Sunday, May 15, 2011

Osama?s Diabolical Plan for Secure Email: Thumb Drives


Does al-Qaida really not have an IT department?

The U.S. intelligence officials poring over Osama bin Laden?s hard drives and recording devices have come to the preliminary conclusion that he managed ?even tactical details? of the terror group?s business from Abbottabad. But bin Laden kept the compound off the communications grid to avoid the watchful eyes of American spi services like the National Security Agency. So how?d he deliver his instructions?

Not in a sophisticated way. bin Laden would compose a message to an operative on his personal computer, place the document on a flash drive and give it to a courier. Officials explain to the Associated Press that the courier would drive to a ?distant internet cafe,? stick the drive into a cafe computer?s USB, and send off bin Laden?s message in an email.

Spot the security flaws here. Who knows what nasty worms lurk in Pakistani internet cafes. If the flash drives get infected, so too could bin Laden?s computers, assuming the drives don?t get discarded after one use like burner phones. The military briefly banned (then unbanned, the rebanned) removable media after infected flash drives spread a worm across its secure networks in 2008, something the Pentagon claims was a foreign spy attack. Wasn?t the NSA watching Pakistani internet cafes or monitoring suspicious IP addresses? Was no U.S. operative ready to send out a virus?

You?d think a more secure alternative would have been to set up a dummy web-based email account called something innocuous like Catlover622@webmail; distribute a password to need-to-know operatives; send a message to a non-existant address; and let everyone log in to read the bounceback email.

Sure, bin Laden evaded a manhunt for a decade. But it appears his network security strategy wasn?t designed by people familiar with all Internet traditions.

Photo: Flickr/Eliza Evans

See Also:

Spencer Ackerman is Danger Room's senior reporter, based out of Washington, D.C., covering weapons of doom and the strategies they're used to implement.
Follow @attackerman and @dangerroom on Twitter.

Source: http://www.wired.com/dangerroom/2011/05/osamas-diabolical-plan-for-secure-email-flash-drives/

pdt siri birds ryan braun dingo

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.