ISIS Encryption Opsec

Tidbits from the New York Times:

The final phase of Mr. Hame's training took place at an Internet cafe in Raqqa, where an Islamic State computer specialist handed him a USB key. It contained CCleaner, a program used to erase a user's online history on a given computer, as well as TrueCrypt, an encryption program that was widely available at the time and that experts say has not yet been cracked.

[...]

More than a year and a half earlier, the would-be Cannes bomber, Ibrahim Boudina, had tried to erase the previous three days of his search history, according to details in his court record, but the police were still able to recover it. They found that Mr. Boudina had been researching how to connect to the Internet via a secure tunnel and how to change his I.P. address.

Though he may have been aware of the risk of discovery, perhaps he was not worried enough.

Mr. Boudina had been sloppy enough to keep using his Facebook account, and his voluminous chat history allowed French officials to determine his allegiance to the Islamic State. Wiretaps of his friends and relatives, later detailed in French court records obtained by The Times and confirmed by security officials, further outlined his plot, which officials believe was going to target the annual carnival on the French Riviera.

Mr. Hame, in contrast, was given strict instructions on how to communicate. After he used TrueCrypt, he was to upload the encrypted message folder onto a Turkish commercial data storage site, from where it would be downloaded by his handler in Syria. He was told not to send it by email, most likely to avoid generating the metadata that records details like the point of origin and destination, even if the content of the missive is illegible. Mr. Hame described the website as "basically a dead inbox."

The ISIS technician told Mr. Hame one more thing: As soon as he made it back to Europe, he needed to buy a second USB key, and transfer the encryption program to it. USB keys are encoded with serial numbers, so the process was not unlike a robber switching getaway cars.

"He told me to copy what was on the key and then throw it away," Mr. Hame explained. "That's what I did when I reached Prague."

Mr. Abaaoud was also fixated on cellphone security. He jotted down the number of a Turkish phone that he said would be left in a building in Syria, but close enough to the border to catch the Turkish cell network, according to Mr. Hame's account. Mr. Abaaoud apparently figured investigators would be more likely to track calls from Europe to Syrian phone numbers, and might overlook calls to a Turkish one.

Next to the number, Mr. Abaaoud scribbled "Dad."

This seems like exactly the sort of opsec I would set up for an insurgent group.

EDITED TO ADD: Mistakes in the article. For example:

And now I've read one of the original French documents and confirmed my suspicion that the NYTimes article got details wrong.

The original French uses the word "boîte", which matches the TrueCrypt term "container". The original French didn't use the words "fichier" (file), "dossier" (folder), or "répertoire" (directory). This makes so much more sense, and gives us more confidence we know what they were doing.

The original French uses the term "site de partage", meaning a "sharing site", which makes more sense than a "storage" site.

The document I saw says the slip of paper had login details for the file sharing site, not a TrueCrypt password. Thus, when the NYTimes article says "TrueCrypt login credentials", we should correct it to "file sharing site login credentials", not "TrueCrypt passphrase".

MOST importantly, according the subject, the login details didn't even work. It appears he never actually used this method -- he was just taught how to use it. He no longer remembers the site's name, other than it might have the word "share" in its name. We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant.

Posted on March 31, 2016 at 6:10 AM • 41 Comments

Comments

ParkerMarch 31, 2016 6:28 AM

By USB "key" you mean flash drive?
They don't all have unique serial numbers. I have cases of flash drives and the serial numbers are all the same - a string of 0's.
On a Windows machine each makes a unique entry in the registry, regardless of whether or not you have admin privileges. But to delete the entry you need admin privileges. But these don't really tell you much.

WmMarch 31, 2016 8:47 AM

"This seems like exactly the sort of opsec I would set up for an insurgent group."

This is just the kind of comment that the feds will try to use to fry you in the future.

Sloppy OppyMarch 31, 2016 9:07 AM

Why would any terrorist wanna-be use a computer that leaves obvious digital trails and hope some two-bit program clears out evidence from drives or swap space?

