After Endless Demonization Of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS

from the anonymous-sources-say dept

In the wake of the tragic events in Paris last week encryption has continued to be a useful bogeyman for those with a voracious appetite for surveillance expansion. Like clockwork, numerous reports were quickly circulated suggesting that the terrorists used incredibly sophisticated encryption techniques, despite no evidence by investigators that this was the case. These reports varied in the amount of hallucination involved, the New York Times even having to pull one such report offline. Other claims the attackers had used encrypted Playstation 4 communications also wound up being bunk.

Yet, pushed by their sources in the government, the media quickly became a sound wall of noise suggesting that encryption was hampering the government’s ability to stop these kinds of attacks. NBC was particularly breathless this week over the idea that ISIS was now running a 24 hour help desk aimed at helping its less technically proficient members understand encryption (even cults help each other use technology, who knew?). All of the reports had one central, underlying drum beat implication: Edward Snowden and encryption have made us less safe, and if you disagree the blood is on your hands.

Yet, amazingly enough, as actual investigative details emerge, it appears that most of the communications between the attackers was conducted via unencrypted vanilla SMS:

“…News emerging from Paris ? as well as evidence from a Belgian ISIS raid in January ? suggests that the ISIS terror networks involved were communicating in the clear, and that the data on their smartphones was not encrypted.

European media outlets are reporting that the location of a raid conducted on a suspected safe house Wednesday morning was extracted from a cellphone, apparently belonging to one of the attackers, found in the trash outside the Bataclan concert hall massacre. Le Monde reported that investigators were able to access the data on the phone, including a detailed map of the concert hall and an SMS messaging saying ?we?re off; we?re starting.? Police were also able to trace the phone?s movements.

The reports note that Abdelhamid Abaaoud, the “mastermind” of both the Paris attacks and a thwarted Belgium attack ten months ago, failed to use any encryption whatsoever (read: existing capabilities stopped the Belgium attacks and could have stopped the Paris attacks, but didn’t). That’s of course not to say batshit religious cults like ISIS don’t use encryption, and won’t do so going forward. Everybody uses encryption. But the point remains that to use a tragedy to vilify encryption, push for surveillance expansion, and pass backdoor laws that will make everybody less safe — is nearly as gruesome as the attacks themselves.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “After Endless Demonization Of Encryption, Police Find Paris Attackers Coordinated Via Unencrypted SMS”

Subscribe: RSS Leave a comment
Anonymous Anonymous Coward says:

Re: Re:

See, there are two different goals there, and they are only coincidentally both number one. The first is to get the encryption backdoors so that no one can hide from them, ever. And the other first is to increase their big brotherish hold over…well everyone. How is it that you are not on the bandwagon yet? Please present your papers citizen!

Michael (profile) says:

Re: Re: Goals

The question everyone should be asking is, why isn’t government profiling? Its clear that it wasn’t 5-year-old boys, or elderly women in wheel chairs wearing diapers that flew planes into the WTCs. Yet we are spending billions to grope children and force the wheel chair bound elderly to remove their diapers in airports. These terrorists are not modern day Puritans wearing suicide belts, going door-to-door blowing people up. Most of us don’t fit the profile. So, why are we being surveilled?

Anonymous Coward says:

Re: Re:

Hah, the intelligence community is more concerned about being able to see everything than saving the lives of civilians. They want to be able to take out anyone who can harm the elite…not protect the average citizen which is impossible even for them. And frankly, they really could care less about murder as they do it enough themselves.

Michael (profile) says:

Re: Unencrypted Data Collection

All that data they said they needed to collect from law abiding citizens has never resulted in shutting down a potential terror event. However, other law enforcement agencies have illegally used that data to conduct investigations of people here in the United States. Fact is, the U.S. government sold Americans a lemon, and most Americans keep sucking on it. Its Unbelieveable!

Anonymous Coward says:

Re: What not to do

If the TSA and its shoe fetish is any guide to go by, everyone, please, whatever you do in the next few years, do NOT, under ANY circumstances, text the phrase:

““we’re off; we’re starting”

to anyone, EVER.

Indeed. And what makes that silly is that being of Syrian descent and French citizens living in Belgium, it’s likely that the attackers didn’t even know English. The text is more than likely a translation.

Scratch says:

Re: Re: What not to do

I strongly suspect that the common image of these agencies setting up some alarm based on keywords is false, or at least exaggerated. I think the more important information is WHO is communicating. Once a person of interest is identified, because they were arrested or because they bragged to an informant or whatever, it seems like it would be helpful to quickly find out who that person has been communicating with, and this is the value of phone records. THEN the contents of those communications, if required, can be examined for critical information.

