[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] The Guardian: Satellitentelefone, PGP und Terroristen
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
... nun sollen die Terroristen ihre e-Mails gar nicht verschlüsselt
haben, weil genau das zu auffällig gewesen wäre.
Spy networks failed to detect email and satellite conversations used to
plot the attack on the US - and now America wants to know what went
wrong, reports Duncan Campbell
http://www.guardian.co.uk/Print/0,3858,4264719,00.html
Duncan Campbell
Thursday September 27, 2001
The Guardian
As US forces converge on Afghanistan, Osama bin Laden's satellite phone
has not been cut off. But calls to the terrorist leader's laptop-size
satphone - relayed via an
Inmarsat satellite 40,000 km over the Indian Ocean - are going
unanswered.
His number - 00873 682505331 - was disclosed earlier this year in the
New York trial of his associates for bombing the US embassy in Kenya.
Callers now hear a
message stating he is "not logged on or not in the dialled ocean
region".
His satphone was used frequently during the 90s. Bin Laden was heard
advising Taliban leaders to promote heroin exports to the west. National
Security Agency (NSA)
officials even played recordings of him talking to his mother to
security-cleared visitors to their headquarters, as a trophy of their
prowess. After failing to warn of the attack,
the agency has fallen silent.
According to US intelligence, the satellite phone has not been switched
on all year. Experts do not believe he was unaware of the US
eavesdropping, which is simple to do.
Even amateurs can tap Inmarsat using an antenna made of DIY parts and a
scanner bought for £150 in the high street. Bin Laden may, however, have
been unaware that
NSA "sigint" satellites, listening from space, could pinpoint his
location. The satellites are controlled from ground stations near
Denver, Munich, and at Menwith Hill in
Yorkshire. But they could only locate him when he was logged on.
Using this method, US intelligence believed in 1998 that they had found
him. In August 1998, President Clinton authorised a cruise missile
attack on a training camp at
Khost, Afghanistan. By the time the missiles landed, Bin Laden had gone.
Having failed to forestall the worst attack of all, many Americans have
taken to blaming new technology.
Congress will shortly debate a new Anti-Terrorism Act of 2001, which
will further loosen controls on electronic surveillance. The NSA already
operates a global
communications surveillance system in conjunction with Britain's GCHQ.
One of the proposed provisions would allow GCHQ to conduct random
surveillance of American
citizens' communications and send them on. This would breach the US bill
of rights. (Non US citizens have no protection.)
The potential use by terrorists of the net and encryption have for years
been a major target of intelligence agencies and politicians. They have
demanded curbs on privacy
and the banning of encryption. Throughout the 90s, the IT community was
continually focused on whether or not security software that used
encryption should also use
"escrow". Escrow requires keys allowing private messages to be decoded
to be given to the government.
In December 1999, the US government abandoned controls on the use of
"strong encryption". It was also forced, on commercial grounds, to
follow European countries and
abandon the demand that encryption be illegal unless escrowed.
In the US and in Britain, some advocates of escrow had seemed almost
eager to see a major terrorist disaster using internet encryption, to
prove them right. Privacy
campaigners countered that banning strong encryption would never prevent
terrorism but would damage e-commerce.
Within hours of the carnage in America, these arguments were back in the
headlines. A day after the attack, it was asserted that the net and
encryption was undoubtedly
to blame, and must have been used to coordinate the attacks.
Seven months earlier, a widely quoted newspaper report had claimed that
bin Laden's followers were operating a communications network based on
encrypted messages
concealed inside pornographic pictures. This technique, steganography,
hides a coded message inside a picture or music file by making numerous
small changes to data.
The changes are invisible to ordinary viewers or listeners, but can be
read by special software.
The February report luridly alleged that his group had relayed the
"encrypted blueprints of the next terrorist attack against the United
States", including maps of targets,
inside "X-rated pictures on several pornographic web sites" (see
www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm) .
This month's attacks have provided the first, tragic, test of who was
right about the net, encryption and terrorism. The answers, so far as
they are known, were given last
Tuesday by the FBI at a Washington briefing. FBI assistant director Ron
Dick, head of the US National Infrastructure Protection Centre, told
reporters that the hijackers had
used the net, and "used it well".