Surely the 'ISIS technician' at Allah Central would recommend among other things:

- TAILS with a non-persistent volume?
- Proper virtualized environments with Tor browser use?
- Manually generated One Time Pads with use of steganography for unbreakable encryption in comms (takes a day or two to learn)?
- VPNs combined with Tor Bridges?
- Abandoning all back-doored communication platforms, especially United Stasi ones like Fraudbook?
- Dump documents or files anonymously of any size to secret onion addresses with Onionshare?
- Buy fresh USBs (with cash, always with cash) as required to re-install further instances of TAILS?
- Note agreed to websites / onion addresses in advance where disguised OTP messages can be left as the primary means of comms, in preference to mobile trackers and their multitude of flaws?

No wonder these religious nutjobs are dropping like flies, since they haven't done their homework. Like that other guy said, everything (particularly US in origin) is backdoored harder than a porn queen, with no end in sight to the vicious rogering.

So, no, the story is not what I would expect of some group that will likely earn the wrath of a hellfire missile in being exterminated with extreme prejudice.

ConfidenceMarch 31, 2016 9:27 AM

@Sloppy Oppy
You seem to think that you would have been able to do better, as if it was a trivial matter.
But if you start by suggesting one time pads of all things, happily glossing over the glaring usability issues, it's hard to take this seriously.

ParkerMarch 31, 2016 9:45 AM

One-time pads do work. But the first problem is generating a good one. The second problem is, the recipient needs a copy to recover the message. The idea which entails combining the use of an OTP with steganography is intended to overcome the second issue. For example, by agreeing ahead of time a certain page from a certain paperback book found in airport bookstores is to be used. Very cumbersome and error prone, but it could work. Compare to all the popular electronic means commonly mentioned, which sound impressive but fail horribly without warning and which, upon learning that it has failed, is usually after the fact.

keinerMarch 31, 2016 10:21 AM

@Parker

Did you ever use Truecrypt? It's much like a Windows Explorer, just make some containers and go for it. Don't need to be "crypto-competent". Whatever that is...

DanielMarch 31, 2016 10:44 AM

@Parker.

It is an attempt to smear people who use Truecrypt by associating it with terrorism. In other words, only horrible people use Truecrypt. Good, loyal, patriotic Americans are open to a rectal exam by any government agency anytime.

Clive RobinsonMarch 31, 2016 11:32 AM

@ Bruce,

This seems like exactly the sort of opsec I would set up for an insurgent group.

It might make a basic short term solution with a number of tweaks.

The problem is there are four arears you have to get right.

1, The "human factor" of operatives.
2, End point security.
3, Message content security.
4, Message routing security.

The first is generaly solved by rigorous training and testing over a period of time.

The other three can be solved with "One Time" solutions, but they bring their own problems to the table.

Thus there are trade offs you have to make between "usability in the field" and "security".

One time solutions offer high security but they have significant issues for operatives in terms of being caught with the KeyMat etc info on them, they are likely to be hung by it. Further OTP material in modern high density storage has a major problem, in the fact that it's incredibly difficult to destroy used KeyMat reliably or at all.

Interestingly there is an as yet unanswered question, "Does the Pad have to be truly random?".

For instance two block ciphers in CTR mode feeding a mixing function, if the keys and IVs are "unknown" from a practical perspective is the output sufficiently undetermanistic to be sufficiently close to "truely random"?

It's been noted in the past (back in the 80's if memory serves) that the use of four books by different authors in a mixed "book code" is sufficient to be secure to make a PAD. Personally I would think that in this day and age brut forcing the PAD would be possible for most current "popular" books if the probable selection is known.

The down side of such systems as it was for the German Enigma machine is "key settings" and how to communicate them without weakening the system. For small nets of ten or twenty out-stations this can be done with "tables" issued on a regular basis via courier etc. For larger nets the use of couriers etc becomes impractical at best.

It's getting such trade-offs right that will be the diference between success and failure in any given situation.

Vesselin BontchevMarch 31, 2016 12:21 PM

The Times' article is too incompetent, crypto-wise, for us to understand properly the procedure involved.

Were whole TrueCrypt containers uploaded to the file sharing site? This is silly. Such a container has too much overhead (because there is a whole filesystem inside) and is just as detectable as a GPG-encrypted ZIP archive that would occupy much less space for the same amount of files. The user wouldn't even need to know how to use GPG; it could be done with a set of batch files.

Or was a TrueCrypt volume used to boot the OS in which the files were encrypted (presumably, with GPG or something else) in order to make sure that no traces of them are left in temporary files and so on? We don't know.

