Latest FBI Terrorist Bust Shows A Future So 'Dark' Some Eye Protection Might Be Warranted
from the I-study-bitcoin-and-violence,-I-love-my-hashes... dept
So much for "going dark." The FBI's narrative of a terrorist-filled world enshrouded in encryption continues to be disproven. For one, it appears the NSA has made tremendous strides towards cracking commonly-used encryption, thanks to its computing power and a multitude of shared Diffie-Hellman primes. For another, the super secret world of terrorism doesn't seem to be all that secret. FBI director James Comey has repeatedly pointed out that terrorism suspects are vanishing behind encrypted communication platforms, but when pointedly asked about how often this is actually happening, he could only claim "dozens of times."
Operational security may be improving over time, but as of this point, suspected terrorists are still leaving themselves exposed through easily-accessed channels. Marcy Wheeler of emptywheel took a look at the latest terrorism suspect busted by the FBI and sees nothing in the criminal complaint that suggests the agency had much trouble hunting him down.
Given Jim Comey’s repeated warnings of how the FBI is going dark on ISIS organizing, I thought I’d look at how FBI found this guy.Facebook, Hotmail, Twitter… these aren't exactly the tools of the "going dark" trade. It could be that Ferizi is an anomaly -- a terrorist who thinks OPSEC is for losers who want to stay out of prison. But it also suggests commonly-used communications continue to be commonly used, even by people performing unlawful actions.
Ardit Ferizi, the suspect’s real name, was connected to the @Th3Dir3ctorY account on Twitter. On that account Ferizi linked to an article about the Kosova Hacker’s Security group (KHS) for which he had been interviewed. He also identified himself as the owner of KHS.
Ferizi registered the Twitter identity to a hotmail account tied to an IP address in Kosovo.
@Th3Dir3ctorY subsequently logged into Twitter from various ISPs in Malaysia, including 210.186.111.14.
The hacker who first broke into “Victim Company” on June 13, 2015 and ultimately stole the data of 100,000 people created an account with the identity KHS. On August 19, 2015 — after the company had removed the malware used to exfiltrate the data — someone identifying himself as “Albanian Hacker” and using the email “khs-crew@live.com” contacted the company and asked them to stop taking down their files (which the FBI interpreted to mean the malware left on the server). The IP address tied to the SQL injection used by the hacker was 210.186.111.14.
A Facebook account tied to the name “ardit.ferizi01” also used that IP address. Ferizi sent himself a spreadsheet via that facebook account with the stolen PII.
As Wheeler points out, the FBI calls Ferizi a hacker… and yet, for all of his alleged skills, he deployed less secretive measures than many people who have no connection to illicit deeds or today's Public Enemy No. 1: ISIS/ISIL.
Even if Ferizi had been more careful, it's likely the FBI would not have run into an encrypted dead end. While apps like WhatsApp may offer encrypted communications, their creators are often willing to hand over whatever identifying information they do have on suspected criminals. This can then be tied to more open communications platforms. It's highly unlikely that every single bit of communication between terrorism suspects happens on secured channels. And once a suspect is in custody, work can begin on forcing the person to cough up login info.
Nothing about this suggests backdoored encryption is the only way to successfully fight terrorism (and the drug war, etc.). What Comey's complaints suggest is that the FBI would definitely prefer an easier way to do this, one that doesn't involve approaching the NSA for anything it has collected or seeking court orders/ warrants to collect information from third parties. What it would like is as many communication platforms as possible to be open books, where all investigators have to do is a small amount of Googling -- or simply have full access to any account where it suspects discussions of illegal acts might be taking place.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ardit ferizi, doj, encryption, fbi, going dark, investigation, terror
Reader Comments
Subscribe: RSS
View by: Time | Thread
Not much of a surprise
As a result, 99% of the NSA and FBI Internet snooping budget and operation is not related to counterterrorism while 99% of its narrative is.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
But then they wouldn't be able to drop bombs on them with a drone!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The elephant
The possibility of secure encryption exists within mathematical logic and ways to achieve it are in the public domain.
Any terrorist organisation capable of being a serious threat has to be presumed to be capable of making use of secure encryption - regardless of whether it is in fact built in to commonly used systems.
Any terrorist or organisation that is not capable of creating its own version of well know secure encryption algorithms and hence only uses the most common public platforms will certainly make enough mistakes to be caught anyway - even if those platforms are secure - (or not be capable of any real threat),
It follows that these protestations from the FBI etc are not really about anything other than budget and feelings of importance/control. With the added bonus of being able to spy on your enemies (in the political sense of the word)
[ link to this | view in chronology ]
Torture?
Sounds awfully like you are advocating torture there - I hope your didn't mean it.
[ link to this | view in chronology ]
Re: Torture?
[ link to this | view in chronology ]
Re: Re: Torture?
Well actually, in general, in the real world as opposed to tv/film, they don't do that because it doesn't work - and even if it does it is unlikely that the evidence would be usable in court.
This has been well known in British Intelligence since at least WW2 (http://www.rense.com/general95/clever.html) - and in Britain this is now reinforced by the recording of all interviews for around 40 years. As regards the US - I offer the second half of this well known youtube video: "Don't talk to the Police" https://www.youtube.com/watch?v=6wXkI4t7nuc
and this link http://www.cbsnews.com/news/secret-wwii-camp-interrogators-say-torture-wasnt-needed/
Even the Nazis knew better than to use torture:
https://en.wikipedia.org/wiki/Hanns_Scharff
[ link to this | view in chronology ]
Re: Re: Re: Torture?
http://www.rense.com/general95/clever.html
[ link to this | view in chronology ]
Unlawful Enemy Combatants
As to whether it's admissible, common practice has already been demonstrated for police officers to simply lie about their methods in court, usually backed up by three or four of their colleagues as witnesses.
