Feeds

back to article BA jihadist relied on Jesus-era encryption

An IT worker from British Airways jailed for 30 years for terrorism offences used encryption techniques that pre-date the birth of Jesus. Rajib Karim, 31, from Newcastle, was found guilty of attempting to use his job at BA to plot a terrorist attack at the behest of Yemen-based radical cleric Anwar al-Awlaki, a leader of al- …

COMMENTS

This topic is closed for new posts.

Page:

Bronze badge

Rule #1

Rule #1 of encryption, randomness, steganography, copy-protection or a million and one other related areas:

Just because you *think* it's better than a published algorithm reviewed by thousands of experts, doesn't mean it *IS* better.

Rule #2: Never "make up" your own encryption, random number generator, steganographic technique, copy protection etc. - it'll never work and if you *ARE* an expert, you'll know that you'll need to have people attacking it for decades before you declare it "secure enough". Even using the published ones "with a twist" or a new from-scratch implementation will compromise your encryption most of the time.

Rule #3: Don't trust in God when 2048-bit, peer-reviewed, PKE exists and has *never* been "cracked", even when terrorists used it and we needed access to the information contained within for anti-terrorist purposes. Seriously. There's never been a case where "real" encryption that wasn't hideously out-of-date was used and some random three-letter agency managed to decrypt it. There's a reason for that - that's what it was DESIGNED for.

25
1
Thumb Up

Gee, leo

Thank you so much for being so enthusiastic about helping terrorists to hide their secrets. If only they had YOU as their IT guy, all those infidels would have been dead by now. :)

3
19
Silver badge
Boffin

Oh, they tried

"Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim also rejected the use of a sophisticated code program called "Mujhaddin Secrets", which implements all the AES candidate cyphers, "because 'kaffirs', or non-believers, know about it so it must be less secure"."

If they had had employed methods that the infidels are used to they might well have gotten away with it. But, with the typical 'wisdom' shown by hard-core beleivers they came up with a huge fail.

There is a highly technical solution but the twats though they were better.

12
2
Joke

LOL

What are you talking about? All encryption methods can be broken within 60 seconds. I have seen it on TV: the movie Swordfish, the show "24", so it must be true. :P

"This is Jack Bauer. I had to shoot the suspect. I am at his terminal of doom, but it requires a password."

"Ok, let's see what we can do." Clickety-clickety-click ... (60 seconds of ADVERTISING) "Jack, we got the password."

"Give it to me."

"8Fz*,FX"mUKIudo1N*J6h%"h4mmJ@*+G1g7yblvg"jR@7cWiRsx"

11
0
Anonymous Coward

I agree...

Although I would point out that, just because a particular type/strength of encryption hasn't been anounced to be cracked, doesn't mean that it's not crackable by GCHQ/NSA. It may be a routine crack, it may be very non-trivial but doable. They are very unlikely to announce they can crack particular cyphers.

Bear in mind that we now know that GCHQ operated PKE for years before it was "invented" by messers Rivest, shamir and Adleman.

4
0

Rule #3

History is full of cases where three-letter agencies or their equivalents have worked out how to crack what were believed to be state of the art encryption schemes. There's a reason for that too - that's their job. If they're doing it properly the first we'll know about it is when the documents are eventually declassified.

1
0
Joke

GCHQ

My money would be on it still taking them months to do, so for your average porn hiding requirements (which 99% of El Reg readers will be needing it for I bet) they probably wouldn't bother :D

0
0
FAIL

Don't sweat it

They would never read The Register aways, it's run by infidels.

11
1
Anonymous Coward

Ummm

Normally it suffices to just brute force the password encrypting the real cypher, rather than actually crack the encryption.

1
0
Silver badge

GCHQ / NSA etc

I think it's reasonable to assume that these big orgs have the resources to invest in a distributed system that cracks files, large databases that host reverse hash lookups of every password of some arbitrary length, song lyrics, every book passages, religious verse, movie quotes, phrases, sayings and idioms and numerous other languages with appropriate transliteration. It's even likely they know of weaknesses in crypto that reduce the effort to brute force attack encryption reducing the number of rounds it takes.

What isn't likely is that there is some magic backdoor in the crypto. AES and its ilk has been analysed for years. The user's choice of passphrase is likely to be far more vulnerable than the algorithm. Therefore anticipate what the attackers are likely to be capable of and make the passphrase stronger than that.

Of course GCHQ / NSA aren't brute forcing random messages. They're probably eavesdropping on particular sites, and email providers, and cell phones and so forth. They probably have a fair idea that something is up and who the perps are simply from monitoring messages passing between certain people even if the content of said message is unknown. I bet this maroon was a suspect way before they got around to cracking his messages. Therefore it would be as important to communicate in a way which didn't arouse suspicion as much as it would the manner in which it was done.

3
0

This post has been deleted by its author

Anonymous Coward

Sure, here's title.

That's why I wouldn't touch Rijndael for anything I would ever want to hide from NSA et al. They've chosen it for AES ergo they might have some hidden reasons for it (like availability of cracking method).

0
2

Re Rule #1

Simply XOR the data with a secret key as long as the data and it's uncrackable, very old technology, the only weak point is keeping the secret key secret (and transporting it), don't reuse the key and there's no technical weakness in this encryption.

0
0
Silver badge

Re Re Rule #1

A secret, *perfectly random* key as long as the data.

0
0
Coat

The title is required, and must contain letters and/or digits.

I thought it was run by Lesbians...

0
0

@Re Re Rule #1

Yes; it's called a one-time pad, and it's the only form of encryption believed to be truly unbreakable, as long as the key is truly random and isn't left around somewhere where it can be found, and is never reused.

