[svlug] France and Lebanon (was: France.)

Rick Moen rick at linuxmafia.com
Wed Nov 18 16:16:24 PST 2015

I wrote:

> Quoting Michael C. Robinson (plug_1 at robinson-west.com):
> > The terrorists apparently used Sony Playstation 4 and secure DES
> > encryption to communicate in a way that intelligence could not pick
> > up.  
> Nope.  
> http://mashable.com/2015/11/16/isis-playstation-paris-attacks
> http://www.theverge.com/2015/11/16/9745216/playstation-4-paris-attacks-reporting-error

In fact, someone whose reliability I trust, journalist and computer
security researcher Jacob Appelbaum, tweeted:

  The attackers in Paris didn't even use a burner credit card or a false
  name for their hotel?  Massive intel failure is an understatement.

But don't take Appelbaum's word for it:

  After Endless Demonization Of Encryption, Police Find Paris Attackers
  Coordinated Via Unencrypted SMS
  by Karl Bode
  Wed, Nov 18th 2015 11:33am

  In the wake of the tragic events in Paris last week, encryption has
  continued to be a useful bogeyman [link] for those with a voracious 
  appetite for surveillance expansion.  Like clockwork, numerous reports 
  were quickly circulated suggesting that the terrorists used incredibly
  sophisticated encryption techniques, despite no evidence by
  investigators that this was the case. [link]  These reports varied in 
  the amount of hallucination involved, the New York Times even having 
  to pull one such report offline. [link]  Other claims the attackers 
  had used encrypted Playstation 4 communications also wound up being 
  bunk. [link]


But the War on Math is being re-launched, anyway:

  Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance
  by Natasha Lomas

  There’s no doubt [spooks] were waiting for just such an "opportune
  moment" to redouble their attacks on encryption after recent attempts
  to lobby for encryption-perforating legislation foundered. [link]
  (A strategy confirmed by a leaked email sent by the intelligence
  community's top lawyer, Robert S. Litt, this August -- and subsequently
  obtained by the Washington Post [link] -- in which he anticipated that
  a "very hostile legislative environment... could turn in the event of
  a terrorist attack or criminal event where strong encryption can be
  shown to have hindered law enforcement".  Et voila, Paris.)

  Here's a recap: terrorists can use encryption tools that are freely
  distributed from countries where your anti-encryption laws have no
  jurisdiction. Terrorists can (and do [link]) build their own securely 
  encrypted communication tools.  Terrorists can switch to newer (or 
  older) technologies to circumvent enforcement laws or enforced 
  perforations.  They can use plain old obfuscation to code their 
  communications within noisy digital platforms like the Playstation 4 
  network [link], folding their chatter into general background digital 
  noise (of which there is no shortage).  And terrorists can meet in 
  person, using a network of trusted couriers to facilitate these 
  meetings, as Al Qaeda -- the terrorist group that perpetrated the 
  highly sophisticated 9/11 attacks at a time when smartphones were 
  far less common, nor was there a ready supply of easy-to-use 
  end-to-end encrypted messaging apps -- is known to have done.

  Point is, technology is not a two-lane highway that can be regulated
  with a couple of neat roadblocks -- whatever many politicians appear to
  think. [link]  All such roadblocks will do is catch the law-abiding 
  citizens who rely on digital highways to conduct more and more 
  aspects of their daily lives.  And make those law-abiding citizens 
  less safe in multiple ways.


Facts and common sense need not deter the second spook assault on crypto, 
apparently.  So, personally, I _do_ see a security problem, here:  I 
see spooks carrying out an information DoS attack against public policy, 
and needing to be reminded whom they work for, which is us.

> > I'm not a strong advocate of having back doors on encryption, but how
> > can this terrible abuse of technology be combatted?
> Good basic police work, would be a start.  Information coming out of
> Belgium and France is suggesting deficiencies in that area, and I'm sure
> more will slowly dribble out.

And possibly also Germany?  Or just bad international cooperation.

(Translating and summarising:)

Article claims police investigators stopped a VW Golf on Autobahn A8
between Munich, Germany and Salzburg, Austria, driven by a 51-year-old
man from Montenegro, and found under the hood two pistols and a hand
grenade.  This was on November 5 (Guy Fawkes Day!).  Further search at
the State Criminal Investigation Department also found eight AK-47s, two
more hand grenades, ammo, several more guns, and 1/5 kg of explosives in
various hiding places.  The Montenegrin was arrested and is apparently
still being held.  He was not previously known to police.

ARD (German Radio) terrorism expert Holger Schmidt is quoted as saying
the arrested man had preprogrammed into his car GPS unit directions to a
public car park in Paris.  Article claims the Bundeskriminalamt (Federal
Criminal Police Office) immediately informed their French counterparts,
and describes the French reaction as 'reluctant'.

The arrest was in Bad Feilnbach in Upper Bavaria near the Austrian 
border.  I'm guessing the Montenegrin driver was travelling northwest
from -- probably -- the Balkans via Austria, then Germany, and would
have driven through Germany to France.  Some of the countries that
comprised the former Yugoslavia have been a huge source of illicit
weapons smuggled into the rest of Europe for quite some time.

(I've summarised most of that article because it doesn't seem to have
hit the international press at all.)

Montenegro is a small, very rugged country (the name used in the West
being an Italian term for 'black mountain') on the west side of the
Balkan Peninsula with a bit over 1/2 million people, that I've visited
and like very much.  It remains a bit poor but is on the rise.  It is
somewhat multiethnic (using general categories, 90% Slavic, 5% Albanian, 
5% other) and multireligious.  Ethnonyms and names of languages are
themselves a political issue.

Back to the second Techcrunch article:

  On the intelligence failures point, questions certainly need to be
  asked, given that French and Belgian intelligence agencies apparently
  knew about the jihadi backgrounds [link] of perpetrators of the 
  Paris attacks.  Yet weren't, apparently, targeting them closely 
  enough to prevent Saturday's attack. And all this despite France 
  having hugely draconian counter-terrorism digital surveillance laws.

Gosh, massive surveillance didn't work in the absence of basic police
work, therefore we need more and worse mass surveillance and
legally-mandated insecurity added to all of our technology?  Sounds
cuckoo, to me.

Cheers,                                           WallJam7: Roses are red,
Rick Moen                                         WallJam7: violets are blue.
rick at linuxmafia.com                               WallJam7: All of my base
McQ! (4x80)                                       WallJam7: are belong to you.

More information about the svlug mailing list