] Thursday 25 December 2003, 17:13 Makka Time, 14:13 GMT
]
] Saudis swoop on DIY bomb guide
]
] Authorities in the kingdom have arrested five people after
] raiding computer shops selling compact disks containing
] hidden bomb-making instructions, a local newspaper reported
] on Thursday.
]
] Police were questioning four owners of computer shops in the
] southern Jazan region and a fifth person believed to have
] supplied the CDs to the shops, Al-Watan newspaper said.
]
] Officials were not immediately available for comment.
]
] The daily said some of the shop owners might not have known
] about the bomb-making tutorial files hidden on the CDs. Only
] someone with technical knowledge would be able to find the
] files.
That was quoted from:
http://english.aljazeera.net/NR/exeres/C8061E36-E4E5-4EB5-A103-19DCF838E835.htm
and the same story, almost verbatim, was carried by Reuters.
Comments:
1) This is not entirely unprecedented. Al Qaeda for years has
been hiding recruitment and training footage in the middle
of otherwise-innocuous video tape cassettes.
2) OTOH using a commercial distribution channel bespeaks a
certain boldness ... somebody is thinking big.
3) Also: as a rule, anything you do with computers generates
more headlines than doing the same thing with lower-tech methods.
This is significant to terrorists, who are always looking for
headlines. Conversely it is significant to us, who have much
to lose when our not-so-fearless leaders over-react.
4) One wonders how many CDs were distributed before the operation
was terminated.
5) I wonder how the authorities found out about it.
6) The article speaks of technical skill ... I wonder how
much technical skill was required. Probably not much.
7) Did it rely entirely on security-by-obscurity, or was there
crypto involved also?
(The latter is possible; whatever leak told the authorities
where to look could also have told them the passphrase...
but the article didn't mention crypto.)
I suspect there is a lot more to this story..
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]