Monday, November 16, 2015

How did the Paris attackers communicate without detection?

There are some questions about the manner in which the Paris attackers communicated with the ISIS operational HQ during and prior to the attacks. During the Bombay 2008 attacks, the terrorists were using sat-phones - talking directly with an ABHQ in Pakistan.

There are two basic protocols for secret communication - a dead drop or a live drop.

In a dead drop, the information can be with or without encryption, however - it is cumbersome process, poorly suited for real-time evolving needs.

In a live drop, the information is encrypted with either a DES (public+private key pair) or a Vernam cipher (with associated key distribution). The possibility of detection is high, so you have to ensure that neither end is compromised.

If the communication is compromised, then the element of deniability is lost - such as the Pakistani ABHQ during the Bombay 2008 attacks learned.

As the NSA downloads a vast variety of electronic communication, the only way to really escape it are to either find a non-downloaded stream, or hide in the noise, or up the level of encryption.

Examples of non-downloaded streams apparently are PS2 game based channels. In games such as Gears of War or Call of Duty etc... the players can communicate with each other. The players can exchange messages with words like "target","kill", etc... without raising suspicion. There would be little point in downloading these streams as the amount of nonsense in them would simply create false positives and chew up valuable processor time of the NSA's AIs.

An example of hiding in the noise is to stick to non-IMEI numbered phones or one-time use phones. These are typically bought by poorer users who can't afford expensive data plans. The use is infrequent. Among immigrants (like Syrian, Iraqi and Afghan) the phones get limited use and numbers in these states are called relatively infrequently as the refugees attempt get in touch with relatives. Given the high cost of the call, the calls are brief and screening them is resource intensive. This is a place where a communication could be hidden (theoretically speaking).

An example of upping the encryption is to use a multi-layered RSA - encrypt communications within communications. Again this is feasible for anyone to do, public key and private key generators are available, these can be downloaded onto any smart phone and used. There is a drawback - people can still hear you transmitting and even if they can't understand what you are saying - they will pick up changes in the occurrence of the transmissions. If you wanted to use a Vernam cipher, you would have to distribute the keys first. That is a separate but important challenge.

Whoever handled the communications for the Paris attack knew what they were doing as they appear to have defeated the electronic surveillance regime in Europe and the Middle East.

Given the ethnic tensions in Europe, and the poor nature of border surveillance, there is a very high likelihood that the attacks will keep happening until the core communication network is broken. 

The possibility of failure in that regard is real. India for example has consistently failed to break the communication  networks of the ISI inside India. The ISI can typically piggyback any terror strike on its networks and dramatically improve the chances of its success. This is why Indian security planners constantly have to work on ways to keep pressure on the ISI and its channels in India.

I don't know if there will be a victory in what is now a very Eurocentric war on terror. The Belgians have identified possible nodes in Molenbeek.  There are other places where that can happen in Europe (Amsterdam, London, certain parts of Manchester etc.. come to mind) but hopefully if the communication network in Molenbeek can be disrupted - a temporary reprieve will be obtained until whoever put that network in place regenerates it (or if you believe in this CryptoParty stuff - the network self-assembles - again don't know what the limiting timescale is for something like that). 


At 7:48 AM, Blogger maverick said...

A few quick comments

>> it was Syrian immigrants who could all be terrorists and we are just letting them into our country..

Yawwwwwwn... I suppose the refugees could have been given proper screening like those 9/11 highjackers who applied for and got actual visas to the US. When 7 out of 8 attackers is a French citizen - the claim that it's those refugees doesn't hold water. This refugee passport is probably just a misrecognition issue. I don't trust a single thing a procurer says in France - I'll wait for the inquisitorial Magistrate to weigh on the issue before forming any opinions.


Yawwwnn... Yawnnnn... been there and done that like a decade ago.

No seriously, I get it - Europe just got its ass shot out from under it, that happens from time to time for everyone. I am okay with comparisons to the 9/11 (which the Paris attacks are NOTHING like!!) but when you are done railing against Muslims, Jews, etc... etc... get it together and focus on how you are going to take apart a provocation created by the ex-agents of the Saddam era Mukhabrat. That is what you are up against.

This ISIS is a false flag operation for the ex-Mukhabarat types. These Mukhabrat types are a handful - imagine what would happen if the US hadn't made a deal with the Gehlen organization in 1945. If you go up full frontal against these guys - it is going to get super messy. You are dealing with a major intelligence agency with serious skills and organizational strength.