BearMarch 31, 2016 1:04 PM


@Sloppy Oppy: I'm in the crypto business, not the OpSec business. That said, I'll make a couple observations based on human nature and watching the myriad ways people new to these tools mess up. Any organization that needs OpSec is relying on its people to learn the tools they're going to use. Only a small fraction of that effort can be spent on training in crypto. The KISS principle therefore says they should use the minimum number of tools they require to meet their needs. You point out a dozen different things, but they don't need a dozen different things. Trying to learn that many different tools would probably cause confusion that would make some operatives use one or more of them improperly. Because OpSec is as strong as its weakest link, they need *every* operative to use them without messing up even once.

@Parker: A book cipher is not a one-time pad. In fact, a "classic" book cipher that mixes two streams of text, is not much more difficult to solve with pencil-and-paper than a crossword puzzle. Entropy of English is estimated at 1.5 bits per character. A uniformly distributed choice of 26 alphabetic characters would contain about 4.3 bits per character. So if you use 3 book sources you are about at "break-even" (where it might or might not be solvable) in encrypting English. But if you use a mixed-case alphabet, plus spaces and a few different punctuation, then the choice of ~64 characters is 6 bits, and now you need 4 books for "break-even." If you're encoding an ASCII representation of English, then you have 8 bits per character and now you need six books for "break-even." (Remember to use them with different shift offsets!). In all cases you would need to be using at least 150% of break-even if you wanted to be confident of security, because that 1.5 bits per character is not evenly distributed and you want a uniform level of randomness. Some characters are more "unexpected" (greater bit density) and others less. The low-bit-density characters tend to be clumped together in common words and the high-bit-density characters are at the first two letters of open-class words.

@Clive Robinson: Pads which are not truly random, such as you suggest (block ciphers in CTR mode) are in frequent use. They are called stream ciphers and are for most purposes good enough (opponents can change the encrypted text if they know what it is, with no need to know the key - but the same issue affects one-time pads). Multiple block ciphers feeding a mixing function would work fine, but one is enough if it's an acceptable block cipher in the first place.

ParkerMarch 31, 2016 1:19 PM

@Bear - you don't know what you're talking about. I never proposed using a book for a one-time pad. I was relating only how it has been used in steganography.

DaveMarch 31, 2016 1:20 PM

People, your thinking is typically for nerds and full of misunderstandings of OPSEC! (OTP ... lol ... ) Bruce is perfectly right, the scheme described is good because its
a) safe enough b) accomplishes what it wants to accomplish.

Look, if your enemy is the NSA, a tremendously powerful SIGINT Agency, your first and ONLY concern is being hard to target. Thats what is all comes down to ... you need to look like everyone else. Thats the only way to break the intelligence cycle.
A good SIGINT Agency dont actually need to read your (cleartext) messages, they can discern the meaning of your communication from its metadata and patterns alone. Crypto is only one piece in the tremendously complicated world of OPSEC and its certainly not the most important one. A good SIGINT Agency these days is the one that is good at targeting not the one that is good at cryptoanalysis (though it helps).
And what the fuck ... tails, endpoint sec, tor ... bla bla bla ... you dont need it, its full of pitfalls. You are not a deep cover Agent of some FIS, you are a suicide bomber poised to enter a city in Europe and attack. You fundamentally fail to realize this.

ianfMarch 31, 2016 3:08 PM


Parker to Dave: go, perform an anatomically impossible act on yourself! (though he cloaks the message in more politically correct terms).

The PLOT t.h.i.c.k.e.n.s.

Awaiting next installment with bated breath.

deLaBoetieMarch 31, 2016 3:08 PM

I'm of a vintage who recalls the IRA bombing campaign in mainland UK, mainly London, between the 70s-90s. They were not suicide bombers.

Astonishing, amazingly, astoundingly, they were able to carry out their attacks without any recourse to mobile phones, Facebook, messaging, OTP, GPG or - that den of iniquity - TrueCrypt.

The reality is that attacks of this kind - even more so for suicide bombers - do not require any computer/internet technology at all, and the only thing that the attacker's use of technology does is increase their risks.

The real prerequisites seem to be a modicum of cash, plus support by at least a minority of the locals. But then the mass surveillance and assault on encryption was never about prevention of terrorism.

Clive RobinsonMarch 31, 2016 5:13 PM

@ Bear,

Multiple block ciphers feeding a mixing function would work fine, but one is enough if it's an acceptable block cipher in the first place.

