Nasty Bad Men Are Using Encryption 342
ruebarb writes: "It appears that Osama Bin Laden and the majority of the Slashdot community have something in common - they love that free encryption! Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities. The article is available at cnn.com -- Expect the usual political outcry and demands for restriction of encryption technology to follow shortly hereafter"
And an unnamed correspondent writes: "USA Today has this report about how terrorists are using encryption to distribute secret mayhem instructions via the internet. Gee, you think?
What do you think -- is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?" In related news, several of the major news networks are reporting that innocent-looking newspapers and circulars have been employed to form the ransom notes used by notorious kidnappers; calls to ban newspapers on that ground may face some opposition from extremists, but will no doubt soon reach the legislature.
Old, old news and some things to read (Score:2)
"dead drop" cryptography terrorist
Sure enough, out pop a number of my papers. On the other hand, I really don't expect much more when I see iDefense involved in a story.
For those who are actually interested:
http://www.7pillars.com/papers/IntelNet.html
http://www.7pillars.com/papers/MT.html
http://www.7pillars.com/papers/Blueprint.html
These articles directly discuss the actual details that the news report hints at (poorly).
I would also recommend to the reader:
http://www.7pillars.com/papers/IntelligenceCour
http://www.7pillars.com/papers/Waging.html
A general list of various papers can be accessed through:
http://www.7pillars.com/pubindex.html
For the record, we've been pushing strong, unescrowed cryptography for a number of years. If groups like the FBI keep pushing scare stories out, much like the one that started this discussion thread, the aim is to keep crypto under control. It's already outside control (it isn't that information wants to be free, it's that information defies control), for the 'bad guys.' What the controls do limit, however, are integration of crypto into hardware and OSes at a basic service level. As a consequence, the good things that crypto would enable--like helping stop computer viruses, cracking of networks, identity theft, industrial espionage, in short, all the things that groups like the FBI should be more concerned about--are left unaddressed. If more information about -that- sort of thing interests you, take a look at
http://www.7pillars.com/papers/didfinal.htm
Michael Wilson
Re:Religious texts and war (Score:2)
priesthood celibacy
Accually there is a passage in the bible encourageing priesthood celibacy. It is NOT a requirement, but it is encouraged. One of Paul's letters I belive.
There is a lot of scripture for sleeping only with your wife, and scripture for no divorce. Your right that there is little on celibacy by comparition so it is clearly of lesser importance. (In fact the little that can be used to imply it state clearly that it is the ideal, and most cannot do it, and there is nothing wrong with being amoung those who can't.
Here's a quote (Score:2)
"To a greater and greater degree, terrorist groups, including Hezbollah, Hamas and bin Laden's al Qaeda group, are using computerized files, e-mail and encryption to support their operations," CIA Director George Tenet wrote last March to the Senate Foreign Relations Committee.
Surprise, America's Chief Spook doesn't like encryption, and won't give details to back up his claims. I'm sure someone would have noticed PGP blocks on cnnsi.com's discussion boards (or wherever).
Course, it's probably all a smokescreen. If he wandered around saying things like 'Oh, encryption doesn't really bother us. We just send it to our boys at Ft. Mead, and they tell us what it said.' it'd raise a few eyebrows.
Sometimes I worry, I really do.
Don Negro
Re:Alternatives (Score:2)
Maybe someone should tell them that RSA was desinged by Jews, that might stop them.
Re:Here's a quote (Score:2)
Chances are its a hidden area on a site that has a normal legit front section.
Reminds me... (Score:2)
People use crypto.
Criminals are people.
--
Not too unbelievable... (Score:2)
Seriously, the covert use of a public media to transmit military/paramilitary information is ancient.
The French Resistance, in WW2, often communicated with the Allied forces via coded messages in newspapers, etc.
I agree, but stand by my words. (Score:2)
My sources are a special agent from the Florida Department of Law Enforcement with whom I worked on a computer crime case in 1998, and Robert D. Steele, former CIA case officer, founder of OSS Inc. [oss.net], and author of On Intelligence: Spies and Secrecy in an Open World. Good enough for me.
Incidentally, Mr. Steele's excellent talk at H2K is online in MP3 form here [h2k.net].
-Isaac
Check out TWINKLE (Score:2)
-Isaac
Begone, troll. (Score:2)
Consider the passphrase, for instance - much less entropy in a typical PGP pass phrase than in the key itself.
Or, how about advances in machine factoring a la TWINKLE [info-sec.com].
If it's bugs you want, try the infamous ADK bug [senderek.de] that went undetected for 3+ years, allowing third parties access to cleartext, a-la escrow.
Or the randpool bug of 1995?
I'd go on, but I'm bored of trying to pull heads out of sand.
-Isaac
Blame not science (Score:2)
Sure, blame science. Outlaw science. And only ouwlaws will know science. Clearly, this is not a viable approach.
One would think that the broad audiece, the public, and even maybe politicians would realize this. But for some reason, which is beyond my comprehension, someone doesn't.
I have feet, and I have hands. And I am able to kill with those. I am also able to help others, using those same instruments. What makes me help others, rather than terminate their existance ?
Law, you may say. I would be punished, for using my instruments in a way disobedient to the law, given that my practice of so-called maljustice was discovered of course. From a personal point of view, I would say my odds of getting awaay with malpractice would be good. So what makes me a generally percieved nice person, and maybe even a to-the-heart nice person, given that I could probably get away with being otherwise ?
It is not law, clearly. It is not limitation in my possibilities in doing harm, either.
I am about to graduate with a master's degree, in half a year from now. Anyone with the slightest knowledge of basic phycics knows, that any engineer could assemble a crude nuclear weapon easily, given access to the proper materials and equipment. I suppose this makes me, and about a few million other people, a threat to the security not only of a nation that percieves itself as the only one in the world, but also a threat to humanity in general, to man kind... So why are we not hunted down like the witches and trolls we are ? Like we used to be ?
