Bin Laden Maintained Computer Security with an Air Gap

From the Associated Press:

Bin Laden's system was built on discipline and trust. But it also left behind an extensive archive of email exchanges for the U.S. to scour. The trove of electronic records pulled out of his compound after he was killed last week is revealing thousands of messages and potentially hundreds of email addresses, the AP has learned.

Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer without an Internet connection, then save it using a thumb-sized flash drive. He then passed the flash drive to a trusted courier, who would head for a distant Internet cafe.

At that location, the courier would plug the memory drive into a computer, copy bin Laden's message into an email and send it. Reversing the process, the courier would copy any incoming email to the flash drive and return to the compound, where bin Laden would read his messages offline.

I'm impressed. It's hard to maintain this kind of COMSEC discipline.

It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden's ability to maintain it for so long. The U.S. always suspected bin Laden was communicating through couriers but did not anticipate the breadth of his communications as revealed by the materials he left behind.

Navy SEALs hauled away roughly 100 flash memory drives after they killed bin Laden, and officials said they appear to archive the back-and-forth communication between bin Laden and his associates around the world.

Posted on May 18, 2011 at 8:45 AM • 103 Comments

Comments

GreenSquirrelMay 18, 2011 8:53 AM

It isnt that slow and the toil isnt on Bin Laden's shoulders, so it shouldnt be surprising that he could do it for years.

There is a western bias that the fast paced lifestyle of answering an email within 5 minutes has to apply everywhere. We seem to hold to this despite the fact that we also communicate in very slow, labourious methods when required.

I actually think this is a reasonably fast system - its not much different from a postal service....

Just today, I spent time typing up a document, printing it out and giving it to a courier to deliver across the globe. And I work in a large multinational with massive IT services.

ToddMay 18, 2011 9:05 AM

Do you mean like surfing the web by having pages e-mailed to you? "I will fetch web pages from other sites by sending mail to a program that fetches them much like wget and then mails them back to me." (http://stallman.org/stallman-computing.html)

JulianMay 18, 2011 9:09 AM

The thing I haven't seen explained is how he could send all these emails and not have any of them intercepted. Just because they were keyed in at a remote internet cafe rather than his house only means the source was harder to identify. They were still sent using email accounts to other people with email accounts. That not enough were intercepted for the security agencies to realise bin Laden was still very much in the picture is surely a big failure. That bin Laden didn't have a physical internet connection seems a feeble excuse.

AnthonyMay 18, 2011 9:16 AM

A few questions come to mind...

1. Did the remote party also use couriers in this way, or was discovery of their physical location less of a risk.

2. Was the system in place as much to prevent the receiving party from knowing Bin Laden's location as it was to prevent eavesdroppers from discovering the same.

3. Why announce that you have the emails? Bin Laden's associates already had to assume that their prior communications may have been taken during the operation, but now its been confirmed with some detail.

4. Following from 3, why did he maintain this history that could be discovered and compromise others in the group? Of course its a great think for US Intel, but surely Bin Laden should have known better?

WinterMay 18, 2011 9:20 AM

@Anthony
5 Why did Bin Laden not encrypt the mails?

The answer would be likely based on key management problems.

SomeGuyMay 18, 2011 9:27 AM

I'm following this story to see if ANY encryption was ever used by the terrorists. So far I've seen no indication that it was. I wonder why they didn't encrypt anything, since a bust like this exposes those who are left.

JasonMay 18, 2011 9:37 AM

Why wouldn't you encrypt? I don't understand at all.

I can think of complications that encrypting would create but none of them seem insurmountable to someone already displaying discipline.

PaeniteoMay 18, 2011 9:40 AM

"I'm impressed. It's hard to maintain this kind of COMSEC discipline."

But Bruce, you know seem how such discipline can be enforced:
> "Fire someone who breaks security procedure, quickly
> and publicly," I suggested to the presenter.
http://www.schneier.com/essay-282.html

And now think what "fire" means in terms of terrorist organizations.

WinterMay 18, 2011 9:42 AM

@Jason
"Why wouldn't you encrypt? I don't understand at all."

I have got it! OBL believed all these stories about the back doors in the crypto. So he considered them unsafe.

So the NSA is behind all the conspiracy theories!

;-)

Pax DickinsonMay 18, 2011 9:43 AM

The real operational security question that needs to be asked is, why is the US government bragging about how much intelligence data they acquired?

Are they stupid, or amateurs, or do they just care about scoring domestic political points more than penetrating the security of their mortal enemies?

grumpyMay 18, 2011 9:43 AM

Exactly. While an IronKey wouldn't be an insurmountable problem for various TLAs it would buy time which is important when a cell is compromised. Even minutes can make a difference between getting away to do more mischief and spending a long time somewhere you don't have the key to. I thought that was one of the prime lessons from the various resistance movements during WW2 here in Europe...? But maybe OBL wasn't a student of history.

JKMay 18, 2011 9:52 AM

As with all the PR from this event, some inconsistencies. The remarkable thing here is not the air gap, the system would look like many people's day-by-day email conversations to BL. The oddness is in the unencrypted archive, which would be trivially avoidable. Either he was arrogant and thought he'd never get caught, or such an egotist that he didn't care what happened once he did get caught. Or perhaps the archive is full of disinfo. Or perhaps it doesn't exist, like perhaps the pron and actually the human shield wife.

Captain ObviousMay 18, 2011 9:53 AM

"hauled away roughly 100 flash memory drives"

When explaining the technology to Osama, they said, "It's like a CD, only smaller. You put stuff on it." They forgot to mention (or didn't know) that you can delete stuff and reuse the flash drives. Hence the used drives just piled up, like so many Linux CDs I've collected over the years.

karrdeMay 18, 2011 9:58 AM

@SomeGuy, I believe the sets 'people who understand encryption and know how to apply it' and 'people from the Middle East who run terrorist groups' have an empty intersection.

Either that, or their intersection is a set which has so far been impervious to various Intelligence agencies, and we've been getting their less-capable comrades. (There's a pleasant thought...)

@Anthony, I would believe the answer to question #1 is "probably so", and question #2 is "yes".

For example, we can be fairly certain that data hoovered up from Abu Musab Al-Zarqawi's computer (found after he died in a bombing attack in June 2006) helped lead to Bin Laden.

But I think it obvious Zarqawi didn't have Bin Laden's address, and didn't know which town or city Bin Laden lived in. It is probably true that Zarqawi didn't even know which region of Pakistan was Bin Laden's base-of-operations.

Per question #3, and #4I don't know.

Perhaps Bin Laden didn't think loss of his data was a reasonable possibility, or perhaps he misunderstands the strength of permission-locks on file-systems. (See comments above about use of encryption...I think there's a similar null-intersection between 'Bin Laden technical support' and 'people who understand data-security of filesystems and drives'.)

Animal Farm PigMay 18, 2011 9:58 AM

Using the courier is likely safer than OBL visiting the cyber-cafe himself.