I'm well aware of stream ciphers and some of their problems, however there is quite a gap between conventional stream ciphers and Pads. The open question is an academic or theoretical one more than a practical one.

One deficiency of many stream ciphers that true pads do not have, is that you can "wind them back" in time so that past messages can be recovered. Likewise block ciphers can effectivly be wound back when used in CTR mode. However there are some mathmatical not logical stream ciphers that can not be wound back one such is the BBS. In theory you could arange block ciphers in a twisted ring whereby the output of one drives the key input of the other and so on such that winding back is difficult at best, the problem is how good the actuall output would be.

It's a complex subject I was trying to avoid getting bogged down in, just give a 20,000ft overview of.

Sancho_PMarch 31, 2016 5:37 PM

@Parker, [Clive Robinson, Bear]

”agreeing ahead of time a certain page from a certain paperback book”
Good old school. Today probably you’d agree on an innocent (foreign language) online daily magazine / blog / twitter feed / … and a quote of the day (e.g. taken from the Bible, Quran, Dilbert, …) plus kinda “running secret”. A script would combine these items to create the OTP. The KeyMat only remains in RAM (well, depends on your OS / setup …).

I assume to encrypt / decrypt content would be the easy part, if needed.

@Dave is right, a terrorist would rather not use strong crypto to remain out of focus. But our agencies can’t cope with the sheer amount of info, amplified by the dilemma of internal fighting about competences, not existing international relations, national pride and language issues.

This is a war we can’t win.
We have to stop creating enemies in the first place.
Make peace, not war.

Dirk PraetMarch 31, 2016 8:06 PM

@ Sancho_P

Make peace, not war.

Doesn't quite work with Da'esh types. Personally, I believe more in "Make peace not war. And send off to Mars everyone who doesn't agree".

ThothMarch 31, 2016 8:40 PM

@Bruce Schneier, all

"We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant."

This is the typical "Why Johnny Can't Encrypt" scenario. Even Truecrypt with all it's GUI is really unfriendly until you actually took the time to sit down and figure it out if what was written in the article is true about Truecrypt's poor usability.

A suggestion for encryption (and bonus file compression) would be to simply use 7zip file compression format that comes with AES-256 protection (via user password derived key). All you need is to install Peazip for frontend or a 7zip frontend manager to encrypt and 7zip compress files.

"This seems like exactly the sort of opsec I would set up for an insurgent group."

I think anyone wanting higher levels of OPSEC would do it that way (finding ways around common communication channels). OPSEC is beyond labeling of groups and their sizes. It is simply a set of techniques and "common sense".

"It contained CCleaner, a program used to erase a user's online history on a given computer"

CCleaner is by no means a sure way to nuke a bunch of data files on a HDD or even SSD storage. With Flash and SSD becoming more popular, thje technique of overwriting blocks of data is becoming useless as the exact positions of the data blocks are not known to except the storage disk MCU. The surest way is to fully encrypt (FDE) and then just lose the keys and even then the keys would have some time exist in some RAM memory or even copied to somewhere on a persistent memory block on a permanent storage (hopefully in a FDE partition) when put to Hibernate Mode.

The security of TOR, TAILS and so forth have been rather questionable. TOR has been shown to be broken and should be avoided. The use of positioning cell phones or human courier and dead drop points out of usual surveillance sights are much more preferable. TAILS is simply a "hardened" Linux which means whatever affects Linux can still affect TAILS.... not a good idea.

Generally endpoint security and security is a hard thing to do and get right even for nation state agencies like NSA and DOD.

@Sancho_P
Indeed, make love/peace/kindness not war.

A lot of our current social issues are lingering ghosts of histories from the previous century's power struggle and revolutions. The only resolution to hatred is unconditioned love (yea, all hippy and stuff but is the stark truth). Fear mongering is what that is driving the Military-Government-Industrial Complex and a booming business for hate.

Clive RobinsonMarch 31, 2016 9:40 PM

@ Thoth,

Fear mongering is what that is driving the Military-Government-Industrial Complex and a booming business for hate.

Yup I hear that in the US the current feeling is "Nothing can Trump a bit of hate" for foreign and now domestic policy, especially as it's "Points make Prizes" and "Winner takes all" time.

nostrilMarch 31, 2016 10:00 PM

@Clive and others about one time pads. Will this work?

