November 07, 2004

Al Qaeda's use of cryptography - scant evidence

This article by Debka announces a new "Terrorist Encyclopedia" that is apparently written and issued by Al Qaeda to its troops (if that's the correct term). It is described to be an intelligence or operations manual, and is credited to the intelligence chief of the organisation, one Seif bin Adel.

Where they (the manual and the aticle) bear relevance is in the penultimate paragraph:

``large part of the book is devoted to questions on "How to communicate and relay messages safely on the Internet and by e-mail." Offered here are instructions on how to use Microsofts Word to transmit messages without leaving a trace and how to pirate usernames and passwords unbeknownst to their owners to plant alien content in their computer files. An electronic or telephone notice then goes out to the al Qaeda recipients informing them of the username, password and filename the need to unload the secret message buried in the pirated file.' '

No mention of cryptography there; it would seem that for cryptography policy and cryptography in general, terrorists do not number amongst our flock. See an earlier blog entry on their soldier's basic field manual for ciphers of limited strength.

Still, it behoves us all (on all sides of all fences) to know and appreciate just what sort of threat is raised here. If this is the state of the art of communications security by this and similar organisations, then we can set the record straight when ignorant threat claims are made and poorly thought-out policy is proposed.

(I haven't found the actual documents. Someone obviously has these and will translate this work and make copies available digitally - keep an eye out for them!)

(An addendum: Adam Shostack's trackback pointed at this good description of Al Qaeda commsec security practices. Only passing mention of crypto.)

(A further addendum 2004-12-21: NYT article Surveillance is daunting in the Net's dark alleys states:

Terrorists rarely have to be technically savvy to cloak their conversations. Even simple prearranged code words can do the job when the authorities do not know whose e-mail to monitor or which Web sites to watch. Interviews conducted by Al Jazeera, the Arab television network, with the terror suspects Khalid Shaikh Mohammed and Ramzi bin al-Shibh two years ago - both have since been arrested - suggested that the Sept. 11 attackers communicated openly using code words. The "faculty of urban planning," for instance, referred to the World Trade Center. The Pentagon was the "faculty of fine arts."
Posted by iang at November 7, 2004 08:16 AM | TrackBack


Law enforcement investigations are first and primarly interesting in traffic analysis. Not content.

"Code book" cryptography is virtually unbeatable because of its low redundancy. Ample examples of the troubles with "code book" crypto can be found in Khan; Trouble for their users as well as for their cryptoanalysists.

So hidding your trail provide better protection then flagging communication to be "encrypted".

Maybe, just maybe in an open society it doesn't matter who you are talking to. And, what you are talking about does matter.

But, in the murky waters of criminal organisations, who you are talking to does matter. And criminal investigators now that.



Posted by: Twan at November 12, 2004 10:15 AM