Osama Bin Laden didn't encrypt his computer files - not such a mastermind then..

Filed Under: Data loss, Featured, Law & order, Privacy

Osama Bin LadenSome of the documents seized during the raid on Osama Bin Laden's hideout in Pakistan last year have been made public for the first time.

As CNN reports, a small number of the 6000 documents seized have been made available on the Combating Terrorism Center at West Point website.

The 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations.

A short report provides an overview of the material.

Abbottabad compound

The final document is dated just one week before the raid on Bin Laden's Abbottabad compound which resulted in his death, and discussed the "Arab Spring".

Letter from Bin Laden

So, why are we writing about this on Naked Security?

Well, because it appears that none of the files were encrypted.

If they had been securely encrypted, and the passwords were secured, the US authorities probably wouldn't have been able to read them.

Because of Al Qaeda's sloppy attitude in regard to data security - a problem that reached the highest levels of the terror organisation it appears - internal communications and potentially valuable intelligence are now in the hands of America.

Something we can all probably be pleased about.

Remember folks - whether you are a business, an individual or a terrorist, encryption is one of the tools you should probably be using to keep better control over who gains access to your confidential data.

It shouldn't take a mastermind to realise that that's just common sense.

(Not that many will be shedding a tear about Osama Bin Laden's lax attitude to securing his data, I suspect. Lets hope other terrorists follow his lead..)

, , , , ,

You might like

19 Responses to Osama Bin Laden didn't encrypt his computer files - not such a mastermind then..

  1. Bit of an epic fail on their behalf then.... This side of the firewall I'm encrypted up to the eyeballs, that side I'm Tor'red up to the hilt.... Such free usage of encryption and they couldn't even consider it....

    • David F · 719 days ago

      Learn to spell, I haven't so I use "spell check" organisation = organization and realise = realize or am I just a damn yankee and the queens english is spelled that way like colour and color... I still like diapers over nappies ;)

      dave

  2. graham · 720 days ago

    Excellent Sophos, bring it o the attention of the bad guys that they should encrypt their stuff!

    & also you said, "If they had been securely encrypted, and the passwords were secured, the US authorities probably wouldn't have been able to read them" Do you really believe that with all the computing power at their hands they couldn't?

    • Max · 720 days ago

      You are right. I bet NSA could break it easily.

    • guest · 720 days ago

      Something tells me the bad guys aren't reading Sophos NakedSecurity to figure out what they should and should not do.

    • Internaut · 719 days ago

      1 - Sophos hasn't alarmed the terrorists into suddenly encrypting their files because of a Sophos comment. The simple fact that it was all over CNN, and other television tabloids as well as news stations already sent the hint; not Sophos.

      2 - If the US could crack an encrypted file, then they've been reading your email, listening to your cell, and monitoring your internet, TV, and shopping habits as well all the world's govts tramsissions. They might think they are good, but I doubt they are that good. If they could, it would have been leaked by now.

      • guvnah · 712 days ago

        You think they don't do all of those things listed in number 2? NSA has the most advanced crypto algorithms known to man. I'm sure they've made it a pet project of theirs to figure out how to break encryption.....would really help in a time of war, you know.

  3. guest · 720 days ago

    Kind of a waste since the people viewing the files say it is mostly old junk. One year and what exactly was gained? What about Pakistan's involvement?

    • Don't forget that they have only released a very small percentage of the files they recovered. Who knows what was in the others.

      • guest · 718 days ago

        Seems that you have forgot that fact yourself.

        The data they are releasing from Bin Laden files is of little of no intelligence value...which is why its being released to the public in the first place ...they certainly would not release stuff that had any real intelligence value to us..

        Take the letter you sited above for example....its obviously a propaganda piece intended for wide spread dissemination.....stuff like that needs no encryption.

        I think it a stretch to assume that everything they recovered from the compound was not encrypted just because the did not encrypt unimportant stuff that did not need to be encrypted.

  4. Cbeppe · 720 days ago

    In all fairness, he did live in a cave...

  5. deja vu · 720 days ago

    In general al qaeda did engage in cryptography. seems like you're making a big assumption here. ex. http://edition.cnn.com/2012/04/30/world/al-qaeda-...

  6. Guido Faulkes · 719 days ago

    If you think USA cannot break strong encryption, then you are a fool. An 8-pair quantum computer has been working for production at the NSA HQ since 1995 and they probably have a 192 or 224 pair running now.

    Only the Vernam cipher remains safe and only as long as the operatives do not make a mistake, forgetting to burn the one time pads sheets after a single use. That was where the soviet-russians failed.

    Actually the reason the sheik UBL survived that long was his reliance on low-tech, pencil messages delivered on the backs of donkeys and motorcycles.

    • Shane · 718 days ago

      Given that Al Qaeda did use encryption in the lead up to 9/11 to great success, the success of Wikileaks and the like and also the attempt to Trojan OpenBSD into leaking IPsec key data into padded portions of its cipher stream output, I tend to think the mystique around the NSA is a little exaggerated.

  7. Marge · 719 days ago

    Or maybe Osama BinLaden was just a scapegoat, or maybe he never even existed, and was invented to take the blame for an inside job? I love a good conspiracy theory.

  8. "(Not that many will be shedding a tear about Osama Bin Laden's lax attitude to securing his data, I suspect. Lets hope other terrorists follow his lead..)"

    You have just told them!!!

  9. George · 718 days ago

    Any good theory should work in reverse as well. Look at what you have just written.
    If OBL didn't encrypt his files, he was not such a mastermind then. Terrorists should do so.

    HE DIDN'T ENCRYPT HIS FILES MAYBE BECAUSE WE WAS NOT A TERRORIST.
    THOSE WHO ENCRYPT THEIR FILES HAS SOMETHING TO HIDE (BY DEFINITION)

    ASK YOUR GOVERNMENT WHO REALLY IMPLEMENTED 9/11 AND KILLED 3000 INNOCENT PEOPLE.

    Was it someone who doesn't even encrypt their files? Wake up USA.

  10. NickC · 716 days ago

    The moral here is; Sophos steer clear of political hot spots and stick to being concise in your message or it will become a pointless rant. YES encryption is important for everyone not just OBL or the president of the USA, even Mrs Smith from my local corner shop should use encryption..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.