The UK media reporting about the now convicted terrorist Rajib Karim, a British Airways trainee software engineer based in Newcastle, has been devoid of most of the interesting details which were made public in the courtroom.
Is this because of UK journalistic technical incompetence ?
The Wall Street Journal did publish rather more details about the Encryption etc.
This article certainly does not even fall under standing DA Notice 3 Ciphers and Secure Communications, which applies to UK government secrets, not terrorist ones,
so why do the UK media reports about this case look as if they have been censored ?
This is yet another terrorism case involving emails or other messages stored on a seized computer, which are almost the only evidence used to prosecute and convict, even though such emails are inadmissible as evidence, by either the prosecution or the defence, in a UK Court (Regulation of Investigatory Powers Act 2000 section 17 Exclusion of matters from legal proceedings) if they were, instead, intercepted in transit in the UK.
U.K. Case Reveals Terror Tactics
By ALISTAIR MACDONALD And CASSELL BRYAN-LOW
FEBRUARY 7, 2011
[...]
The methods that terror suspects use to conceal their communications are "a real problem" for police and intelligence authorities, says Lord Alan West, who was security adviser to former Prime Minister Gordon Brown. Other experts say such problems have been made worse by off-the-shelf software.
The previous government had even looked into whether they should make it a criminal offense for suspects to not hand over decryption codes, Lord West said.
How could Admiral Lord West of Spithead not know that his Labour government did not simply "look into" the question of "whether they should make it a criminal offense for suspects to not hand over decryption codes" ?
It is astonishing that the former Labour Security Minister at the Home Office, a former head of Defence Intelligence and former First Sea Lord, appears to be ignorant of the enactment and enforcement of the Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc.
This was amended by the Terrorism Act 2006 to increase the criminal penalty for refusing to hand over the plaintext or cryptographic keys in response to a Section 49 notice, if the magic words "national security case " or, as amended by the Policing and Crime Act 2009 the other magic phrase "child indecency case" are uttered. i.e. a criminal penalty of up to 5 years imprisonment, rather than the penalty of up to 2 years in prison in any other case.
The time needed to break such codes was one reason the previous British government under Mr. Brown argued for holding terror suspects for as long as 28 days without charge, Lord West added.
The decryption of these email messages in this case took far longer than even 90 days which the Labour government securocrats and apparatchiks were trying to impose.
According to this BBC report "experts from the Metropolitan Police Service Counter Terrorism Command spent nine months decrypting 300 coded messages found on his computer hard drive."
Rajib Karim was arrested on 25th February 2010 and charged on 11th March 2010 and has now been convicted on 28th February 2011.
On what basis was he charged and remanded in custody, if the gathering of actual evidence from the de-cryption of his computer took another 9 months ?
Remember that he had no weapons or explosives or co-conspirators in the UK. Neither had he actually attempted to sabotage any British Airways computer systems.
The current government of Prime Minister David Cameron recently reduced this to 14 days.
The Protection of Freedoms Bill clause 57 Permanent reduction of maximum detention period to 14 days, only reached its Second Reading in the Commons yesterday, it is not yet law.
Upon raiding Mr. Karim's apartment police recovered, among other things, a laptop and an external hard drive able to store some 320 gigabytes of data, according to prosecutors. The hard drive held some 35,000 files including messages with Mr. Karim's brother, with Mr. Awlaki--a leader of terror group al Qaeda in the Arabian Peninsula--and with other colleagues, prosecutors say.
What exactly led them to suspect Karim in the first place ? Perhaps surveillance of his brother's communications traffic data.
Mr. Karim allegedly hid the messages and other data stored on the drive by changing the suffix at the end of the name of key files, which would typically tell a computer what program would be needed to open them up. That included four files labeled "Quran DVD Collection," which appeared to be compressed files because they took the suffix ".rar," which relates to a type of software that reduces the size of a file, according to prosecutors.
RAR is a very commonly used compressed file format used by RapidShare and other encrypted "cyber locker" web based file sharing services worldwide.
Will the Rajib Karim case be used by the UK government to try to suppress or ban these web services ?
Mr. Ball said he noted these files were unusually large, and discovered that they were actually created in a different program, Pretty Good Privacy, which enabled each file to run as a separate, encryption-protected "virtual hard drive." Without the correct password, the files were completely unintelligible.
It's the equivalent of "a safe with a combination," Mr. Ball said in court. He sent the files to British intelligence services, which returned them decrypted, or unlocked. Once able to open the files, Mr. Ball testified, he still wasn't able to read most of the messages contained with them: Mr. Karim had enciphered the text, leaving it scrambled and unreadable.
This is the most interesting part of this article: Just how vulnerable are PGP encrypted container files to the "British intelligence services" ?
Was this a dictionary attack on the pass phrase or some other vulnerability ?
Can religious fanatics stop themselves from using Koranic or Biblical etc. passphrases ? ]
Mr. Karim left police a clue, however. On the external hard drive was a disguised file that looked like it was meant for viewing thumbnail-size photographs--but that actually consisted of text with instructions for using a spreadsheet containing a purpose-built formula to decipher the message, according to Mr. Ball. The spreadsheet also worked in reverse, enciphering messages before sending to another member of the group, Mr. Ball said.
So why didn't Karim use PGP or GPG for email or file encryption ?
Those instructions helped Mr. Ball decrypt the messages and see that--according to prosecutors' account--Mr. Karim was passing to Mr. Awlaki information about British Airways' computer and security systems that could be vitally important for those wishing to conduct a terrorist attack.
Still, it took many more months for the messages to fully come into focus. There were many spreadsheets on the hard drive, and sometimes numerous versions of each one. Even once unscrambled, prosecutors allege the messages contained false names and other coded words, further obscuring their contents. The names of countries and people, as well as their sex, were changed, and their movements and activity were discussed as if involved in business transactions, prosecutors allege.
As an additional layer of protection, prosecutors say, Mr. Karim and his colleagues didn't exchange their messages as emails, which can be intercepted. They instead uploaded them to public websites that host files, where another member of the group could then download them to his or her own machine.
Presumably Lord West and the Home Office will pretend that they could not have possibly guessed (despite the warnings from regular Spy Blog readers and every civil liberties and digital data rights organisation in the UK) that the mandatory Data Retention of UK or EU based email log files, provided by Communications Services Providers would have been so easily circumvented by terrorists. N.B. this scheme was "policy laundered" by the Labour government, i.e. they suggested it in the first place and used the UK's turn at the temporary chairmanship of the European Union Council of Ministers, to force it through as a European Directive and then claimed that it was all Europe's fault that this had happened.
This by no means the first terrorism case in the UK where the suspects did not send emails in the usual manner - there have been some where the Drafts folder on say a US based web mail system, has been accessed by two or more people who have pre-shared the logon credentials, never sending any incriminating emails at all.
In a further safeguard, prosecutors allege, Mr. Karim used software to erase other electronic fingerprints from his laptop, including a program called "Windows Washer" that effectively deletes traces of Internet browsing history from the machine.
Something which is certainly not illegal. What about the built in Privacy modes of the leading web browsers then ?
Write to Alistair MacDonald at alistair.macdonald@wsj.com and Cassell Bryan-Low at cassell.bryan-low@wsj.com
They seem to have a better job of reporting the details of this case, as revealed in open Court, than the British media have bothered, or perhaps have dared, to do.
Recent Comments