Still, there's the glaring problem of traffic analysis. Even if email were encrypted, surveillance of someone somewhere in the chain with an email address starts to reveal links in the AQ social network. Those links can be traced back to hubs.

I wonder if Bin Laden took any steps to mitigate this risk.

BF SkinnerMay 18, 2011 10:02 AM

How did the recipients of the email know the message received was:
a. truly sent by OBL
b. not changed en route either by courier's or the TLAs?

Perhaps they stego'd it in spam. All those "longer, stronger Dick M@d's" ads we been getting? OBL talking to his org.

@Paeniteo "what "fire" means in terms of terrorist organizations."
IRA would kneecap misbehaver's. Yakuza cut's off phalanges.

@Richard Schwartz.
Funny!

karrdeMay 18, 2011 10:10 AM

@Pax,

Compare the public statements after the death of Zarqawi to the public statements after the death of Bin Laden.

I suspect that information gained from finding computers after both events was approximately the same.

Did the U.S. publicly state that they were reading Zarqawi's emails? Did they outline Zarqawi's field-craft?

That might give a good indication of whether one (or both) Administrations is playing like an amateur.

aikimarkMay 18, 2011 10:28 AM

>>...maybe OBL wasn't a student of history
Why study history when you can make history?!?

As we've seen, flash drives can't be effectively wiped of historical data without a LOT of effort.

Maybe his porn collection should have been used to fill the flash devices. Then distribute the flash devices for free -- leave them in an internet cafe. One time use. They are cheap. You only need one copy of the conversation and that can be very strongly encrypted.

GreenSquirrelMay 18, 2011 10:28 AM

At the risk of straying into conspiracy theory territory, I must admit I do find a couple of things inconsistent here.

For the last few years we have been hearing how OBL was no longer playing as prominent a role in directing AQ's worldwide network. This seems to have come from multiple intelligence agencies, not all of which share the same motivations to agree. It is also broadly in keeping with the activities we have seen on the world stage.

Then suddenly OBL is shot and a magically huge intelligence hoard is discovered which pretty much overturns everything previously known but in a very non-specific manner.

One of two things - either the current intelligence agencies are failing massively or OBL's operational important has been inflated to justify his execution.

Note - these are not mutually exclusive.

From the media reports we have been fed, I still doubt OBL was actually operationally commanding AQ. He may have been sending emails to his various followers exhorting them to attack various places, but this is not the same as being in command of a network of terrorist cells.

A thinkerMay 18, 2011 10:37 AM

If I were the nsa, I would be grabbing all encrypted mail coming out off pakistan and spending the tax payers buck to read every one of them.

Not encrypting and exercising some caution in the wording of the mail so as not to set off keyword listeners makes finding these emails pretty difficult. Especially if freely available anonymous email accounts are used.

Clive RobinsonMay 18, 2011 10:39 AM

First off if there were 100 thumbdrives that is likley to be the source of all the "stored messages". Due to wear leveling algos actually in the thumb drives they are quite difficult to erase.

The number used sugests that very little was on each drive, that is there may have been one per cell etc.

As for not using encryption that is fairly standard as far as SOP's go. Basicaly an encrypted message stands out like a 10 megacandle flashlight on top of a high hill. It is actually better to use some form of code within a stego message of some form.

As for anything else there is to little hard information in the article.

Further have a think what the message actually is "Osama was incompetent/blaise/etc" what better way to make the cells duck down and show disarray than by making it look like the leadership had by negligence sold them out?

Further there is little evidence that OBL was actually activly involved these days thus much of the information may actually be of little real worth like most 'SitReps' from rear-eachelon admin organisations.

Only time will tell.

ChampsMay 18, 2011 10:56 AM

I think it would be extremely naive of us to imagine that these new developments are going to cause any change in Al Qaeda policy… we must not allow an air gap!

alan partisMay 18, 2011 10:56 AM

I know many in the pop culture public are having a good deal of fun at the thought of all the porn hanging around the OBL "lair," but is it possible that the porn itself was the "envelope" for hidden messages? What better way to fly under the radar of Internet traffic than to hide amidst the torrent of porn flying about?! No need to use further encryption and raise any flags. OBL could have embedded his messages into the image and/or video files himself before copying to his flash drive and handing it off to his courier for delivery. This is just a minor modern twist on very old, tried and true, COMSEC processes, no?

AnonMay 18, 2011 10:59 AM

@karrde:

The intersection between people in the middle east who run terrorist groups and people who understand crypto and know how to apply it is roughly Mossad.

DavidMay 18, 2011 11:00 AM

@Todd - I also noticed the similarity to Stallman, and came on here to note it...

DavidMay 18, 2011 11:07 AM

Hmm - it wasn't in the linked page, and I'm not finding it. I read in some material provided by Stallman at some point in the last decade that he would only occasionally connect and fetch/send his email, and would read/reply to them off-line... that's the parallel I was referring to.

A Nonny MouseMay 18, 2011 11:11 AM

I must be confused, where in the article did it state that the recovered messages were readable as opposed to encrypted?

And aren't the chances good that if encryption was used, the encryption key would be recoverable based on seized hardware / drives / backups etc?

Tony H.May 18, 2011 11:25 AM

@Anthony
"3. Why announce that you have the emails? Bin Laden's associates already had to assume that their prior communications may have been taken during the operation, but now its been confirmed with some detail."

The various claims of what happened and what was found are doubtless tailored for different audiences - the US public, OBL's correspondents, independent and wanna-be jihadists, the Pakistani intelligence services, etc. etc.

So what if those flash drives all actually turned into a lump of poor-quality molten iron the moment the first Seal was detected at the gates? Anyone who can rig an IED can rig a safe with thermite and a pull-string to destroy its contents.

In that case probably the best bet for the US is to claim they have a zillion emails, and see who panics among those they are already watching.

Andrew2May 18, 2011 11:28 AM

And yet, the very practice of using couriers is what revealed the location of the compound.

Andrew2May 18, 2011 11:38 AM

@JK

Or it was encrypted and the spooks are (wisely) claiming they found plaintext copies laying about instead of revealing their cryptanalysis capabilities.

MoerkenMay 18, 2011 11:41 AM

Did anybody not get a warm feeling from remembering UUCP when reading this?

karrdeMay 18, 2011 12:15 PM

@Anon 10:59 AM

While I see your point, my mental map for 'terrorist group' included the trait 'Non-Governmental Entity waging irregular war against Governments and Societies they feel aggrieved by'.

Thus, the Mossad (whatever their faults or wrongs) doesn't quite fit. They are attempting to implement policy for a government in the region, however odious that policy.

On the other hand, the evidence about OBL may indicate that he had always been running a pseudo-NGE, not a real-NGE. That is, while he typically presented himself as an autonomous leader of a Non-Governmental Entity, his base of operations was typically in a country in which some element of the government gave him shelter.

Phase 1 of his career as an self-declared enemy of America was under the Taliban government in Afghanistan. After a short time attempting to maintain a base of operations under the eye of American-led forces in Afghanistan, he appeared to slip into Pakistan to begin Phase 2. I interpret OBL's safe-house location as evidence that someone in the halls of power in Pakistan wanted to keep him alive.