Accept, that with knowledge and skill, follows responsibility. Accept, that not all are equal. Accept, that some are born with a skill, and that others choose to achieve that skill thru hard work. But accept, that some has the knowledge, the ability, and the will to help. But accept also, that the possession of such abilities also implies, that the person in question may have the abiltiy to do harm.
Then, trust those people.
Thruout history, trust has been material in any relationship formed, and broken. World history is not likely to change, and basic principles of trust and relationships and even war, are not going to change anytime soon.
Get over that hump. Accept it. I'm a nice guy, and so are millions of others like me. Like you.
Well, they can't really take it back, now... (Score:2)
Am I the only one thinking "Duh"?
To: Osama Bin Laden: (Score:2)
To: Osama Bin Laden:
The passphrase is "/."
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.4 (Linux)
Comment: For info see http://www.gnupg.org
jA0EAwMCZQtz4SsogXBgyUoINMfK7BSgYzT4L4ZxxLdfrGD
DlvBNKk1r5Y72jTzE0Hbw1cUBZ8spJhyoqG6mRWAKpKkFnB
=++Ya
-----END PGP MESSAGE-----
--
Why pay for drugs when you can get Linux for free ?
easy to break too (Score:2)
Religious texts and war (Score:2)
There is no place in the Quran or any other religious text that I'm aware of that recommends killing busloads of innocent children to complain about political acts halfway around the world.
There is also no place in the Christian Bible recommending the burning of witches, the killing of infidels, priesthood celibacy, drug banishment and many other things righteous christians do or have done in the name of their God. It is mostly a question of late interpretation.
The Islam deals explicitly the religious war problem, and the Jihad concept is fully developed. It was a necessary concept by the time Mohammed bought the main text to light and many islamic religious leaders think it remains necessary to this day, to face the western menace
While I agree with you that most of the conceptual knowledge will be concetrated at the top, as in any army, a practical encryption knowledge is needed throughout the organization. As Bruce Schneier always says, an encryption process is as strong as its weakest link. There is no point in the leaders using NSA-proof encryption to plan their acts and then communicating these plan to those who will carry them out in plaintext!
I think that my main point, since the first post, is that a western-centric view of the Middle East leads to grave distortions. Either we understand the historical and cultural background of the terrorists or we will never be able to deal with it
Ordinary folks usually are not terrorists (Score:2)
But I believe you are wrong in thinking that the religious rethoric is not sincerely acted by many, specially by those that will take their rethoric to its logical and ultimate consequences.
People who suicide-bomb school buses are usually very righteous, "pure" fanatics, the same kind of fanatic that bomb abortion clinics in the west.
These people will not only follow all their religious beliefs, they will follow those beliefs to the exact letter.
I really do not think these people will use porn pictures to communicate, specially when millions of perfect harmless pictures can be used.
Luddites are using smoke signals. Fire outlawed! (Score:2)
Using a one-time-pad code to transmit over a mobile Ham radio would get him better security. Come to think of it smoke signals would be more secure.
Some countries (like Britain, the US, Russia, Chine, India and Pakistan) started using one-time-pads before or shortly after world war two and still works fine to this day.
Encryption is a Right. (Score:2)
You are allowed to bear arms.
This is your constitutionally guaranteed right.
Encryption techniques are munitions (ITAR rules).
Therefore you are Constitutionally allowed to have and use encryption free of hinderence. Why is the American Citizenry allowed to bear arms? "Because they must be able to overthrow evil or unjust governments". It is for this very reason that the German Government not merely encourages the use of Cryptography but actively supports it. Quoting the Gnu Privacy Guard [gnupg.org] "The German Federal Ministry of Economics and Technology granted funds for the further development of GnuPG". I would just like to remind American readers and their Government that the Germans have more recent experience of "evil or unjust government" than anybody else.
The use of encryption as the modern day weapon against "Evil Government" is both far more effective and infinitely less fatal than the use of guns as permitted by an anachronistic Constitution.
Re:Not too unbelievable... (Score:2)
--
Telephones A Threat, Must be Banned (Score:2)
It has come to our attention that the common household telephone has been a key component in numerous crimes, including plots to commit murder, kidnapping, acts of sedition, treason, and, yes, terrorism.
The threat to Our Great Nation (tm) is unacceptable. I hereby call for our congressmen to enact legislation as quickly as possible to eliminate this threat to Our Democracy (tm) and the Wellbeing of Our Children (tm) by banning any and all use of the telephone by unauthorized persons anywhere.
It is critical we do this quickly, lest the Bin Ladens of the world abuse Their Liberties (tm) take More Innocent Lives (tm). Remember, if you want A Safe And Secure America (tm) you must be willing to give up a few personal liberties. You didn't really need them anyway, did you?
Something in common (Score:2)
Zealotry and a desire for Jihad?
--K
No Suspicious Actions, That You Know Of. (Score:2)
Police Chief Dan Glee Ballsak issued this statement concerning the event: "Yes, there were cameras there. But we emphatically deny that ANY tapes or recordings were made or currently exist. Which is a shame, as the resolution is good enough to apply J. Edgar Hoovers Phrenological Profile against the shapes of the attendees skulls to see if they will commit a crime someday. Now, if you'll excuse me, they're showing the flashing co-eds again."
Reporters were confused, but much reassured by his statement. "Digger" Smutch, a reporter for the Daily Dirt, made this statment, "That co-ed thing is kind of a weird thing to say, but anyone who can use 'emphatically' in a compound sentence must know his stuff."
