Latest FBI Terrorist Bust Shows A Future So 'Dark' Some Eye Protection Might Be Warranted
from the I-study-bitcoin-and-violence,-I-love-my-hashes... dept
So much for “going dark.” The FBI’s narrative of a terrorist-filled world enshrouded in encryption continues to be disproven. For one, it appears the NSA has made tremendous strides towards cracking commonly-used encryption, thanks to its computing power and a multitude of shared Diffie-Hellman primes. For another, the super secret world of terrorism doesn’t seem to be all that secret. FBI director James Comey has repeatedly pointed out that terrorism suspects are vanishing behind encrypted communication platforms, but when pointedly asked about how often this is actually happening, he could only claim “dozens of times.”
Operational security may be improving over time, but as of this point, suspected terrorists are still leaving themselves exposed through easily-accessed channels. Marcy Wheeler of emptywheel took a look at the latest terrorism suspect busted by the FBI and sees nothing in the criminal complaint that suggests the agency had much trouble hunting him down.
Given Jim Comey’s repeated warnings of how the FBI is going dark on ISIS organizing, I thought I’d look at how FBI found this guy.
Ardit Ferizi, the suspect’s real name, was connected to the @Th3Dir3ctorY account on Twitter. On that account Ferizi linked to an article about the Kosova Hacker’s Security group (KHS) for which he had been interviewed. He also identified himself as the owner of KHS.
Ferizi registered the Twitter identity to a hotmail account tied to an IP address in Kosovo.
@Th3Dir3ctorY subsequently logged into Twitter from various ISPs in Malaysia, including 210.186.111.14.
The hacker who first broke into “Victim Company” on June 13, 2015 and ultimately stole the data of 100,000 people created an account with the identity KHS. On August 19, 2015 — after the company had removed the malware used to exfiltrate the data — someone identifying himself as “Albanian Hacker” and using the email “khs-crew@live.com” contacted the company and asked them to stop taking down their files (which the FBI interpreted to mean the malware left on the server). The IP address tied to the SQL injection used by the hacker was 210.186.111.14.
A Facebook account tied to the name “ardit.ferizi01” also used that IP address. Ferizi sent himself a spreadsheet via that facebook account with the stolen PII.
Facebook, Hotmail, Twitter… these aren’t exactly the tools of the “going dark” trade. It could be that Ferizi is an anomaly — a terrorist who thinks OPSEC is for losers who want to stay out of prison. But it also suggests commonly-used communications continue to be commonly used, even by people performing unlawful actions.
As Wheeler points out, the FBI calls Ferizi a hacker… and yet, for all of his alleged skills, he deployed less secretive measures than many people who have no connection to illicit deeds or today’s Public Enemy No. 1: ISIS/ISIL.
Even if Ferizi had been more careful, it’s likely the FBI would not have run into an encrypted dead end. While apps like WhatsApp may offer encrypted communications, their creators are often willing to hand over whatever identifying information they do have on suspected criminals. This can then be tied to more open communications platforms. It’s highly unlikely that every single bit of communication between terrorism suspects happens on secured channels. And once a suspect is in custody, work can begin on forcing the person to cough up login info.
Nothing about this suggests backdoored encryption is the only way to successfully fight terrorism (and the drug war, etc.). What Comey’s complaints suggest is that the FBI would definitely prefer an easier way to do this, one that doesn’t involve approaching the NSA for anything it has collected or seeking court orders/ warrants to collect information from third parties. What it would like is as many communication platforms as possible to be open books, where all investigators have to do is a small amount of Googling — or simply have full access to any account where it suspects discussions of illegal acts might be taking place.
Filed Under: ardit ferizi, doj, encryption, fbi, going dark, investigation, terror
Comments on “Latest FBI Terrorist Bust Shows A Future So 'Dark' Some Eye Protection Might Be Warranted”
Not much of a surprise
There is not all that much overlap between terrorists and security specialists/crackers and the respective (anti-)ethics don’t have that much overlap either so there is no common basis of trust for mutual dependencies and reliance.
As a result, 99% of the NSA and FBI Internet snooping budget and operation is not related to counterterrorism while 99% of its narrative is.
Misread that headline as ‘a future so dank’ for a second there. Lol
once a suspect is in custody, work can begin on forcing the person to cough up login info
But then they wouldn’t be able to drop bombs on them with a drone!
You can tell from the twitter name that he doesn’t know much about how to secure anything.
The elephant
The elephant in the room is this.
The possibility of secure encryption exists within mathematical logic and ways to achieve it are in the public domain.
