Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Security IT

Osama Bin Laden Didn't Encrypt His Files 333

An anonymous reader writes "If you're running a terrorist organization, it might make sense to encrypt your files. Clearly Osama Bin Laden didn't realize that — as some of the documents seized during the raid on his hideout in Pakistan have been made public for the first time. 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations by the Combating Terrorism Center, reports Sophos."
This discussion has been archived. No new comments can be posted.

Osama Bin Laden Didn't Encrypt His Files

Comments Filter:
  • by GodfatherofSoul ( 174979 ) on Thursday May 03, 2012 @06:20PM (#39883843)

    Worked pretty well for the 10 or so years it took to *find* his files!

    • Assuming they were his. Did he sign them with strong public key encryption?
    • by zero.kalvin ( 1231372 ) on Thursday May 03, 2012 @07:00PM (#39884277)
      So getting killed for not encrypting your files is the new punishment ? God those IT admins are angry!
  • really? (Score:5, Insightful)

    by SailorOrion ( 2628783 ) on Thursday May 03, 2012 @06:22PM (#39883865)
    Normally, you would encrypt data for transmission via an unsecure network (read: internet) or to protect it from unauthorized physical access. It's not like OBL's biggest worries were the contents of his USB sticks should hostile individuals be present in his home. History certainly supports that theory ...
    • What if one of his leutenants had betrayed him? There are a lot of reasons to encrypt sensitive documents even when they are not being sent over a network.
      • by Blindman ( 36862 )
        True, but it would have to be a lieutenant that didn't otherwise have access to the information.
        • Which I am guessing would be the case, as a matter of operational security. If a lieutenant in charge of, say, activities in North Africa decides to defect, it would be bad if he knew about plans for Asia or Europe.

          I am just guessing, of course; maybe they are less organized than I am giving them credit for. Failing to encrypt is certainly an indication of that...
    • Yep. I kept passwords on stickies under my monitor. "That's not secure". Reply: "If somebody in the building is looking under my monitor, finding the PW and figuring out what UID and service it belongs to, we've got bigger problems".

    • by artor3 ( 1344997 )

      It's not like OBL's biggest worries were the contents of his USB sticks should hostile individuals be present in his home.

      That depends on whether his chief concern was his own life or that of his associates. If he really gave two shits about his fellow terrorists, he would have encrypted the data to protect them in the event of his discovery. OBL: selfish, stupid, or both. No surprises there.

  • by gavron ( 1300111 ) on Thursday May 03, 2012 @06:27PM (#39883935)

    He couldn't run GPG on his paper abacus.


  • by Anonymous Coward on Thursday May 03, 2012 @06:30PM (#39883963)

    • "[...] Hit him with this $5 wrench until he tells us the password."
      "Uh...we already shot him."
      "Well, that's not going to be helpful..."

  • by dccase ( 56453 ) on Thursday May 03, 2012 @06:30PM (#39883971)

    He correctly understood that they wouldn't be used against him as evidence in a court of law.

    • He correctly understood that they wouldn't be used against him as evidence in a court of law.

      Uh, perhaps the idea would be to use a strong encryption so that if someone did find them, they wouldn't give away all the people you are collaborating with? Sure, it would be broken 20 years down the road but ... surely even in death you would want to protect your cause and your allies? Seems like pretty common sense to me ... just another sign that he didn't really care about those around him or he didn't understand technology.

      The less information you give your enemy the better. Even minute things

      • by HiThere ( 15173 )

        The impression I've gotten so far is that he didn't reveal anything all that useful against his organization. It does appear, however, that he missed the opportunity to encrypt 15GB of /dev/random . This is an opportunity that any successors should not miss. It might not do you any good, but it will really annoy the opposition.

  • by girlintraining ( 1395911 ) on Thursday May 03, 2012 @06:30PM (#39883973)

    Lesson 1, Page 1, in covert operations:

    Anonymity deflects more bullets than body armor.

    Encryption prevents viewing the data only for the amount of time it takes to torture the passphrase out of you. Since you need the key to view your encrypted data, it's almost assured that the key will be near the data in some form, minimally protected. Encryption therefore provides little (if any) security in that scenario. In fact, it could cause more harm than good; It may lull you into a sense of false security.

    • by icebike ( 68054 ) *

      Lesson 1, page 2.

      That bit I wrote on page 1 has proven false. Some how, the NSA clicked a mouse, the lights dimmed, and a computer spit out my passphrase.

      I go now. Bye.

    • Consider that he used people to move data a lot. PGP and the like would make a lot of sense for his underlings to be able to know it came from him and insure the intermediaries could not decode it.