2
0
Joke

crap.

Now I have to change my password.

0
0
FAIL

It's Ironic

That most of the basic maths used in modern encryption were discovered in the Arab world.

0
0

Please clarify which Campbell

"Lunchbox" Campbell or

"Beneath the City Streets" Campbell?

The latter would be an excellent addition to Register correspondents!

(rot13 to reveal the message:)

0
0

Silly terrorist is silly

Hello Mr Terrorist,

We kaffirs all know about encryption so if you want my advice you should use lemon juice as invisible ink.

When your mate warms the paper in an oven it will show up your secret message. You should definitely do this because no one else uses it so it's more secure.

P.S. We also know about explosives so next time, use water bombs because we won't be expecting that and we'll be very afraid.

29
1
Anonymous Coward

What?..

Idiots!

That is all.

1
0
neb
FAIL

allah be praised...

...they didn't have an cracker jack secret decoder ring or we'd have been completely screwed

i suppose its one step up from ROT13 though...

4
0
Gates Horns

Excellent news

If the terrorists are using Microsoft products they're just making things harder on themselves.

Can we trick them into using Word and PowerPoint?

7
0
Silver badge

Fair enough

Word and Powerpoint - there's no way I could stumble upon any hidden code in them - they don't exist on my machine.

0
0

Win

nt

0
0

MS Office?

and why do you think they're so angry at the west?

2
0
Gold badge

Concur

No better denial of bomb planning tools exist today...

0
0
Silver badge
Troll

Wrong algorithm

They should have used double ROT13 encryption

10
0
Silver badge

Brilliant :-)

As 5 layers of substitution cypher is as strong as one layer...

3
0
Joke

Re: Wrong algorithm

No, they need to be even MORE secure and use ROT26! Thus, NObody will be able to figure out their secret messages!

0
0

@Re: Wrong algorithm

As long as they don't speak Arabic.

0
0
Silver badge

Maybe Bletchley Park

should sell them an app that simulates the Enigma machine. Then we can put a remade Colossus or Turing bomb to good use again. ;-)

You really have to laugh at their stupidity. I new how to decrypt single letter replacement schemes as a kid (10 or 12 y/o).

If you REALLY want to be secure, use a (sufficiently random) one time pad. This is provably uncrackable. Truly random bits can be obtained can be obtained in many ways (including the use of various quantum devices, and radioactivity (no bad Fukushima jokes please)).

1
1
Headmaster

It's bombe, not bomb

See title

2
0
Anonymous Coward

bomb/bombe/balm

A balm? What are you giving him a balm for? It might bite him.

1
0
Anonymous Coward

Special delivery...

A bomb, for you...

0
0

Who told you to put the balm on?

http://www.youtube.com/watch?v=IzowSs9mNOM

0
0
Silver badge

Encryption

I wouldn't be too sure that 2048 <whatever> hasn't been cracked, either. Most of the secret agencies in the world might crack it routinely, but they wold never let on, lest their enemies stop using it.

2
1
Silver badge
Paris Hilton

JIHAD FAIL!

It's actually sad.

I wonder whether that kind of research can be found in the Qaeda fanzine. I remember something about mounting swords on 4x4 trucks, Persian-style, so it wouldn't be surprising.

0
0

Ppfmfp ppmffm

Ppfmfp ppmffm mfmmmmfppmpm fmpmfpmppffm'fpmmpp pmpmffpmfpmfmppmpm FmpMppMfp fmmmppmmfpffmppfmp mmfppfmpmmpp fmpmfpmpp mmpmmmfmmfmpmmmpffmpmfmm

0
0
Silver badge

Next time?

They'll know better.

0
0

Yup, expect "blank" wax tablets being posted around the world.

Or, if they're really crafty, they'll draw pictures of dancing men.

2
0
Silver badge

Pictures of dancing men

It was good enough for Captain Nancy

1
0

@Yup, expect "blank" wax tablets being posted around the world. →

My dear Holmes!

0
0
Black Helicopters

Wow

There's an encryption package called Mujhaddin Secrets?

How does it compare to PGP or whatevers used on Wikileaks insurance file?

0
0
Stop

Mujhaddin Secrets?

Well I'm not googling that one. I don't fancy any more involvement with Cheltenham than my E/W on Denman.

3
0
Silver badge
Grenade

There's an encryption package called Mujhaddin Secrets?

That's just to fool you. It's actually a Halal perfume.

7
0
Anonymous Coward

Welcome to the idiot machine

Honestly, this is how I like my jihadist terrorists. I'd rather do without them entirely, mind, but if, then IT bods that insist on rot-N fit the bill nicely. This is NOT how I like the prosecution. Not even if they were prosecuting me*. Why do they insist on matching both sides on equal stupidity? Is this what's supposed to protect us? Hello?

More proof that the security circus is a waste of time and money and a fertile source of injustice. And no, not strictly because most "holy warriors" turn out to be, shall we say, a bit warped.

* I admit to no more untoward thing than general commentarding and occasional calling for firing and blackballing of egregiously incompetent shmucks from jobs that involve the public trust, guv.

2
0
Silver badge

Encryption ?

Surely a substitution cipher is just obfuscation rather than encryption ?

2
0

Nope

2048 bit PKE isn't 'real' encryption, it is only a 'good' cypher. Real encryption is OTP.

1
0
Silver badge

BA should be ashamed of themselves

Imagine hiring this idiot as an IT specialist.

12
0

Page:

This topic is closed for new posts.