Roger Strong (profile) says:

Re: Re:

Not a chance. Even seven years after such claims were thoroughly disproven…

“Well, some of the 9/11 hijackers did come through Canada, as you know.”
– John McCain, incorrectly, April 24, 2009

McCain is also warning that ISIS could come storming across the Canadian border.

The man who decided that Sarah Palin could command the country in a crisis isn’t one to flip-flop. When he says something goddamned stupid, he sticks with it.

gunfree house says:

Re: Re: hive mindset

“routed through a central government repository for decryption/storage. It’s the only way.”

this would be like when the cops arrive 2 hrs later to your home just to take photos… (and you do not have guns).

they could try to use the dragnet database, streetcams, etc to find the burglars but YOU and YOUR FAMILY are already dead.

the collective hive sheep government system will continue

Anonymous Coward says:

Re: Re:

Data interception specialists:

“Quick! It’s a rock dove! Intercept it!”

“Er, isn’t it carrier pigeons that carry messages?”

“It’s likely a carrier pigeon in disguise. We need to capture and analyze it to be sure!”

+++ATH0&^89I&*^( NO CARRIER

Obvious answer? Ban all pigeons in Paris. It’s the only way to be sure.

No, really.

Anonymous Coward says:

Too much hay?

Like people have said before, maybe collecting all data creates too much to search through. SMS is not exactly new and has been collected since the start.
If something that easy to find can circumvent the whole data collection and analysis apparatus maybe we should stop for a moment and reconsider how the whole system works or maybe even if the system works.

jilocasin (profile) says:

encoded != encrypted

I think what the sound wall also seems to be forgetting is that encoded is not the same as encrypted.

Even if the powers that be got their wish and made the entire world less safe and less private, that probably still wouldn’t stop terrorists (or your garden variety criminal) from secretly communicating. People have been doing it since Roman times, heck probably since biblical times.

person0: “Is the bread fresh this morning?”

person1: “That depends, are you interested in the wheat or the rye?”

person0: “Oh, the wheat, the rye is too strong for me.”

person1: “Not really, it’s a couple of days old, but it’s still tasty.”

So what where these people really talking about?

  • an illicit explosives transaction
  • a drug deal
  • human trafficking
  • if the bread at the local bakery is any good

Other than making it a little more work to get to, would the fact that it was encrypted or in plain text make it any easier for law enforcement to understand?

Removing encryption makes everyone less safe and is just a road bump to any serious criminal or terrorist organization.

Scratch says:

Re: encoded != encrypted

I don’t think your examples would be read just out of the blue. The more likely scenario is that authorities had reason to be reading/listening/whatever to that specific contact, and could piece together your example traffic with other information to build a picture of the situation. Just like a suspected spy might be followed after work and arrested when he passes a briefcase to a known foreign agent, while other people who are not suspects can pass around briefcases whenever they want without attracting any notice at all.

If a person of interest contacts another person of interest, thereby establishing the existence of a relationship between the two, that is useful information (intelligence, if you will). The contents of their communication, if available, is more information. Obviously, more information is good.

jiloicasin (profile) says:

Re: Re: encoded != encrypted

Sounds like you are talking about good ol fashioned police / intelligence work. You know, the kind that doesn’t require the police / intelligence agencies to plant bugs in all our phones, video cameras in all our bedrooms, and amass warehouses full of information that takes so long to process it’s only good at figuring out who committed a crime / attack after it’s happened.

[well that the official reason anyway]

I think that’s just too much work for our modern forces.

Bikal (profile) says:

Re: encoded != encrypted

Mi5 use to get resistance from Royal Mail about intercepting letters and so warrants had to be applied. The numerous methods of communicating (another one is multiple people logging into webmail and using drafts and not sending the email). Encryption would only encypt the message but not the fact that a message was sent, but for evidence gathering (especially proof of intent when preventing crime) it is important.
Besides, wont quantum computers make the current infrastructure useless anyway?

Uriel-238 (profile) says:

Re: Re: Quantum computers

Yeah. Quantum computers will be able to speed up factorization of large numbers so that private keys can be derived from public keys.

Everyone in the asymmetric crypto sector is worried about this.

Still, we’ve yet to make an actual Quantum. Dunno if the recent prototype logic gate is enough to do it.

Richard (profile) says:

Re: Re: Re:2 Quantum computers

Quantum crypto is a completely separate thing from Quantum computers – and it is already in use- although it has potential flaws (that are also not directly related to quantum computers).

Quantum crypto makes use of the Heisenberg uncertainty principle to prevent undetectable eavesdropping whereas Quantum computers rely on superposition of states to create massive parallelism.

radix (profile) says:

Biggest story of the day

See, this isn’t just not the story the surveillance maximalists want to tell. And it goes deeper than saying encryption doesn’t matter.

This suggests that the mass surveillance mentality itself is partly to blame.

