-Caveat Lector-
How the plotters slipped US net
Thursday September 27, 2001
The Guardian
As US forces converge on Afghanistan, Osama bin
Laden's satellite phone has not been cut off. But
calls to the terrorist leader's laptop-size satphone -
relayed via an Inmarsat satellite 40,000 km over the
Indian Ocean - are going unanswered.
His number - 00873 682505331 - was disclosed earlier
this year in the New York trial of his associates for
bombing the US embassy in Kenya. Callers now hear a
message stating he is "not logged on or not in the
dialled ocean region".
His satphone was used frequently during the 90s. Bin
Laden was heard advising Taliban leaders to promote
heroin exports to the west. National Security Agency
(NSA) officials even played recordings of him talking
to his mother to security-cleared visitors to their
headquarters, as a trophy of their prowess. After
failing to warn of the attack, the agency has fallen
silent.
According to US intelligence, the satellite phone has
not been switched on all year. Experts do not believe
he was unaware of the US eavesdropping, which is
simple to do. Even amateurs can tap Inmarsat using an
antenna made of DIY parts and a scanner bought for
�150 in the high street. Bin Laden may, however, have
been unaware that NSA "sigint" satellites, listening
from space, could pinpoint his location. The
satellites are controlled from ground stations near
Denver, Munich, and at Menwith Hill in Yorkshire. But
they could only locate him when he was logged on.
Using this method, US intelligence believed in 1998
that they had found him. In August 1998, President
Clinton authorised a cruise missile attack on a
training camp at Khost, Afghanistan. By the time the
missiles landed, Bin Laden had gone.
Having failed to forestall the worst attack of all,
many Americans have taken to blaming new technology.
Congress will shortly debate a new Anti-Terrorism Act
of 2001, which will further loosen controls on
electronic surveillance. The NSA already operates a
global communications surveillance system in
conjunction with Britain's GCHQ. One of the proposed
provisions would allow GCHQ to conduct random
surveillance of American citizens' communications and
send them on. This would breach the US bill of rights.
(Non US citizens have no protection.)
The potential use by terrorists of the net and
encryption have for years been a major target of
intelligence agencies and politicians. They have
demanded curbs on privacy and the banning of
encryption. Throughout the 90s, the IT community was
continually focused on whether or not security
software that used encryption should also use
"escrow". Escrow requires keys allowing private
messages to be decoded to be given to the government.
In December 1999, the US government abandoned controls
on the use of "strong encryption". It was also forced,
on commercial grounds, to follow European countries
and abandon the demand that encryption be illegal
unless escrowed.
In the US and in Britain, some advocates of escrow had
seemed almost eager to see a major terrorist disaster
using internet encryption, to prove them right.
Privacy campaigners countered that banning strong
encryption would never prevent terrorism but would
damage e-commerce.
Within hours of the carnage in America, these
arguments were back in the headlines. A day after the
attack, it was asserted that the net and encryption
was undoubtedly to blame, and must have been used to
coordinate the attacks.
Seven months earlier, a widely quoted newspaper report
had claimed that bin Laden's followers were operating
a communications network based on encrypted messages
concealed inside pornographic pictures. This
technique, steganography, hides a coded message inside
a picture or music file by making numerous small
changes to data. The changes are invisible to ordinary
viewers or listeners, but can be read by special
software.
The February report luridly alleged that his group had
relayed the "encrypted blueprints of the next
terrorist attack against the United States", including
maps of targets, inside "X-rated pictures on several
pornographic web sites" (see
www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm)
.
This month's attacks have provided the first, tragic,
test of who was right about the net, encryption and
terrorism. The answers, so far as they are known, were
given last Tuesday by the FBI at a Washington
briefing. FBI assistant director Ron Dick, head of the
US National Infrastructure Protection Centre, told
reporters that the hijackers had used the net, and
"used it well".
FBI investigators had been able to locate hundreds of
email communications, sent 30 to 45 days before the
attack. Records had been obtained from internet
service providers and from public libraries. The
messages, in both English and Arabic, were sent within
the US and internationally. They had been sent from
personal computers or from public sites such as
libraries. They used a variety of ISPs, including
accounts on Hotmail.
According to the FBI, the conspirators had not used
encryption or concealment methods. Once found, the
emails could be openly read.
The allegation that plans have been hidden inside
internet porn has, so far, proven unsupported. A few
days before the attack, a team from the University of
Michigan reported they had searched for images that
might contain terror plans, using a network of
computers to look for the "signature" of
steganography. According to researchers at the Centre
for Information Technology Integration, they "analysed
two million images_ but have not been able to find a
single hidden message" (see
www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf).
