Sophos Cloud Optix
Some of the documents seized during the raid on Osama Bin Laden’s hideout in Pakistan last year have been made public for the first time.
As CNN reports, a small number of the 6000 documents seized have been made available on the Combating Terrorism Center at West Point website.
The 17 electronic documents, which were found on USB sticks, memory cards and computer hard drives after US Navy Seals killed the terrorist chief in the May 2011 raid, are being released in their original Arabic alongside English translations.
A short report provides an overview of the material.
The final document is dated just one week before the raid on Bin Laden’s Abbottabad compound which resulted in his death, and discussed the “Arab Spring”.
So, why are we writing about this on Naked Security?
Well, because it appears that none of the files were encrypted.
If they had been securely encrypted, and the passwords were secured, the US authorities probably wouldn’t have been able to read them.
Because of Al Qaeda’s sloppy attitude in regard to data security – a problem that reached the highest levels of the terror organisation it appears – internal communications and potentially valuable intelligence are now in the hands of America.
Something we can all probably be pleased about.
Remember folks – whether you are a business, an individual or a terrorist, encryption is one of the tools you should probably be using to keep better control over who gains access to your confidential data.
It shouldn’t take a mastermind to realise that that’s just common sense.
(Not that many will be shedding a tear about Osama Bin Laden’s lax attitude to securing his data, I suspect. Lets hope other terrorists follow his lead..)
Bit of an epic fail on their behalf then…. This side of the firewall I’m encrypted up to the eyeballs, that side I’m Tor’red up to the hilt…. Such free usage of encryption and they couldn’t even consider it….
Learn to spell, I haven't so I use "spell check" organisation = organization and realise = realize or am I just a damn yankee and the queens english is spelled that way like colour and color… I still like diapers over nappies 😉
dave
Yes, it's the queens English 🙂
Excellent Sophos, bring it o the attention of the bad guys that they should encrypt their stuff!
& also you said, “If they had been securely encrypted, and the passwords were secured, the US authorities probably wouldn’t have been able to read them” Do you really believe that with all the computing power at their hands they couldn’t?
You are right. I bet NSA could break it easily.
Something tells me the bad guys aren't reading Sophos NakedSecurity to figure out what they should and should not do.
1 – Sophos hasn’t alarmed the terrorists into suddenly encrypting their files because of a Sophos comment. The simple fact that it was all over CNN, and other television tabloids as well as news stations already sent the hint; not Sophos.
2 – If the US could crack an encrypted file, then they’ve been reading your email, listening to your cell, and monitoring your internet, TV, and shopping habits as well all the world’s govts tramsissions. They might think they are good, but I doubt they are that good. If they could, it would have been leaked by now.
You think they don't do all of those things listed in number 2? NSA has the most advanced crypto algorithms known to man. I'm sure they've made it a pet project of theirs to figure out how to break encryption…..would really help in a time of war, you know.
Kind of a waste since the people viewing the files say it is mostly old junk. One year and what exactly was gained? What about Pakistan's involvement?
Don’t forget that they have only released a very small percentage of the files they recovered. Who knows what was in the others.
Seems that you have forgot that fact yourself.
The data they are releasing from Bin Laden files is of little of no intelligence value…which is why its being released to the public in the first place …they certainly would not release stuff that had any real intelligence value to us..
Take the letter you sited above for example….its obviously a propaganda piece intended for wide spread dissemination…..stuff like that needs no encryption.
I think it a stretch to assume that everything they recovered from the compound was not encrypted just because the did not encrypt unimportant stuff that did not need to be encrypted.
In all fairness, he did live in a cave…
In general al qaeda did engage in cryptography. seems like you're making a big assumption here. ex. http://edition.cnn.com/2012/04/30/world/al-qaeda-…
If you think USA cannot break strong encryption, then you are a fool. An 8-pair quantum computer has been working for production at the NSA HQ since 1995 and they probably have a 192 or 224 pair running now.
Only the Vernam cipher remains safe and only as long as the operatives do not make a mistake, forgetting to burn the one time pads sheets after a single use. That was where the soviet-russians failed.
Actually the reason the sheik UBL survived that long was his reliance on low-tech, pencil messages delivered on the backs of donkeys and motorcycles.
Given that Al Qaeda did use encryption in the lead up to 9/11 to great success, the success of Wikileaks and the like and also the attempt to Trojan OpenBSD into leaking IPsec key data into padded portions of its cipher stream output, I tend to think the mystique around the NSA is a little exaggerated.
Or maybe Osama BinLaden was just a scapegoat, or maybe he never even existed, and was invented to take the blame for an inside job? I love a good conspiracy theory.
"(Not that many will be shedding a tear about Osama Bin Laden's lax attitude to securing his data, I suspect. Lets hope other terrorists follow his lead..)"
You have just told them!!!
Any good theory should work in reverse as well. Look at what you have just written.
If OBL didn't encrypt his files, he was not such a mastermind then. Terrorists should do so.
HE DIDN'T ENCRYPT HIS FILES MAYBE BECAUSE WE WAS NOT A TERRORIST.
THOSE WHO ENCRYPT THEIR FILES HAS SOMETHING TO HIDE (BY DEFINITION)
ASK YOUR GOVERNMENT WHO REALLY IMPLEMENTED 9/11 AND KILLED 3000 INNOCENT PEOPLE.
Was it someone who doesn't even encrypt their files? Wake up USA.
The moral here is; Sophos steer clear of political hot spots and stick to being concise in your message or it will become a pointless rant. YES encryption is important for everyone not just OBL or the president of the USA, even Mrs Smith from my local corner shop should use encryption..