But this is all quibbling over details about definitions.

I suspect that what we both mean is that the culture of the Mossad understands crypto and uses, and the culture from which OBL draws his assets doesn't understand crypto and deeply mistrusts it.

The same could be said for understanding how physical control of computer hardware translates into access to data.

PaulMay 18, 2011 12:58 PM

Tracking is hard if terrorists use disposable email addresses. He's not osama@gmail, but quite possibly changing email addresses every several weeks, with something in the message to validate identity.

Also, terrorists have been known to share email addresses: one saves a draft, the other logs in and reads the draft - no message to be intercepted.

bobMay 18, 2011 1:37 PM

"I'm impressed. It's hard to maintain this kind of COMSEC discipline."

I thought the story was that he was caught through a courier? We also don't know how long ago the courier was identified. It seems ridiculous to me that the USAians would locate Osama and then kill him immediately. The intelligence potential was much bigger before they killed him than a compound full of ageing data. The whole story stinks almost as much as the unabashed pride with which they announced his assassination without trial.

Brad ConteMay 18, 2011 1:46 PM

This isn't really that much different from old-style pen-and-paper communication, except that the threat of the physical correspondence being intercepted is (almost) eliminated.

MarkMay 18, 2011 2:25 PM

@karrde and Anon,

I understood the original message as "The intersection between Middle-eastern terrorists and people who understand crypto is a group of infiltrated Mossad agents."

Alex WMay 18, 2011 2:53 PM

@bob not assassinating him would create a lot of problems for US. Captured leader would definitely spark immediate backlash from his followers; plus when captured, they would have to go through the trial, closely watched by the entire world, which would not only delay the retribution but also could uncover some unwanted facts about the entire "war" and events that started it. And yes, why no encryption? Seems convenient.

Carl 'SAI' MitchellMay 18, 2011 3:06 PM

Destroying data on flash drives is easy. I use a propane torch. Destroying data without ruining the drive is harder.

IPOverBipedialCourierMay 18, 2011 3:13 PM

Just need to modify the RFC a bit - but its the same in practice. RFC 1149.

karrdeMay 18, 2011 3:14 PM

@Mark: funny.

(infiltrated into Mossad, or infiltrated by Mossad into the global OBL-and-associates congolmerate?)

RookieMay 18, 2011 3:38 PM

@Paul

I think you're getting closer to what actually was happening with Osama's "emailing". Many people are assuming that the couriers were sending messages from darkhelmet@yahoo.com to jihad_mog@gmail.com, but the draft message scenario would avoid a lot downsides that others are pointing out.

The 19 hijackers from 9/11 were supposedly using this method to communicate between themselves and higher authority.

Joe BuckMay 18, 2011 4:33 PM

I've seen claims that jihadis believe that the NSA can decrypt all "Western" encryption algorithms and they therefore don't trust them (and in some cases they've been sold bogus encryption from people who claim this). Perhaps this belief has been encouraged by disinformation, but there are some historical reasons why they might believe this. For example, the NSA could read Libyan encrypted traffic in the 1980s because they had inserted back doors into the Crypto AG equipment the Libyans were using.

BrandonMay 18, 2011 4:34 PM

@Tony H.

Exactamundo. The US is so in-your-face about all the secrets uncovered, it makes me all the more certain that -- aside from trying to score political points -- they're simply doing it as a psyop on the enemy. Instill fear and panic, and then stand back and wait for them to make mistakes.

MikeMay 18, 2011 4:40 PM

No is calling what that is. It's a sneaker net. Although, Bin Laden perhaps didn't have sneakers so maybe that's why the media and this Site aren't using that term.

Nick PMay 18, 2011 5:54 PM

Air gapped network that uses USB flash drives? With one courier? Sending easily profiled email via local Internet cafes? I'm honestly surprised they didn't trace them sooner. Additionally, USB is a vulnerability in an air gapped network as far as I'm concerned. At the least, the thumb drive could be compromised with a modified Stuxnet that drops a rootkit for intelligence gathering purposes.

I think the use of high assurance guards to move information from low to high is an example of maintaining an air gap. Non-DMA hardware, trusted firmware, a simple protocol, input validation, etc. are required to ensure the low device being plugged in will not compromise the high network in some way. USB doesn't fit the bill. I've recently been thinking of some designs to solve this problem. Also, I've always thought USB was a mistake: they should have fixed PCI to cover many devices well instead of adding another layer of complexity.

AnonymooseMay 18, 2011 7:16 PM

I find it hard to believe that the alleged mastermind of world changing attacks and of a world-class terrorist organization that had eluded and had the ability to keep secret (allegedly) it's plans from the CIA, MI6 and Mossad would have all of his plans and communications in plain-text on some USB thumb drives. TrueCrypt, Jetico's BestCrypt, PGP, LUKS, dmcrypt, etc. provide not only extremely strong whole-disk but also loopback container and per-file encryption, many of them for free.

If I and many people I know use TrueCrypt for Windows, LUKS for Linux and PGP WDE for OS X, then certainly the infamous al Qaeda (slang for "the toilet" in Arabic) would utilize it. What if a courier had the USB thumb drive taken, or more likely as it happens to organizations all the time, lost it during transit? The top-secret plans would be discovered! There was a comment about bin Laden's CIA training; beyond just using couriers to take the messages to a cyber cafe and send it along to its destination, they would have employed some sort of encryption technique. The software is free, easy to use, and in the case of Truecrypt and others the program can be carried on a USB thumb-drive and used on whatever computer.

Also, there exist full anonymization networks such as Tor, and hidden "onion address" services that would provide bin Laden the ability to communicate privately to forums on a web server, completely isolated and hidden. If he didn't care about the convenience and indeed insisted solely on couriers taking the data to a remote end and sending it along its ridiculous to assume that the data was not encrypted on the drive for protection during transit, and also to assume that he would not have used encryption to transmit the messages (although we don't know if he did or not, we're just being told that the data was easily accessible on the thumb drives). PGP has been around forever and lends itself to email encryption; there are also services like Hushmail that are encrypted by their nature and accounts can be created on the fly for each purpose. There is also OTR (Off-the-Record) messaging that is available for popular messaging software and is very secure.

I believe this is definitely some kind of psy-op campaign NOT against the "enemy" but against the public at large. It's almost as if the powers that be, aka "The Man", are toying around with how blatant of lies and misinformation they can feed the people without them noticing.

To sum it up -- a lot of average people, corporations, organizations, journalists, and more use whole disk & container based encryption along with transit encryption (PGP, OTR, FiSH, SSL, SILC, the Tor network, etc) every day to protect conversations, data, and plans that have much less consequences than al-Qaeda's; so why didn't the most wanted and powerful alleged terrorist in the world use any of it? Why would he be using cold-war style messaging (by courier to a remote site) and leave his communications open to interception and not adapt? He certainly adapted his nefarious plans and attacks, and was apparently very intelligent. He also had numerous advisors and friends that would be able to guide him. Remember the threats about al-Qaeda using computer networks against us? We're supposed to believe that but also believe that he didn't use any form of encryption and obfuscation and network anonymity?