They will fuck you up if you don't keep your shit together.

Hint hint... flying Rafales in circles over random cities in Syria isn't going to do shit.

Break the back of the communication networks in Europe. That is your only hope of a meaningful pause in the situation.

At 4:26 AM, Blogger maverick said...

Okay - I am going to say this and hopefully no one will be too offended.

There are doubts about ISIS involvement.

The reason there are doubts is that no visible communications to the ABHQ during or just prior to the attacks can be found.

There are only two possible ways in which this could be true.

1) The correct ABHQ has not been identified - investigators are barking up the wrong tree - they have the wrong set of people under investigation.

2) ISIS isn't responsible and it is taking responsibility in the same way that a certain political figure running for President of the US takes responsibility for "predicting" terrorist attacks!

Again most of us would simply shake our heads and say... Ah those wonderful European Police organizations and their crazy investigations...

But the deeper truth is we need to identify what exact channels were used for communication before we go about claiming ISIS did it.

At 4:37 AM, Blogger maverick said...

While on the subject of ISIS. I note that after the ISIS claim of involvement in the Paris attacks became public, the Kremlin decided to tell everyone that TNT residue had been found on the Metrojet debris.

As ISIS took responsibility for that plane bombing earlier and after weeks of speculation Kremlin sources suddenly felt the need to release confidential information... I wonder... why?

Why? for example would ISIS bomb the Russians? The Russians were bombing anyone their friend Assad didn't like. Russian bombs fell on Aleppo and Idbil controlled by the US friendly anti-Assad groups.

Why - again - does ISIS, a proxy for ex-Saddam Mukhabrat types (i.e. traditional friends of Russia and the KGB) decide to bomb a Russian airliner?

If by chance Russia had bombed some ISIS people, there could have been a simple meeting where the Russians paid off their blood debt to ISIS and all was forgotten.

Something doesn't add up in the way it should.

ISIS appears to be taking responsibility for things that justify a Russian intervention in Syria.

At 8:19 PM, Blogger Ralphy said...

I would note that the Libyan killer of the Brit policewoman outside of the Libyan embassy in London decades ago has been arrested in England. he was caught money laundering? and one other charge. Pretty nervy of him coming back to Britain. Too bad he wasn't caught in Texas. It woulda been fun.

Kaddafi had a lot to answer for when he got a knife shoved up his rectum.

At 5:51 AM, Blogger Ralphy said...

It is amazing that cell phone purveyors are dictating our nations' security policy toward encryption. Who woulda thunk it?

At 5:56 AM, Blogger Ralphy said...

We now have people turning themselves in at our southern border announcing that they are Syrians and are seeking refugee status. Why is it so easy for these people to get into Mexico?

At 5:59 AM, Blogger Ralphy said...

India is refusing visas for US bigwigs on human trafficking an LGBT issues. They must be dangerous indeed. grin.

At 6:10 AM, Blogger maverick said...

Hmm.. interesting - a decentralized help desk on how to escape encryption

At 9:45 AM, Blogger Pax-Indica said...

Americans do not have a god-given right to come to India, come to the fricking Indian embassy and stand in the fricking line!

At 10:41 AM, Blogger maverick said...

Belgium on alert, two days in a row.

They are going to run out of resources at this rate.

At 2:57 PM, Blogger maverick said...

WSJ has an interesting graphic.

In Al-Qaida organizational style - there is an "agent". The "agent" is tasked by the military shura and reports directly to it. The military shura for its part is given budgetary limits by the financial shura. And the financial channels are critical to controlling the "agent" who otherwise enjoys considerable freedom in how the operation is run.

The "agent" operated a strategic planning cell (which conducts surveillance and other route planning), a support cell (which arranges all the transport, housing and facilities needed for the operation), and a strike/assault cell (which actually conducts the attack). At the back end there was a training organization that provided manpower for these cells. There is a "services department" which keeps low level sleepers on its rolls for activation per operational needs. Only the Strike/assault cell is really composed of Fidayeen. The "agent" is expected to evade or avoid capture by any means. The rest are irrelevant nobodies who don't know anything but what they are told.

Now we are seeing the word "agent" replaced by the word "middleman".

The WSJ graphic only covers the attack cell. There should be at least two others.

I don't think all these layers communicated solely via telegram. There have to be other protocols that were used. It is best to identify what those are.


Post a Comment

<< Home