Florida Democrats hailed the speech, admitting that Dubya, "Might be Okey-Dokey after all. After all we've done to abolish the 2nd Amendment, and freedom in general here in this country, the 1st Amendment didn't stand a chance. It is an encouraging sign that he recognizes the Unitaed States Governments divine mandate to rule, both in this country and abroad, in the material world and the spiritual world, and above all, regulate thought on the Internet"
The Democratic spokesman did let slip that fact that they do not know the number of fans cheering for New York during the game, but that they were, "Still counting," and hoped to have a hand-accurate count "Within 2 months."
--
Better also ban all those NEWSPAPERS (Score:2)
I'm surprised that no one else in this thread has mentioned the fact that encrypted transmissions have been hidden in newspapers at least since world war 2 -- the Japanese used some pretty clever crypto disguised as newspaper advertisements to inform their agents in the U.S. as to when the bombing of Pearl Harbor was due to go down.
I'm not surprised that the USA Today article failed to mention this interesting historical footnote.
And really, in some ways, its more secure to encode small amounts of data in a newspaper personal or want ad. Downloading a file with a hidden message will almost certainly leave an IP footprint -- buying a newspaper from a streetcorner vending machine is pretty much untraceable.
But it's not surprising to see this kind of scare-tactic propaganda used to make people mistrust encryption. (Oh yeah, and don't forget to be wary of foreigners, and their weird religions also.)
Re:When Encryption is outlawed... (Score:2)
"
Actually, to roll your own without exposing yourself to side attacks is really difficult. How much entropy did the last random number generator you used/wrote have? Do you know? Would you know to know when rolling your own? Would a only 'reasonably' competent programmer know?
*sigh* Crypto regs are stupid--- here's why (Score:2)
But then, what can we expect of legislators trying to control something that they don't know enough about to even know they know nothing at all?
Aha! Slashdot Trolls == Terrorist Operatives (Score:2)
Cheers,
IT
Re:forget encryption... (Score:2)
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
Budget time (Score:2)
This happens every year at about this time.
Paul.
Re:Thank you, Mr. Bin-Laden! (Score:2)
Actually Adid was trained in the US, by the US Army
Re:ban envelopes, too (Score:2)
Firstly how do you know which envelopes to intercept in the first place? Even if you get that right you could end up with coded messages which simply cannot be atacked by cryptoanalysis.
Re:Need a key escrow? (Score:2)
Actually the existance of such laws can easily make things less safe for the public. If an activity is illegal people enguaging it it have little to lose by breaking other laws. e.g. if the distribution and selling of drugs was legal then those involved would use lawyers instead of machine guns to solve their business problems.
Re:forget encryption... (Score:2)
Except that codes, unlike cyphers, cannot be broken algorithmically.
And let's not forget the WWII Navaho code-talkers....
The langauge used here contained a large amount of "slang", such that even someone who knew the Navaho language could not understand the message.
A terrorist organisation (especially one linked to some kind of cult) is prefectly capable of comming up with their own slang and jargon.
Re:forget encryption... (Score:2)
"Mr/Ms Criminal please don't break the law"...
I don't think so - could'nt we start off by banning terrorism, and see how it goes ?
You'd have to start by defining "terrorism", potentially highly embarrasing for many governments... (Most definitly including the US government.)
Re:When Encryption is outlawed... (Score:2)
You might just as well ask for something to be uninvented. Encryption is a technology several thousands of years old. Further it is far from the only way to send clandestine messages. Simply that it is a mechanism which lends itself well to automation.
Re:Moderation is the key (no pun intended). (Score:2)
The problem with control is that the technology to manufacture weapons is hardly secret. In some cases it's thousands of years old. A flint tipped arrow can be just as lethal as a bullet.
Re:And this is (Score:2)
Using the same techniques the Americans and Italians use against the Mafia would be a good starting point.
Re:Uhh..... (Score:2)
The only kind of missiles terrorists tend to use are those of the very short range man portable variety.
Re:Uhh..... (Score:2)
Senario 1, Iraq launches an ICBM. Before the engines even burn out the US has launched bombers and fed targeting data into land and submarine based missiles.
Senario 2, smuggle a bomb into the US, stick in on a truck and drive it to Washington.
Which senario do you think the average terrorist would go for...
Re:The Benefit Outweighs the Danger (Score:2)
----
Err, wrong. (Score:2)
I'd love to know who those informed sources were, and what the basis for their information is. Out-of-band attacks against systems are almost always cheaper, better and more effective than cryptanalytic attacks; after all, no matter how secure the pipe, it's still designed to leak at both ends.
Saying that "they'll only bother with cryptanalysis where out-of-band attacks are infeasible due to required time and labor" strikes me as highly specious. Out-of-band attacks are cheap, effective and fast. Cryptanalysis isn't.
Re:Blatant FUD-mongering (Score:2)
For thouse that don't know, Bin Laden stole a great deal of money from the Saudi Goverment and built hospitals all over the Arab world. This has annoyed King Fahd who most lilky would have helped out anyway but this was done behind his back. Keep in mind that stealing large amounts of money in Saudi results in the death penalty. I suspect that Bin Laden was allowed to leave Saudi because of the good work that he has done there.
So why is the US got him listed on the top ten [fbi.gov]? Its because he feels that scnations aginst a country (Libya) are act of war and should result in people fighting back which he has done. They guy is an engineer and a good planner who feels his people (all Arabs) should be at war with those that have santions aginst any Arabs. He is also for a united Arab country. His work to bring western style hostpitals to the Arab world makes means that in many places in the world he has the type of respect that we would expect to be given to Mother Theresa in Inida.
If the US goverment did want to capture him, all they have to do is go to Ciaro and hang out in the Hilton and wait till he shows up. I know several people have have seen Bin Laden there.