John and Mary agree on a random sequence of characters.

John sends Mary a message using a 1-time pad generated in the following manner. He creates a hash of the random sequences and a hash of the hash until he has a key long enough. He then uses that to encrypt a message to Mary. The message contain the random sequence that will be hashed for the next 1-time pad.

Even if the collaborators get a bit out of sync, say Mary sends John a message as John as sending her one they only have a couple of keys to try to get it right.

amplifierMarch 31, 2016 10:48 PM

@deLa

The real prerequisites seem to be a modicum of cash, plus support by at least a minority of the locals. But then the mass surveillance and assault on encryption was never about prevention of terrorism.

Clive RobinsonMarch 31, 2016 10:52 PM

@ nostril,

He creates a hash of the random sequences and a hash of the hash until he has a key long enough.

If I am reading this right you are creating a key stream by hashing a previous hash and so on?

So if an attacker determines the actual value of the key stream over a length of two hashes, they have one compleate hash within it yes?

Thus by a process of shift and test they will find where the hash is and from that point they can "hash along" with John and Mary...

NSA laughs at TorMarch 31, 2016 10:58 PM

@Bruce Schneier

This seems like exactly the sort of opsec I would set up for an insurgent group.

Really? This CCleaner does something better in that situation than Tails(tm)?

And this upload/download nonsense is really a way to avoid leaving source/dest metadata? Really? Please let me know how that works. Oh, it leaves metadata only with the ISPs and not Google(gmail/hotmail/clintonemail.com/etc), now I understand clearly.

nostrilMarch 31, 2016 11:22 PM

@Clive

I'm not sure what popped into my head while I was reading the comments. I'll have to think more about it (clearly). Sorry to waste your time. Thanks.

nostrilApril 1, 2016 12:53 AM

@ Clive - regarding our one-time pad exchange yesterday

My understanding is that two difficulties with one-time pads are generating a key that is the length of the message, and using a different key for each message.

Use the following process to generate a key:

Bob and Alice meet and agree on a sequence of characters to use, a “kernel” and the number of iterations and the hashing function to be used

Bob encrypts message

1) start with sequence of characters agreed upon, the “kernel”
2) use n iterations of hashing function (say bcrypt) to generate pseudo-random sequence of characters from kernel
3) concatenate kernel and sequence generated in 2 to form pad
4) repeat 2 and 3 till the pad is >= message length
5) make sure new kernel to be used for next message is in the current message
6) XOR message with pad

Alice receive encrypted message

Alice generates pad that Bob used by starting with agreed upon kernel and using hashing function as above
Alice decrypts message using pad. Message contains new kernel to be used to create pad for next message

I don’t know if the pad will be random enough. but this seems like it should handle the issues of pad length and uniqueness, with minimal contact between Alice and Bob.

Clive RobinsonApril 1, 2016 12:56 AM

@ Sancho_P,

The KeyMat only remains in RAM (well, depends on your OS / setup …).

I'm not up on the intimate details of Micro$haft Windoze beyond NT, but if I remember rightly you can turn off swaping and lock an asigned range of RAM from paging etc upto atleast XP (I think Bruce used it in his Password Safe program).

It was at the time a lot simpler to do with most flavours of *nix.

However you could run both NT and Linux off of a CD at the time --I think it was "Tom's boot" for NT-- which made life a lot simpler.

Likwise both OSs supported Perl quite well thus hacking together a script to do this whilst not a "three liner" could be remembered with a little practice (as could the ARC4 algorithm).

So yes a techy type could have his tech examined back then including his "Rescue CD" and show no sign of illicit encryption programs.

However the world has moved on...

Which brings us onto,

... a terrorist would rather not use strong crypto to remain out of focus.

It's the upper layers of terrorist organisations that do that, the lower layers that are the recent suicide terrorists are in most cases not capable of reasoning it out. Important to this is the realisation that the likes of ISIS is only a "death cult" at the lowest levels and usually the "honour of self immolation" is reserved for the detritus and trash of foreigners.

