[svlug] France and Lebanon (was: France.)
rick at linuxmafia.com
Wed Nov 18 16:16:24 PST 2015
> Quoting Michael C. Robinson (plug_1 at robinson-west.com):
> > The terrorists apparently used Sony Playstation 4 and secure DES
> > encryption to communicate in a way that intelligence could not pick
> > up.
In fact, someone whose reliability I trust, journalist and computer
security researcher Jacob Appelbaum, tweeted:
The attackers in Paris didn't even use a burner credit card or a false
name for their hotel? Massive intel failure is an understatement.
But don't take Appelbaum's word for it:
After Endless Demonization Of Encryption, Police Find Paris Attackers
Coordinated Via Unencrypted SMS
by Karl Bode
Wed, Nov 18th 2015 11:33am
In the wake of the tragic events in Paris last week, encryption has
continued to be a useful bogeyman [link] for those with a voracious
appetite for surveillance expansion. Like clockwork, numerous reports
were quickly circulated suggesting that the terrorists used incredibly
sophisticated encryption techniques, despite no evidence by
investigators that this was the case. [link] These reports varied in
the amount of hallucination involved, the New York Times even having
to pull one such report offline. [link] Other claims the attackers
had used encrypted Playstation 4 communications also wound up being
But the War on Math is being re-launched, anyway:
Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance
by Natasha Lomas
There’s no doubt [spooks] were waiting for just such an "opportune
moment" to redouble their attacks on encryption after recent attempts
to lobby for encryption-perforating legislation foundered. [link]
(A strategy confirmed by a leaked email sent by the intelligence
community's top lawyer, Robert S. Litt, this August -- and subsequently
obtained by the Washington Post [link] -- in which he anticipated that
a "very hostile legislative environment... could turn in the event of
a terrorist attack or criminal event where strong encryption can be
shown to have hindered law enforcement". Et voila, Paris.)
Here's a recap: terrorists can use encryption tools that are freely
distributed from countries where your anti-encryption laws have no
jurisdiction. Terrorists can (and do [link]) build their own securely
encrypted communication tools. Terrorists can switch to newer (or
older) technologies to circumvent enforcement laws or enforced
perforations. They can use plain old obfuscation to code their
communications within noisy digital platforms like the Playstation 4
network [link], folding their chatter into general background digital
noise (of which there is no shortage). And terrorists can meet in
person, using a network of trusted couriers to facilitate these
meetings, as Al Qaeda -- the terrorist group that perpetrated the
highly sophisticated 9/11 attacks at a time when smartphones were
far less common, nor was there a ready supply of easy-to-use
end-to-end encrypted messaging apps -- is known to have done.
Point is, technology is not a two-lane highway that can be regulated
with a couple of neat roadblocks -- whatever many politicians appear to
think. [link] All such roadblocks will do is catch the law-abiding
citizens who rely on digital highways to conduct more and more
aspects of their daily lives. And make those law-abiding citizens
less safe in multiple ways.
Facts and common sense need not deter the second spook assault on crypto,
apparently. So, personally, I _do_ see a security problem, here: I
see spooks carrying out an information DoS attack against public policy,
and needing to be reminded whom they work for, which is us.
> > I'm not a strong advocate of having back doors on encryption, but how
> > can this terrible abuse of technology be combatted?
> Good basic police work, would be a start. Information coming out of
> Belgium and France is suggesting deficiencies in that area, and I'm sure
> more will slowly dribble out.
And possibly also Germany? Or just bad international cooperation.
(Translating and summarising:)
Article claims police investigators stopped a VW Golf on Autobahn A8
between Munich, Germany and Salzburg, Austria, driven by a 51-year-old
man from Montenegro, and found under the hood two pistols and a hand
grenade. This was on November 5 (Guy Fawkes Day!). Further search at
the State Criminal Investigation Department also found eight AK-47s, two
more hand grenades, ammo, several more guns, and 1/5 kg of explosives in
various hiding places. The Montenegrin was arrested and is apparently
still being held. He was not previously known to police.
ARD (German Radio) terrorism expert Holger Schmidt is quoted as saying
the arrested man had preprogrammed into his car GPS unit directions to a
public car park in Paris. Article claims the Bundeskriminalamt (Federal
Criminal Police Office) immediately informed their French counterparts,
and describes the French reaction as 'reluctant'.
The arrest was in Bad Feilnbach in Upper Bavaria near the Austrian
border. I'm guessing the Montenegrin driver was travelling northwest
from -- probably -- the Balkans via Austria, then Germany, and would
have driven through Germany to France. Some of the countries that
comprised the former Yugoslavia have been a huge source of illicit
weapons smuggled into the rest of Europe for quite some time.
(I've summarised most of that article because it doesn't seem to have
hit the international press at all.)
Montenegro is a small, very rugged country (the name used in the West
being an Italian term for 'black mountain') on the west side of the
Balkan Peninsula with a bit over 1/2 million people, that I've visited
and like very much. It remains a bit poor but is on the rise. It is
somewhat multiethnic (using general categories, 90% Slavic, 5% Albanian,
5% other) and multireligious. Ethnonyms and names of languages are
themselves a political issue.
Back to the second Techcrunch article:
On the intelligence failures point, questions certainly need to be
asked, given that French and Belgian intelligence agencies apparently
knew about the jihadi backgrounds [link] of perpetrators of the
Paris attacks. Yet weren't, apparently, targeting them closely
enough to prevent Saturday's attack. And all this despite France
having hugely draconian counter-terrorism digital surveillance laws.
Gosh, massive surveillance didn't work in the absence of basic police
work, therefore we need more and worse mass surveillance and
legally-mandated insecurity added to all of our technology? Sounds
cuckoo, to me.
Cheers, WallJam7: Roses are red,
Rick Moen WallJam7: violets are blue.
rick at linuxmafia.com WallJam7: All of my base
McQ! (4x80) WallJam7: are belong to you.
More information about the svlug