Re:Well, they can't really take it back, now... (Score:2)
Encryption & cryptoanalysis are in a constant arms race, so if (BIG if) the US could keep improved encryption out of the hands of criminals, then in a decade, the government would have the technology and/or CPU power to decrypt most of what's out there now.
--
as a // (Score:2)
What was done with the weapons of the past will now be done with the "weapons" of the future. It only makes sense to villify encryption. Without public outcry how can it be banned? The next step is to find some event that could have been prevented if terrorist X didn't have encryption. A recent office shooting prompted a slew of gun control legeslation by the Massachusettes state legeslature. Sooner of later the same thing will happen with encryption. When little Suzie gets blown up by a bomb that the FBI could have prevented if only carnivore had picked up the email and been able to decode it, then and only then will the real threat to encryption, privacy, etc. begin. If it happened with Colt it will happend with RSA. Remember that we DONT have a constitutional right to keep and bear encryption. Privacy rights advocates have a hard fight ahead of them.
I'm WORKING here, damnit! (Score:2)
"Damnit, boss, can't you see I'm working here, it only looks like I'm jacking off to g0at pr0n!"
- Some guy in Langley
Re:Need a key escrow? (Score:2)
Criminals, of course, simply won't obey the law. Duh.
Yep, and when crypto is outlawed, only outlaws will have crypto. Use of crypto will therefore expose one to surveillance because guilt can be presumed.
Re:Cat out of bag, horse long gone from barn... (Score:2)
Amen. And it ain't the folks who want to outlaw crypto.
That's not about Johnny Badnote using crypto. That's about Johnny Badnote not being logged like he would be in the UK under RIP.
And from Badnote's point of view, it makes sense - if the "good guys" are targetting users of crypto for surveillance, then the best place to hide something is in plain sight.
After all, if you're a sports fan, are you likely to go to every Yahoo message board concerning football? Or just the ones that look like they have lots of active members and traffic?
From the black hats' perspective, all they have to do is misspell a few words (e.g. "fotball") and make it look like the message board and file repository is some lame kid's idea of cool, and nobody innocent will show up. (Any innocents who do show up will get bored and leave quickly.)
Six months down the road, someone finds that the photos of the high school "fotball" team are actually the photos of assassination targets, but by then it's too late.
Of course, the goal of the CNN article is to convince the sheeple that the "obvious solution" (namely crank up the intelligence community's version of Carnivore and have it sniff every packet that goes in and out of Yahoo, Hotmail, etc), a cure that's worse than the disease to most of us (myself included) reading this.
On the third hand, if it gets Carnivore out of the FBI's hands and turns it over to the intelligence community, maybe that's better than leaving it in FBI's hands.
(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab ;-)
Re:ROFL! (Score:2)
But the Lotus Notes backdoor [attrition.org] story was true. Export versions of Lotus contained a 64-bit key, 24 bits of which were encrypted with NSA's secret key.
End result: A commercial eavesdropper would have had to break a 64-bit key, but NSA only had to break a 40-bit key.
My original point in defence of idefense.com still stands - idefense.com saying "don't trust products written in naughty countries" (because their core audience can't imagine "products" as meaning anything other than closed-source software purchased from vendors, and therefore don't see the security risks associated with closed-source vendors) or slashdot's perspective of "don't trust closed-source products because they're closed-source" (because our core audience can't imagine the country of origin as being a security risk) - are two sides of the same coin.
But what about the NSA's 'giant supercomputers'? (Score:2)
Surely the gigantic investment made in the ability to listen in on most of the radio transmissions made around the world is going to prevent the US ever being 'taken by surprise' again.
Doesn't everyone know that underneath the pentagon there is a giant underground lake of liquid nitrogen in which 12 billion tons of supercomputing nodes are submerged, just waiting to crack Osama Bin Laden's encrypted messages??
I mean come on, the US have much more to fear from their own angry citizens (who have exactly the same tools and far better equipment at their disposal) than some guys in the Middle East who really just want to be left alone to fight their own battles without the intervention of some 'global policeman' whose only real interest is in ensuring a constant supply of oil and getting rid of that pesky radioactive waste by firing thousands of tons of it all over the battlegrounds.
Its like the US government is making out that encryption hasn't been used routinely at all levels of political structure for thousands of years, that is somehow a new 'weapon of terrorism' that must be combatted at all costs.
Do they really assume that everyone is as dumb as George Bush looks?
Re:I don't see the point of using encryption. (Score:2)
The CIA employs a huge number of languistic experts. Don't believe me? Head over to cia.gov and look at the positions they're hiring for.
As for the latter, that's basically the same concept as a OTP- just less flexible (not any message can be sent), although equally impossible to break (without having a code book).
There's not much you can do to stop terrorists from communicating.
Re:Here's why the public doesn't care (Score:2)
You're right of course. For the vast majority of us there really isn't anyone who's out to get us. But that doesn't mean that there aren't certian things that we would rather keep private. Furthermore, it makes a big difference when the government starts telling you what you can and cannot write.
Encryption just doesn't matter that much.
Encryption matters a lot. It's not the encryption itself that matters but the fact that I want to have the choice to communicate privately in whatever form I see fit. I reserve the right to write letters in Latin (a language unreadable by many) or in ROT13 or PGP encrypted. The point isn't about the encryption but rather it's about telling me how my personal communications must be conducted. It's true that I rarely hit the encrypt button on my mail client, but I insist on having that choice.
encryption is not like putting a letter in an envelope for mailing, because the envelope doesn't protect the contents of the letter so much as it contains them from the rigors of mailing. If people could save 15c by not using an envelope, they probably would.
