Schneier on Security
A blog covering security and security technology.
« Basketball Referees and Single Points of Failure |
| Cows Get Photo IDs in India »
September 6, 2007
Terrorist Plot Foiled in Germany
Score one for the good guys.
EDITED TO ADD (9/7): The more I read about this, the more obvious it is that intelligence and investigation is what caught these guys, and not any wholesale eavesdropping or data mining programs.
EDITED TO ADD (9/18): This article is a detailed writeup of the actual investigation. While it seems that intercepted emails were instrumental at several points during the investigation, the article doesn't explain whether the intercepts were the result of some of the wholesale eavesdropping programs or specifically obtained for this case.
Posted on September 6, 2007 at 11:57 AM
• 46 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
*watches crickets chirp in the comments section*
Bet you'd see a bit more agreement if they didn't play so fast and loose with that whole definition of "good" these days.
Not that I want to see Americans (or anyone) successfully targeted by terrorists, but personally, I'd attribute that "score one for the good guys" line more to this:
I hope you're right. But most of the similar arrests have been puffed up - the JFK plot for example - so I'm withholding judgment of the seriousness of the matter.
My first thought when I saw the headlines: "What new idiotic 'security' measure is the TSA going to institute now?"
I eagerly await your "what stopped these guys was old-fashioned police work" post.
Interestingly enough, they were arrested without the use of law enforcement hacking (using trojans) nor was it necessary to use IP databases. (which will be in effect January 1st 2008 and are highly disputed, of course)
Still, some right wing politicians see this as proof that law enforcement trojans are necessary. Confused? So am I.
Guy from Germany
It may be tragic, but I (being a German) have lost all faith in the German authorities. I don't (yet) believe the story about the foiled attacks. That all this is a cock-up so that the German interior minister Wolfgang Schäuble can finally get ahead with his on-line snooping plans is it least as likely (for me).
We have again the situation where the suspects were arrested well before they posed any actual danger.
The suspects reportedly had 1,500 lbs. of hydrogen peroxide, so they were clearly intending to build explosives. They were under surveillance so close that the police were able to swap vats of lesser concentration to reduce the risk.
So, do we convict them of intending harm? We are again in this position of criminalizing intent in the name of security. We are not very far from Orwell's thoughtcrime.
The legal situation is so weak that the German authorities have held off arresting some suspects, even though they know who and where they are. They might wind up arresting some people and then releasing them, unable to bring actual charges. This happened in the UK 'liquid bombing' case.
Can someone tell me why they can't wait until actual explosives are produced? Then at least we would know that real risk exists. There would be more evidence than just carrying hydrogen peroxide in a van. This would reduce the chance that misguided but harmless people will be arrested without real cause.
Is it also lost on anyone that Sept 5th is the anniversary of the Deutscher Herbst? Timing seems to be everything these days.
@ Trichinosis USA
I do not think that this is in any way connected. "Deutscher Herbst" was left wing terrorism.
The connection to 9/11 is much more obvious. Especially because the prime targets were US military bases on German territory.
@Jim "I eagerly await your "what stopped these guys was old-fashioned police work" post."
Not from Bruce but hey ho...
"They came on to the intelligence radar when they were seen scouring a military base in Hanau, near Frankfurt, on New Year’s Eve.".
Another one for Bruce's "Hinky Theory"
Hydrogen peroxide is mildly dangerous stuff; storing hundreds of kilos in a residential area can turn an incident (home file) in a disaster. Anyone who suggests that making (and storing) kilos of explosives in a residential area is sane should consider the risks and damage of a premature explosion.
I don't care for the terrorists that blow up themselves; but the arrest team and the neighbours run significant risks too. So it's sane to arrest the guys before they have significant amounts of explosives.
Maybe a little detail missing: law enforcement secrectly exchanged the 35% H2O2 for 3%.
THAT was a smart move (elegant hack, actually) on the basis that the terrorist didn't have the capability/knowledge to measure the concentration. (easy, but still....)
Swapped out their explosives? Why, that would mean law enforcement searched their houses without TELLING THEM!
My thoughts are that those who remember the Deutscher Herbst and who are extreme right wing sympathizers are the people who are having their memories jogged by this, and that it is intentional.
It's not about who did it - it's about who they did it TO. The guy the RAF murdered was a very early member of the Nazi SS and later went on to become a major player in German industry.
If Prescott's grandson was shopping around for more extremist right-wing friends, who do you think he'd court and where would he look first? This plays right into that. For that matter, so does the stuff in Denmark - which aside from Germany is the country that had the biggest representation in the SS.
Yes, that is what happened. But it was a rented garage.
Although that was quite a good move in terms of intelligence gathering I am highly disturbed that police forces are using secret service tactics.
