Schneier on Security
A blog covering security and security technology.
« The Global Illicit Economy |
| Demonstration of a Liquid Explosive »
September 9, 2009
NSA Intercepts Used to Convict Liquid Bombers
Three of the UK liquid bombers were convicted Monday. NSA-intercepted e-mail was introduced as evidence in the trial:
The e-mails, several of which have been reprinted by the BBC and other publications, contained coded messages, according to prosecutors. They were intercepted by the NSA in 2006 but were not included in evidence introduced in a first trial against the three last year.
That trial resulted in the men being convicted of conspiracy to commit murder; but a jury was not convinced that they had planned to use soft drink bottles filled with liquid explosives to blow up seven trans-Atlantic planes — the charge for which they were convicted this week in a second trial.
According to Channel 4, the NSA had previously shown the e-mails to their British counterparts, but refused to let prosecutors use the evidence in the first trial, because the agency didn’t want to tip off an alleged accomplice in Pakistan named Rashid Rauf that his e-mail was being monitored. U.S. intelligence agents said Rauf was al Qaeda’s director of European operations at the time and that the bomb plot was being directed by Rauf and others in Pakistan.
The NSA later changed its mind and allowed the evidence to be introduced in the second trial, which was crucial to getting the jury conviction. Channel 4 suggests the NSA’s change of mind occurred after Rauf, a Briton born of Pakistani parents, was reportedly killed last year by a U.S. drone missile that struck a house where he was staying in northern Pakistan.
Although British prosecutors were eager to use the e-mails in their second trial against the three plotters, British courts prohibit the use of evidence obtained through interception. So last January, a U.S. court issued warrants directly to Yahoo to hand over the same correspondence.
It’s unclear if the NSA intercepted the messages as they passed through internet nodes based in the U.S. or intercepted them overseas.
EDITED TO ADD (9/9): Just to be sure, this has nothing to do with any illegal warrantless wiretapping the NSA has done over the years; the wiretap used to intercept these e-mails was obtained with a FISA warrant.
Posted on September 9, 2009 at 10:10 AM
• 29 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
isn't that the fruit from the poison tree principal?
While I won't pass judgment on this particular case, isn't the idea of email messages being "code" a little dangerous? I mean anything could be interpreted as code if you're imaginative enough.
I'm not entirely sure about that. From what I can see in the article, the actual intercepted emails were not introduced into the case. But they did provide sufficient information for a specific warrant to be issued to Yahoo who then provided the emails to the court.
Yes, a rather fine distinction. Somewhat like illegal evidence may not be used in court, but said evidence may point the police in directions where to collect legal evidence.
And that raises some rather ugly issues. Yes, we can some protection against illegal searches. But when the illegal search is not introduced to the court, but is use to aim a legal search in a productive direction, do we still really have any protection against illegal searches?
This is highly scary. First, the emails are confusing at best. Maybe there's some context for the "translation" provided by the prosecution, but if this is the key evidence that's frightening. You could make those emails mean anything if you just change the words around.
Second, isn't it contrary to the notion of warrants when a government agency intercepts data and then goes back to request a warrant AFTER they know what they want is there?
For people that missed it the first time around, the register did a piece a while back on what would need to be done to take down an airplane with a binary bomb.
These guys were either complete fools doomed for failure, or they never had any intention of taking the plane down.
I would also like to know what the guy trying to light his shoe on fire was trying to prove, and why a majority of TSA security procedures are based on preventing failed attempts at bad ideas.
The UK authorities needed a conviction and they finally got it (albeit still not to their full satisfaction as a third retrial is still discussed).
Quite frankly there isn't much in this case but in this day and age it doesn't make much of a difference... at least these guys got a trial. As for the very disturbing use of NSA intercept it should provoke some serious reactions if it was not for Muslims suspected of terrorism. I muss say that I am really appealed by what's happening in the UK nowadays.
The difference between "legal" and "illegal"
Remember foreign to foreign was never illegal. And if they obtained FISA warrants, that's also not illegal (because they are suspected, and not just innocent Americans).
Also remember, foreign to foreign through the US is still legal to tap. I don't believe this applies to Bush's lawbreaking.
So ... what?
I am curious as to the exact mechanism of the "email interception".
Because it was Yahoo, we can infer it was webmail; and the quote seems to imply that it was Rauf's end that was "being monitored". So here are the scenarios - points of interception - as I see them:
1) Rauf used a single or a handful of machines, and these machines were compromised directly, so not just email, but all interaction was being intercepted.
2) Rauf's used a single or a handful internet connections, and this was monitored at the ISP level from Pakistan.
3) All web traffic from one or more ISPs in Pakistan connecting to Yahoo.com was being intercepted, and filtered down to monitor Rauf in particular.
4) All web traffic connecting to Yahoo.com - wherever the corresponding geolocated DNS looked-up server is - was being intercepted, and filtered down to monitor Rauf.