      • If he's worried that these intermediates would access and/or abuse the information they are entrusted to transfer, those intermediates do not have the level of trust needed to be an intermediate to someone like Osama bin Laden to begin with.

    • There are other ways that encryption can help. Let's say that /bin/laden was warned just before the raid and had to flee for his miserable life. Wouldn't it be better for him if any thumb drives, computers or other media were encrypted? Even if the NSA were able to break whatever cypher he used it would still take them time and the delay might just be long enough for damage control. Thats why field-grade cyphers aren't as tough to crack as higher level ones: they only need to delay decryption long enoug
  • He may well have operated on the assumption that if ever his enemies laid hands on his computer files, odds are that lack of encryption would be very, very low on his list of Things I Need To Worry About Right Now; thus, it would make little sense to spend his limited resources on this line of defense.

  • by Nidi62 ( 1525137 ) on Thursday May 03, 2012 @06:34PM (#39884015)

    Why would he need to encrypt files he was storing with him? He was living covertly, so did not have to worry about surveillance. And these documents were essentially for internal (read: his own and his few insiders) use. Any distribution of those documents from his location was handled by courier, and AQ uses encryption and steganography when distributing their documents as recent news has shown, logically the same measures were probably undertaken whenever these documents left the compound. As high a profile target as he is, he really didn't have to worry about anyone snooping on him, it would be much more profitable to capture or kill him if his location were known than it would be to sit on him and investigate traffic. And odds are the NSA and other intelligence agencies would brute force and eventually crack any encryption regardless. At best, all the encryption would do is buy time for AQ to bug out/scrap plans/accelerate operations. In all likelihood they probably had a contingency plan for bin Laden's eventual capture/death(whether natural or by bullet/missile) which involved changes in methods, distribution networks, or locations, causing any intelligence gained to lead to mostly ghosts and cold trails.

    Think of this another way: do you encrypt your USB drives if you are just transferring your files from one computer to another in your house? Even if the files are sensitive, it's a waste of time, because the drive isn't intended to be removed from your house.

    •'s a waste of time, because the drive isn't intended to be removed from your house.

      Then real life creeps in, and unenteded consiquences spoil your day, some one pops a tire on your getaway ride, some trusted flunky slips a USB stick in his pocket...

    • And odds are the NSA and other intelligence agencies would brute force and eventually crack any encryption regardless. At best, all the encryption would do is buy time for AQ to bug out/scrap plans/accelerate operations.

      There are two kinds of encryption, one will keep your kid sister out of your files unless she does a little research on the internet and spends a few hours running a breaker program.

      The other kind of encryption, "hard encryption" will keep present technology, on average, busy until well after the heat death of the universe before getting lucky enough to brute force guess the key. If this encryption is used well and the keys safeguarded effectively, it is unbreakable until a breakthrough in methods or techn

      • ... If this encryption is used well and the keys safeguarded effectively, it is unbreakable until a breakthrough in methods or technology comes about - quantum computing holds the promise to break some forms of strong encryption, if it ever matures.

        If you capture the computer on which the files are composed (using commercial software), and the encryption is performed, and it is running a regular consumer OS, are the keys/pass phrases really secure against an opponent with unlimited resources?

  • Of course Osama bin Laden doesn't care -- he's dead. But I can only imagine all the intel regarding locations, plans and correspondence has helped the US in their efforts against the surviving leaders of al-Qaeda.

    So yes, not encrypting the files and having those files now in the hands of their enemy does make a difference.

    • Of course Osama bin Laden doesn't care -- he's dead.

      What I think this shows is that OBL didn't care what happened to his cause after his inevitable (from old age, if nothing else) death.

  • Probably nature of his job/post/tenure assumed crypto keys were being held in escrow.

  • by Grayhand ( 2610049 ) on Thursday May 03, 2012 @06:49PM (#39884177)
    The "terrorist" are middle east versions of neo-nazi rednecks. Most of them aren't entirely sure why they hate us but they do. Fighting us gives purpose to their otherwise sad existence. The Saudi terrorist, the ones that actually blew up the towers, blame us for their own people robbing them blind of oil money. Why didn't Bin laden encrypt his files? Why wasn't he in hiding? He had people in the Pakistani government protecting him and apparently the rest of the Al Qaeda terrorist network considered him put out to pasture. He was the figure head of a pathetic group of thugs. I just saw a report that it finally dawned on these morons that it's easier to start fires than to bring down planes. Even then they have to design complex bombs rather than matches and candles. They over think problems and miss the obvious. People think genius is coming up with complex solutions, it's coming up with simple solutions to complex problems. These guys aren't geniuses.
    • by Nidi62 ( 1525137 )
      Except in this type of conflict, the stupid die quick, the smart ones keep on living and fighting. A lot of these guys have been doing this since the 80s. They've built a global network that has avoided dismantling despite the billions of dollars and countless man-hours that have gone into finding and destroying it. And any time the intelligence services score a victory and kill someone or intercept an attack/courier, or capture a big player, those that are left learn even more. It's a Darwinian system
    • Most of them aren't entirely sure why they hate us but they do.