These "low level terrorists" in reality have a warped view of their worth and have little or no notion of "self preservation" thus can not get their head around the notion of "staying out of focus". They are most definatly a liability not just to themselves but all those around, so not the sort of people you want next to you in training let alone on the battlefield. Thus they get weeded out quickly and "reserved for martyrdom" but importantly kept well away from the rest of the organisation, as they are most likely going to get caught due to their ineptitude. Therefor "The less they know the less they can say" principle applies to them. Thus I suspect that those that don't chose martyrdom willingly will be buried somewhere in the desert, having suffered "a training accident" or some such.

I suppose mercifully for those that do go willingly, their warped sense of self worth does not let them see how cruelly they are being used and,abused. In effect ISIS treat them like pigs fattened on scraps and waste to be slaughtered and fed to the dogs.

But this mentality and the fervor that goes with it --that makes them so easy to manipulate and interrogate-- is not a lot of use to anyone. As was once said "It diggs no ditches, and plants no crops".

It's this self delusion and fervor that also makes them difficult to train at anything other than regurgitating slogans and propaganda like a screaching parrot looking for a reward. It's been seen that even five/six year olds can learn how to load bullets in magazines and put them on guns without hurting themselves with just a few minutes of training as has been witnessed in just about every community the AK47 has ended up in. It is a simple manual task that any adult should be able to master in seconds without any injury, as all service personnel do in basic training, the very few that don't generaly get "binned" quickly, before the accidentally shoot themselves or others with a "negligent discharge" during later training.

So trying to teach them OpSec or how to use even rudimentary security for communications is problematic at best. Which is probably the real reason why "suicide bombers" don't use encryption.

Also their lack of "life skills" such as cooking, cleaning and daily planning along with the constant need for reinforcement/reward to stay on task means that they are almost always in a small group led by an apparently "stronger" or "more dominant" personality. As others are noticing the groups have significant familial relations such as "brothers" and "nuclear families".

As has been seen in the EU attacks, the leader or other more dominant type being slightly more worldly wise than the others tends to not go through with it at the last moment and become fugitives on the run. Often getting caught and being fairly easy to interrogate.

As I've observed in the past these sorts of people are weeded out early on and kept well away from the main part of the organisations because they are without doubt a serious liability to the organisation.

WaelApril 1, 2016 2:00 AM

@Clive Robinson, @Sancho_P,

Also their lack of "life skills" such as cooking, cleaning and daily planning along with the constant need...

Touché! Little wonder they order pizzas... from the "The Restaurant At the End of the Universe" before they depart this universe ;)

Clive RobinsonApril 1, 2016 5:08 AM

@ nostril,

repeat 2 and 3 till the pad is >= message length

Other than you've changed the hash it's still the same issue.

Try thinking about not using the key you generate the next stretch of PAD from as part of the PAD.

For a simple (untested) example,

0, split kernel key in half as L0 and R0, set counter to agreed start value.
1, Hash Ln-1 to get Lt.
2, XOR Rn-1 with Lt and hash for Rn.
3, XOR Lt and count n to get Ln then increment count value.
4, Output Rn as next line of PAD.
5, Whilst PAD length is less than required loop to step 1.

This way you keep the left half secret and mix it into the right half PAD line generation.

aw it out on a piece of paper and walk it through to get the general idea of keeping one half secret and not appearing in the PAD in any way.

I Must emphasize that this is not a "One Time Pad" but a "Determanistic Pad"[1] Alice and Bob have to treat the kernel source secret likewise the count value. Which means you have to come up with an independant way of numbering the PAD pages for use.

[1] Remember with all deterministic systems Claud Shannon's version of Kerckhoffs' Axiom, "The Enemy know the system".

ThothApril 1, 2016 5:51 AM

@Clive Robinson, nostril
How much "pad" messages are you going to protect ? An A4 size with font size 9 full of OTP keymat is considered a good amount of keymat on hand. Sending messages have their risk of interception and giving away metadata (think of the military style "radio silence" during operations). Usually it is advisable to only send burst messages that are short and sweet or in some form of codebook or code word style to represent certain phrases or objectives like what the military does.

ParkerApril 1, 2016 9:07 AM

Prepare for some unintended consequences of the battles to defeat ramsomware.

Unintended consequences include but are not limited to the painful realization that storing encrypted files on the same platform on which they were encrypted, is inherently faulty. And not because they left the key(s) lying around.

Ross SniderApril 1, 2016 12:43 PM

News will keep coming in that magnifies and falsifies the use of encryption until there is enough support for it to be made fully illegal.