5) Yahoo is directly in bed with the government and provides all email communications for a given email address directly to them, without informing users. (Or possibly all email communications, period, and the government filters.)
6) Yahoo is compromised by the government, and unwittingly leaks all communications the government desires.
Of all these scenarios, I believe (5) is the most convenient for a US-based government entity. It's moderately disturbing, but not much more so than phone taps, and possibly less scary than any of the other alternatives.
This is the risk of allowing persons without investigative experience comment on cases like these. Apparently there were dozens of people working on this case. If you intercept an email that describes 10 bottles of 400ml aftershave, investigators see these guys buying 10 bottles of peroxide in 400ml bottles, what would any reasonable person assume? That's gumshoe 101. There were lots of boots on the ground learning this operation. They just didn't read the email and make a non-educated assumption. Its just sad they were not able to pull it together in time to prevent the bombing. It was likely the later correlation of events and email evidence into their big picture that led to the conclusion on the meaning of the code words.
The use of national methods for initial intel and then collateral methods for the overt actions is hardly new in the US. This particular method did touch directly onto persons, though, not military hardware.
I suspect that the conviction is one where "just is seen to be done" rather than actualy done.
With regards the "code" just remember that a court of law has little conection with the technical realities of life, it's all about "presentation" "presentation" "presentation".
The simple fact is whatever these people may or may not be guilty of they would not of had a fair trial the first time let alone the second.
Also recent events in Scotland would not have helped either.
There are a very large number of jobs resting on "guilty" verdicts for terrorism, so don't be overly surprised that anything and everything would be thrown into the trial.
The real question to arise will be how are they going to stop the inevitable appeals, leaking out information.
I'm very scared of terrorists using Yahoo! mail for their terrorist attack planning activities. This level of technological skill shows just how far they could go.
It also demonstrate ample resources.
They must even have had a computational device of some sort with which to performs millions of calculations per second. Enough to perform the work of a few hundred skilled mathematicians and engineers. Several libraries of congress on their lap. Long range communication with like-minded people as well as comely ladies from the same village, and access to very cheap performance enhancing drugs(*) to please them.
Just imagine if Hitler had had those resources. Imagine, people.
(*) Let's see if that gets through the spam filter ...
"The e-mails, several of which have been reprinted by the BBC and other publications, contained coded messages, according to prosecutors."
This is a lot like listening to records played backwards. The first time, all you hear are a bunch of meaningless slurs, clicks, and pops. Then, someone tells you what is "supposedly" being said. Now, listening the second time, all of a sudden, those slurs, clicks, and pops, start to sound like words. And the more times you listen to it, the more you become convinced that those slurs, clicks, and pops actually sound like the words which were suggested.
The problem is, in the end, it is just meaningless slurs, clicks, and pops, and if someone had originally suggested that they sounded like some other set of words, after listening a few times, one would think that it was saying something completely different.
Huh, the power of suggestion. Go figure.
> Its just sad they were not able to pull it
> together in time to prevent the bombing.
? I think you are confused. There wasn't enough left of the 2005 bombers to take them to court. These are different bombers, who were arrested before managing to do any real damage.
"...British prosecutors were eager to use the e-mails in their *second trial* against the three plotters..."
Britain's "double jeopardy" law was changed in 2005 to allow cleared suspects to face the same charge again if compelling new evidence emerges.
"This is a lot like listening to records played backwards."
Yup just like America's premier cryptographa spent a lot of his time (supposadly) proving that William Shakespear and Francis Bacon where the same person.
Oh and did you know the Bible code in the King James 1 edition also shows the name of every rabi in the world, oh and acuratly predicted the deaths of Diane and Dodi in Paris...
To be blunt with enough entropy you can show anything you want, in a convincing manner, you just have to find it yourself first.
And this is the point when you have the worlds (supposadly) top two computer owning agencies against you then you'ld be lucky if they needed just "six lines to convict you".
Barry Kelly: Option 2 - Pakistan's ISPs are largely connected through satellite links (no DSL at all in rural areas, of course, and leased lines would be very expensive and/or unreliable), which of course are rather easy to intercept with other satellites. (Particularly since at least one of them downlinks through a company based in Washington DC of all places!)
"Britain's "double jeopardy" law was changed in 2005 to allow cleared suspects to face the same charge again if compelling new evidence emerges."
But new evidence did not emerge it was known at the first trial but the prosecution chose to withold it...
The problem with the 'double jeopardy law' is that the prosecution can now use it for what is effectivly illegal discovery.
If they deliberatly with hold key evidence on "National Security" grounds and the trial fails they have time to go through the defence to find weaknesses etc. Any points the defense raised that counted against the prosecution because the prosecution did not prepare correctly can be negated at the subsiquent trial.
Essentialy what the lack of double jepody does is force the defence to show their hand in it's entirity whilst the Prosecution can pick and chose what they decide to show and if they fail they just call it "new evidence" the next time around.
