Al-Qaeda Used Basic Codes, Calling Cards, Hotmail 285
jd writes "In startling revelations, convicted terrorist Ali Saleh Kahlah al-Marri admitted that Al Qaeda used public telephones, pre-paid calling cards, search engines and Hotmail. Al-Marri 'used a '10-code' to protect the [phone] numbers — subtracting the actual digits in the phone numbers from 10 to arrive at a coded number.' The real story behind all this is that the terrorists weren't using sophisticated methods to avoid detection or monitoring — which tells us just how crappy SIGINT really is right now. If the NSA needs to wiretap the whole of the US because they can't break into a Hotmail account, you know they've got problems. FindLaw has a copy of al-Marri's plea agreement (the tech-related information begins on page 12), and the LA Times has further details on his case."
Comment removed (Score:5, Informative)
Re:NSA infrastructure has expanded regardless (Score:3, Informative)
What NSA can do is analyze communication patterns to see if two suspects addresses the same site and possibly the same page and are making posts. If that's on twitter or on slashdot or whatever doesn't matter.
They may be able to prove some relation if that is a repeated pattern and that the posts seems to be containing out of context information.
Maybe NSA is scanning for all "off-topic" replies at slashdot to get their hands on information.
To actually decrypt data takes a lot more because it requires context to get to the key to decode the message. And even if the message is decoded it won't say anything unless you know the semantics. The Navajo code-talkers of WWII were really annoying for Japan since they not only had to know the Navajo language but also know the semantics for what they were talking about. What does "egg" mean in reality - is it a grenade or a bomb?
And short messages are the trickiest messages to crack. Is there a deeper meaning in "Elvis has left the building", or is that just a non-information message.
Just tag on a random quote to a message but avoid certain quotes that does have a meaning that you already have shared with your peers and it's all set. Funny stories have also evolved over time and sometimes it's an Irish lighthouse sometimes it's a Canadian lighthouse involved. Take your pick and you end up into the gray area of inconsistent and hard to track evidence.
So the most effective work is the classic stakeouts together with hidden microphones and possible also cameras. Hard classic detective work. What you really can do is to use computers to coordinate all the data today and make patterns. When a pattern changes a flag can be raised. And don't forget that the general public occasionally actually can give extra input, but there is often a lot of noise in that where weirdos also calls in their share.
Another thing is shopping patterns, but you can't track down on every farmer that purchases fertilizer. That would just be a huge waste of resources. And even the combination of fertilizer and timers in the same purchase may be completely valid, even though that may be cause for a tad more concern.
Just realize that the job of capturing terrorists isn't easy and the best way to be safe is to avoid things that motivates them. Sure - there will always be a few, but those are the real wackos - somewhat like the Una Bomber. And NSA wouldn't have been much help there.
Competitive Intelligence (Score:4, Informative)
As someone who is interested in some of the Analyst jobs at the CIA what are the civilian equivalents?
Competitive Intelligence. Go to some meetings of SCIP [scip.org] if you get the chance. It's not uncommon for ex-CIA/FBI/etc analysts to end up doing competitive intelligence because the skill sets overlap significantly. Having financial/accounting as well as research skills (think library research) and phone skills are basically pre-requisites.
Most large companies have some sort of competitive intelligence group though they call it various things. IBM, Ernst & Young, Price-Waterhouse, Microsoft, Deloitte, Anheuser-Busch, Boeing, and many more. It's essentially a job writing strategy memos and presentations for company big-wigs. Not a bad gig if you have the interest.
COMINT, not SIGINT (Score:3, Informative)
But then again, why confuse the author?
Re:Terrorists aren't stupid. (Score:5, Informative)
War is hell, the bathroom is that way.
Re:The best part about this story is (Score:4, Informative)
How about more current news reports [crypto.com] then?
Re:They did at one point... (Score:3, Informative)
Not sure where I heard it, but it was some retired spy that pointed out in an interview that still the most secure form of communication is two people meeting in person and talking. No records, no signals, no paper trail. Nothing to track.
No records? Videotape shot from a van across the street. No signals? Parabolic dish mike to pick up the conversation. Nothing to track? Tailing and "analog" surveillance (using the ol' human eyes, ears, and shoe leather) are as old as the hills.
Yes, it may well the most secure, though not totally so. But tracking people in the real world sans technology is hard grunt work. A lot of long days and long nights, a lot of peeing into empty Snapple bottles and Red Bull cans in your car. And when you're out in public along with the bad guys, you constantly run the risk of having your cover blown. If not by the ne'er-do-wells themselves, then by nosy cops, or even members of the general public to whom your tracking and stalking maneuvers make you look far more suspicious than the people you're following. No real glamour there, and far less attractive of a job description that sitting in an air-conditioned office monitoring and transcribing phone intercepts.
A funny, ironic thought.....when reliance by everyday people on electronic communication becomes ubiquitous (we're almost there) and surveillance of same becomes total (ditto), it may well be people that studiously and conspicuously avoid technology who will become the most suspect of all!
Re:Really? What Exacty Is Your Suggestion? (Score:4, Informative)
Not that I'm aware of it. I recall that Bush claimed we were but I don't remember Congress actually declaring war.