[Cryptography] ISIS has ‘help desk’ to aid would-be terrorists with encryption

[ianG]

On 19/11/2015 14:53 pm, Phillip Hallam-Baker wrote:
> I am getting so fed up with unsourced nonsense stories.
>
> The CIA is fully capable of making an official statement. The CIA
> director and the DNI regularly give press interviews, public speeches
> and testify in Congress. If either the NSA or the CIA believes these
> things are happening and believes we should know that is the case,
> they can do so by having a named spokesperson give an on the record
> briefing.


Wait - are you giving any credence to any statements official or 
otherwise?  Why is that?  I can't recall the last time I saw a statement 
that wasn't broken by standard levels of challenge and skepticism.

At this stage, it would seem an impossible task for any of the agencies 
concerned to change their culture to make a statement, official or 
unofficial, that was in any way reliable or useful to the public.

e.g., 1. Look at the trouble NIST is in trying to come up with a 
credible statement.

e.g., 2. Notice the recent Russian plane that went down - for the first 
time that I can remember, there was deliberate suppression of the causes 
by/in the Russian media.  They mostly said "we don't know", whereas in 
the west, MSM immediately slots in the fashion statement threat de jure. 
  and E.g., 3. Paris was caused by crypto, syrian refugees and weak gun 
control over civilians.

e.g., 4. recent NSA statement on EC - we still don't know what it means 
or what to do, other than generally panic.

tl;dr - believe nothing that the agencies or MSM write about.  Reverse 
it and you'll likely find more reliability.


...
> It now turns out that there is absolutely no evidence of a Playstation
> 4 being involved in the attack. What happened was that this was put
> out as a hypothetical to show how hard the problem of intelligence is
> today and this hypothetical was assumed to be an example.
>
> It now turns out that there is absolutely no evidence of the Paris
> attackers having used encryption. The cell phone that was recovered
> has only short SMS messages that would only convey information to
> someone who already knew the plan. There is no need to encrypt a
> message that says 'Go'.


Indeed, this is standard military training, or was in my day.  For 
example, if engaged in a firefight, we knew that the enemy would also 
know pretty soon what we would know, so things like location, time, 
casualty numbers, and estimates of the enemy strength were not 
encrypted, because if encrypted, they would give the enemy cribs with 
which to crack the codes.

(OK, so this assumes that the soldiers on the ground were using pencil & 
paper codes rather than encrypted radios, but the principles still apply.)


> The Paris attacks were conducted by a group of people who had military
> weapons and had been trained to use them. There is no evidence of any
> communication between DAESH HQ and the attackers of any sort. But even
> if the attack was performed on orders from HQ, there is no reason to
> believe that these amounted to anything more than 'kill as many
> infidels as you can in a European capital of your choice as soon as
> possible'. There is no reason to believe that DAESH HQ would have
> anything to contribute to the planning of the attack.
>
> So what we have here is a clash of cultures. The highly centralized,
> rigid, US military is unable to function without constant
> communication. At this point, the decision to launch missiles from a
> drone is frequently taken at the level of Colonel or above.


Launching a drone missile has to be taken at a high level because 
they're engaged in an illegal act.  Decisions to commit war crimes 
cannot be easily delegated, because soldiers are trained not to conduct 
illegal acts, they have to be ordered to do so [0].


> Being used
> to this situation, the US military seems unable to comprehend that
> another organization would not consider it necessary. Which is really
> odd since only a few decades ago, US special ops would have conducted
> operations under complete radio silence as a matter of course.


The problem here is a peculiarly American one, with some leak-over to 
5-eyes.  In short, USA agencies are obsessed with sigint.  Breaking this 
obsession down to parts,

  1. historical success (Enigma, Purple and so forth).
  2. technological advantage (Silicon Valley effect).
  3. economies of scale in listening to everything.
  4. economies of scale in employing mathematicians.
  5. industrial-military-crypto complex - the ability of large defence 
suppliers to convince the employment of strategies that support large 
defence suppliers,
  6. hubris and the ability to get locked into ones own OODA.

I'm not scientific enough to apply percentages to those factors, and 
there may be others, but it's a pretty big cultural trap the USA is in. 
  What is perhaps more interesting is that 6. totally undermines 1 and 
diminishes 4 to nearly worthless.  2 is dying with the rise of China. 
And 3. is easily defeated by "radio silence" or burner phones.

What's left is 5 -- which appears to be getting stronger and stronger, 
if the rise of cyberwarfare divisions in security & defence firms is any 
indicator.



iang


[0] Soldiers are also trained to refuse illegal orders, but today is not 
the day for grunt-level philosophy ;)