I smell a lie.

Dirk PraetMay 18, 2011 7:34 PM

I believe that most, if not all of the information released to the general public today is just as credible as Joseph Goebbels' "progress reports" during WWII. It is primarily meant to taint OBL's legacy among his followers (wife-shield, pr0n collection ...), continue fear-mongering ("he was still actively involved in AQ") and trick the more paranoid members of his organisation into making mistakes by insinuating they have been compromised.

The mailing technique alledgedly used makes sense to me. It's what I would have done too in the shoes of the most wanted man in the world, and in absence of an entire team of highly trained communication and encryption specialists arrogant enough to think they could outsmart the NSA, Mossad et all. And especially if you already believe that every encryption algorithm in the public domain has been backdoored. In which case disappearing off the grid alltogether is the only logical course of action.

What I don't understand however is how all these very capable spy agencies during years failed to pick up the actual mail traffic of the courier(s). Based on the information we have today, the only conclusion I can draw is that lo-teks by choice seem to be much harder to hunt down than other people. Maybe it's time for the TLA's of this world to review their obsessive spending on cyberprojects and start making their hands dirty again on plain old-fashioned work in the field.

AnonymooseMay 18, 2011 8:46 PM

@Dirk Praet,

An organization with as many alleged resources as "al Qaeda" could easily hire world renowned experts to consult and train their own in-house specialists in message security and crypto; thus, believing that every public domain crypto algorithm is backdoored would be unreasonably naive. They would be consulted by the best. Hell, if they don't trust western systems, there are the Russian algorithms that apparently stood up to American intelligence analysts for a long time. They would know that public key cryptography is used and trusted by a spectrum from the lowliest non-profits to global conglomerates to protect secrets worth billions of dollars. If they bought the propaganda that all the algorithms are backdoored then they would also believe other things such as airport security and intelligence agencies being top notch and they would believe their plans would be crushed and attacks stopped every time. They wouldn't be able to do anything undetected. But they know better. They knew, in the context and if you wholely believe the official 9/11 story, that the TSA was inept and that *ostensibly* the intelligence agencies weren't standing in their way or capable of foiling their attack. They
I read in Forbes (or something similar) around 8 years ago that Colombian drug cartels (of which cocaine alone is a $50 billion [with a b!] dollar per year industry) hired an expert to design a communications system for them. It encompassed crypto along with novel transmission methods via primarily radio and some satellite. The system completely evaded every world-wide law enforcement and intelligence agency. The designer was later captured and tortured, and he let out some of the secrets, but the design is so solid they continue to use it. If they hired someone to develop something like that, then the most resourceful evil terrorist organizations out there could as well especially considering that the motives are beyond money and are deeply routed in belief and indoctrination. They have a cause they feel is real and just and thus would be able to obtain capable systems for lower monetary investment. They would be capable of having a system on-par with that of the cartels.

We are told that these people have limitless funds, that they have a strong, intelligent and capable support base and that they are constantly evolving and formulating plans. That they wouldn't use crypto , steganography , and misdirction to protect archives of communications, let alone the actual communication, is ridiculous. They went through laborious measures to ensure that tracking the physical source of a message was vrtually impossible (using couriers to remote cafes). Why not spend a few extra minutes installing some software and telling your operatives to read the help files and manual?

Also I don't think that belief of the crypto being backdoored would necessarily stop them from using it. It would provide more security than plain text as only certain entities would be able to decrypt it. So if they were stopped with the data in hand, their plans wouldn't be foiled. After all we're being told that bin Laden had files with virtually the title "MY PLANS FOR ATTACK ON 10TH ANNIVERSARY OF 9/11" and "HOW TO BLOW UP BRIDGES & TUNNELS" on his computer. That's pretty darn conspicuous. Encrypting it even with a weak key would at least provide protection from most prying eyes, and buy more time in the case that the data is captured. Which is the whole point -- you need as much time as you can as an operation can be made or break in a few seconds. An extra minute before the plane takes off can be the difference between success and failure.

Richard Steven HackMay 18, 2011 10:13 PM

At least one Islamist group produced their own encryption package, the algorithm of which is not AFAIK been publicly vetted, so it's probably worthless. But it does establish that they understand and use encryption. Apparently they wrote their own because they believe Western systems have been compromised by Western security agencies - a reasonable and probably only partly wrong apprehension.

"why is the US government bragging about how much intelligence data they acquired?"

Because they have to cover up and direct attention away from the fact that they (allegedly) shot and killed the most important counterterrorist intelligence asset in the last twenty years, of course - and then dumped his body tout de suite to make sure no one could prove who it was or why he was killed.

Even if it wasn't bin Laden, they would have to say this to maintain the fiction.

In the same vein, the alleged "porn stash" is so ridiculous a claim as to be instantly dismissed by most people who have heard it.

For one thing, they haven't established that it really exists other than by claim (like virtually everything else about the operation). Second, they haven't established to whom it belonged since it is referred to only as being "in the compound" where any number of people resided besides bin Laden. Third, the suggestion above that it was used as stego is also a possibility.

The goal of such a claim obviously is to denigrate bin Laden by establishing that he was an "immoral person" in fanatical Islamist eyes.

Funny how they don't dare to apply the same logic to the alleged 9/11 hijackers who are known to have frequented prostitutes, drank and otherwise violated Muslim norms, especially considering they were supposed to be "fanatical Salafis" willing to commit suicide for their beliefs.

Karrde: "While I see your point, my mental map for 'terrorist group' included the trait 'Non-Governmental Entity waging irregular war against Governments and Societies they feel aggrieved by'. Thus, the Mossad (whatever their faults or wrongs) doesn't quite fit. They are attempting to implement policy for a government in the region, however odious that policy."

Unless of course, you subscribe to the concept "state terrorism" - in which case Israel and Mossad most definitely fit the bill and have since before Israel was even created.

Especially since Mossad is very fond of "false flag" operations such as the bomb attacks in Egypt against western targets and also tried to recruit an "Al Qaeda cell" in the Palestinian territories which was foiled by Palestinian police.

Not to mention the origins of the Israeli state in operatives like the Irgun. As Jewish UK MP Gerald Kauffman stated in Parliament, "Israel...was founded by Jewish terrorists".

It has long been a suspicion of mine that 9/11 was probably created as an operational plan by the Mossad, inserted into Al Qaeda using a double agent, and then helped along by the various Mossad agents known to be surveilling the alleged 9/11 hijackers in the US during their setting up the mission.

The latter certainly explains how Mossad agents were caught filming the attack from New Jersey - they knew it was going to occur. It also explains how the first words out of Netanyahu's mouth about 9/11 was that it was "good". It also explains why Israel did not alert Washington as to the pending attack until two weeks before the attack, long enough to CYA them but not long enough for the US to do anything about it (even if Bush and Cheney had any intention of doing so.)

