Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption United States Your Rights Online

Paris Attacks Would Not Have Happened Without Crypto (arstechnica.com) 521

An anonymous reader writes with a story at Ars Technica, citing a Yahoo News interview, that National Security Agency Director Michael Rogers has explicitly blamed the terrorist attacks which struck Paris last November on communications backed by strong crypto. From the article: Because of encrypted communications, he said, "we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened." Rogers did not explicitly re-launch the campaign waged by FBI director James Comey to force technology companies to provide a "golden key" to encrypted communications. Rogers called encryption "foundational to our future" and added that arguing over encryption backdoors was "a waste of time." But he did say that encryption was making the job of the NSA and law enforcement more difficult. The interview comes shortly after the FBI won an order requiring Apple to provide technical means to bypass the security measures preventing them from unlocking the iPhone 5C belonging to Syed Rizwan Farook. Farook, along with his wife, are responsible for the December mass shooting in San Bernardino, California."
This discussion has been archived. No new comments can be posted.

Paris Attacks Would Not Have Happened Without Crypto

Comments Filter:
  • by Anonymous Coward on Thursday February 18, 2016 @10:58AM (#51534803)

    They keep trying, however the true fact remains no encryption was used by these terrorists.

    • by Jason Levine ( 196982 ) on Thursday February 18, 2016 @11:13AM (#51534935) Homepage

      They used the incidious ROT-26 encryption. How are police expected to bypass that?!!!

    • by alphatel ( 1450715 ) * on Thursday February 18, 2016 @11:17AM (#51534967)

      They keep trying, however the true fact remains no encryption was used by these terrorists.

      Nor would it have helped prevent 9/11. Encryption is nothing. Intelligence and cooperation are everything.

    • by Thud457 ( 234763 ) on Thursday February 18, 2016 @11:22AM (#51535011) Homepage Journal
      liar [techdirt.com] caught lying again [theintercept.com].

      Hey NSA, &other FED LEOs - don't destroy the infrastructure of the world economy with your abject incompetence. You can't even effectively make use of the encrypted data you already collect.
      • by Thud457 ( 234763 )
        dur -- should be " un encrypted data you already collect" there.
        • by Vlad_the_Inhaler ( 32958 ) on Thursday February 18, 2016 @12:44PM (#51535723)

          Actually, their lies go far deeper than that. The terrorist group involved have a glossy color magazine called Dabiq [clarionproject.org]. Apparently that magazine carried an interview with the leader of the Brussels / Paris cell where he announced that he was planning to hit Paris. Several months before the attacks. I wonder if any of the secret services read the thing, it is in English.

          • by Solandri ( 704621 ) on Thursday February 18, 2016 @02:09PM (#51536325)
            It's not quite that simple. There's an apocryphal story that right after the Cold War ended, senior officials from the KGB and CIA met one night for drinks and got to talking about their espionage exploits. The CIA people said how easy it must've been for the KGB to infiltrate an open society like the U.S. Able to blend in with the population, travel freely, and get access to documents while posing as regular citizens. The KGB people said on the contrary it was extraordinarily difficult. While the U.S. secrets were mostly all out there, they were mixed in with an ocean of tabloid and conspiracy publications an open society produces. They had to waste tremendous resources trying to figure out of that National Enquirer story about the U.S. having captured aliens and their UFO was made up, or if there really was some truth behind it.

            That's what you have to deal with with open publications. Yeah western inellignece can read Dabiq. But ISIS also knows that they can read it. Thus it becomes a perfect platform for feeding western intelligence agencies disinformation. Anything that's openly published that way has to be taken with a huge grain of salt unless it's corroborated by other intelligence. The reason why intelligence agencies are so desperate to break crypto is because if you're encrypting something, you're presumably doing so because it contains information you don't want foreign intelligence agencies to read. Thus it is precisely the type of stuff intelligence agencies want to be able to read.

