The UK media reporting about the now convicted terrorist Rajib Karim, a British Airways trainee software engineer based in Newcastle, has been devoid of most of the interesting details which were made public in the courtroom.
Is this because of UK journalistic technical incompetence ?
The Wall Street Journal did publish rather more details about the Encryption etc.
This article certainly does not even fall under standing DA Notice 3 Ciphers and Secure Communications, which applies to UK government secrets, not terrorist ones,
so why do the UK media reports about this case look as if they have been censored ?
This is yet another terrorism case involving emails or other messages stored on a seized computer, which are almost the only evidence used to prosecute and convict, even though such emails are inadmissible as evidence, by either the prosecution or the defence, in a UK Court (Regulation of Investigatory Powers Act 2000 section 17 Exclusion of matters from legal proceedings) if they were, instead, intercepted in transit in the UK.
U.K. Case Reveals Terror Tactics
By ALISTAIR MACDONALD And CASSELL BRYAN-LOW
FEBRUARY 7, 2011
[...]
The methods that terror suspects use to conceal their communications are "a real problem" for police and intelligence authorities, says Lord Alan West, who was security adviser to former Prime Minister Gordon Brown. Other experts say such problems have been made worse by off-the-shelf software.
The previous government had even looked into whether they should make it a criminal offense for suspects to not hand over decryption codes, Lord West said.
How could Admiral Lord West of Spithead not know that his Labour government did not simply "look into" the question of "whether they should make it a criminal offense for suspects to not hand over decryption codes" ?
It is astonishing that the former Labour Security Minister at the Home Office, a former head of Defence Intelligence and former First Sea Lord, appears to be ignorant of the enactment and enforcement of the Regulation of Investigatory Powers Act 2000 Part III Investigation of electronic data protected by encryption etc.
This was amended by the Terrorism Act 2006 to increase the criminal penalty for refusing to hand over the plaintext or cryptographic keys in response to a Section 49 notice, if the magic words "national security case " or, as amended by the Policing and Crime Act 2009 the other magic phrase "child indecency case" are uttered. i.e. a criminal penalty of up to 5 years imprisonment, rather than the penalty of up to 2 years in prison in any other case.
The time needed to break such codes was one reason the previous British government under Mr. Brown argued for holding terror suspects for as long as 28 days without charge, Lord West added.
The decryption of these email messages in this case took far longer than even 90 days which the Labour government securocrats and apparatchiks were trying to impose.
According to this BBC report "experts from the Metropolitan Police Service Counter Terrorism Command spent nine months decrypting 300 coded messages found on his computer hard drive."
Rajib Karim was arrested on 25th February 2010 and charged on 11th March 2010 and has now been convicted on 28th February 2011.
On what basis was he charged and remanded in custody, if the gathering of actual evidence from the de-cryption of his computer took another 9 months ?
Remember that he had no weapons or explosives or co-conspirators in the UK. Neither had he actually attempted to sabotage any British Airways computer systems.
The current government of Prime Minister David Cameron recently reduced this to 14 days.
The Protection of Freedoms Bill clause 57 Permanent reduction of maximum detention period to 14 days, only reached its Second Reading in the Commons yesterday, it is not yet law.
Upon raiding Mr. Karim's apartment police recovered, among other things, a laptop and an external hard drive able to store some 320 gigabytes of data, according to prosecutors. The hard drive held some 35,000 files including messages with Mr. Karim's brother, with Mr. Awlaki--a leader of terror group al Qaeda in the Arabian Peninsula--and with other colleagues, prosecutors say.
What exactly led them to suspect Karim in the first place ? Perhaps surveillance of his brother's communications traffic data.
Mr. Karim allegedly hid the messages and other data stored on the drive by changing the suffix at the end of the name of key files, which would typically tell a computer what program would be needed to open them up. That included four files labeled "Quran DVD Collection," which appeared to be compressed files because they took the suffix ".rar," which relates to a type of software that reduces the size of a file, according to prosecutors.
RAR is a very commonly used compressed file format used by RapidShare and other encrypted "cyber locker" web based file sharing services worldwide.
Will the Rajib Karim case be used by the UK government to try to suppress or ban these web services ?
Mr. Ball said he noted these files were unusually large, and discovered that they were actually created in a different program, Pretty Good Privacy, which enabled each file to run as a separate, encryption-protected "virtual hard drive." Without the correct password, the files were completely unintelligible.
It's the equivalent of "a safe with a combination," Mr. Ball said in court. He sent the files to British intelligence services, which returned them decrypted, or unlocked. Once able to open the files, Mr. Ball testified, he still wasn't able to read most of the messages contained with them: Mr. Karim had enciphered the text, leaving it scrambled and unreadable.