I'm not one of those who subscribe to the most elaborate 9/11 conspiracy theories with "robot planes" and the like (and I'm not engineer enough to talk about prepared explosives vs plane impacts). I do believe some faction of "Al Qaeda" and/or a faction of the Pakistani ISI was probably behind it, although it appears bin Laden never really claimed responsibility - which is why I refer to an "Al Qaeda faction" rather than Al Qaeda itself.

However, I have little doubt that someone in the US government - and almost certainly the Israeli government - knew something was going to occur and was instrumental in seeing to it that very little effort was put towards preventing it with an eye towards justifying the subsequent US government reactions.

The Project for a New American Century papers which refer to the need for a "new Pearl Harbor" are frequently cited.

As Robert Anton Wilson once noted, someone in the State Department during WWII flagged a report about the Nazi concentration camps as "unreliable" which delayed the Allied response to that situation.

As FBI agent Colleen Rowley said: "During the early aftermath of September 11th, when I happened to be recounting the pre–September 11th events concerning the Moussaoui investigation to other FBI personnel in other divisions or in FBIHQ, almost everyone's first question was "Why?--Why would an FBI agent(s) deliberately sabotage a case? (I know I shouldn't be flippant about this, but jokes were actually made that the key FBI HQ personnel had to be spies or moles, like [Robert Hanssen], who were actually working for Osama Bin Laden to have so undercut Minneapolis' effort.)"

Given Sibel Edmonds later reveals, we KNOW the FBI is riddled with such moles working for various foreign entities including Turkey and Israel.

The one individual I believe could have been instrumental in allowing 9/11 to occur is Dick Cheney. There are just too many questions concerning his behavior on that day (and many other days). And there is no doubt in my mind that he is the sort of person who could and would do such a thing.

Richard Steven HackMay 18, 2011 11:02 PM

Off topic: Heh, while browsing some cheat sheets sites, I found the Bruce Schneier Facts Cheatsheet here:

http://cheat.errtheblog.com/s/...

Also, I'm currently reading a very interesting text titled "The Dark Side of Creativity", edited by David and Arthur Cropley, James Kaufman and Mark Runcon, published by Cambridge University Press (www.cambridge.org/9780521191715), which is about how creativity affects society when used negatively for malicious purposes.

Bruce is cited on page 35, specifically, quote:

Schneier (2000) provides a number of examples, ranging from cell phone manufacturers to oerators of state lotteries, of failure to anticipate
actual threats to systems or technologies that typically were accompanied by allocation of great time and cost on measures designed to guard against what turned out to be the “wrong” threat. Schneier (2000, p. 288) states the problem of designing security approaches succinctly as:“If you don’t know [the real threats against the system], how do you know what kind of countermeasures to employ?”

I think Bruce ought to read this if he hasn't already, as it delves into various aspects of the social impact of creativity by "deviants" which should be relevant to the new book he's writing about the "Dishonest Minority".

fbmMay 18, 2011 11:06 PM

I remember reading somewhere that Al-Qaida and some other terrorist groups had developed their own encryption methods because they didn't trust the algorithms developed by anyone else. Needless to say, I don't think they were very secure.

kurrenMay 19, 2011 1:09 AM

TSA should be deployed to all internet cafes across the country (the world, maybe iwh some help from the Navy Seals) to check for suspicious un-american (and american too) looking people with USB sticks.

Also, RIAA should lobby for a tax on USB sticks, this wil fix National (and World) security and fight IP piracy.

Or maybe, just send some drones to do the job.

WillMay 19, 2011 1:41 AM

http://cheat.errtheblog.com/s/... is not off-topic and I'll tell you why:

the last item on the list is:

"When you email Bruce Schneier, you don't need to press "send"."

And above people have talked about terrorists communicating by sharing logins to email and using drafts.

... moment for implication of Bruce sharing everybody's login to sink in ....

Why hasn't Bruce been telling the Agency???

WinterMay 19, 2011 1:44 AM

I read the discussion about conspiracies and moles on all sides, including agencies inciting terrorists to attack their friends and having moles to divert attention from the schemers. However, the theories are to disconnected to make much sense.

I have done a search of the literature and dug up an old security paper by Carlo M. Cipolla that predicted it all:

THE BASIC LAWS OF HUMAN STUPIDITY

http://www.searchlores.org/realicra/...

Especially, the first law. is at play here

PaeniteoMay 19, 2011 2:51 AM

@Richard Steven Hack: "For one thing, they haven't established that [the porn stache] really exists other than by claim"

Well, yes, they should show the stuff around for public... uh... scrutiny. ;-)

uk visaMay 19, 2011 3:47 AM

@Richard
I wonder to what extent OBL followed his CIA training - to the letter or had he developed his own derivative systems...

GreenSquirrelMay 19, 2011 4:14 AM

@Paul "Also, terrorists have been known to share email addresses: one saves a draft, the other logs in and reads the draft - no message to be intercepted."

This is an insecure way of passing messages as it leads people to think it cant be intercepted.

The fact is the data still moves between people - albeit not as emails - so there is still massive opportunity for interception. If the intercepting agency can sniff mail servers, it can also probably sniff HTTP traffic so the last line of defence would be to rely on HTTPS to connect to the mail server to read/write the drafts. Far from ideal.

GreenSquirrelMay 19, 2011 4:26 AM

@ Anonymoose

"An organization with as many alleged resources as "al Qaeda" .. ...
We are told that these people have limitless funds, that they have a strong, intelligent and capable support base and that they are constantly evolving and formulating plans."

I think the crucial issues are:

1 - they dont have as many resources as we keep getting told they do.
2 - they dont have limitless funds.
3 - they dont have a strong, intelligent, capable support base

The reality appears to be that these are people capable, and willing, to fight using techniques so "old fashioned" that most westerners are amazed that someone would put up with such effort.

However, given that they appear to culturally dislike modern technology it seems fairly reasonable that they would develop hybrid systems which minimise what they see as a risk from Evil Tech.

We are used to calculating the effort based on western values where people are reasonably expensive resources so, to us, using software approaches just makes sense.

In other cultures, where people are cheap and labour is easily found, this is not the case. If you have people willing to die for your cause, its easier to use them as donkeys than find a techno expert who you wont actually trust because he will have been tainted by "western" exposure.

If you are so paranoid about western intelligence catching you, have spent your life living with the technologically phobic Taliban and have been trained by CIA/ISI (so are used to dead letter drops etc) then everything about this makes sense.

LutendoMay 19, 2011 4:28 AM

The way I see it, there are only 2 possibilities:
1. Bin Laden had CIA intelligence training and was probably using an encryption method that made sure only his associates could decrypt the mails.

2. US was unable to decode the mails in those flash disk, and are trying to flush out the associates (get them to panic?) so they can get a lead into decrypting mails in their possesion..............................

and of course there is always room to US army not having killed Bin Laden, and not having this data they are bragging about.

David ThornleyMay 19, 2011 10:37 AM

I've been thinking of possible meanings for "We got all these neat and highly informative computer files."