            That's not to say we should roll over and let NSA put backdoors in everything. If they get that, then ISIS knows and can start poisoning their encrypted communications with disinformation, while pulling their real communication behind a higher level of encryption. No, in order for what the NSA wants to work, they would have to insert backdoors but also keep those backdoors secret from the public. My best guess is the western intelligence agencies are raising the spectre of backdoors in encryption software they know they can't break, in the hopes it scares groups like ISIS into using different encryption tools. Perhaps ones they can already break. Or maybe ISIS will try to write their own encryption software, which is notoriously difficult and can easily result in flaws which can be exploited by intelligence agencies to help them crack it.
            • It's probably easier to just compromise the endpoints. Strong crypto is already out there. It's open, it's documented, and it's in the wild. There is no way that the American government can put that toothpaste back in the tube, short of declaring anyone with strong crypto a criminal (very unlikely). GPG can already do the trick for secure communications - but the built-in device stuff is a low-hanging fruit that is easy to chase after-the-fact. The easier and most likely route of attack is compromising

      • by Anonymous Coward on Thursday February 18, 2016 @12:50PM (#51535773)

        It appears that your first link is regarding a different Mike Rogers - Representative Mike Rogers from Michigan, whereas the gentleman in the article linked in the story is Vice Admiral Mike Rogers, NSA Director.

        Its confusing that there are 2 prominent political representatives named Mike Rogers as well as the director of the NSA, and that at lest 2 of the 3 are talking about crypto issues, but to keep the lines clear and make proper arguments, particularly about the veracity of someone's statements, its best to be clear on the facts.

    • by Anonymous Coward on Thursday February 18, 2016 @11:38AM (#51535163)

      That's beside the point anyway. It doesn't fucking matter. If they had used encryption, would we start falling over ourselves to give the government back doors? No. The discussion shouldn't be about whether or not they used encryption. Part of me thinks that they keep repeating this shit over and over so that when we do get an attack in which the attackers use encryption (yeah, I'm intentionally avoiding all forms of the word "terror"), that will already be the frame of the discussion and we'll have to backpedal to get back to the "it doesn't fucking matter" that we should have been stressing in the first place.

      • by d4fseeker ( 1896770 ) on Thursday February 18, 2016 @11:59AM (#51535325)
        While I do agree with you, it's basically the same point underneath. Proving that attacks without encryption could not be stopped shows that encryption does not really matter in the first place. And as such we've landed on your standpoint. What some political dimwits are not getting is that no trained attacker would be stupid enough to make the information publicly available. Be it through encryption, obscurity or just by having the plans drain in the sea of useless information surrounding it... there are always methods of getting something done in secrecy.
      • It's called the Big Lie, and it works. Over and over and over ...
    • It will happen (Score:5, Insightful)

      by Sloppy ( 14984 ) on Thursday February 18, 2016 @12:32PM (#51535621) Homepage Journal

      It will happen someday, though.

      A terrorist will buy a set of Star Trek steak knives over eBay and they'll use HTTPS to transmit their eBay password. A future terrorist will lock the door of their house (why are these people even allowed to have locks, anyway?) and his wife will plaintext email him, "Did you lock the house? Remember, we're going to that party right after work tonight," and he'll say "quit telling all the snoops on the Internet which days our house has no one home," and they'll start encrypting their personal conversations. And that'll be that: they'll be encryption users too, just like the rest of us.

      Some day, a terrorist is going to use a motor vehicle to travel from their home to the site of their terror.

      Some day, a terrorist will use an alarm clock, instead of the sun, to get up at the correct time.

      We need to face the facts: technology is bad. Anything that empowers humanity, can be used by humanity in the service of bad things. Power is bad. Capability is bad. Failing to starve when the gods wants you to starve is bad, and being immune to smallpox is bad and is why the gods have to invent new ones, like AIDS. It's time to end this nonsense of technology, and go back up into the trees. Because the apes in the trees never do anything bad to one another.

      The reason I know that apes never try to harm one another, is because I carefully cultivate shocking ignorance about anthro-- er I mean -- zoology -- no, wait -- I mean biology since plants also do ev-- no wait: game theory. Well, I mean, statistics. I try to remain ignorance of mathematics and everything which stands upon or can be modelled by mathematics.

      And you can too. Join me in giving a fuck about whether or not bad people use the same technology as good people.

      • The reason I know that apes never try to harm one another, is because I carefully cultivate shocking ignorance about anthro--

        I know you're joking, but for those that didn't get it, apes (well, chimpanzees) are known to go to war [wikipedia.org].

  • Wait... (Score:5, Insightful)

    by 93 Escort Wagon ( 326346 ) on Thursday February 18, 2016 @10:59AM (#51534809)

    I thought the reason the French police were able to find the attacker's apartments, accomplices, and so on very quickly was because the attackers used regular unencrypted methods of communication, such as SMS?

    • Re:Wait... (Score:4, Funny)

      by postbigbang ( 761081 ) on Thursday February 18, 2016 @11:02AM (#51534831)

      You succumbed to that propaganda, too, eh?