This is - actually - forbidden by our constitution (sure enough: because of Nazi Germany).
I am curious what lawyers in a trial will say to this.
Thanks. Excellent point, missed that.
I was struck by the fact that the guys in the masks were the "good guys". They look like terrorists to me. It's a touch that even the SS never got to.
That's what they usually do, protecting special forces members from being exposed/identities leaked.
I thought that was pretty common?
Well, its good that these guys got busted.
But: Police says they got three out of thirteen. Not a good record.
Why haven't they waited until these guys got really into action, they were very closely observated?
And why is the timing so good for the right wing politicians in germany, who want to have trojan horses operated by the police and other measures against freedom? I don't believe that this happened by chance...
Why didn't they wait?
apparently they got stopped by chance by the highway police, because they driving with the whatever-you-call-it more intensive headlight for no reason.
The day after that they got nervous and decided to escape.
@ Anonymus (01.21 pm): waiting till they actually have made the explosives?
Have you any idea what you are talking about? Are you prepared to take the risks involved with the actual arrest then? I understand your concerns but acquiring 1500 lbs. of hydrogen peroxide is far, far beyond a Orwellian 'thought crime'.
Semi-OT: Bruce, you need to blog about yesterday's resolution by the European Parliament calling for a review and possible abolishment of the liquid ban on flights which was introduced last year.
'In the resolution, MEPs express their concern that the costs engendered by the regulation may not be proportionate to the added value achieved by additional security provisions.
With regard to the liquids regulation, MEPs argue that it causes increased costs to airports and operators as well as to passengers resulting from the confiscation of private property. MEPs also recognise the "substantial inconvenience and disruption" caused to passengers, especially transit passengers.'
@ Anonymus (01.21 pm): waiting till they actually have made the explosives?
ok. then YOU make the arrest of the man holding the detonator.
we'll watch from a distance. it makes good youtube video.
you freakin people are idiots.
This is a very peculiar case indeed.
According to an article in the FAZ (one of Germany's more "serious" newspapers), I understand that this house was searched in April, and nothing was found. At that point, the whole thing became pretty much public - a newspaper article came out detailing the group's alleged membership and nature, details of the investigation against them, including the fact the house had been searched. Only _after_ that article was published, did these people start filling this house with explosives.
The FAZ only asks "are these people that stupid?" It doesn't ask the question that came to my mind - "does the security aparatus think we're that stupid?"
What kind of terrorist group puts 1500 kg of explosives into a house that they know the cops are onto? Conspiracy angle: a non-existent one. The cops searched the house and established (from their reading matter etc.) that these guys had extreme islamist views, and that they were none too bright. So, they were set up to be patsies - the cops get to catch terrorists a few months later, and there's none of the risks of dealing with real dangerous types...
@ German - "law enforcement secrectly exchanged the 35% H2O2 for 3%... on the basis that the terrorist didn't have the capability/knowledge to measure the concentration..."
If you've ever worked with 35% H2O2 you'll know that it's quite easy to differentiate between 3% and 35%. Get a drop on your skin and you'll know quickly which it is. If you want to avoid an arm full of burn marks, better to put a drop on a piece of dyed cloth. But, point taken - these guys didn't suspect enough for it to occur to them to test.
You are wrong (as well as the newspaper).
There's a widely known in former USSR proverb: a crater left by bomb explosion is the safest place, when you are bombed, because two bombs never fall to one point. Probably, it's poor translation, but I hope you got the idea.
In fact, it is quite common to think that if you were searched and nothing illegal were found than you are "cleared".
Arrest the guy holding a detonator of a bomb made with 3% H2O2 as an oxidizer? Maybe not such a big deal.
Assuming the facts are exactly as presented in the news (sure...), then they let dozens of potential terrorists go to arrest three men with no bomb and no target, and who were so inept that they could not tell the difference between a 3% and 35% solution of hydrogen peroxide.
More likely, the arrests are simply politically convenient at this time and the charges will ultimately be dropped. We've seen it happen again and again in the United States, Britain, and even here in Canada. I wish more people would actually pay attention.
Oops, when I said "dozens of potential terrorists", I was referring to a line in the Washington Post article and had not seen the BBC article, which says Germany is after 10 suspects.
Let's just pretend I said "10 potential terrorists".
So you're saying these terrorists figured the house was safe because the police had already searched it once?
Are you kidding me?
These mastermind terrorists would probably stumble into a tar pit on the way to the airport with their bomb.
Stop taking this bullshit so seriously. Refuse to be terrorized, and maybe our governments will stop terrorizing any brown person who happens to take a flight to Pakistan.
Well - this plot doesn't smell like fake to me.
Not every terrorist is brilliant, and the plans of Dr. Schäuble for releasing a government - Trojan Horse aren't well supported by that incident, nor does it fit well into a time plan.
