James Bamford is an author of several books, including some of the first on the National Security Agency, the code breakers and signals intelligence operators. He has written a recent book on intelligence manipulation in the run up to the Iraq war.
During a radio interview he was asked about the Iranian code crack. http://freshair.npr.org/day_fa.jhtml;jsessionid=0DIL5REBMCVQPLA5AINSFFA?display=day&todayDate=06/08/2004
His reply, from sources in the NSA-
Current cryptosystems are very complex and hard (near impossible) to crack. The way its done now a days (as opposed to WWII Ultra efforts), is to penetrate an embassy (in this instance, Iran's embassy in Baghdad) and bug the hardware, getting the information before its encrypted. Of special interest- bug the keyboard, bug the monitor, bug the power cord.
How its gathered by the interested parties was not discussed,
Yours- Ridge
----------------------------------
Peter Gutmann wrote:
"R. A. Hettinga" <[EMAIL PROTECTED]> forwarded:
So now the NSA's secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret, and the snitch is certainly guilty of treason.
Someone (half-)remembered reading the Crypto AG story in the Baltimore Sun several years ago, bragged to Chalabi that the US had compromised Iranian crypto, and the story snowballed from there. The story could have started out with a loquacious (Sun-reading) cab driver for all we know. Some reports have suggested the source was drunk, so maybe it was a drunk in a bar. Maybe Chalabi read the story himself and invented the snitch to make it seem more important than it was, or to drive the US security community nuts with an orgy of internal witch-hunting. Given the lack of further information, it could have been just about anything.
Peter.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
