The Register® — Biting the hand that feeds IT

Feeds

BA jihadist relied on Jesus-era encryption

30 years for airline bomb plot

By Team Register, 22nd March 2011
  • print
  • alert

Agentless Backup is Not a Myth

An IT worker from British Airways jailed for 30 years for terrorism offences used encryption techniques that pre-date the birth of Jesus.

Rajib Karim, 31, from Newcastle, was found guilty of attempting to use his job at BA to plot a terrorist attack at the behest of Yemen-based radical cleric Anwar al-Awlaki, a leader of al-Qaeda in the Arabian Peninsular.

Sentencing him at Woolwich Crown Court last week, Justice Calvert-Smith described Karim as a "committed jihadist" who responded "enthusiastically" towards plans to smuggle a bomb onto a plane or damage BA's IT systems.

Justice Calvert-Smith praised police for being able to decipher incriminating documents under "five or more layers of protection", the Daily Telegraph reports.

However, claims by the prosecution that the coding and encryption systems were the most sophisticated ever seen in use were overstated – by more than 2,000 years.

Woolwich Crown Court was told that Bangladeshi Islamic activists who were in touch with Karim had rejected the use of common modern systems such as PGP or TrueCrypt in favour of a system which used Excel transposition tables, which they had invented themselves.

But the underlying code system they used predated Excel by two millennia. The single-letter substitution cipher they used was invented by the ancient Greeks and had been used and described by Julius Caesar in 55BC.

Karim, an IT specialist, had used PGP, but for storage only.

Despite urging by the Yemen-based al Qaida leader Anwar Al Anlaki, Karim also rejected the use of a sophisticated code program called "Mujhaddin Secrets", which implements all the AES candidate cyphers, "because 'kaffirs', or non-believers, know about it so it must be less secure".

The majority of the communications that formed the basis of the case against Karim, which claimed to warn of a possible terrorist plot in the making, were exchanged using the Excel spreadsheet technique, according to the prosecution.

Writer Duncan Campbell, who acted as an expert witness for the defence during the trial, said: "Tough communication interception laws [RIPA] were passed in the UK 10 years ago on the basis that they were needed to fight terrorism. Ludicrous articles were published then about the alleged sophistication of their methods.

"The case just dealt with shows where we have got to in the real world. The level of cryptography they used was not even up to the standards of cryptology and cryptography in the Middle Ages, although they made it look pretty using Excel." ®

Campbell will be writing for the Register on insights into terrorists' use of cryptography soon.

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (92)
Highly Rated
JakeyC

Silly terrorist is silly

Hello Mr Terrorist,

We kaffirs all know about encryption so if you want my advice you should use lemon juice as invisible ink.

When your mate warms the paper in an oven it will show up your secret message. You should definitely do this because no one else uses it so it's more secure.

P.S. We also know about explosives so next time, use water bombs because we won't be expecting that and we'll be very afraid.

29
1
Lee Dowling

Rule #1

Rule #1 of encryption, randomness, steganography, copy-protection or a million and one other related areas:

Just because you *think* it's better than a published algorithm reviewed by thousands of experts, doesn't mean it *IS* better.

Rule #2: Never "make up" your own encryption, random number generator, steganographic technique, copy protection etc. - it'll never work and if you *ARE* an expert, you'll know that you'll need to have people attacking it for decades before you declare it "secure enough". Even using the published ones "with a twist" or a new from-scratch implementation will compromise your encryption most of the time.

Rule #3: Don't trust in God when 2048-bit, peer-reviewed, PKE exists and has *never* been "cracked", even when terrorists used it and we needed access to the information contained within for anti-terrorist purposes. Seriously. There's never been a case where "real" encryption that wasn't hideously out-of-date was used and some random three-letter agency managed to decrypt it. There's a reason for that - that's what it was DESIGNED for.

25
1
DrXym

BA should be ashamed of themselves

Imagine hiring this idiot as an IT specialist.

12
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17