      Translation: I'm not entirely sure why they hate us, but they do.
      Luckily for you Grayhand (2610049), there are ways to educate yourself and remedy your ignorance.

      al-Qaeda and its affiliates have been telling us for decades why they hate us and how we can get them to leave us alone.
      You can start by seeing why they say they hate 'us' and then read why the experts think they hate us.
      Your task will be much easier if you ignore talking heads on TV and instead read some journals on foreign policy.

    • by cold fjord ( 826450 ) on Friday May 04, 2012 @01:25AM (#39886911)

      We aren't talking rocket scientists here. . . . . The "terrorist" are middle east versions of neo-nazi rednecks.

      I'm afraid you've got things quite wrong in some important ways.

      The Educated Muslim Terrorist []

      Nidal Hasan, Abdulmutallab and Humam al-Balawi are jihadists who were educated and came from privileged middle- and upper-class backgrounds. Hasan was an American-trained U. S. Army doctor, Abdulmutallab was a London engineering student and the son of a wealthy Nigerian banker, and double-agent Dr. Humam al-Balawi was a member of the Jordanian professional class.

      Many Westerners are confused by the willingness of university-educated middle-class Muslims to perpetrate barbarous acts of terrorism. It appears to be a reversal of the usual process: typically college students raised in religious households become more secularized by exposure to the humanities and sciences, and the rationalist values of the European Enlightenment. Yet when embryonic jihadists attend Western universities they graduate with their faith intact: 9/11 terrorists Mohammed Atta and Khalid Sheikh Mohammed were both beneficiaries of Western university educations. These men, who sought to advance themselves with Western training and technical skills, ultimately turned against, and attempted to destroy, the very society that provided them with the means to that advancement. Instead of employing their newly acquired learning and knowledge to improve the lot of their fellow countrymen and co-religionists, they turned this very learning and knowledge against their Western benefactors.

      This phenomenon begs the question: How do jihadists reconcile such hypocrisy and ingratitude in their own minds?

      As the 1989 fatwa against Salman Rushdie proved, the list of Jihad’s grievances against the West is subtle and inventive. The exquisite sensitivities of the faithful guarantee the manufacture of injury and insult without end, providing inspiration for Islam’s perennial street theater; for no sooner does the Arab street grow tired of one threadbare grievance, e.g. Israel, than it discovers another in an irreverent Danish cartoon. . . . .

      In Leaderless Jihad: Terror Networks in the Twenty-First Century, Marc Sageman notes that eruptions of terrorist violence have little to do with economic social conditions; terrorist movements evolve slowly, spike quickly, and disappear with unexpected suddenness, and “cannot be explained through slow-moving societal forces and cultural templates.” Sageman disputes the popular notion that terrorists are mentally ill, poor, uneducated sociopaths: most of the 9/11 terrorist were, like Mohammed Atta, well-educated, many of them university graduates, i.e. psychologically stable individuals from middle-class families. Most telling of all, four fifths of these jihadists were expatriates, or the offspring of expatriates, who had immigrated to the West. In a word, they were members of the intelligentsia, confirming Arnold Toynbee’s observation that this class is fertile ground for revolutionary violence. . . . More []

      What Makes a Terrorist []

      In the wake of the terrorist attacks on September 11, 2001, policymakers, scholars, and ordinary citizens asked a key question: What would make people willing to give up their lives to wreak mass destruction in a foreign land? In short, what makes a terrorist?

      A popular explanation was that economic deprivation and a lack of education caused people to adopt extreme views and turn to terrorism. For example, in July 2005, after the bombings of the London transit system, British Prime Minister Tony Blair said, “Ultimately what we now know, if we did not before

  • Two thougths: (Score:5, Insightful)

    by Guppy06 ( 410832 ) on Thursday May 03, 2012 @06:51PM (#39884185)
    1. Considering that he kept that information in close physical proximity, he may simply have assumed that, if the information were compromised, he wouldn't be alive to care.
    2. The US government says the files weren't encrypted. It's also possible they were encrypted, but the US doesn't want al Qaeda cells and/or the general public to know how long it took to crack.
  • I thought one of the purposes of encrypting files is to hide them - make them look like unused space on a drive. How could anyone tell that there are no encrypted files?
    • How could anyone tell that there are no encrypted files?