Any terrorist organisation capable of being a serious threat has to be presumed to be capable of making use of secure encryption – regardless of whether it is in fact built in to commonly used systems.
Any terrorist or organisation that is not capable of creating its own version of well know secure encryption algorithms and hence only uses the most common public platforms will certainly make enough mistakes to be caught anyway – even if those platforms are secure – (or not be capable of any real threat),
It follows that these protestations from the FBI etc are not really about anything other than budget and feelings of importance/control. With the added bonus of being able to spy on your enemies (in the political sense of the word)
Torture?
once a suspect is in custody, work can begin on forcing the person to cough up login info.
Sounds awfully like you are advocating torture there – I hope your didn’t mean it.
Re: Torture?
That does sound like the $5 wrench treatment. I suspect we’re more resigned to the fact that Law Enforcement’s been beating people up to squeal for centuries now, and they don’t show any sign of slowing down.
Re: Re: Torture?
fact that Law Enforcement’s been beating people up to squeal for centuries now,
Well actually, in general, in the real world as opposed to tv/film, they don’t do that because it doesn’t work – and even if it does it is unlikely that the evidence would be usable in court.
This has been well known in British Intelligence since at least WW2 (http://www.rense.com/general95/clever.html) – and in Britain this is now reinforced by the recording of all interviews for around 40 years. As regards the US – I offer the second half of this well known youtube video: “Don’t talk to the Police” https://www.youtube.com/watch?v=6wXkI4t7nuc
and this link http://www.cbsnews.com/news/secret-wwii-camp-interrogators-say-torture-wasnt-needed/
Even the Nazis knew better than to use torture:
https://en.wikipedia.org/wiki/Hanns_Scharff
Re: Re: Re: Torture?
Sorry – first link didn’t come out right:
http://www.rense.com/general95/clever.html
Re: Re: Re: Unlawful Enemy Combatants
I know they’re supposed to know better, but recent revelations including the Cook County black site used by the Chicago PD seems to indicate that it’s done otherwise, regardless of whether or not it works.
As to whether it’s admissible, common practice has already been demonstrated for police officers to simply lie about their methods in court, usually backed up by three or four of their colleagues as witnesses.
That this is common practice and is not just the methods of a few bad players has been the subject of a number of reports already. So yeah, if you’re given the $5 wrench treatment, you can be sure that several officers will be ready to contest that you volunteered your password information so that your electronics could be unlocked.
It may not work. It may be a violation of rights. It may even be regarded as heinous by the public, but that doesn’t mean it’s not done. Routinely.
Ahmed Muhammed (the clock kid) was isolated from parents and legal council for hours while his principal and local officers tried to wring from him a confession. The incident is exemplary of how we regard people who look like terrorists (as we imagine them to be) as less than people (even assigning them the label Unlawful Enemy Combatants so that we can deny them life, liberty and property as if they weren’t human beings.
That should sound dangerously familiar. It’s not like we’ve seen countless incidents like this before.
Re: Re: Re:2 Unlawful Enemy Combatants
I’m not denying that it ‘s done, I’m not even denying that it’s quite common,I’m not even denying that has become standard practice in some places from time to time. However I am denying that it is the norm.
The problem with most of the examples that you give is that we know about them because they are newsworthy – and by definition that implies that they are unusual and therefore not the norm.
(I do however think that the US practice of plea bargaining is a terrible incentive for bad behaviour by interrogators and I’m happy that we don’t have it here in the UK to anything like the same extent)
That this is common practice and is not just the methods of a few bad players has been the subject of a number of reports already.
Can you provide links for this?
Ahmed Muhammed (the clock kid) was isolated from parents and legal council for hours while his principal and local officers tried to wring from him a confession.
Again – a one off case – hence we know about it – and indicative of how things go wrong when people who are not properly trained for this type of work (although perhaps they should have been) go over the top on the basis of what they have seen on TV.
The incident is exemplary of how we regard people who look like terrorists (as we imagine them to be) as less than people
That is a spin that has been put on the incident by people who are tryng to reinforce a certain political line. The facts don’t actually support that aspect of the incident in this case. Given the stupid, over the top, “zero tolerance” approach adopted by some schools I am pretty sure that exactly the same thing would have happened to any pupil, regardless of race, or religious implications of the sound of his name.
Having said that, I do agree with you about the “enemy combatants” thing – it was appalling – but this incident is completely unrelated to it.
Re: Torture?
Or, just typical prosecutorial piling on of ancillary charges suggesting you’ll be locked away forever if you resist.
Thank god the terrorists are too dumb to bomb a moving train or a power station…
Strange how they are such a huge threat that everyone has to be spied upon but they never do more damage or kill more people than the cops.