It's true that envelopes do offer some benefits that aren't necessary for e-mail. With an e-mail there isn't the need to bind together various documents inside a paper wrapper. On the other hand, it would be fine with the post office if you were to use envelopes made of transparent bond but no one does that. In fact a great many people use security envalopes which have printing on the inside to make it difficult to see what is inside the envalope without opening it. Your argument about people being cheap and unwilling to pay for the security that envalopes provide is baffling to me. People do save 14c [usps.gov] by sending a post card rather than an envalope via the US Postal Service. In addition, they save another 2-7c by not buying an envelope [staples.com] in the first place.
living in a safe world _is_ a good thing, for those of you who are about to suggest that no freedom is worth giving up for safety. Anyone who hasn't been mugged or assaulted on the street may sit out of any discussion about the value of a safe world.
Of course living in a save world is a good thing. I doubt that there's anyone here who will argue with that. My question for you is how will restricting people's rights in anyway work to reduce street crime? My contention is that it simply won't. Overall, it would seem that there are more ways in which we will be vulnerable to crime without access to encryption than if it is not avaliable to the law abiding.
_____________
How stupid can you get (Score:2)
Re:Exactly (Score:2)
If we can cheer for anybody being replaced with the change of administration, Louis Freeh is it.
--
Knowledge is power
Power corrupts
Study hard
Meet the New President, Same As The Old President (Score:2)
Funny thing is... (Score:2)
The Genie's quite obviously out of the bottle, and although the Intelligence community apparently prefers not to work for a living, continued survelience of known terrorists and criminals is still the best prevention of their malfeasance.
Obviously this is a plot by the US to restrict enc (Score:2)
Taken together, this is obviously collusion between the U.S. Government and the Media to garner public support for "key escrow" and other restrictions on encryption.
They're using pr0n and sports chat rooms? (Score:2)
Yes, American tax dollars at work, subscribing CIA agents to fetish sites so they can study their images for secret encoded messages. An extra 500 agents recruited fresh out of college to monitor sports chat rooms all day.
Now I'm trying to remember why I didn't join the CIA...
--
Re:reasonably competent ... (Score:2)
Perfect example. It's possible (in fact common) to write a PRNG which is quite good statisticaly while being quite poor cryptographically. A large LFSR is an example. Read Schneier's
- Applied Cryptography
for more.Re:NASTY BAD MEN ARE USING CHEMISTRY (Score:2)
Wouldn't eating something count? (heh: consumption with intent to digest, public mastication, etc.).
--
Fuck Censorship.
Uh oh (Score:2)
Re:When Encryption is outlawed... (Score:2)
Not really. Take a look at the RFC2040 [isi.edu] description of the RC5 algorithm. It includes C reference implementations for just about every part of RC5, so that a programer would just have to stitch them together to create a useful program. Nor is this a singular example; IIRC part of the requirement for the new advanced encryption algorithm developed by the US was that there be a published, freely available reference implementation. I didn't bother to look, but I'll bet that there's similarly available information about well established asymmetric cyphers like RSA. This stuff is published and can't be unpublished.
Change of government...... (Score:2)
Interesting: The head of the CIA complaining to the US Senate about foreign nationals using crypto.....
Does he really expect the Senate to be able to prevent terrorists in another country from being able to use crypto?
How? Ban exports from the US? {Sarcasm!}Yeah, that worked so well in the decade....{/Sarcasm!}
Or maybe this is just a concerted effort by US Intel & Law enforcement agencies to re-assert some authority in a new administration?
WTF do I care, I live in the far more oppresive UK.....
Whats really scary (Score:2)
Mathematically, RSA itself should take the age of the universe to brute-force- so I wonder what technique they were really using. The article doesnt give any hint what types of cryptanalysis was used.
Perhaps they merely tried to guess the passphrase- probably the easiest way since most people are simply going to use a handfull of ascii characters leaving a really small keyspace. Or maybe they know of a weakness in the random number generator their implementation used.
I bet they started with a dictionary attack, then tried common variations with capital letters, numbers and symbols mixed it( the goal being to decode his secret keyring ).
Regardless- the point seems to be that if they government whats to know whats on your computer they will find out- even if they cant do it casually and cheaply. The best way to send secret messages remains steganography and anonimity.
Moderation is the key (no pun intended). (Score:2)
Blatant FUD-mongering (Score:3)
It's the Red Scare all over again.
I mean, come ON. These people are going to use cyphers or one-time pads if they can't get their hands on modern crypto. They'll assign meanings to quotes from the Koran, and print those. And heck, they don't need to use pr0n sites and sports chat... What's wrong with email, AIM, and IRC?
If the entire NSA and Pentagon can't outsmart a bunch of religious zealots with automatic weapons and explosives, crypto or no crypto, then we're all in trouble.
This story is a shamefully obvious attempt to manipulate the public into accepting continued restrictions on their use of strong crypto. It's clearly intended to support someone's agenda... whose? The USA Today's or someone else's?
Alternatives (Score:3)
I would have thought that the obscurity provided by the massive amounts of information passing over the net would have been enough to communicate anything of necessity. And besides, if they can communicate in a different language (ie. one they made up), without a primer there's no way to tell what they're talking about anyway.
Won't Do Any Good; Will Do Lots Of Evil (Score:3)
"Less well-financed criminal operations" == "a crook who can't afford a used 386 system with a 9600-baud modem"
I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation.
Reasonable regulation means curtailing, not expanding, the powers of government agencies which establish a clear track record of abuse [angelfire.com].
/.
Slashdot... (Score:3)
Re:ROFL! (Score:3)
From www.idefense.com:
We know this because we've already done stuff like this to our adversaries.
Or perhaps you didn't know about the Postscript hack we snuck into Iraqi HP Laserjets as part of the Gulf War.
Or perhaps you didn't know about the backdoors in Lotus Bloats that we used to steal European industrial secrets.
Or about the stuff about the French government's stated policy of using industrial espionage in the late 1980s, to which our Bloats backdoor was probably a response.