I think you will find that if the defence behaved that way they would not be allowed a re-trial. At best they'd get an Appeal that would in all probability "fail" because they did not submit it as evidence in the first trial.
But that's all right it's still "a fair trial" as long as you are convicted...
Just look up GCHQ (Government Communication HeadQuarters) which supposedly spies on everything they can in the UK (phone calls, emails etc). Also supposedly, they pass the information they receive OUT of the country to get around so called warentless wiretapping. To somewhere like the US who CAN spy on UK citizens. Any information can then be passed back as then no UK citizen was spying on another (kinda).
Also there is a similar thing called Echelon which may do a very similar thing.
Of course they are unlikely to confirm any of this, but it would explain how this type of thing seems to occur.
I won't pretend to know UK law, but in the US would that be considered "Fruit of the poisonous tree" and therefore be inadmissible?
I am surprised that these high level terrorists would be discussing attacks using simple word substitutions. Why not just good old PGP and be done with it? Why leave your messages to be so easily intercepted by a free web-based email service? This does not make sense in relation to their supposed technical alacrity.
The first time I saw someone use brackets to say something like these prosecutors should be admitted to a mental asylum to isolate an emotional comment, I was perplexed. Now I understand.
Well, I for one plan to [applaud] Canary Wharf at 07.43, [enjoy] the Northern Line, particularly at Euston Station by 08.21, [be at] Gatwick for 09.17 at [get to] Heathrow by 11.34.
Hope the feds don't decode any of that!
This article in "The Times" suggests that things were not quite that simple & in fact your timeline is wrong Bruce.
The article claims US intelligence pretty much ruined the case being put together by the British by arresting Rauf early, which would then imply the use of emails would be more in reparation for that early arrest than anything else.
"This is a lot like listening to records played backwards. The first time, all you hear are a bunch of meaningless slurs, clicks, and pops. Then, someone tells you what is "supposedly" being said. Now, listening the second time, all of a sudden, those slurs, clicks, and pops, start to sound like words. And the more times you listen to it, the more you become convinced that those slurs, clicks, and pops actually sound like the words which were suggested."
Reminds me of the Dreyfus case...
> For people that missed it the first time around, the register did a piece a while back on what would need to be done to take down an airplane with a binary bomb.
The Register article is almost pure baloney. In Thomas C. Greene's defence, the highly inaccurate description of the bombs that he uses is based on early media speculation which has turned out to be completely wrong.
However even if that were not the case, much of what he says is nonsense.
Completely an aside, but seeing code in the emails is a lot like prosecutors declaring that a suspect had pornography on their computer. It doesn't have to be true, it doesn't have to be proven, but it does injure the defendants reputation, which is a big part of what prosecutors do as a matter of course.
To me, this case is proof (or at least an example) that it is perfectly possible to convict terrorists while abiding by warrant requirements and other due-process requirements. Police who say they need exemptions should be fired for incompetence. There is no need for anyone to give up the presumption of innocence, and we have a lot more to lose if we do than the terrorists could possibly do to us.
If presenting evidence from a wiretap or infiltrator in court (or allowing a defendant to confront his accuser) would expose intelligence sources or methods, then it behooves the judge to choose jury members who can be given the necessary clearance. Defendants' rights must be upheld because some defendants ARE innocent, and you or I could be next.
Could evidence FABRICATION have occurred under your noses?
I just wonder how much fabrication occurred as part and parcel of these alleged interceptions? These spy agencies do not seem to be paying their way with convictions. The reason is because the system has been assembled to spy on the majority class of Americans and prevent anti government acts which they call terrorism. The ruling class want to know what the majority of citizens are going to do next, so they can thwart it and make it disappear.
You will find this audio absolutely interesting!!
My ancestors came ashore at Plymouth, and every one of those who came after them were loyal patriots and served America in some quiet way or in the armed services. About a year ago I was interrogated in my home and accused of illegal acts by a senior special investigator and an attorney, agents of the DOJ, who evidently were reading my emails to/from my son, who lives and works overseas, whom I support financially from time to time. They did not serve me, but they accused me of illegal acts they alleged I was doing.
They even went to a grand jury to access all my emails that I have ever sent that were stored in Google. ( So much for privacy)
All of my transactions with my son were clearly legal and especially done in the most obvious and clear method so that the evidence was everywhere that no illegal activity was intended.
Once I sent him funds through my local bank that were over the $10,000 amount as a 3 month business loan where he was trying to establish an overseas business. He paid it back in smaller amounts, but the two agents saw his 'paying me back' as an attempt on his part to launder money through me!
They threatened me without naming charges.
The open ended threat still awaits closure.
I am currently over 70 years old and have never seen such flagrant abuse of power.
I am still innocent of any charges though I live with the thought that one of these days they will come for me and take me off to jail on trumped up charges just to make themselves look good.
With that in mind, I looked for an attorney - just in case - who could work for me. He has to have $5000.00 just to retain him.
Ah...the joys of being an American citizen.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.