Rumors on the Trojan Horse are heard since more than a year, and there is no reason to have such a plot now, last week, next week or this month, next month, previous month.
The news said, they exchanged information by sharing a mail account, and repeatedly updating an email-draft.
No TH needed.
Contrariwise, classical laws and techniques have proven to be sufficient.
Sufficient in this case.
Not-so-clever-terrorists in Germany look like a pattern, but of course that's nothing we can rely on.
Associations to "5. Sept." , 1972: Olympic Games, Munich; 1973: Paris; 1977: kidnapping of H.M. Schleyer - don't fit at all, because the date wasn't choosen by the terrorists.
They don't see themselves in a palestinian tradition anyway, which could be a slender association, but the german left wing RAF was an atheistic group by all means.
After reading the FAZ text, dragonfrog linked to, I'm not that sure anymore about fake-event or not.
The timing issue still stands, but the now the suspicious look too stupid.
A smell of agent-provocateur is coming up.
But since strategies and opinions shouldn't depend on unique events, it won't change my mind either.
Good for the Germans. Lock the islamic (yes, I don't capitalize islamic) fascists up and deny them their 70 virgins.
The "terrorists" were only useful idiots. You should listen to our politicians (the usual suspects: Dr Strangelove Schäuble, Concentration-camps-now-called-Commune-for-"Gefährder" Beckstein, etc...). They are running amok over this.
the pattern with people who are prepared to die for a "cause", is that they are usually not that smart.
Lets face it. Pulling off a few good attacks would not be that hard, if getting arrested or killed is not a down side. Yet we have almost none. Why? Because the only people who what to do this sort of thing are dumb or stupid. And even then most don't want to die or get caught for the cause.
I'll say it: good police work. These guys were under surveillance for months. No clown-car close-off-the-neighborhood panic over chalk lines or blinky lights.
And, anonymous ... I don't think your not capitalizing Islamic is going to impress anyone. It's right up there with renaming french fries.
Alleged terrorist plot.
Innocent until proven guilty. Do you Yanks remember that quaint concept?
@Anonymous of September 6, 2007 01:21 PM:
> We are again in this position of criminalizing intent in the name of security. We are not very far from Orwell's thoughtcrime.
Nonsense. Intent alone is not a crime, but intent plus a definite action to carry forward the plan constitutes the crime of conspiracy to commit an offence in many jurisdictions (many, in fact, have even weaker requirements.) This is not some new development, the history of the law of conspiracy dates back to at least the seventeenth century.
If you are conspiring to manufacture a bomb from hydrogen peroxide, then purchasing large amounts of hydrogen peroxide is the absolute textbook definition of a definite act to carry forward the conspiracy.
> Can someone tell me why they can't wait until actual explosives are produced?
Because their first duty was to protect the public. To any normal person maximising the chances of a successful prosecution would be a very minor secondary consideration.
Well, the downside of course being that even though this was a success of existing security measures, it's being used as fear-fuel to push through heavier security laws (like invasive online computer searches).
@Roger: So will you grant us your explanation of how you will prove someone's conspirational/whatever intention? Because I don't think that purchasing large amounts of anything is a proof to whatever someone may intend or not.
@Stefan Wagner: you are right. there is no possibility to link this event to the Trojan-Horse-thing (or Online-House-Search as media calls it). But still they try - and it won't be the first success for them on that field. And have a look on what's up today on the political calendar: reunion of the ministers on interiors of the german federal states. Who now discuss about whether to install such measures or not - coincedence? I am not too sure about that ...
I haven't read every account of this yet, however one thought keeps coming up to me:
If the police DID "switch" the H2O2 with 3% rather than 35%, how far away are they from "planting" it.
I suppose a decent set of records and storing the "real" stuff somewhere could show they really did a 1 to 1 swap etc, but this really begs the question around how a small, closed group of people could stack the deck against these guys further than was actually happening.
I'm not saying that was what happened, but how could anyone know it DIDN'T?
Perhaps it's easy to tell the difference between concentrated and diluted H2O2, but the folks who had it had no reason to re-test it just to make sure it hadn't spontaneously diluted itself. That would be OCD behavior: every morning go out to the shed and re-test the chemical properties of your explosive ingredients, just in case. A more appropriate measure would be to set up covert surveillance equipment on your own premises, which even dopey Hollywood action movie writers know: the good guys always have to disable the bad guys' security system before the big raid. ("Um, we keep buying detonators, and they keep disappearing from the storeroom... what's up with that?")
Conspiracy to commit murder is a real crime. Calling it thoughtcrime is silly; there's a huge difference between unprovable allegations of thinking of maybe doing something, and hard evidence of taking steps to commit a crime. Putting together an organization with documents and emails and indoctrination sessions and bomb materials is way different than daydreaming about maybe being a bad guy someday.
