Portrait of the Modern Terrorist as an Idiot, part 367

This isn’t new but but it was news to me.

As Bruce Schneier pointed out back in 2007, most of the aspiring terrorists arrested in the West have been, to put it bluntly, complete idiots, a trend that has been replicated in the Australian terror cases that have resulted in convictions. Here’s another example, from the United Kingdom.

In 2011, Rajid Karim, a British “IT specialist”, was sentenced to 30 years jail for planning terrorist attacks against his employer.

To communicate with his co-plotters in Bangladesh, Karim used a secret coding method devised by the group. As explained better by Duncan Campbell here, while the group had access to encryption tools that were state of the art – at least, they implemented the standard state-of-the-art encryption mehods from the open literature. The head of “Al-Queda in the Arabian Peninsula”, the now deceased Anwar Al-Awlaki, urged the group to use these tools. If he’d used them, the messages he sent would have been extremely difficult to descramble in transit.

However, because these methods had been invented by the “kuffs” (that is, people other than Islamist extremist wannabe terrorists), Karim preferred to use “Tadpole”, the group’s own custom encryption method.

Tadpole turns out to be a “monoalphabetic substitution cypher”. That is, they defined a table of substitutions
something like this one:

Original -> Coded
A -> W
B -> J
C -> K
Z -> L

Yep, that’s right. Each “A” gets replaced with a “W”, “B” with “J”, and so on.

This isn’t quite as easy to break as the classical Caesar cypher (the “shift X positions in the alphabet” method). But it’s still extremely easy. All you need is to count the frequency of letters in the coded message, and map it to a letter frequency table for the language the message is written in to narrow down the possibilities.

These cyphers have been known to be insecure for at least 1200 years, apparently; and, ironically enough, according to Campbell it was an Arabic mathematician who figured out how to decode them!

The details of this are of course available in any number of easily accessible books on cryptography, or indeed in Wikipedia, and the attack is simple enough that any half-competent programmer would have been able to verify it themselves. Heck, you don’t even need a computer – a simple letter frequency table and pencil and paper would do.

But these guys’ combination of paranoia about the “kuffs”, incompetence, and hubris led them to continue to attempt to secure their communications with the rough equivalent of Pig Latin.

This entry was posted in Biggles, Nerdistry, Science and tagged , , , , . Bookmark the permalink.

2 Responses to Portrait of the Modern Terrorist as an Idiot, part 367

  1. BilB says:

    I imagine that using a number of crib sheets and rotating them every so many words with that number and the order of rotation varying from message to message would substantially increase the difficulty for the code breaker while being very manageable for the message drafter.

    • Yes, indeed, it would. But unless you are very good at what you do, likely to not be good enough. Coming up with your own cryptography scheme and expecting it to survive against motivated well-resourced professionals is foolhardy. The German WWII Enigma machine did something akin to what you describe, but thanks to a combination of technical and procedural issues the Allies eventually decoded it, and every other cypher the Axis came up with, and that was back in the 1930s.

      However, there are many encryption schemes in published in the open literature for which there is *no* known attack except a brute-force search for the passkey. While it’s always possible that the US National Security Agency has broken some or all of these, my guess is that most of them are secure even against the NSA (though they have innumerable other ways to read messages at other steps in the process).

Comments are closed.