The national security state is willing to use whatever and any tragedy, via Shock Doctrine, to get the legislation they need passed. They tried it with San Bernandino and London and now with "ISIS" broadly. They used 9/11.

Just wait for the next terrible thing to happen. We're in for more.

Laurence EplingApril 1, 2016 12:59 PM

@nostril
"John and Mary agree on a random sequence of characters."

Gasp! What did they do to Alice and Bob?! ;-)

Dirk PraetApril 1, 2016 4:37 PM

@ Laurence Epling, @nostril

Gasp! What did they do to Alice and Bob?!

I have it on good authority that Alice and Bob are currently being detained at London Heathrow under Schedule 7 of the Terrorism Act 2000. The Home Office under RIPA III is trying to make them give up these magic keys some Romanian consultant has been telling Theresa May about. Donald Trump has already asked for their extradition, calling their arrest a major blow to the ISIS network in Europe.

Sancho_PApril 1, 2016 5:45 PM

@Dirk Praet re ”Doesn't quite work with Da'esh types.”

Good point, but not to stop, instead to start thinking.

I agree that several species living with us are ill beyond repair.
This is due to the natural principle of deviation from the norm, to avoid inbreeding, monopolism and finally global extinction.
Some are extreme.
Nothing extraterrestrial.

However, these poor individuals must be dealt with within their own civilization (nation, jurisdiction, whatever you call it).
We must not institutionalize them, supply training, weapons, financial aid, to use them as tools in our "best" (imperialistic) intention.
Sure, as we have, they have enough idiots there too, but it is absolutely a no go to (remotely !) take out innocent (= not convicted) individuals + bystanders from a different culture / populace / clan / family.
It doesn’t make friends, nowhere.

And we must not fight them there, as we must not force unfortunate innocents to leave their own culture and home, then packing them into ghettos within our civilization, presenting them simultaneously our decadent lifestyle and their own hopelessness, while eagerly (but to no avail) waiting to exploit them.

I could go on here but I know that you know,
so just one additional point:
It saddens me (albeit I assume to know some of the reasons) that our glorious western culture obviously never was the shining model for others, desirable, to achieve a united population on our nutshell in this universe.
In fact I’m ashamed to be part of a selfish high speed plague which is doomed to failure because of it’s exceptionalism.
And I’m not only talking about our offspring, the US.

@Clive Robinson

Yep, the lower ranks are the most dangerous, in case of ISIS in both directions.
Delegate responsibility to a simple minded and it will end in horror.
Also, good beltway grunts never ask “Why?”, which reminds me of Bob Altemeyer.

¿ But why?
;-)

WaelApril 1, 2016 11:02 PM

@Dirk Praet, @Laurence Epling, @nostril

I have it on good authority that Alice and Bob are currently being detained...

Lol!

Flashback: Poor Alice and Bob should have seen the writing on the wall! Rumor has it that LEve successfully intercepted their traffic and found that they ordered way to many pizzas!

nostrilApril 1, 2016 11:13 PM

@Clive
I really appreciate the time and energy you put into your responses to me, and in general. Thanks

Free Speech Is The AntidoteApril 2, 2016 1:16 AM

@clive

very colorful and plausible analysis of the low level suicide bombers. I was hoping you'd move your focus to what is known if anything about the inner ranks. Reading your words, I find them curiously in tune with one of the most intimate videos I have seen of ISIS (via PBS Frontline). Clearly a propaganda bit, with for some reason I think a blue eyed blond young jesus-hippie-looking type literally teaching 5 year olds as you described. Clearly meant to invoke contrast with good ol' boy NRA passing of gun education from adults to young people (5 year olds specifically). Additionally they show the 5 year olds being subjected to offline-camcorder (no internet required) dissemination of mass(~10) execution videos (knealing on det-cord as I recall).

My impression analyzing what I was seeing led me to something akin to what you were describing. I.e. there is something different going on in the inner circles. Like perhaps it's just an organized criminal drug distribution ring, that has actually done a remarkable job of using modern psychological expertise and religious manipulation to maintain self-preservation against an assymetric opponent (US).

Of course I'm such a crazy person myself, I doubt my wild speculation is really on the mark, but that was my impression. It almost seemed like ISIS was literally giving the NRA the middle finger, showing that they too could look equivalently paternally reasonable and responsible (until those snuff-videos shown to children on a daily basis was blended into the equation)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.