"We don't know how to do intelligence work." I don't buy this one.

"We wanted to do well in the elections, and forgot it's an odd-numbered year (hence no national elections)." I don't buy this one either.

"We got nothing useful, so we thought we'd make the best of it by lying to confuse things."

"We're watching a lot of people that we think would react to threatened exposure if they were what we suspect they are."

"We've been losing informants, so we want to give them plausible deniability for having told us X."

"We've got some important ops coming up, based on intelligence sources to important to risk outing, and we knew where OBL was, so we raided his compound at an appropriate time and announced we got a lot of information to cover up where we really get things." This is similar to how some of the Ultra and other intelligence was handled in WWII: arrange to "accidentally" discover something (such as ordering a patrol plane to patrol a particular place at a particular time), and act on it.

I don't think I'll live long enough to find out what really happened, so speculation is definitely in order.

zorgMay 19, 2011 10:43 AM

Now the US military may need some other enemy.

Unless they can make Al-Qaida look as dangerous as before the decapitation.

But if not, perhaps they can use some other scapego I mean target.

meMay 19, 2011 10:58 AM

I have a hard time believing that the porn is being used to call Osama immoral so his 'followers' will feel betrayed. They're not going to trust any thing any one in the West says. I think that's a requirement of being accepted as a member of their group.

It's also a mentality many middle-eastern non-terrorists have. The West is not to be trusted. Heck, I think France feels that way too.

And as crazy as Osama was, he was also human. Lots of super-religious people get busted with porn. No, not Schwarzenegger. I mean like Jimmy Swaggart.

Also, why would he worry about his footmen going to the cafe for a coffee being intercepted? It's not like a flash drive is an unusual device there and it's certainly not a big attraction getter.

One question about using the same email and just writing drafts? Aren't the drafts stored on, for example, a Yahoo server? Anyway, they had to at least be able to read the same language. I can't imagine them bother wasting time with decrypting software, especially if the lines were clogged or slow ( and Tor can be kinda slow, can't it? Well, not for dribbly bit reading..). And the courier had to have understood the written language too because maybe he has to figure out what's real spam and what's not. You can't go dragging real spam back to the illustrious idiot ( and i say that with all the respect of someone who understands he evaded a lot for ten years ). Or they were using some xxx@xxxxx.con email for x period of days/weeks and then it would switch. Maybe that was their sophisticated method :)

I would expect some disinformation, and some real information to come out of this.

But like someone else mentioned, the good guys need to increase bodies out there, not just tech.

CJMay 19, 2011 11:06 AM

I am confused as to why everyone is jumpping to the conclusion that the data recovered is not encrypted. Nowhere in the article does it state that the data was in plain-text.

It is possible that the government has no clue what information is in the data. Maybe they are trying to use a scare tatic by making the terrorists believe that their encryption or cypher has been compromised and they need to develop a new one.

Finally, "officials said they appear to archive the back-and-forth communication between bin Laden and his associates around the world."

NOTE the word "appear", if the information was plain-text wouldn't this read more along the lines of "officials said, the data recovered is an archive of the back-..."

zorgMay 19, 2011 11:19 AM

@me:
One question about using the same email and just writing drafts? Aren't the drafts stored on, for example, a Yahoo server?
--

Yes but (this may be beside your point, in which case I apologize) when you view the contents of the email draft, the contents will have to be transmitted over the network to your browser.

Because of this, saving an email as draft and then allowing someone else to login and read it does not really keep it from being intercepted.

Besides that, if it is like a yahoo account, the yahoo people will have full access to it. I mean, at least the DB administrators at yahoo will.

Not to even mention that software that yahoo uses to scan through the email contents for the feds.

Anyway, of course the terrorists might have registered their own domain(s) and gotten their own email accounts (for those domains) from the domain registrars.

Nobody In ParticularMay 19, 2011 12:05 PM

"I'm impressed. It's hard to maintain this kind of COMSEC discipline."

Amazing what having people really, really, really keen to kill you does for discipline, no?

Clive RobinsonMay 19, 2011 12:35 PM

From some of the comments posted here it would appear that some are judging OBL was technophobic.

This is probably far from the truth, it is known for instance that he used to use a satellite phone but stopped using it around the time a Chechen rebel leader had a missile land on his position whilst talking on his satellite phone. It was said at the time that the NSA gave the Russians the heads up and launch info.

As Bruce has pointed out on the odd occasion it is not the crypto algorithms that are the problem but the crypto systems and keymat systems etc.

All systems including crypto systems suffer from the four HITS weaknesses,

1, Human
2, Implementation
3, Technical
4, Specification

Which are in the order they are most likely to happen (but the inverse order of the damage such a weakness will do).

Even the likes of the theoretically secure One Time Pad suffers from these four weaknesses when in use. For instance the human being say key reuse, the implementation being say one that allows either the key text or plain text to leak, the technical being one that does not check/block key reuse and the specification being say not implementing sufficient message protection to stop bit flipping and message reuse.

Even when you have experts involved and highly trained operators, crypto systems still end up leaking secret information in one way or another.

Also think about AES the algorithm is certified by the NSA to secret and above but only for "data at rest". That is "offline" usage not "online" usage, so the actual encryption and decryption needs to be done on "offline" systems only.

One reason is that many AES implementations in use leak information that allow fairly easy key recovery on "efficient" systems either by other users on the system or by sending in network packets.

So I can quite understand the likes of OBL putting in place systems that are not dependent on unknown technology that you cannot "see inside" to provide security.

As others have noted this might not have been good enough as Stuxnet has shown very publicly what I had been saying for quite some time prior to Stuxnet's discovery that "air gaps" can be crossed.

SMay 19, 2011 1:15 PM

@ zorg: "Now the US military may need some other enemy."

You haven't noticed the steady ramping up of cyber-security paranoia in the press?

The good ol' boys of the military-industrial complex have obviously got to thinking there's a lot more profit in things with microchips and some blinkenlights...

OTPMay 19, 2011 1:56 PM

If one is using a physical courier, then why not simply setup a OTP system? The number of contacts couldn't have been that many, thus distributing the pads and performing proper key management wouldn't be that hard, especially considering how dedicated these people are. All one needs are some fair 10 sided die and a piece of paper and/or flash drive. From there it's a simple matter of performing simple addition/subtraction without carry.

This is why I, like the others, find it hard to believe that OBL and crew didn't use some form of encryption. Whether this means NSA has cracked their standard AES encryption software like Truecrypt or PGP et al, I don't know. We do know that GCHQ was able to crack a British terrorist suspect's PGP encrypted disk a while back, so it's a distinct possibility that's what happened here and the government simply wants to keep that a secret and is pretending everything was already in plaintext.

tMay 19, 2011 1:58 PM

"revealing thousands of messages and potentially hundreds of email addresses"

That's the drawback of type 0 anonymous remailers.

