Cosa Nostra Dead Drops

Good operational security is hard, and often uses manual technologies:

Investigators described how Messina Denaro, 53, disdains telecommunications and relies on handwritten notes, or "pizzini,'" to relay orders. The notes were wadded tight, covered in tape and hidden under rocks or dug into soil until go-betweens retrieved them. The messages were ordered destroyed after being read.

That's a classic dead drop.

Posted on August 13, 2015 at 6:33 AM • 12 Comments

Comments

ianfAugust 13, 2015 7:52 AM

It's too bad that the AP reporter @Frances D'Emilio hasn't bothered to ask the prosecutors about HOW LONG were these clandestine pizzinis, on average, or median message length of presumably the captured ones. As they were supposed to be burned after first-and-only reading, they can't have been very long... ergo, not v. effective means of troop indoctrination. Those mafia fugitive(s) must have had additional, hitherto unknown or undisclosed, channels of command and control, for keeping soldiers in line. If for no other reason than that invisible leadership in criminal organizations creates a vacuum that is prone to be challenged by hot-headed rank and file. Unrest that needs to be "policed" relatively fast or in context, or else the RESPECT/ POWER of the boss will evaporate.

BTW. these may have been classic dead drops, but unless also of one time use (= another OPSEC can of worms of how to securely forward their exact location to trusted middleman), the multi-use ones could not be considered secure. Then again, the mafia boss has been in hiding for 23 years (another one for 43 years!), so they must have some support networks AND THEN SOME. Which in turn implies presence of visible trickle-down effects of the criminals' enterprizes.

ianfAugust 13, 2015 8:53 AM

For a glimpse of dangers from within that face "hands-off" crime bosses, read this highly illuminative account of the fall of top-dog Camorrista Paolo DiLauro, by William Langewiesche in May 2012 "Vanity Fair".

@Jack Kaufman: remember, innocent until proven guilty (and it's not as if the multiple Italian police forces weren't free from infighting, or devoid of corruption, railroading or framing).

paulAugust 13, 2015 9:52 AM

@ianf

You might be surprised at the potential density of such notes. Back of the envelope (ahem) says a maximum of 1-4K characters per cm^3 for tightly folded paper. So depending on the frequency of the messages, that could be a fairly high bandwidth medium for a fugitive. And as long as the immediate recipients of the messages are willing to obey and enforce them, the command-and-control loop closes pretty well.

(As you point out, there will also be support networks in direct contact with the fugitives, but as many hops as you can put between them, the safer for both sides.)

GweihirAugust 13, 2015 10:37 AM

Classics often remain viable techniques. That is why any (security) professional should not only know the current state-of-the-art, but also what was used before.

Ray DillingerAugust 13, 2015 1:00 PM


I cheerfully use notebooks and index cards for anything I wouldn't want a virus or trojan to be able to steal. House security is easier than computer security, and I'm more likely to be aware when it's been breached.

And I sorta don't expect anybody else to be able to read my notebooks anyway. It's not like I keep them in a language they'll have ever heard of.

Joe TagAugust 13, 2015 1:46 PM

This is interesting. Soda bottlecaps can be containers, or signal devices for OPSEC. I think 2 caps from gallon water jugs (open ends glued/taped by clear packing tape ) may be great for a dead-drop or even a live-drop or brush pass.
This might also be a way to pass bigger key-encrypting-key s.
Regards. Joe Tag,Jr.; Union County NJ.

albertAugust 13, 2015 2:32 PM

According to the article, _phone taps_ led to the discovery of the dead drops. More 'secure' dead drop methodologies use secret visible signals (not freakin' phone calls) to alert members to go to 'active' drop sites. It's a good idea to use non-family associates as planters and carriers. 'Family' are almost always under surveillance, so person-to-person transfers are dangerous. It's best to accomplish transfers in items like produce. This can be accomplished without knowledge of the carrier. Hope I haven't said too much....
. .. . .. o

cynicalAugust 13, 2015 10:37 PM

Fascinating topic, here. A traditional telecom, or comm, involves two or more parties. Thus two, or more, end points are visible to the web of works. A dead drop decouples the comm links, or obscure it. Drop a note here and there is easy but a confirmed delivery requires additional hooks, not into authentication yet. Too much opsec runs into a similar problem. Its all about assumptions, trials, and errors because no two ends is all seeing.

Nick PAugust 13, 2015 10:49 PM

My own advice was to go back to Cold War era tradecraft with minor updates from current technology (eg flash drives). I've also referenced how the Mafia kept it low-tech and effective enough that they were considered a legend by many for years on end. Getting rid of surveillance states' enabling technologies via such methods greatly improves odds of survival when they're looking for you. The best techniques blend into crowd behavior.

A long while back, I embedded secrets in otherwise innocent-looking traffic that supported encryption. Now, stuff is so broken or subverted that they can often break the vanilla encryption. If they can't and it *appears* standard, this tells them something interesting already. Until baseline for INFOSEC is better (i.e. never), it's best to avoid relying on stego or encryption that uses a computer. Physical or non-Internet transmission are still the best.

Example: Cubans are still apparently using one time pads over burst transmissions and number stations. British's answer to questions about them makes it clear they use them too. There's also cheap rigs for Free Space Optics and hiding a wire from one building to another is still easy. Hidden compartments in cars. Printing data using paper encodings so it gets through metal detectors or is hidden in notebooks that look innocent on X-rays. So many methods that still work.

Love this clip's presentation of why it's effective in terms of fighting guys from the future by living in like your in the past and being hard to see.

Clive RobinsonAugust 14, 2015 6:16 AM

@ Bruce, Nick P,

Have you heard the news about the complaint by "The Palace" about "Press Intrusion" by the paps on the Royal Toddler?

Whilst the photos themselves are only a breach of privacy which is not much of a security story. How the paps got the photos is, and is almost "state of the art field craft for snipers in FIBUA".

http://www.itv.com/news/2015-08-14/royals-complain-of-press-intrusion-after-children-targeted/

Info from other sources indicate that one pap nearly got shot, because he did much the same as the "Washington Sniper", he modified the boot/trunk of a car so that he could lay down without being seen and had cut a hole to provide visability for his "long lens" as one unoficial spokes person said, it's very difficult for the "protection detail, have no idea if it's a long lens or long gun" and have to make a snap judgment call.

Other occasions they have tried tricks similar to those used by "child snatchers" to get the toddler into view. On another they have buried them selves in sand dunes with camouflaged opening to get toddler on the beach photos...

To be frank I'm amazed some of these paps have not been shot or otherwise injured / killed. Thus to call their behaviour "dangerous" is not an over statment.

Mr. PeppuzzuAugust 15, 2015 6:53 AM

The pizzini are extremely effective and can carry a lot of information. C.S has rules and the rules were broken and the walls came crumbling down. If not for an internal war that turned family on family C.N would have remained untouchable.

Surveillance was an after the fact event.


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.