Also, being arrested isn't the same as being convicted. Cops realize this and aren't stupid enough to arrest people if they don't think there's enough evidence to convict them of a crime. Yes, there is quite a bit of erosion lately of the amount of evidence required to convict someone of planning a terrorist attack, and the indefinite detainment of suspects without a trial (i.e. Gitmo) is deplorable, that but the fact remains that some dork spewing hateful chatter on a web site is different from a team of people assembling materials, and a jury or judge would be able to tell the difference. We just need to continue to fight the efforts of those who want to do away with due process.
The "good old police work" that Bruce refers to is what makes up the difference between "disappearing" everybody who seems suspicious (very scary to law abiding individuals), and convicting suspects who could be proven beyond a reasonable doubt to have been conspiring to commit a crime. In other words, collecting evidence and building a case. It's hard work, but that's the condition of the authority (and tax revenue) we give our government, and the respect and admiration due to law enforcement officials. They have to follow the rules, or they become a threat to freedom themselves.
Anonymous, actually, proof of intent is what makes it necessarily actionable by the authorities as acquiring the necessary physical materials moves it beyond the realm of thought crime in showing clear intent. After all, you don't waste money on large quantities of materials you normally have no use for when you are only hypothesising or simply ranting and raving with like minded people about any perceived 'wrongs' done to what you see as your ingroup.
Probably it's a bit late to answer, but anyway...
>So you're saying these terrorists figured
>the house was safe because the police
>had already searched it once?
You're trying to twist my words. I never wrote that an appartment is safe after it searched, I (quite clear) wrote about ways of thinking.
Next time, please, discuss actual words, not meanings you're trying to invent.
Please not, this whole storry sounds too much like media hype, pushed up to spread fear in the population to get the new Federal Trojan - not Shure how to translate Bundestrojaner -
The way I read it, the FAZ article does not claim the exact same house had been searched earlier, they only say they searched Fritz G.'s "home".
On September 7 2007, LA Times says:
COMMUNICATIONS INTERCEPT LED TO BOMB PLOT ARRESTS
Los Angeles Times
STUTTGART, GERMANY - A U.S. intelligence intercept of suspicious communications between Pakistan and Stuttgart last year was the initial break that ultimately led to the arrest this week of three suspected Muslim militants accused of plotting massive car-bomb attacks here against Americans, U.S. and German officials said Thursday.
The communications detected referred to apparent terrorist activity and were specific and alarming, said the German and U.S. officials, who asked to remain anonymous because they were not authorized to discuss the case publicly.
American authorities passed on the lead to German police, who conducted a painstaking investigation that led to the arrests of the three suspects, two of them German converts to Islam.
After receiving the initial lead, police in Stuttgart suspected that militants here were communicating with Pakistan from an Internet cafe, a frequent strategy to avoid detection, but they did not know which one. So they deployed surveillance teams at several dozen Internet cafes in the city, officials said.
On 9 September 2007, Bruce Schneier says:
> EDITED TO ADD (9/7): The more I read about this, the more obvious it is that
> intelligence and investigation is what cought these guys, and not any wholesale
> eavesdropping or data mining programs.
So the only details regarding how this plot was discovered indicate this was due to wholesale electronic eavesdropping. This is stated by sources on both sides of the pond, they describe the standard operation of the US wholesale surveillence program, and the details about how this investigation progressed support this statement.
And apparently even in these circumstances, wholesale surveillence won't be credited with anything.
So clearly your assessments of terrorism and surveillance are biased towards supporting your existing conclusions on the subject.
And again, Bruce Schneier writes this:
> EDITED TO ADD (9/18): ... The article doesn't explain whether the intercepts
> were the result of some of the wholesale eavesdropping programs or
> specifically obtained for this case.
When describing an article that says this:
> Operation Alberich began last October, when the US National Security Agency,
> the NSA, began intercepting suspicious emails between Germany and Pakistan.
So the NSA intercepted emails between 2 foreign nations, where suspect terms were used and German police started investigating this intelligence before they knew the identities of the senders, and this occurred before the other incidents mentioned in this Der Spiegel article.
And you tell us you don't know if that describes the NSA's wholesale surveillance?
Are you a different Bruce Schneier from the one who's mentioned he has read Body Of Secrets a couple of hundred times here?
Because otherwise it would appear you are being intentionally misleading, presumably to avoid having to revise your invariable assessments when it comes to the usefulness of wholesale surveillance in identifying terrorist plots.
I don't find it plausible that you know what you do about the NSA and frequently write about "NSA wholesale surveillance programs" here, but you supposedly cannot tell whether this is what is being described here.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..