Re: Re:
Ah, but the cops kill and ransack you for your own good.
Re: Re:
they are such a huge threat that everyone has to be spied upon but they never do more damage or kill more people than the cops.
See , it works!*
(Just like the elephant repellant I bought a couple of years ago.)
The other side of the coin
So…. Twitter account name linked to IP address to email account name to facebook account name to exactly the person they want.
Setting aside the encryption thing for a moment, 2 things seem obvious:
1) Metadata is more than enough to identify and track both a person and their behaviour so claiming there’s no problem hoovering up every bit of metadata is self-evident bull.
2) The trail appears to have started at a Twitter account name linked to a specific act and not within the huge haystack of hoovered up data so said haystack would appear to have little use.
His skills seem to be lacking , and not just a little bit.
cannot Isis Alqaeda FBI CIA NSA code their own home cooked encryption algos? or a unique recipe combining the existing ones?
what about wideband- software defined radio for short range communications?
and cannot any kid set up their own raspberry/linux encrypted chat/email platform? and run common available secure chat apps on it from a gazillion of linux enabled cheap/china/untraceable devices?
without long term memory? self erasing? untraceable?
nowadays all this is doable by any electronics/it student/kid. gang, etc
but the masses seem to insist in ignoring this technological reality,
and politicians are to stupid to follow (or act likewise
cannot everybody 3dprint/mill untraceable disruptive new undetectable weapons in his basement? hu?
I think the real story here is a successful terror bust by the FBI that wasn’t cooked up by the FBI.
Re: Re:
Minus the terror part anyway. ‘Inept idiot of a hacker’ I can see, but ‘terror attack’ or ‘terrorist’? Not even close.
@13
wrong i retired after 33 years without getting caught
and the pcs involved are long destroyed and gone…
ENJOY
I’ve been thinking of a new self-assembly product, let me know if anyone’s already seen this but..
I’m thinking I can tell people how to make a stick of charcoal at home and some white flat thin stuff, also made at home. The idea is that a person can use the charcoal stick to make markings on the white flat thin stuff, then hand it to someone else who knows how to decipher the markings. This way no-one has to talk using their cellphones or within distance of the ubiquitous microphones that we all have implanted in our houses these days. Do you think this will sell? Or will the gov ban it?
perhaps i’m wrong but i would have thought that someone who was ‘up to no good’ would go to extraordinary lengths to keep their identity secret. that doesn’t really seem to be the case here. also, what was in the emails sent and received? was there anything that was subversive, threatening or harmful? maybe the best thing to do here is for the FBI to actually release emails that have been verified and contain something bad in them. if not, what is to say that this isn’t another example of the FBI being full of shit and setting someone up? i seem to remember them doing this a time or two before!!
What gets these people in trouble is that they’re glory hounds. Opening a Twitter account and claiming to be the owner of the Kosova Hacker’s Security group…
Anonymous and LuLz Sec aren’t much smarter. They have social media accounts too. Members of these groups have also been busted…
Yeah lets open a social media account so the FBI can target that accounts with javascript and iFrame exploits when they log in using that specific user name.
Glory hounds get fed to the sharks.
Say what you will about a certain TD troll, but at least he knows how to use Tor to change his IP address until his nonsense gets posted in the comments. Blue: the FBI’s greatest fear.
Re: Re:
Please do not summon the beast. It hasn’t been seen, by me anyway, in a long time.
Comey looks for criminals under lamp-posts
cuz it’s not dark there.
Make everyone a criminal then its easy to say you caught a terrorist or insert whatever buzzword they currently use.
I still prefer the term Undesirable number 1.
Personally I think our leaders are the terrorists. But what do I know.
You guys should know that criminals are not necessarily brilliant. The smarter ones become politicians but they also forget to protect their private e-mail server used for official communications. lol
Using specialized gear? Creating your own crypto? Well, the NSA and the FBI and the CIA have their nerds, but street gangs or middle-easterns are not exactly brilliant peoples.
I don’t know how many of you ever met a middle-eastern in person, but if they will conquer the world one day it will be the only way they know, the way of the cochroach.
You guys should be pissed off by our governments using the cochroaches as a menace to force us to accept big brother. Simply kick out the cochroaches and 99% of the turrism problem will disappear.
infosec
I’d say they’re ignorant (lacking knowledge) and lazy. Stupidity is just what keeps them ignorant. Not understanding that “social media” is talking to the world plus dog? That’s pretty ignorant of what their tools are really doing, and their laziness leverages their stupidity to not bother to rectify this. This guy’s a classic case of shooting oneself in the foot.