The FBI said this week they had nothing further to
add. US and British communications intelligence
agencies are also examining past internet intercepts.
Information will be incorporated into a secret report
to the US Congress, but will not be made publicly
available. One US senator has claimed that soon after
the attack, NSA received a call from a US cell phone
to a "suspected bin Laden operative in Europe"
announcing: "We hit the targets."
Despite the forthright position taken by the FBI, some
US newspapers have continued to report technological
myths in circulation before the attack. Last Friday,
the Washington Post claimed the inventor of the widely
used PGP (Pretty Good Privacy) encryption system, Phil
Zimmermann, had been "crying every day... overwhelmed
with feelings of guilt". Although the FBI had already
said they had found no evidence of these terrorists
using encryption, Post readers were told that
Zimmermann "has trouble dealing with the reality that
his software was likely used for evil". (see
www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html)
In a public statement this week, Zimmermann accused
the Post of serious misrepresentation in publishing
things he never said. "Read my lips," he said, "I have
no regrets about developing PGP." His grief had been
for the victims, not for culpability about his
invention.
The Washington Post and other US newspapers have also
reported that bin Laden has access to satellites more
powerful than the NSA's, and uses a communications
company controlled by a relative to overcome US
monitoring. Neither the satellites nor the company
exist.
Dr Brian Gladman, formerly responsible for electronic
security at the Ministry of Defence and Nato, believes
that the reason that the terrorists didn't use
encrypted email is that it would have "stood out like
a sore thumb" to NSA's surveillance network, enabling
them to focus on who they were. There is also evidence
that, when communicating, the terrorists used simple
open codes to conceal who and what they were talking
about. This low-tech method works. Unless given leads
about who to watch, even the vast Echelon network run
by NSA and GCHQ cannot separate such messages from
innocuous traffic.
NSA's problem, says Gladman, is that "the volume of
communications is killing them. They just can't keep
up. It's not about encryption."
NSA has been attempting to keep up with the internet
by building huge online storage systems to hold and
sift email. The first such system, designed in 1996
and delivered last year, is known as Sombrero VI. It
holds a petabyte of information. A petabyte is a
million gigabytes, and is roughly equivalent to eight
times the information in the Library of Congress. NSA
is now implementing a Petaplex system, at least 20
times larger. It is designed to hold internet records
for up to 90 days.
Dr Gladman and other experts believe that, unless
primed by intelligence from traditional agents, these
massive spy libraries are doomed to fail. The problem
with NSA's purely technological approach is that it
cannot know what it is looking for. While computers
can search for patterns, the problem of correlating
different pieces of information rises exponentially as
ever more communications are intercepted. In short,
NSA's mighty technology apparatus can easily be
rendered blind, as happened here, if it has nothing to
start from.
The new legal plans may therefore do more harm than
good. According to Cambridge computer security
specialist Dr Ian Miller, bringing back escrow "will
damage our security in other ways, and divert an
enormous amount of effort that would far better be
spent elsewhere. It won't inconvenience competent
terrorists in the least."
PGP inventor Phil Zimmermann thinks the penalty of
politicians misunderstanding technology will be even
more costly. "If we install blanket surveillance
systems, it will mean the terrorists have won. The
terrorists will have cost us our freedom."
. Duncan Campbell is a freelance investigative
journalist.
. Comments to online.feedback @guardian.co.uk
================================================================
Kadosh, Kadosh, Kadosh, YHVH, TZEVAOT
FROM THE DESK OF:
*Michael Spitzer* <[EMAIL PROTECTED]>
The Best Way To Destroy Enemies Is To Change Them To Friends
================================================================
<A HREF="http://www.ctrl.org/";>www.ctrl.org</A>
DECLARATION & DISCLAIMER
==========
CTRL is a discussion & informational exchange list. Proselytizing propagandic
screeds are unwelcomed. Substance�not soap-boxing�please! These are
sordid matters and 'conspiracy theory'�with its many half-truths, mis-
directions and outright frauds�is used politically by different groups with
major and minor effects spread throughout the spectrum of time and thought.
That being said, CTRLgives no endorsement to the validity of posts, and
always suggests to readers; be wary of what you read. CTRL gives no
credence to Holocaust denial and nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://peach.ease.lsoft.com/archives/ctrl.html
<A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of
[EMAIL PROTECTED]</A>
http:[EMAIL PROTECTED]/
<A HREF="http:[EMAIL PROTECTED]/";>ctrl</A>
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
