightful)
And if that message is routed from an IP address in England to a cybercafe in Pakistan then so much the better. And if mail from the same address was sent to a known bad-guy last week then better still -- and before you know it, your door gets kicked in and several burly men are asking you questions about the half-tonne of fertilizer you just purchased.
Media coverage (Score:5, Insightful)
However, the media coverage of the whole thing sucks.
His father, Mahboob A. Khawaja, has been detained in Saudi Arabia, where he is a professor at some university. The media reports that the father wrote articles critical of the West's meddling with the Muslim World's affairs. He wrote a book called Muslims and the West [amazon.com].
How is that relevant to anything? Is it an attempt to tie genuine legitimate criticism to terrorism somehow?
I did some searching [google.ca] on the father, and found quite a few articles, most of it critical to the Arab rulers than anything else. Seems he places blame where it belongs, whether in the West or in the Arab world.
This reminds me of the terms "terrorism", "anti-Americanism",
This whole thing about "guilt by association" got to stop.
net rules. (Score:3, Insightful)
2.) expect weak encryption to be easily broken--it's prettymuch a given that the NSA has hardware *specifically designed* to break or brute force crypto. they employ many of the worlds greatest mathmatic savants out there, do not underestimate their capabilities.
3.) All your base ae belong to U.S.
Would it change the discussion (Score:5, Insightful)
It's all well and good when the bad guys get caught...right up until the definition of "bad guys" gets changed. Yesterday there was an article about the DOJ labeling pornographers as "bad guys." There's no logical end. What's to stop someone being labeled as a bad guy for not going to church, or not supporting the government, or not going along with whatever intrusion-of-the-day on your privacy? It's not that big of a change from where we are now.
Some questions (Score:4, Interesting)
Is the monitoring with the cooperation of the ISPs who control the gateways/routers? Is it mandated that they have the monitoring taps? Or is it unknown to them (NSA are tapping into the signal unbeknownst to the ISPs)?
(I think this has a known answer.) Is is true that pretty much all intercontinental traffic goes through the USA? ARe there any routes eg, Europe to Asia, or other continents that are just direct routes not passing via the USA?
Alternate explanation (Score:4, Insightful)
So what did he plan to do? (Score:5, Insightful)
These days, planning a street party can be a 'terrorist act'. Handing out pamphlets in Washington, despicting GWB as a sheep, explaining why he's such a nut, could be a terrorist act.
Mooning the traffic on an interstate could be a terrorist act.
Anybody know?
some incorrect info in article (Score:4, Informative)
Evidently they are confusing packet headers(envelope, as they call it) with e-mail headers.
And the counterexample to the second statement is NAT(Network Address Translation).
Your ignorance is worse (Score:5, Interesting)
Re:Sigh (Score:5, Insightful)
"'Foreign traffic that comes through the U.S. is subject to U.S. laws, and the NSA has a perfect right to monitor all Internet traffic,' said Mr. Farber, who has also been a technical adviser to the U.S. Federal Communications Commission."
I've never been under the illusion that internet traffic was private, but could someone tell me what law give them this power? I'm not being sarcastic here, I'd really like the information.
-
Re:Sigh (Score:5, Informative)
From http://www.interesting-people.org/archives/intere
Out of curiosity I went hunting for info on the United States Signals
Intelligence Directives (USSIDs) I had to be aware of in a former line of work.
Much to my surprise, USSID 18, which outlines procedures for the NSA's
collection of data on "U.S. persons" was declassified just over a year ago.
I thought the document might be of interest to IPers, especially at this time.
An introduction, and links to the archives can be found at:
http://cipherwar.com/news/00/nsa_surveillance.htm
(From the site above:)
In the aftermath of revelations in the 1970s about NSA interception of the
communications of anti-war and other political activists new procedures
were established governing the interception of communications involving
Americans. The version of USSID 18 currently in force was issued in July
1993 and "prescribes policies and procedures and assigns responsibilities
to ensure that the missions and functions of the United States SIGINT
System (USSS) are conducted in a manner that safeguards the constitutional
rights of U.S. persons."
(And a bit from USSID 18, itself - any errors in transcription are my fault:)
SECTION 1 - PREFACE
1.1. (U) The Fourth Amendment ot the Unites States Constitution protects
all U.S. persons anywhere in the world and all persons within the United
States from unreasonable searches and seizures by any person or agency
acting on behalf of the U.S. Government. The Supreme Court has ruled that
the interception of electronic communications is a search and seizure
within the meaning of the Fourth Amendment. It is therefore mandatory that
signals intelligence (SIGINT) operations be conducted pursuant to
procedures which meet the reasonableness requirements of the fourth
amendment.
1.2. (U) In determining whether United States SIGING System (USSS)
operations are "reasonable," it is necessary to balance the U.S.
Government's need for foreign intelligence information and the privacy
interests of persons protected by the Fourth Amendment. Striking that
balance has consumed much time and effort by all branches of the United
States Government. The results of that effort are reflected in the
references listed in Section 2 below. Together, these references require
the minimization of U.S. person information collected, processed, retained
or disseminated by the USSS. The purpose of this document is to implement
these minimization requirements.
1.3. (U) Several themes run throughout this USSID. The most important is
that intelligence operation and the protection of constitutional rights are
not incompatible. It is not necessary to deny legitimate foreign
intelligence collection or suppress legitimate foreign intelligence
information to protect the Fourth Amendment rights of U.S. Persons.
1.4. (U) Finally, these minimization procedures implement the
constitutional principle of "reasonableness" by giving different categories
of individuals and entities different levels of protection. These levels
range from the stringent protection accorded U.S. citizens and permanent
resident aliens in the United States to provisions relating to foreign
diplomats in the U.S. These differences reflect yet another main theme of
these procedures, that is, that the focus of all foreign intelligence
operation is on foreign entities and persons.
Re:Sigh (Score:5, Insightful)
Tricksy hobbitses tries to takes away our privacies! Must protect the precious...
Re:Sigh (Score:3, Flamebait)
It's convenient that the first instance of e-mail "bugging" resulting in action is against a terrorist.
Is it convenient, or does it make perfect sense? Email, which we all know is completely insecure, is monitored until they find something worthy. Some terrorists turn up, and they are arrested.
Basically, since it stopped a terrorist, it completely validated this breach of privacy.
Exactly.
Re:Sigh (Score:3, Insightful)
Of course, if what you're transmitting is encrypted data, it becomes harder to figure out what you're up to. If your encryption is b
Re:Sigh (Score:3, Interesting)
Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.
Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investi
Re:Sigh (Score:5, Insightful)
I'm not sure which part is worse, email monitoring (sure, they SAY it's passive...) or the terrorist activities.
You're not sure? I am. Terrorism is worse than reading someone else's email.
Re:yuck (Score:3, Insightful)
So this is the first thing we need. You want privacy? I want security more...
NSA is not the enemy - they are protectors. A bunch of dedicated professionals, even IF some of them need to get out into the sun more ofte
obligatory quote (Score:3, Insightful)
-- Ben Franklin
Re:Yea (Score:5, Interesting)
Terrorists target civilians, remain anonymous as often as possible, and their goal is often annihilation rather than separation.
Re:Yea (Score:3, Informative)
Thanks Lefty (Score:3, Interesting)
The people picked up were in Britain and Canada. It said nothing about them being US Citizens. It did, however, state that the nature of discussions was of terrorist activity (presumably against the US or US interests).
Conveying this to the Canadian and British authorities is a reasonable activity for our National Security Agency. If you want to talk about due process, perhaps you should watch to see what Canada and Britain do with them.
I've met jackasses like that (Score:3, Informative)