      Oops, I mean the truth.

      • We need to be careful here:. The argument should be that it doesn't matter whether or not they used encryption. We should not destroy our ability to communicate privately since this is fundamental to a free society and worse, it would give the terrorists a government mandated backdoor they might get hold of. While it is tempting to just point out that this call is based on a lie (and if I were more cynical I might suspect that this is the reason for making such an obvious lie) one day it probably won't be s
    • Re:Wait... (Score:5, Insightful)

      by mellon ( 7048 ) on Thursday February 18, 2016 @11:06AM (#51534883) Homepage

      Yes, and indeed the referenced article says that we had two months of warning and did a drone strike to take out the command and control operation (or, more likely, some goat herders). And that wasn't enough to prevent the attack. If there's a lesson here, it's that this is an asymmetrical problem, and fixing it is going to require addressing underlying causes, not throwing cash and civil liberties on the bonfire in a futile attempt to even things up.

      • Re:Wait... (Score:5, Insightful)

        by Feral Nerd ( 3929873 ) on Thursday February 18, 2016 @11:12AM (#51534925)

        Yes, and indeed the referenced article says that we had two months of warning and did a drone strike to take out the command and control operation (or, more likely, some goat herders). And that wasn't enough to prevent the attack. If there's a lesson here, it's that this is an asymmetrical problem, and fixing it is going to require addressing underlying causes, not throwing cash and civil liberties on the bonfire in a futile attempt to even things up.

        But it's so much easier to throw cash, guns and draconian prison sentences at a problem than tackling the root cause? I mean, just take one look at how successful the war on drugs has been!!!

        • Re: (Score:2, Informative)

          by Anonymous Coward

          the war on drugs seems to be working...it is doing a pretty good job of keeping Pseudoephedrine out of the hands of some very sick individuals...

          there is something wrong when it takes a dna sample and being added to 3 watch lists to buy good cold medicine.

    • by AmiMoJo ( 196126 )

      Of course they didn't use encryption, that would have been a huge red flag. Dark skinned guy crossing borders and using encryption, what could be more suspicious?

      That's the basic problem with the current "collect it all and let the machines find the intel" method. It's not only easy to avoid detection, it's actually easier for the terrorists. No mucking about with crypto software and key distribution, just disappear into a sea of auto-correct mistakes and unfathomable codewords only understood by 14 year ol

  • Bollocks (Score:5, Insightful)

    by some old guy ( 674482 ) on Thursday February 18, 2016 @10:59AM (#51534811)

    Mohammed Atta et al weren't using encrypted communications, just AOL and flip phones. Yet the TLA's totally screwed the pooch on 9/11.

    A .125 batter can't keep blaming the bat forever.

    • Mohammed Atta et al weren't using encrypted communications, just AOL and flip phones. Yet the TLA's totally screwed the pooch on 9/11.

      A .125 batter can't keep blaming the bat forever.

      Not in industry, no. But in government? Hell, .125 is a pretty damned good average for government work.

      After all, what are you going to do, shop at a different government?

  • Crypto? (Score:3, Insightful)

    by meta-monkey ( 321000 ) on Thursday February 18, 2016 @10:59AM (#51534813) Journal

    The Paris attacks wouldn't have happened without crypto? That's a funny way to spell "Islam."

    • Re: (Score:2, Insightful)

      by Limburgher ( 523006 )

      The Paris attacks wouldn't have happened without crypto? That's a funny way to spell "Religious Extremism."

      TFTFY

      • Re:Crypto? (Score:5, Insightful)

        by ganjadude ( 952775 ) on Thursday February 18, 2016 @11:34AM (#51535131) Homepage
        pretty sure it was islam in this case.... lets stop pretending that christians, buddists and hindus are out there blowing up buildings and mass shooting people (in the name of their religion) on a literal daily basis
        • Re:Crypto? (Score:5, Informative)

          by TigerNut ( 718742 ) on Thursday February 18, 2016 @11:46AM (#51535239) Homepage Journal
          Your goggles are on too tight... you don't have to look very far back in time to find the IRA and other Christian groups doing their thing. Remember also the Tokyo ricin attacks? That was some local cult. How about David Koresh and Jim Jones?
          • How about David Koresh

            I'm sorry, it was the FBI that kill the women and children. Blame the government for over reacting.