That this is common practice and is not just the methods of a few bad players has been the subject of a number of reports already. So yeah, if you're given the $5 wrench treatment, you can be sure that several officers will be ready to contest that you volunteered your password information so that your electronics could be unlocked.
It may not work. It may be a violation of rights. It may even be regarded as heinous by the public, but that doesn't mean it's not done. Routinely.
Ahmed Muhammed (the clock kid) was isolated from parents and legal council for hours while his principal and local officers tried to wring from him a confession. The incident is exemplary of how we regard people who look like terrorists (as we imagine them to be) as less than people (even assigning them the label Unlawful Enemy Combatants so that we can deny them life, liberty and property as if they weren't human beings.
That should sound dangerously familiar. It's not like we've seen countless incidents like this before.
[ link to this | view in chronology ]
Re: Unlawful Enemy Combatants
The problem with most of the examples that you give is that we know about them because they are newsworthy - and by definition that implies that they are unusual and therefore not the norm.
(I do however think that the US practice of plea bargaining is a terrible incentive for bad behaviour by interrogators and I'm happy that we don't have it here in the UK to anything like the same extent)
That this is common practice and is not just the methods of a few bad players has been the subject of a number of reports already.
Can you provide links for this?
Ahmed Muhammed (the clock kid) was isolated from parents and legal council for hours while his principal and local officers tried to wring from him a confession.
Again - a one off case - hence we know about it - and indicative of how things go wrong when people who are not properly trained for this type of work (although perhaps they should have been) go over the top on the basis of what they have seen on TV.
The incident is exemplary of how we regard people who look like terrorists (as we imagine them to be) as less than people
That is a spin that has been put on the incident by people who are tryng to reinforce a certain political line. The facts don't actually support that aspect of the incident in this case. Given the stupid, over the top, "zero tolerance" approach adopted by some schools I am pretty sure that exactly the same thing would have happened to any pupil, regardless of race, or religious implications of the sound of his name.
Having said that, I do agree with you about the "enemy combatants" thing - it was appalling - but this incident is completely unrelated to it.
[ link to this | view in chronology ]
Re: Torture?
Or, just typical prosecutorial piling on of ancillary charges suggesting you'll be locked away forever if you resist.
[ link to this | view in chronology ]
Strange how they are such a huge threat that everyone has to be spied upon but they never do more damage or kill more people than the cops.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
See , it works!*
(Just like the elephant repellant I bought a couple of years ago.)
[ link to this | view in chronology ]
The other side of the coin
Setting aside the encryption thing for a moment, 2 things seem obvious:
1) Metadata is more than enough to identify and track both a person and their behaviour so claiming there's no problem hoovering up every bit of metadata is self-evident bull.
2) The trail appears to have started at a Twitter account name linked to a specific act and not within the huge haystack of hoovered up data so said haystack would appear to have little use.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
what about wideband- software defined radio for short range communications?
and cannot any kid set up their own raspberry/linux encrypted chat/email platform? and run common available secure chat apps on it from a gazillion of linux enabled cheap/china/untraceable devices?
without long term memory? self erasing? untraceable?
nowadays all this is doable by any electronics/it student/kid. gang, etc
but the masses seem to insist in ignoring this technological reality,
and politicians are to stupid to follow (or act likewise
cannot everybody 3dprint/mill untraceable disruptive new undetectable weapons in his basement? hu?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
@13
and the pcs involved are long destroyed and gone...
ENJOY
[ link to this | view in chronology ]
I'm thinking I can tell people how to make a stick of charcoal at home and some white flat thin stuff, also made at home. The idea is that a person can use the charcoal stick to make markings on the white flat thin stuff, then hand it to someone else who knows how to decipher the markings. This way no-one has to talk using their cellphones or within distance of the ubiquitous microphones that we all have implanted in our houses these days. Do you think this will sell? Or will the gov ban it?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Anonymous and LuLz Sec aren't much smarter. They have social media accounts too. Members of these groups have also been busted...
Yeah lets open a social media account so the FBI can target that accounts with javascript and iFrame exploits when they log in using that specific user name.
Glory hounds get fed to the sharks.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Comey looks for criminals under lamp-posts
[ link to this | view in chronology ]
I still prefer the term Undesirable number 1.
Personally I think our leaders are the terrorists. But what do I know.
[ link to this | view in chronology ]
Using specialized gear? Creating your own crypto? Well, the NSA and the FBI and the CIA have their nerds, but street gangs or middle-easterns are not exactly brilliant peoples.
I don't know how many of you ever met a middle-eastern in person, but if they will conquer the world one day it will be the only way they know, the way of the cochroach.
You guys should be pissed off by our governments using the cochroaches as a menace to force us to accept big brother. Simply kick out the cochroaches and 99% of the turrism problem will disappear.
[ link to this | view in chronology ]
Re: infosec
I'd say they're ignorant (lacking knowledge) and lazy. Stupidity is just what keeps them ignorant. Not understanding that "social media" is talking to the world plus dog? That's pretty ignorant of what their tools are really doing, and their laziness leverages their stupidity to not bother to rectify this. This guy's a classic case of shooting oneself in the foot.
[ link to this | view in chronology ]