Make no mistake, these guys do have a vested interest, but they're emphatically not fruitcakes. They know whereof they speak. This particular threat is very real.
Before you moderate that as "Troll" - ask yourself what's the difference between:
- idefense.com saying to its audience "You know you've
embedded backdoors in stuff you sold to adversaries, now
they can do it to you?"
- Rabid
/.ers saying "Open source is more secure than
closed-source because it's harder to hide the backdoors".
Hint: None at all.It's the same risk, just viewed from a different perspective by a different audience with a different set of shared experiences and concerns.
(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)
ROFL! (Score:3)
"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper. "
ok, head on over to www.idefense.com [idefense.com], browse a bit, find some speeches [http], dig out the tasty quotes:
"We already know that some 30 countries are working on offensive information warfare programs and the principal target for each is the United States. We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds. We also know that every day hundreds of American companies are attacked through cyberspace and that billions of dollars are lost through theft and blackmail.
"
"
For example, no American intelligence agency effectively mines open source data and shares it across federal agencies and with the private sector. Yet open source data could be a huge national asset. Real reform might mean the creation of a Central Analytical Agency that could collate and analyze all open source data and distribute it via the web to its customer base in the private and public sectors. Only secret intelligence would be the responsibility of the existing intelligence community. Not only would this create a significant and profitable national asset, but it would eliminate wasteful duplication in the intelligence community."
Read the whole thing, it's beautiful.
They even get to speak before congress now and then [idefense.com].
Good thing they don't have a vested interest [idefense.com] in the whole thing.
At least they got hacktivist [2600.com] right.
Remember wiretapping is (relatively) new .... (Score:3)
What we're really talking about here is a balance between our personal privacy and the public safety - we should be be carefull not to race off and give away our privacy when in practice all it will mean is that the black hats will use different technology - if that happens we've all lost and the feds have gained nothing ...
Re:Need a key escrow? (Score:3)
Re:Err, wrong. (Score:3)
Re:Good news. Follow my logic and understand why. (Score:3)
You mean fringe members like Yahoo, Amazon, most anyone else doing e-commerce on the web, and major financial institutions?
Re:Exactly (Score:3)
Its no secret to anyone who wasnt weened on American media that this is true - the 18:00 news programs are the worst offenders. Why arent *AMERICANS* capable of seeing this? When I mention it to an American they think Im nucking futz.
It couldnt be more obvious... its a goddamn circus.
Re:Need a key escrow? (Score:3)
Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation. The best the government can do is provide sanctions for those found guilty of committing said crimes within US jurisdiction and mete out punishment.
Sometimes well-intentioned laws are used a basis for creating special classes of criminals who, once suspected of the crimes, are conveniently divorced from their normal rights as citizens (witness the drug war and the FBI/McNaughton-style sting mania).
The end result of legislation like this is to feed the general trend of Americans to be cowardly and fearful, who feel it is better to let governments and corporations make up their minds for them (because after all, if we can ban the export of munitions-grade encryption, we must have produced it, right? so we're number one! yeah!), and in this case, will make sure that no citizens, for better or worse, will be keeping any secrets which would undermine that authority and control.
Do-this-also-yourself at home!!!! (Score:3)
It's a program that will CORRUPT ANY FILE!! Whoa, that's phat with a capital PH!!!
Untitled.gif illegal softwarez!!!!! [untitledgif.org]
Available for intel windows and alpha linux.
This software does not require the installation of photoshop 6.5. Consider yourself invaded by foreigners!!!!
Re:So much garbage, so little space (Score:3)
"Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag
Don't be fooled by the religious rhetoric - it's bad enough that thousands of weak-minded teenagers (who happen to be Muslims) in the middle east are. Political Islam has nothing to do with religion. The Quran is an expedient tool used to manipulate people into following cynical leaders. In the US they would use the Bible.
A tricky thing with religion is that its reliance on the unseeable and unprovable makes it and its followers fairly ripe for manipulation. Once someone has demonstrated that they're willing to believe something just because a book says they should, any wanna-be despots have a ready-made self-selected audience to focus on.
Even then, the majority of people are sensible enough to recognize bargain-bin demagogery as just that, and steer well clear.
Just as most professed Christians are nice people you'd be happy to have as next-door neighbors, most Muslims are ordinary folks who want nothing more than to get through the day, have a good job, feed their family, and have an excuse to smile from time to time.
Anyway, the point is that anyone who manipulates a religion as a tool for motivating others to commit acts that stand against that religion's doctrines (as terrorism does against Islam), has already shown where they stand, and there's no particular reason to believe they're not watching the Playboy channel with a cold 40-ouncer sitting atop their copy of the Quran right this very moment.
Encrypt this! (Score:3)
Nasty Bad Men Use Roads&Phones&Water&Electric&Mail (Score:3)
Cat out of bag, horse long gone from barn... (Score:4)
Besides, restrictions on encryption technology can't stuff this cat back into the bag; the software is out there, and that's that.
Intelligence and police agencies have been using other techniques to get around the use of encryption since the late '80s, from keystroke logging hardware slipped into a suspect's keyboard (what was that about a passphrase?) to the simple and ancient techniques of Van Eyck/TEMPEST monitoring (nabbing the cleartext from the RF emissions of the CPU or display).
Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.