          • Re: (Score:3, Insightful)

            by Gr8Apes ( 679165 )

            That's true, and guess who stopped them? Let's see the rest of the Muslim world actively target their own extremists. Currently I see little, ok, no meaningful action and even tacit or open support under the guise of the "enemy of my enemy is my friend" line of thinking. Perhaps this impression is why so many equate Islam with the extremist terrorists?

            Religion itself is a problem, in any guise. All religions have had their followers commit atrocities. Even buddhists who claim to revere life and peace as t

        • Re:Crypto? (Score:5, Funny)

          by DRMShill ( 1157993 ) on Thursday February 18, 2016 @12:34PM (#51535641)

          I beg to differ: http://www.theonion.com/articl... [theonion.com]

    • Re:Crypto? (Score:5, Insightful)

      by Anonymous Coward on Thursday February 18, 2016 @11:25AM (#51535037)

      The Paris attacks wouldn't have happened wihtout fanatism, extremist religions, guns, cars, street, stupidity, breathing, reproduction, the big bang and maybe good wine.

  • [Citation Needed] (Score:5, Informative)

    by thomas.galvin ( 551471 ) <slashdot@thoma[ ... m ['s-g' in gap]> on Thursday February 18, 2016 @10:59AM (#51534817) Homepage

    Bullshit. The Paris attackers did not [theintercept.com] use [techdirt.com] encrypted communications [schneier.com].

    Was this an intelligence failure? Possibly. Was it an intelligence failure due to a lack of backdoors and/or laws against cryptography? Absolutely not.

    • Was it an intelligence failure due to a lack of backdoors and/or laws against cryptography? Absolutely not.

      Of course he is lying (BTW, that is the job description for spies). The spy agencies want to ban strong crypto because they like "reading everyone's mail" (and looking at everyone's naked pictures as has become apparent in numerous revelations) so they will say anything, make up anything to advance that agenda.

      With the advent of digital communications as the life-blood of modern society we must as a society accept that strong, no-backdoor cryptography is a necessity to protect everyone and society itself. I

  • by bigdady92 ( 635263 ) on Thursday February 18, 2016 @11:01AM (#51534829) Homepage
    because how else could the attackers have been in so many places at once. Magic? Jet Packs?!?!? Why it's the Car's that they drove to those locations that enabled them to murderate all those people. If we would just get rid of all cars in Paris this would never happen again.
    • by mellon ( 7048 )

      Ooh, that's a fantastic idea!

    • because how else could the attackers have been in so many places at once. Magic? Jet Packs?!?!? Why it's the Car's that they drove to those locations that enabled them to murderate all those people. If we would just get rid of all cars in Paris this would never happen again.

      You're right. Better add ubiquitous car tracking to the list as well.

  • by ibwolf ( 126465 ) on Thursday February 18, 2016 @11:03AM (#51534839)

    Even if that were true (and I'd argue it isn't), the attacks also wouldn't have happened without long distance communications. So lets just get rid of them as well in the name of security, up to and including postal mail.

    What? You say that long distance communications have an intrinsic utility that vastly dwarfs their occasional role in illegal behavior? You don't say.

  • by mveloso ( 325617 ) on Thursday February 18, 2016 @11:03AM (#51534847)

    Maybe if you had, you know, invested in more HUMINT the Paris attacks wouldn't have happened.

  • Hello Pinocchio (Score:5, Informative)

    by oh_my_080980980 ( 773867 ) on Thursday February 18, 2016 @11:05AM (#51534871)
    FTA: Rogers' claims about Paris contradict the information that came out of France following the attacks. There were claims by former US intelligence officials that encrypted communications had been used by the Islamic State affiliated terrorists in the immediate wake of the attacks. But those claims were largely dismissed by French authorities when they looked at the actual communications on devices recovered from the group. According to statements from French law enforcement, the attackers had used standard SMS messages to communicate—not encrypted messaging apps on smartphones. http://arstechnica.com/tech-po... [arstechnica.com]
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Thursday February 18, 2016 @11:05AM (#51534873)
    Comment removed based on user account deletion
  • This same argument was debunked right after the attacks. Repeating it again and again doesn't make it true. Here's a link to a post that lays out several of the totally incorrect conclusions that they've been pushing: http://www.washingtonsblog.com... [washingtonsblog.com]
    (It also includes debunking some points unrelated to encryption and mass surveillance that can be ignored in respect to this specific article.)

