

How Bin Laden Sent and Received Email - luigi
http://news.yahoo.com/s/ap/us_bin_laden

======
luigi
Only slighty more roundabout than RMS's system for browsing the web.

------
tejaswiy
tl; dr: Write email. Copy to USB. Give it to courier who takes it to a distant
internet cafe and sends it out. Incoming email is copied into the same USB and
delivered back.

~~~
MikeCapone
That was so anti-climactic. I was expecting something a bit more sophisticated
after all the hype at the beginning of the article. ROT13 at least...

~~~
dave1010uk
ROT13 is easily reversible. It looks like he used 2ROT13.
<http://www.mobikom.at/2rot13.pdf>

~~~
MikeCapone
I was kidding about ROT13. I would have expected at least AES-256 hidden via
steganography inside photos or sound files..

~~~
dave1010uk
I knew you were joking; just get reminded of that paper when I see ROT13
mentioned.

~~~
MikeCapone
Sorry, I misread your comment. Good one :)

------
Super_Jambo
This flags up all sorts of wrong. A counter terrorism official demands
anonymity to tell us some very mundane facts:

1) Bin Laden sent e-mail. 2) He sent it via a very simple if slow method. 3)
The US has these e-mails including the receiving address.

Why would they publish this tipping off their targets? Why does the official
require anonymity?

A nasty thought does occur which is that this makes an excellent reason for
governments to insist that ISPs and email providers hold all emails
indefinitely for future investigations.

~~~
joezydeco
I would think the targets got tipped off when news of the Bin Laden raid was
announced.

------
carussell
The hype-to-content of this article is ridiculous.

 _It was a slow, toilsome process. And it was so meticulous that even veteran
intelligence officials have marveled at bin Laden's ability to maintain it for
so long._

Really? _Really?_ It's still more efficient than traditional post, and I'm
guessing there wouldn't be this level of hullabaloo if that had been the mode
of communication.

~~~
ArcticCelt
Also, the www became more or less mainstream in the mid 90s and mainly for
college students and young professionals or tech workers in western countries.
He went in full hiding in 2001 but was already hard to find since a couple of
years and living in Afghanistan.

For how long did he really used email? The answer is probably anything from
zero years to five. Like you said, looks to me that the system he was using
was a faster and more efficient system than the classic pen and paper he used
all his life.

------
gfodor
For all the cheering about Bin Laden's demise, its this trove of information
that people really should be cheering about. It sounds like they basically got
a full snapshot of the Al Quada organization at the time of the raid.
Intelligence analysts right now must be the having the most thrilling yet most
critically intense time of their careers.

------
cynusx
According to my girlfriend who grew up in Africa, this is normal behavior when
you have to pay for internet by the minute.

~~~
kragen
What software is most popular for doing this? I wrote my own when I was in
Venezuela, but I imagine there's some popular stuff already out there?

------
kloncks
I remember watching the movie "Traitor" a few years back and wondering if Al
Qaida used something similar to what the fictional terrorists were using in
that movie.

(From what I remember, they were merely writing messages and saving them as
drafts. Then others would log on and read the drafts. No emails were sent.)

Interesting though how much he relied on couriers.

~~~
dguido
Lots of malware actually uses this to communicate with infected hosts now-a-
days. You see it a lot in the backdoors used for more targeted attacks.

AFAIK, going wayyy back, this strategy was first talked about by Sophsec at an
infosec conference in 2006. They made a library called libomg that would log
into social networks and webmail to communicate with infected bots and they
had various strategies for doing so. The most hilarious was the myspace module
which automatically set up networks of teen girls who chatted in uh teen-
speak, which were actually hidden commands for the other bots to log in and
retrieve. It was awesome.

~~~
bad_user

        The most hilarious was the myspace module which
        automatically set up networks of teen girls 
        who chatted in uh teen-speak
    

Makes sense - teen-speak barely means anything and it's frustrating as hell to
read, so normal people usually turn away before starting to see suspicious
patterns.

------
zwieback
Surely the lamest thing I read today. I was expecting some elaborate multiple
encryption and obfuscation scheme involving proxies and anonymisers in
addition to sneaker net in and out of the hideout.

------
maqr
It is absolutely amazing to me that terrorist organizations would not use
encrypted email.

~~~
trotsky
Hiding in plain sight has a lot of different meanings. Cryptography stands out
a lot more than bickering among old men. Besides, which tools to trust? The
PRC clearly distrusts many western crypto systems, why would AQ feel any
differently?

~~~
JoachimSchipper
Those are good points, but he could still have, at least, used something like
TrueCrypt for his _archives_.

~~~
troels
How do you know that CIA don't have a backdoor to TrueCrypt?

~~~
eneveu
Who cares if the CIA has a backdoor? It's still better to encrypt his archives
than using plaintext. The chance the CIA _might_ have a backdoor is lower than
the chance the CIA might decipher plaintext.