We already know that France and most of the rest of the EU has NSA-type powers to collect it all and sort through the pile later. This means they probably had all the evidence they needed but couldn’t stop it anyway. There’s too much data to search in real time in any meaningful way. A more focused targeting of surveillance would greatly reduce the analysis paralysis.

Which leads to a point I’ve been making all along., that there are two realities to mass surveillance:
1) If they are parsing it all in real time, they may be able to prevent an attack, but this gives lie to the claim that your data is never being searched (everybody’s must be included in the data set).
2) If they are only looking at it in hindsight, they can be more specific about the selectors and exclude more people, but this gives lie to the claim that they can prevent an attack in the first place (it can only be investigated).

Capt ICE Enforcer says:

Complete disgrace

Only bad people use encryption, that is why the governments missed this opportunity to stop it. They only focus on bad guys using encryption not good people in the clear. The question I have, is the intelligence agencies a complete disgrace for allowing the attack to happen in order to gain more power at the expense of innocent lives. Or are the a complete disgrace for once again failing to perform.

Anonymous1223 says:

Re: Complete disgrace

I don’t know if it’s that they are a complete disgrace. What is not properly communicated is that the intelligence community doesn’t have the legal right to sift through everyone’s data. There is no way that someone “let this happen” in order to get more power over their citizens– especially since it happened in France, it wouldn’t impact the US in any great way. Now, if it happened in the US, there might be an argument, but a loose one, and it wouldn’t allow the IC to batch collect data like that.

The problem, I would think, is that they would be overwhelmed by the volume of data and that they have no real program or enough analysts to sift through all the bullshit.

Anonymous Coward says:

All this surveillance

isn’t about catching people doing bad things… that’s just the bullshit they’re feeding us to make us feel all warm and fuzzy.

No, it’s about collecting and STORING all communication between all people so that they can go back later and use that to find patterns of activity that are either illegal or embarrassing should they need this information at some point in the future.

Until there’s actually some reason to filter (or “target” as they say) the data – it’s just a big pile of hay. But with the right filtering, the data could show someone’s very private details – perfect when you need to find reasons to arrest people after the fact.

Uriel-238 (profile) says:

Re: Re: All this surveillance

Also, if I’m an official and like your wife, or your business is innovatively competing with my business, then I can find something and ruin you.

In the Harlequin romance novel version, I use prison to hold you hostage to keep your wife receptive. She treats me well, you stay in the light wing and keep your access to the library and better food and stuff.

She turns cold, and you get transferred to the hard wing and become Bubba’s bitch.

shanen (profile) says:

Total bogosity of the help desk idea

No one is commenting on the ludicrous bogosity of the help desk idea? None of you see it? Or are you ignoring it just because it’s peripheral to the encryption topic?

Let me just say that the notion of ISIS/ISIL setting up such a locus of communication is completely insane. Well, yes, they are insane, but it’s also completely stupid.

The fake reports say six of their senior leaders would be working the help desk. Okay, right there is a prime target for a bomb. However, the REAL risks of such a stupid idea are vastly larger. The Daily Show did a skit on fake help, but better to leave it in place. This is a case where just tapping the metadata would be incredibly effective. Pretty safe bet that everyone who calls a ‘how to be a terrorist’ help desk is a person of interest.

Even more obviously, the fundamental notion of a help desk is that you have to distribute the contact information widely. Oh, wait. How long until a copy of the contact information leaks out? Or some fool drops his wallet with the help desk number in it?

Uriel-238 (profile) says:

Re: Re: Whose side do you think I'm on?

I think encryption is a sweet thing we should be doing because it might slow down intelligence agencies from spying on everyone, and because it prevents our fourth-amendment rights from being encroached.

I think end-to-end encryption will prove necessary to keep governments and corporations out of our private lives, and out of the non-public records of our businesses.

US officials have been pushing for more surveillance and for hobbling encryption for the sake of intercepting terrorists.

Terrorists, that it appears, weren’t using encryption at all.

So that excuse is lame. And encryption is still very useful for the rest of us.

Are you up to speed now? I know it’s hard.

Anonymous Coward says:

Re: Re: Re: Whose side do you think I'm on?

I think either you’re mistaken, or I’m mistaken and/or horrible at putting my point across.

My point was to counter the shill’s point that we were fixating on the fact that terrorists used unencrypted messages. The fact they did use unencrypted message rendered the obsession with removing encryption for citizens moot, because it doesn’t solve anything.

NSA DOC says:




CONFIRMED: Sandy Hook Crisis Actors Pose as Paris Attack Victims! SHAME ON CNN!

Glenn says:

Since when have people with their own agenda had a problem with making their own “truths” to satisfy whatever situation in order to get what they want? Corrupt people have always been willing to corrupt the truth. (People are stupid apparently.) Funny how the people who are bathed in blood are eager to accuse “enemies” of having “blood on their hands”.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...