Nick PMay 19, 2011 4:21 PM

@ OTP

True. It's been done plenty of times in other situations. It's funny you mention dice because I came up with a dice- and card-based entropy system a while back. My innovation comes in how I correlate dice numbers to bits to ensure no bias is added. The scheme used 8-sided dice because that represents 3 bits (2^3=8). Shake one shoebox of about three dozen 8-sided dice, dump it out on the floor, and record the values in order. Gives you a bunch of truly random bits, which can be converted to alphanumeric characters in a straightforward way.

For cards, shuffling was obviously used to induce randomness. The suit represented two bits and I think I used only 8 of the face values, making it 5 bits per card. Cheap way to seed a CRNG with a truly random bit sequence that is immune to active emanation attacks.

RoyMay 19, 2011 5:44 PM

By staying off the Internet he missed out on PGP, TrueCrypt, and Bruce's blog.

Dirk PraetMay 19, 2011 6:45 PM

@ Anonymoose

Your analysis is correct when approaching the issue from a western cultural background. And that is exactly where we tend to go wrong so often, if not one of the prime reasons of the abysmal failure of US foreign policy over the last decades.

Since I have no idea where you come from, I don't know if you have ever travelled or worked extensively in Asia or Africa. Gradually, you get to understand that people of different cultures and backgrounds all over the world take to have entirely different dispositions to issues and truths us over here hold as absolute.

Of course there will be quite some AQ individuals and cells that do use cryptography, but AQ as a whole has never struck me as a high-tech SPECTRE-type organisation. IMHO, they are more at the GwG-level (Goons with Guns) because I have never seen any verifiable evidence to the contrary. It is not unthinkable that some or all data on the flash drives used for OBL's correspondence were in fact encrypted in some way. Then again, and as already previously pointed out by Clive, a regular flow of encrypted communications from an unknown ip-range originating in Pakistan - a country where many people are nearly literate - would inevitably have drawn attention and made all transmissions subject to DPI, looking for Tor, Freenet, I2P or similar traffic. Even if the content could not be decyphered, it would definitely have given clues about its origin, leading to deployment of field operatives to gather further intelligence.

If nothing else, 9/11 was a massive intelligence failure that led to a government-fueled creation of an imaginary beast with unlimited funds, resources and skilled personnel to cover up for the many mistakes, complacency, incompetence and lack of cooperation that made it possible. The ongoing fight against whistleblowers probably still illustrates this best.

As AQ is now slowly on its way to history books, history will eventually show that its myth originated not so much by its deeds, but from hidden agendas of people in power and others wanting to capitalise on the problem rather than reducing it to its real proportion.

rinoMay 20, 2011 11:32 PM

"..it was so meticulous that even veteran intelligence officials have marveled at bin Laden's ability to maintain it for so long.."

to quote a master, "that is why you fail".

maybe the veteran intelligence officials could or should learn from bin Laden's discipline and control with his men. it shouldn't be that surprising if dedication to work and principle is instilled. need we go back to pre-WW2 Japan?

Richard Steven HackMay 21, 2011 3:55 AM

"has never struck me as a high-tech SPECTRE-type organisation"

I recall reading that once they expressed an interest in CBW, their first effort was to go to a library and dig up old books on WWI mustard gas and the like.

When I read that, I was like "We need to be afraid of these guys getting nukes? Really?" I mean, you do have to start somewhere, but in the end, as I've said repeatedly, the vast bulk of terrorists in the world are stupid, incompetent, unimaginative, and ineffective - and the world's government should be happy that is the case.

And the world's government probably are happy that is the case because now they can ramp up the fear of terrorism in their stupid, incompetent, unimaginative and fearful populations forever and never have to worry about anything actually happening to prove how fragile the state actually is.

Richard NelsonMay 22, 2011 1:16 PM

As usual, Bruce's commenters are the best. But I can't resist a comment on the rhetoric of the original article: the SEALS "hauled away 100 thumb drives". "Hauled away"? Doesn't that sound like a Cherokee was full to the tippy top with stuff? Not that you could put a hundred thumb drives in a grocery bag & have room for a couple of loaves of bread.

InviteMay 23, 2011 2:43 AM

People are overlooking the fact that encrypted data is in itself data. Are there risks to have the data in plain text. Yes. But there are also risks to encrypting the data. People might not be able to break the encryption and know what you are doing but they know you are up to something. This isn't a huge deal in the West because there is so much encrypted data flying around anyway it's possible to get lost in the noise. But in a place like Pakistan it seems to me that the simple act of encrypting data is a big flashing red light. Even on the flash drive if it were to get lost or stolen and turned into the police, an encrypted flash drive so close to a military base would raise all sorts of questions I'm sure OBL wouldn't want raised.

It seems to me that fundamentally his operational approach was obscurity by conformity and encryption just doesn't fit that approach at all.

Jim AMay 23, 2011 8:03 AM

@bf Skinner: So then we have the "What if?" style move plot where the quietly assinate OBL and start sending their own orders to his suboridnates. Orders that get them killed off with minimal collateral damage.

JonadabMay 24, 2011 7:21 AM

On the one hand, that kind of discipline can be difficult to maintain over a long period of time, because (typically) every time the guys in black masks don't come knocking on your door after all you start to relax a little. It takes a high degree of paranoia to put up with egregiously inconvenient security measures in the long term, because you have to continue to believe there's a real and imminent threat.

On the other, if I were pretty sure the US military wanted me dead or alive with a preference for the former and considered me one of their highest-priority targets, I too might be a trifle paranoid. Bin Laden was in a fairly unusual situation in that he would have had relatively little difficulty verifying that people were in fact still actively out to get him. The threat was clearly still tangible.

Jimmy JesusMay 24, 2011 9:19 AM

I'm picturing Russell Crowe briefing a couple of suits about "guys from the future", hein?

Patrick CahalanMay 24, 2011 1:39 PM

Encrypting everything would require you to provide all of your couriers with a copy of the decryption key.

This works fine if you have a limited number of intelligent couriers. It's a pain in the butt if you're changing couriers or using lots of them (either of which has its own security advantages over a single trusted courier).

Keeping everything unencrypted also makes plenty of sense if you intend to destroy the messages after reading; why bother to encrypt something that isn't going to be around for very long?

... and if you get lazy and don't destroy your old messages, well, that's actually pretty normal and human, right?

Shorter: $5 sez getting the data off the media was pretty trivial, not a case of uber-whiz bang decryption methods.

Doug CoulterMay 24, 2011 11:01 PM

I'd point out that a one time pad is trivial to set up and you don't need dice etc.

Just a link to some video on youtube or any other publicly available large block of compressed data -- from a text point of view, the bits in a video are random enough.

Knowing which one, and where you start in it are the key. Simple. And simple to pass the key in plain sight with no one being the wiser, all you need to pass is a url.

The porno seems like a good candidate to put stego in for the same reason.

santaMay 27, 2011 2:24 PM

Can someone explain to me one part of the story that really bugs me?

Every international wire transfer of funds is supposedly monitored via SWIFT codes. Obviously, to run a major terrorist network and support paying your comrades in arms, you need to move more than $10K around at times to fund materials, training, travel, etc. How was OBL and AQ able to not get caught if all those sizable transactions are monitored?