Someone's pushing an agenda with this article, but I rather suspect it's Gannett (owners of USAToday) and CNN.com, who's essentially paraphrasing the USAToday article. Sadly for us /. paranoiacs, it's probably no agenda more sinister than "attract readers with inflammatory stories", just like many other sites we know and love. :)
-Isaac
Does he really exist? (Score:4)
So much garbage, so little space (Score:4)
USA Today article is so filled with garbage and gaps, so clearly following an (no-very-well) hidden agenda that I don't even have the energy to debunk it all. So, just a few commented hightlights:
a) "Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag.
b) "Uncrackable encryption is allowing terrorists ? Hamas, Hezbollah, al-Qaida and others ? to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Please notice the "last March" expression. This panel was reported and fully discussed (See the news here [216.167.120.50]. I believe it was even discussed in Slashdot, but I couldn't find the article)
c)"encryption has become the everyday tool of Muslim extremists in Afghanistan, Albania, Britain, Kashmir, Kosovo, the Philippines, Syria, the USA, the West Bank and Gaza and Yemen, U.S. officials say." I guess they also have radios, all forms of guns, phones, cameras. They also use cars, trains, buses. Let us ban all of those.
d)"All the Islamists and terrorist groups are now using the Internet to spread their messages," says Reuven Paz, academic director of the Institute for Counter-Terrorism, an independent Israeli think tank." This has absolutely nothing to do with encryption. Notice the equality achieved in the sentence between Islamist and terrorist. Rephrase to "All Southern Baptists and racists groups are now using the Internet". Think about it.
e)"They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read." We should throw all these "privacy advocacy groups" in jail and lose the key, shouldn't we?
f)"It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it." Of course, as we already know that all the enemies of the United States are a bunch dumb arabs, they obviously cannot develop their own software. So they will be forced use US-made software that automatically deposits their private keys with the FBI.
g)"Who ever thought that sending encrypted streams of data across the Internet could produce a map on the other end saying 'this is where your target is' or 'here's how to kill them'?" says Paul Beaver, spokesman for Jane's Defense Weekly in London, which reports on defense and cyberterrorism issues. "And who ever thought it could be done with near perfect security? The Internet has proven to be a boon for terrorists." Who ever thought a spokesman for a defense and cyberterrorism publication could be so dumb? To discover how does Mr. Beaver manages to keep his job, that would amaze me.
The discussion about the racist bias of the article is left as an exercise to the reader.
The part that struck me... (Score:4)
Re:forget encryption... (Score:4)
Re:ban envelopes, too (Score:4)
Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store. Most online merchants destroy your credit card number after it's no longer needed, and keep only minimal records of it (4 first or last numbers). Compared to bricks-and-mortar shopping, where the store makes one or two copies for itself and one copy for you to lose, with 'customers' behind you that can look over your shoulder because of poor handling of the card, it makes me feel nervous. However, if you take away encryption from the equation, all bets are off, since a packet may travel through dozens of systems and routers before being recieved by the vendor you're trying to buy from.
How much freedom are you willing to sacrifice in order to gain safety? To me, the benefits that society gains from encryption far outweigh the evils that can be done with it. Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage. I'm glad to be living in Canada on this point -- there's never been any plans to stop private citizens from using or exporting encryption, with the exception of those products imported from the United States that employed 'high-grade' encryption that was banned from export from the United States. Why do you suppose the OpenBSD project, which uses encryption where ever possible, is based in Canada? ;-)
Need a key escrow? (Score:4)
Of course, the reality is that this is prime material for legislatures to begin convincing the less tech-savvy "common man" that they desperately need legislation in place to form a Key Escrow so that anyone's keys can be cracked by the government if they so desire.
Criminals, of course, simply won't obey the law. Duh.
When Encryption is outlawed... (Score:4)
Only outlaws will use encryption. I know it's an old saw, but how exactly is banning encryption supposed to stop terrorists from using it? The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own. Not to mention that software can legally be written in countries other than the US, so unilateral action won't do any good anway. The genie is out of the bottle, and it can't be put back in.
NASTY BAD MEN ARE USING CHEMISTRY (Score:4)
'Chemistry' could be a new, important tool in the terrorists quest to stay one step ahead of authorities and commit mass-murder. The senate will soon debate a bill which bans the use or export of this 'chemistry' and proposes stiff new regulations.
Re:And this is (Score:4)
This might not work. How do you infiltrate a terrorist organization made up of people who are relatives? How do you infiltrate a terrorist organization in a country where most of the residents are at least somewhat sympathetic to the groups goals? Bear in mind that HUMINT has a pretty shitty track record. Investing in HUMINT is like investing in a dotcom - you may be wasting your money or you might get a huge payoff. Getting Congress to approve large cash payouts to shifty characters could be awfully difficult, especially in light of the Iran-Contra debacle not too long ago.
And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves! It's no different from soldiers wearing a bulletproof jacket, and in these times when nuclear proliferation is a fact of life, America needs that jacket.
Ouch! Head hurts! NMD = very stupid.
Why would anyone launch a missile at the US when much better delivery systems are available? The World Trade Center bombing, the Oklahoma federal building bombing, and so forth all involved very sophisticated car bombs. The USS Cole was hit by another boat, not a missile. There is no reason why any terrorist would use a missile as a delivery system - they're expensive, and it appears sneaking up on your target works just fine.
Some may say, well, just because a missile defense would not protect us against some attacks isn't a reason to build it. Implicit within this claim is a couple things:
1) Terrorists are fairly smart, they can build high-yield conventional weapons and possibly NBCs.
2) Terrorists are extremely stupid, if we build a missile defense system they will abadon in rental trucks and boats as delivery systems and switch to ballistic missiles.
Pick one or the other folks, it can't be both.
What if the NSA and CIA and Mil divs get it? (Score:4)
Answer - it would not affect them at all. The bad guys already have PGP and they can't crack it. The bad guys already have image encryption and they can't crack it.
All this will let them do is run roughshod over the constitution and pry even more into our private lives.