This is the most interesting part of this article: Just how vulnerable are PGP encrypted container files to the "British intelligence services" ?
Was this a dictionary attack on the pass phrase or some other vulnerability ?
Can religious fanatics stop themselves from using Koranic or Biblical etc. passphrases ? ]
Mr. Karim left police a clue, however. On the external hard drive was a disguised file that looked like it was meant for viewing thumbnail-size photographs--but that actually consisted of text with instructions for using a spreadsheet containing a purpose-built formula to decipher the message, according to Mr. Ball. The spreadsheet also worked in reverse, enciphering messages before sending to another member of the group, Mr. Ball said.
So why didn't Karim use PGP or GPG for email or file encryption ?
Those instructions helped Mr. Ball decrypt the messages and see that--according to prosecutors' account--Mr. Karim was passing to Mr. Awlaki information about British Airways' computer and security systems that could be vitally important for those wishing to conduct a terrorist attack.
Still, it took many more months for the messages to fully come into focus. There were many spreadsheets on the hard drive, and sometimes numerous versions of each one. Even once unscrambled, prosecutors allege the messages contained false names and other coded words, further obscuring their contents. The names of countries and people, as well as their sex, were changed, and their movements and activity were discussed as if involved in business transactions, prosecutors allege.
As an additional layer of protection, prosecutors say, Mr. Karim and his colleagues didn't exchange their messages as emails, which can be intercepted. They instead uploaded them to public websites that host files, where another member of the group could then download them to his or her own machine.
Presumably Lord West and the Home Office will pretend that they could not have possibly guessed (despite the warnings from regular Spy Blog readers and every civil liberties and digital data rights organisation in the UK) that the mandatory Data Retention of UK or EU based email log files, provided by Communications Services Providers would have been so easily circumvented by terrorists. N.B. this scheme was "policy laundered" by the Labour government, i.e. they suggested it in the first place and used the UK's turn at the temporary chairmanship of the European Union Council of Ministers, to force it through as a European Directive and then claimed that it was all Europe's fault that this had happened.
This by no means the first terrorism case in the UK where the suspects did not send emails in the usual manner - there have been some where the Drafts folder on say a US based web mail system, has been accessed by two or more people who have pre-shared the logon credentials, never sending any incriminating emails at all.
In a further safeguard, prosecutors allege, Mr. Karim used software to erase other electronic fingerprints from his laptop, including a program called "Windows Washer" that effectively deletes traces of Internet browsing history from the machine.
Something which is certainly not illegal. What about the built in Privacy modes of the leading web browsers then ?
Write to Alistair MacDonald at alistair.macdonald@wsj.com and Cassell Bryan-Low at cassell.bryan-low@wsj.com
They seem to have a better job of reporting the details of this case, as revealed in open Court, than the British media have bothered, or perhaps have dared, to do.
There are several reasons why the English press didn't go into it.
1) Newspapers like to keep things simple, because they think long-winded details about encryption aren't of use to the majority of their readers. So they don't bother writing up every single detail.
2) Not many people bothered to sit through the computer evidence in court. Most newspapers just cover the beginning and end. Any that were in there didn't go into the details because of points 1) and 3).
3) The police usually ask journalists not to go into the fine detail because they thing budding terrorists will use the info and stop being so obvious about their plotting.
Number 3) came into effect during both the July 21 and transatlantic bomb plot. We were asked not to reveal the exact concentrations of chemicals as it might be thought we were offering a bomb-making tutorial.
The fact that the July 21 plot failed because they messed up their ratios does perhaps support this policy of concealing detail. Even though many bomb making instructions can be found online.
@ bob - thanks for the comment
The 21st July 2005 failed bomb attack devices were described as "viable" by the police and the prosecution, following the test done at the Fort Halsted Defence Science and Technology Laboratory, near Sevenoaks in Kent. With their professional expertise and access to proper detonators, they also manufactured a video for the transatlantic airliners bomb plot, which was used to claim that that plot was also viable, although there does not seem to be any direct evidence that the plotters had succeed in producing any real bombs which could be assembled in flight at all.
If there was any evidence which described detailed, practical, effective ratios of ingredients for home made bombs, rather than the theoretical ratios, it could easily have been considered in secret, at the discretion of the Judge.
There would then have been no need for any press self censorship.
The Wall Street Journal and perhaps other foreign press and media did bother to sit through the "boring" technical details in this BA terrorist infiltrator case and their reports are available to everyone via the internet, making a mockery of the English press self censorship and the DA Notice system, which does not apply to criminal or terrorist cryptographic or anonymity techniques, only to UK Government ones.