Peter GerdesMay 28, 2011 2:39 AM

Bragging about the amount of intelligence intercepted is quite reasonable.

Terrorists (like anyone else) respond on both a psychological level and a rational level. On the rational level regardless of what the US said they would have to assume that any correspondance they had with bin Laden was now in the hands of the CIA. However, by emphasizing how much we know now perhaps we might also scare them and that panic might flush them out into the open.

----

As far as encryption maybe bin Laden was simply more into his personal glory and wasn't really concerned about the organization's future after his death.

Encryption would only increase the chances that the courier sent emails would be noticed and he would be burned. So long as he thought his personal security was more important than protecting the contents of those emails encryption would be a bad move.

Peter GerdesMay 28, 2011 2:44 AM

@santa

Isn't this where that islamic system of banking comes into play. Given an unofficial banking system which functions to easily transfer money back home from wherever you've moved to work it can also be used to move money for terrorism.

---

Besides I doubt he needed to move around that kind of money. Your operatives have to get jobs to blend in anyway so they can pay their own way and there is little need for any cash transfers.

AlJune 15, 2011 12:05 PM

That they got recipient email ADDRESSES does not compromise anything but those addresses themselves. At least not if the people at the receiving end used the same methods. Given the almost absolute certainty that Bin Laden's (BL from here–on) arrest or death would be a near immediate release to the press—this is something the U. S. HAD TO announce to the world—that alone was a built in guarentee the recipients, all recipients, would immedeately stop looking for incoming emails from BL and stop running off to to cafes to get them and to ever access those email addresses from anywhere ever again.

That a least would be the rules I would have in place. Communications (com) stops at notice of compromise: very simple, very basic. I would think the CIA would keep that kind of provision in its training. And the CIA trained BL.

As long as no names were in the e-mails, and e-mail being so public, I doubt if the names of any members of BL's organization would ever appear in unencrypted com, details might become available, but probabay not anything as sensative as his people's names.

I too am amazed that the contents of the drives—apparently—were not encrypted and then securely erased ASAP. That part is nothing short of bizarre, unless there is just so much com that what we got was simply what had not YET been erased?

B-radJune 15, 2011 12:30 PM

This makes for interesting reading, but all of us-- myself included-- are essentially engaged in literary criticism.

A common theme in the comments seems to be "why didn't OBL do X this way? It doesn't make sense." The answer might be simply that OBL and company were in the terrorism business, not the computer networking business. OBL and associates did whatever they did with respect to COMSEC because it made sense from their perspective, and that's pretty much it.

Educated people (that's us) can easily fall into the trap of thinking in terms of broad intellectual and/or historical concepts ("The 1960s", for example). We use such artificial literary constructs to tie together unrelated, disparate events after the fact to help us "make sense" of our experiences. Real life is chaotic, meaning that one can work backwards from a result to determine initial inputs, but one cannot predict where those inputs will lead.

With that in mind, here's something to consider: maybe they were using all that porn to jerk off to. Shocking, I realize...

Jan GalkowskiJune 15, 2011 4:54 PM

I suppose speculation is interesting, but we'll never really know. On the other hand, it *is* interesting that electronics continued to be used rather than paper. Is that because digital messages are just more efficient? More volatile? More fungible? Or just what everybody else does? Why videos rather than books?

scarryguyJune 15, 2011 5:32 PM

if you want increase the chances of email being intercepted/noticed, use encryption! using encryption is the most obvious and "simple" thing to do to increase security, therefore people using it have something to hide from someone. it is far, far more discrete to send plain text "in the open" and count on it being lost in the massive, massive amount of info that's hard to process and scan even with computers. looking for keywords doesn't work when some many "ordinary" people are talking about the same thing as third parties with no connection, not to mention that being slightly discrete and clever in the words used defeats automatic profiling used to find potentially "interesting" communications. yes, i'm sure all email is being archived by nsa etc., but they already suffer from a massive problem of having "too much" data to process. more data is actually a bad thing as some point, as mr. schnier has previously pointed out. as far as the intelligence value of the old info on the flash drives, it's just that, old and most likely not of much intelligence value other than sources and methods stuff, most of which is probably exactly the techniques our intel people already taught them. we (the u.s. goverment) created al-quada, maybe the intel comunity needs to read "frankenstein", then again they are arrogant and sociopathic in the extreme...

_predictably_random_June 16, 2011 6:14 PM

Nobody trusts the US at the moment so it is a reasonable presumption that most of the info we read is psyops by our government for the consumption of its own people. After all why allocate resources from a tightening budget to win your hearts and minds when I already have full clearance to fly my drones through your airspace.

wait_whatJune 17, 2011 12:54 AM

I thoroughly believe the porn collection. I spent time on the ground going through (alleged) insurgents data. I was subjected to some of the most tasteless and awful pornography known to mankind.
Some of it was so bad we made our customers watch it in retribution.

bob mcbobJune 17, 2011 1:48 AM

There's so much crap blowing round this story, who can really know what happened, why, where, to who, etc. Okay, the fact that AQ confirms Bin Laden's death makes me think he is dead. But the whole grab-the-body-then-dump-it-in-the-sea thing still stinks. Maybe he isn't dead a all, maybe he's in one of the CIA's secret prisons having his nads fried or whatever they do nowadays. If the killing is true, why cook up wives-as-shields stories? To discredit him to his followers? No, they'd just think it's American lies. And the porn thing. Maybe there wasn't any porn. Maybe it was there for steg purposes. Maybe the house was a porn factory, specifically chosen by Bin Laden as a hideout because no one would expect such a holy guy to live surrounded by such degradation.

What I get from all this is: the truth isn't going to come out in my lifetime. Hey, all I know is what I see and hear and read, accounts that contradict each other and that mostly are being told by someone who wasn't there either. People kill other people who they don't know, because their bosses tell them to. Most soldiers don't ask why because they're trained not to. The wider public asks why, and they're fed stories that may or may not be true. Yes, planes flew into buildings and drones drop hellfires on wedding parties, but how many of us can really say they know why? How many of us can say with real truth that we *know* wtf is happening and why? There's a hell of a lot of folk who think the WTC was destroyed by the US; and a hell of a lot of those folk are structural engineers and aviation experts who don't seem to be evil and insane.

So anyway, my point at last: hundreds of thumb drives. Why would Bin Laden sit in his hideout surrounded by hundreds of thumb drives? Maybe the porn being made there was put onto thumb drives because optical media is crap? Maybe the CIA are now jerking off to videos of Pakistani porn? And maybe it's all just part of a story to justify why we've been hunting and shooting and killing and paying for rifles and stealth bombers.

AnonJune 21, 2011 7:37 PM


"... after they killed bin Laden, and officials said ..."

:-)

Yeah, right. Officials said. 'T was _bin Laden_ who masterminded 9/11, not them, no.

Tales from the crypt for the meek of mind and spirit

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..