  • by Sowelu ( 713889 ) on Thursday February 18, 2016 @11:07AM (#51534889)

    Slashdot is usually more skeptical than this, especially considering this was already very thoroughly debunked. Are the new editors trying to make a political statement? I don't like where this is going.

    • It needs quotes, at the very least.

    • by Pseudonymous Powers ( 4097097 ) on Thursday February 18, 2016 @11:20AM (#51534991)
      For some reason, the editors took the "NSA Director Says" part off the front of the original headline. I'm not sure why they'd do that. Maybe they wanted to increase the percentage of people who would actually read the article, since many of us have learned to stop paying attention whenever we see the words "NSA Director says", because what comes after that is always complete nonsense.
      • by Sowelu ( 713889 )

        At least it drives more traffic to the comments when every single person disagrees (and wants to make sure the rest of the choir knows).

  • The hyperbole is strong with this one.

    Let's use crypto as the scape goat for all of today's ills, truth be damned.

    Classic FUD campaign... does anyone get taken by this anymore?

    • Unfortunately lots of folks get taken in when *an official* says something that implies risk and a simple answer.

  • They're going to combine this "finding" with Apple refusing to hack an iPhone to justify passing legislation against crypto.

    They're setting up criminal wind-up-toy patsies to make it sound justified so the rest of us get behind it.

    My hopes of a less globalist propaganda pushing Slashdot are gone.

    I've seen evidence of shadow-banning - or at least "shadow hiding" on this site too.

  • Headline (Score:5, Insightful)

    by wonkey_monkey ( 2592601 ) on Thursday February 18, 2016 @11:17AM (#51534961) Homepage

    Paris Attacks Would Not Have Happened Without Crypto

    That should really have been put in quotes to make it clear that this is what some guy is saying, and not anything remotely approaching a fact.

    And even if technically true, the implications behind the making of the statement should probably be taken with a pinch of salt.

  • by JavaBear ( 9872 ) on Thursday February 18, 2016 @11:19AM (#51534977)

    Crooks and terrorists won't care about a ban, and the "law abiding" people will be left entirely vulnerable to those crooks and criminals.

    I doubt anyone can tell if any given post is using a strong or weakened cipher, at least not without some deep analysis of the data, effectively ruling out internet traffic, meaning their only "effective" ban would be to ban anything not sent in clear text.
    I'm no psychic, but I can easily see how well that'll play out.

  • by Bruce Perens ( 3872 ) <bruce@perens.com> on Thursday February 18, 2016 @11:21AM (#51535001) Homepage Journal
    The encryption that criminals are using now is the kind that we can break. If we insist on putting back-doors in it, they will move to the one-time-pad, which we can't ever break if it is used properly. To explain why, have your friend make a coin flip and keep whether it's heads or tails secret from you. Now, write a computer program to tell you what the coin flip was :-)

    The one-time pad is 1000 times simpler than public-key encryption and trivial to put in an app.

  • They couldn't have fired those bullets without Zinc. Clearly the only answer is to gather up all of the Zinc and transmute it into a safer element.

  • Paris attacks would not have happened without roads, without phones, without the electricity. Lets ban them all just too be safe?
  • I couldn't see his nose grow at all.

  • Comment removed based on user account deletion
  • So they are admitting that they are so fucking stupid that they don't even bother to monitor ISIS's own public magazine [independent.co.uk] where the mastermind of the Paris attacks was basically terrorist of the month? I think Admiral Michael Rogers [guim.co.uk] is becoming a bit too much like General Buck Turgidson [earnthis.net]
  • by jean-guy69 ( 445459 ) on Thursday February 18, 2016 @11:31AM (#51535101)

    We must take their word
    It is a very well known fact that spies always tell the truth

  • The terrorists who attacked used GSM telephones and unencrypted SMS [arstechnica.com].

    May I be the first one ot call bullsh*t on that evil crypto shtick? Me an the rest of /. of course...

  • Online commerce, purchasing, banking, and the global economy couldn't have happened without crypto.
    Let's dispel the paranoid illusions of an overzealous cop and come to reality.
  • by c ( 8461 ) <beauregardcp@gmail.com> on Thursday February 18, 2016 @11:48AM (#51535257)

    The Paris attacks also wouldn't have happened with access to military grade firearms and explosives. Those are already quite restricted in most sane countries and it didn't seem to prevent anything.

    So stop telling people you want to crack down on encryption to defeat the terrorists. We both know that's bullshit and wouldn't work even if you could manage it.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...