FBI investigators had been able to locate hundreds of email
communications, sent 30 to 45 days before the attack. Records had been
obtained from internet service
providers and from public libraries. The messages, in both English and
Arabic, were sent within the US and internationally. They had been sent
from personal computers or
from public sites such as libraries. They used a variety of ISPs,
including accounts on Hotmail.
According to the FBI, the conspirators had not used encryption or
concealment methods. Once found, the emails could be openly read.
The allegation that plans have been hidden inside internet porn has, so
far, proven unsupported. A few days before the attack, a team from the
University of Michigan
reported they had searched for images that might contain terror plans,
using a network of computers to look for the "signature" of
steganography. According to researchers
at the Centre for Information Technology Integration, they "analysed two
million images_ but have not been able to find a single hidden message"
(see
www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf).
The FBI said this week they had nothing further to add. US and British
communications intelligence agencies are also examining past internet
intercepts. Information will
be incorporated into a secret report to the US Congress, but will not be
made publicly available. One US senator has claimed that soon after the
attack, NSA received a
call from a US cell phone to a "suspected bin Laden operative in Europe"
announcing: "We hit the targets."
Despite the forthright position taken by the FBI, some US newspapers
have continued to report technological myths in circulation before the
attack. Last Friday, the
Washington Post claimed the inventor of the widely used PGP (Pretty Good
Privacy) encryption system, Phil Zimmermann, had been "crying every
day... overwhelmed with
feelings of guilt". Although the FBI had already said they had found no
evidence of these terrorists using encryption, Post readers were told
that Zimmermann "has trouble
dealing with the reality that his software was likely used for evil".
(see www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html)
In a public statement this week, Zimmermann accused the Post of serious
misrepresentation in publishing things he never said. "Read my lips," he
said, "I have no regrets
about developing PGP." His grief had been for the victims, not for
culpability about his invention.
The Washington Post and other US newspapers have also reported that bin
Laden has access to satellites more powerful than the NSA's, and uses a
communications
company controlled by a relative to overcome US monitoring. Neither the
satellites nor the company exist.
Dr Brian Gladman, formerly responsible for electronic security at the
Ministry of Defence and Nato, believes that the reason that the
terrorists didn't use encrypted email is
that it would have "stood out like a sore thumb" to NSA's surveillance
network, enabling them to focus on who they were. There is also evidence
that, when communicating,
the terrorists used simple open codes to conceal who and what they were
talking about. This low-tech method works. Unless given leads about who
to watch, even the vast
Echelon network run by NSA and GCHQ cannot separate such messages from
innocuous traffic.
NSA's problem, says Gladman, is that "the volume of communications is
killing them. They just can't keep up. It's not about encryption."
NSA has been attempting to keep up with the internet by building huge
online storage systems to hold and sift email. The first such system,
designed in 1996 and
delivered last year, is known as Sombrero VI. It holds a petabyte of
information. A petabyte is a million gigabytes, and is roughly
equivalent to eight times the information in
the Library of Congress. NSA is now implementing a Petaplex system, at
least 20 times larger. It is designed to hold internet records for up to
90 days.
Dr Gladman and other experts believe that, unless primed by intelligence
from traditional agents, these massive spy libraries are doomed to fail.
The problem with NSA's
purely technological approach is that it cannot know what it is looking
for. While computers can search for patterns, the problem of correlating
different pieces of information
rises exponentially as ever more communications are intercepted. In
short, NSA's mighty technology apparatus can easily be rendered blind,
as happened here, if it has
nothing to start from.
The new legal plans may therefore do more harm than good. According to
Cambridge computer security specialist Dr Ian Miller, bringing back
escrow "will damage our
security in other ways, and divert an enormous amount of effort that
would far better be spent elsewhere. It won't inconvenience competent
terrorists in the least."
PGP inventor Phil Zimmermann thinks the penalty of politicians
misunderstanding technology will be even more costly. "If we install
blanket surveillance systems, it will
mean the terrorists have won. The terrorists will have cost us our
freedom."
? Duncan Campbell is a freelance investigative journalist.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.