      The usual first mistake is a sticky note with the password on it.

      Common mistake number two is a big icon on the quicklaunch bar labeled "SuperSecretCryptoAccess."

      You think I kid?

      ...In 2005... law enforcement agents raided the home of one of the alleged spies. There, they found a set of password-protected disks and a piece of paper, marked with “alt,” “control,” “e,” and a string of 27 characters. When they used that as a password, the G-Men found a program that allowed th

  • These items were located in his "safe" hiding place. Defended by the most loyal of the loyal followers he had. One thing was nearly certain: If anyone ever got into this place, he would get in there after a lengthy and bloody fight. His chances to survive that fight, if it was lost, were close to zero, and even if he survived, his chances to get out as a free man were zero. And it's not only likely that the 'trial' he would be put into in such a case ends in a death sentence.

    So why bother encrypting? If any

  • by i286NiNJA ( 2558547 ) on Thursday May 03, 2012 @07:20PM (#39884435) Journal
    The number of people who think AES can magically be cracked because the NSA is involved is staggering, if anyone can crack it it's probably the NSA, but they probably can't crack it. Slashdot your opsec is horrid, you encrypt secrets because they're secrets not because if the enemy has them you're dead anyhow, if anything it means that your secrets are more secure since they can't be beaten out of you. Does this sound like a policy we'd use with our own military secrets? More likely he's not very tech savvy and didn't understand why it would help or like many of the posters here he seemed to believe that the NSA has magical powers so crypto was futile. The man is prone to faulty thinking demonstrated by his belief that the middle east would finally be free from our meddling if he could just manage to kill another 5000 people. The fact that many of you are developers and administrators and don't seem to know the first thing about opsec or crypto is genuinely troubling, no wonder .cn walks through our infrastructure like they own it.
  • The US government is not known for it's honesty. Whatever they say (And expirience proves me correct) can be assumed to be a lie. Like the weapons of mass destruction that someone else was higing in his palaces and the mobile laboratories that the same dictator used to create biological and chemical weapons. People, is our memory so bad that we forget easily we are being told nothing but lies by politicians?
  • by Chuck Chunder ( 21021 ) on Thursday May 03, 2012 @07:24PM (#39884473) Homepage Journal
    I bet that "evil plans" sub directory is really a front and there's some serious man on man action pictures hidden inside those files.
    • by caywen ( 942955 )

      Wasn't this folder one of the standard library folders in Windows, anyways? Music, Pictures, Documents, Evil Plans. That's what my Start menu shows.

  • by billybob_jcv ( 967047 ) on Thursday May 03, 2012 @08:55PM (#39885389)

    The released documents are interesting reading - although very long-winded and obtuse. What fascinates me is the overall callousness and unemotional references to non-Muslim human lives. Bin Laden cautions against killing the French hostages, not because killing is wrong, but because the political ramifications might have a negative effect at this time. The only time there seemed to be any concern for human life was on the issue of suicide bombings that killed random Muslims in Afghanistan & Pakistan. For most of the letters, he could very well have been a CEO talking about a downsizing at a branch office.

  • by MrQuacker ( 1938262 ) on Thursday May 03, 2012 @09:11PM (#39885515)

    From TFA:

    In contrast to his public statements that focused on the injustice of those he believed to be the “enemies” of Muslims, namely corrupt “apostate” Muslim rulers and their Western “overseers,” the focus of Bin Ladin’s private letters is Muslims’ suffering at the hands of his jihadi “brothers”. He is at pain advising them to abort domestic attacks that cause Muslim civilian casualties and focus on the United States, “our desired goal.”

    Out of 6000+ documents, they picked this to release. You don't need a huge imagination to see why.

    Although I do give them credit in making this public and trying to focus attacks back on to US forces. It makes leaving Iraq/Afghanistan a lot easier if you don't have to worry about them killing each other after you leave.

  • by wvmarle ( 1070040 ) on Thursday May 03, 2012 @11:32PM (#39886377)

    No-one encrypts their files, or their e-mails, so why would he do it? I bet he also didn't keep backups, again just like the rest of us.

    This just proves that Osama bin Laden was just a normal guy. Except maybe for his passion to kill, that is.

  • by hduff ( 570443 ) <<hoytduff> <at> <>> on Thursday May 03, 2012 @11:33PM (#39886379) Homepage Journal

    Any idea what OS he used?

  • by Yvanhoe ( 564877 ) on Friday May 04, 2012 @08:49AM (#39888941) Journal
    ...but the "we found that in Osama's hard drive" is a perfect excuse to make it possible to legally use informations that were given through illegal or immoral means.

Logic is a pretty flower that smells bad.