Shostack + Friends Blog Archive

 

Al Qaeda's use of cryptography – scant evidence

Not too long ago, I gave a talk on privacy technology to the Atlanta chapter of the High Tech Crime Investigators Association. It was a talk that several of us at Zero-Knowledge had learned to give. The basic method for talking to police about privacy is to start from the need to reduce and prevent crime. (If you start by talking about how ecash is going to starve the beast, then they get all flustered and angry. Go figure.)

This was the first time I’d given such a talk since 9/11. It wasn’t useful after we’d made the decision to stop hemorrhaging money by shutting down the Freedom Network. (That was May or June of 2001.) So I did a fair bit of reading about Al Qaeda’s use of crypto. One of the more interesting techniques I found was the ‘draft message‘ method.

It seems consistent that Al Qaeda prefers being ‘fish in the sea’ to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they’re almost right! We love that they use bad crypto.)

There’s other evidence for this. In particular, the laptops captured have been exploited very quickly, in one case by a Wall St Journal reporter. So rumors of steganography or advanced crypto techniques have a burden of proof on them.

(From Financial Cryptography: Al Qaeda’s use of cryptography – scant evidence.)