Of course, you'd have to use a non-networked computer for this, in case
Truecrypt phones home...

~~~
troels
Well, the article didn't say that they were archived in plain text. For what
we know, it may have been encrypted with TrueCrypt, and it may be readable by
CIA.

------
darklajid
I cannot help but think of the recent story about Knuth and his secretary,
reading (and replying to) mail by proxy as well..

------
mcdowall
This doesn't surprise me, having 100+ USB's lying around with content does.

~~~
magoghm
Same here. That part makes me question if the information from that
"counterterrorism official" is reliable.

------
macrael
There doesn't seem to be a mention of encryption anywhere. I'm surprised they
didn't avail themselves of a little PGP. If a giant notorious terrorist
organization isn't using public key cryptography, who is?

~~~
runjake
In the past, Al Qaeda operatives have expressed a belief that PGP is
tainted/backdoored/etc by the US government, so they generally shun it.

It's probably better for attempting to elude the NSA, as well. Get lost in the
mix, as opposed to having big large red flags in your messages.

~~~
ericmoritz
Why not GPG? It's open source, unless there's some crazy obfuscation in the
source code it would be pretty hard to hide a backdoor in plain sight.

~~~
alexg0
One would hope terrorist organizations don't have technical expertise to code
review PGP.

~~~
aasarava
Yet several had the expertise to fly commercial airliners. A number of top Al
Qaeda leaders went to college in the U.S. It wouldn't be implausible for some
terrorists to take courses in computer science.

~~~
ceejayoz
While I don't doubt Al Qaeda has some skilled technical folks, piloting a
commercial airliner isn't much of a feat if you don't intend to land the
thing.

~~~
jrockway
Landing in good weather is not particularly difficult. What's difficult is
handling error conditions: the landing gear won't go down, an engine has
failed, some instruments are out or misbehaving. Landing the airliner, safely,
under those conditions require critical thinking, good flying skills, and
practice. If you are planning on only taking one flight, you don't need to be
good at this stuff, because it's unlikely that you will encounter any problems
on that particular flight.

(Lots of people have died because of inadequate training in these areas.
Eastern Flight 401 is a good example:
<http://en.wikipedia.org/wiki/Eastern_Air_Lines_Flight_401>. The crew was so
busy debugging a faulty light bulb that they forgot to fly the plane. It
crashed into a swamp.)

------
jrockway
I think strong crypto + several VPN providers would be as safe and easier to
automate.

(This, BTW, is why I am generally against anti-piracy enforcement actions and
warantless wiretapping. When you force normal people to use strong
cryptography and VPN providers or mesh networks, the terrorists are much
harder to pick out. They just look like kids downloading movies.)

------
nickmolnar2
Doesn't this system still lead to a large trail of emails going back to
Pakistan (assuming the courier didn't go all the way into Afghanistan to send
each email). Presumably, some of the computers that were on the receiving end
of those emails have been seized by US intelligence in various raids. The IP
of the sender would be easy to trace for the CIA, and the content of the
emails would have at least indicated that the sender was in a key decision-
making position within the organization.

Without some other security steps, like VPNs or proxies, the US would have
certainly been able to trace the country of origin of these communications.

------
ericmoritz
SMTP over sneakernet

------
arkitaip
Pretty lo-tech solution but it worked for many years so why not. What's
surprising is that they left behind so many usb flash drives; with them being
so cheap why not buy hundreds of low capacity drives and destroying them after
each dispatch.

~~~
ciupicri
Why should they destroyed them? I think they wanted to keep them.

------
mahmud
Why did they use USB sticks and not something that courier can chew/swallow,
like MicroSD?

~~~
jrockway
Why rely on digesting electronics when cryptography is just as secure?

~~~
mahmud
Deniable.

Cryptography doesn't do you any good if there are guys with a car battery
asking you very pointed questions, like "where did you get this encrypted
disk"?

With MicroSD in your mouth, they wont even get the idea to question you.

~~~
jrockway
We didn't exactly give bin Laden a lot of time to answer any questions. We
found him and shot him. Encrypted documents would have remained safe after his
death, but that MicroSD would be a goldmine of information that will
compromise his other operatives.

~~~
mahmud
I was addressing the transportation step of the message, not its long term
storage. From OBL to net-cafe, the dude carrying it would be safer with a
MicroSD, encrypted or otherwise.

------
aohtsab
A simple SOCKS proxy would have saved him a lot of trouble.

~~~
nikcub
In effect he was using a proxy, just one that he knew he could trust

~~~
ramdac
or thought he could. Isn't that what ultimately took him down?

~~~
nikcub
yes. but apparently he had a group of couriers, so we don't know if the
couriers who were running the USB disks to internet café's were the same as
the two brothers who owned the house

apparently he had a number of trusted couriers, and judging from what I have
read on tracking these couriers down[1], it wouldn't surprise me if he had
multiple levels of courier for his email

[1] apparently the couriers were so good at counter-surveillance that even
when the CIA had tracked one of the brothers down to Pakistan, it took them
two years to link them to the compound, since they both took exhaustive
counter-intelligence measures to make sure they were not tracked. amazing
story

------
karlzt
this article doesn't even mention email!