And, remember, Bush Sr. was Director of the CIA - don't for a second think that this is not a pretext to take even more of our civil liberties away.
forget encryption... (Score:4)
Curses! Foiled again!
omega_rob
Exactly (Score:4)
Good news. Follow my logic and understand why. (Score:4)
Now, how are the mainstream to be convinced that using encryption is a good thing? This is what we all want to do, correct? Well, we won't manage it by trying to do so ourselves - being lectured at by the freaks will only make the public resist even more. I suggest that we embrace the criminals for this campaign. The fact that Bin Laden and criminals like the mafia use encryption make it into a sexy field again, like it was in the 1920's through 40's, say. If we wish to impress Joe Public, it is imperative that we use the tools of advertising, which uses sexy images and subliminal suggestions, and not reason, which bores the common man and causes him to switch off.
Much like antidrugs campaigns by the government can increase their appeal and use in many quarters, I suspect that any government campaign to convince people that encryption is evil because it is used by terrorists criminals will surely backfire, and increase the sexiness of the field and general usage statistics for encryption.
This is what encryption has needed to enter the mainstream.
They fuck you up, your mum and dad.
Explanation (Score:5)
General walks into a room unannounced.
General: Samir, what are you doing?!?
Samir (surprised, suddenly turning his attention from the computer): General!!! I-I-I didn't know you were here at this hour, sir!!!!
General: Samir, were you using Allah's network connection to visit porn sites?
Samir: No, General! Of course not! I was just -- I was just, eh, using the porn site's bulletin board to send terrorist messages, sir! (types in something random)
General: But I can't read any of it!
Samir: Of course not, General! You see, sir, they're encrypted! Yes, that's right, they're encrypted!
General: Very well, I'll let it pass this time.
Samir turns off the computer and the lights. Exeunt.
General: By the way, Samir...
Samir: Yes, sir?
General: I think "CIABoy935466" likes you.
Do-it-yourself at home, too! (Score:5)
http://www.attrition.org/~wrlwnd/crypto/steanograp hy/jpeg-steg/ [attrition.org]
Maybe you could use this to tunnel IP over USENET porn?
Thank you, Mr. Bin-Laden! (Score:5)
I think it's important to put Bin-Laden's quote in context:
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.
As an advocate of a truly strong military -- as opposed to a bloated, bureaucratic, budget-and-career-path grabbing mess -- I think we ought to be listening pretty strongly when Bin-Laden says America is run by "devils."
Why? Because what Bin-Laden is saying is that America is much weaker than is says it is. That it is run by a bunch of cowards who lie about just about everything -- including our military capacity. And that sort of lying has everything to do with the current case.
Instead of going out there and building a strong, honorable military that can defend Americans along with the ideal of freedom, the FBI and etc. are going out there and building a totalitarian state that prevents the flow of information and the development of ideas. It's saying that people can't have encryption, because we're too cowardly and lazy to defend against it, and playing to the weakness and fear of the public. This is the essence of unfreedom. This is what destroys republics.
It is also the direct opposite of the democratic ideal which protects our society. The idea of freedom of information is that we become strongest when ideas can flow without government restriction -- that we solve problems, build economies, develop new technologies, and learn to protect ourselves better in a free society. And it is for this reason that totalitarian societies are doomed to freedom.
Is Mr. Bin-Laden using encryption? Is he building a military force to fight the U.S. government? Is he hurting the U.S.? If so, then I say, as an American, thank you Mr. Bin-Laden. Thank you for pointing out how weak we have become, under the direction of Mr. Freeh, and Messrs. Bush, and Mr. Clinton. Thank you for showing us that our society is so weak, and so unfree, that it cannot defend itself from you. Thank you for pointing out the devils among us, and how unfree they have made us, and that they are liars.
And that the lie is, that it is good to restrict technology, restrict information, restrict DeCSS, restrict encryption. That it is good to not let Americans see when their planes are shot down, or when their soldier die because they are unprepared for real war, because it "maintains morale" and public support for the military. The lie is, that restrictions and lying and totalitarianism makes us stronger, when it weakens us, weakens our military, and weakens our democracy. The lie is, that this benefits anyone, other than the bastards telling the lie. And by that, I mean Louis Freeh, among others, in this case.
All I have left to say, is that it is time to get the bastards out of office.
When the Marines landed in the last days of 1992, bin Laden sent in his own soldiers, armed with AK-47's and rocket launchers. Soon, using the techniques they had perfected against the Russians, they were shooting down American helicopters. The gruesome pictures of the body of a young army ranger being dragged naked through the streets by cheering crowds flashed around the world. The yearlong American rescue mission for starving Somalians went from humanitarian effort to quagmire in just three weeks. Another superpower humiliated. Another bin Laden victory.
"After leaving Afghanistan, the Muslim fighters headed for Somalia and prepared for a long battle, thinking that the Americans were like the Russians," bin Laden said. "The youth were surprised at the low morale of the American soldiers and realized more than before that the American soldier was a paper tiger and after a few blows ran in defeat. And America forgot all the hoopla and media propaganda ... about being the world leader and the leader of
the New World Order, and after a few blows they forgot about this title and
left, dragging their corpses and their shameful defeat."
Osama using the web... (Score:5)
*** Osama888 has joined #metallica
<Osama888> wasssuuuuuupppppp >:D
*** UN sets mode: +o Osama888
<brakzilla>
<Osama888> man I was out shopping for nitrogen rich fertilizer at this damn store in al Kabarfi and this zit faced punk at the store was all up in my face
<brakzilla> hehehehe lol!!
<Osama888> hehe then I told the guy, "do you know who I am??" and he was like D:
<brakzilla> werd!
<Osama888> yea w3rd.. brb pizza
Re:Blatant FUD-mongering (Score:5)
It's kind of funny (but not too funny) how the Western World is as afraid of technology they don't understand (crypto) as they are of cultures they don't understand.
ban envelopes, too (Score:5)
Re:Osama using the web... (Score:5)