Terrorism

The Paris Attackers Didn't 'Go Dark'—They Used Burner Phones

More reasons to be skeptical of demands for encryption back doors.

|

Salah Abedeslam's arrest
Channel 4

Encryption was not the reason authorities were in the dark about the planned Islamic State terrorist attacks in Paris last fall. It was a method of escaping or avoiding surveillance known to police and viewers of The Wire everywhere: "burner phones," smartphones that were purchased and used briefly before being disposed of in order to avoid tracking or wiretapping.

Authorities still believe that encryption did play some sort of role in communications in the planning stages (and the information about that is still very vague). But according to a report analyzed over the weekend at the New York Times, encryption didn't appear to play a role in the unfolding of the actual attacks:

The attackers seized cellphones from the hostages and tried to use them to get onto the Internet, but data reception was not functioning, Mr. Goeppinger told the police. Their use of hostages' phones is one of the many details, revealed in the police investigation, pointing to how the Islamic State had refined its tradecraft. Court records and public accounts have detailed how earlier operatives sent to Europe in 2014 and early 2015 made phone calls or sent unencrypted messages that were intercepted, allowing the police to track and disrupt their plots. But the three teams in Paris were comparatively disciplined. They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.

The report noted that they have found absolutely no email or online chat between the terrorists on any of the phones they've recovered. And they found dozens of boxes of unused cellphones in the apartment they raided after the attacks.

The report prompted a Twitter exchange between surveillance whistleblower Edward Snowden and The Wire creator David Simon. Snowden joked that authorities would seek out Simon for "questioning" at the news that burner phones had been used (the joke being that Simon, like Snowden, would be held accountable for passing along information about surveillance methods). Simon responded by wondering whether, actually, the tactics used by the terrorists vindicated phone metadata collection, and Snowden responded to him by pointing out that foreign terrorists (unlike American drug dealers) would dispose of the phones so quickly as to render the metadata gathering less useful in preventing attacks. And the exchange went on. You can read the tweets here. Keep in mind that Snowden and other critics of mass metadata surveillance have not been objecting to the tool, but rather the mass, unwarranted collection of data from millions of Americans. Nothing that has changed about metadata collection (or has been argued) would have prevented the National Security Agency (NSA) from collecting information about these terror suspects' phones assuming the NSA did know of their existences.

As for encryption, it's not clear to the extent that it played in the planning stages. Ars Technica analyzed the piece and was suspicious of the claim that much encryption happened at all:

A witness reported seeing a terrorist with a laptop, and told the investigators that as the computer powered up, "she saw a line of gibberish across the screen: "It was bizarre—he was looking at a bunch of lines, like lines of code. There was no image, no Internet," she said." The New York Times writes: "Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks."

But as many were quick to point out online, the witness probably wasn't looking at some encryption software in action, because such systems show the decrypted message, not the encrypted form. The former Ars Technica editor Julian Sanchez wrote on Twitter: "It's suggestive of a verbose boot. Using encryption looks like 'reading a message' because you decrypt it first."

The Times notes that authorities hope the arrest of suspected attack planner Salah Abdeslam in Belgium Friday will lead to more answers, including what type on encryption the terrorists used to plan the attacks, if any.

And that's an important reminder about the issue with trying to demand encryption "back doors" from large companies: There are hundreds of independent encryption software tools out there. When the authorities go after Apple like they're doing in the San Bernardino case, what they're actually doing is potentially weakening the "industry"-level encryption or security measures that protect average law-abiding folks from criminals and hackers. In order to fight organized terrorism, authorities are really going to have no choice but to figure out how to break each encryption system on their own. There is no realistic way in this world to police independently produced and released software tools.

There's more information about the Paris attacks coming out today. Read more here.

NEXT: Open Borders, Open Markets, Low Taxes, Tiny Government: The Liechtenstein Model

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Thank God encryption didn’t play a role in this attack. Think of how much worse it could have been.

  2. “It was bizarre?he was looking at a bunch of lines, like lines of code. There was no image, no Internet,” she said.

    The universe spared this person.

    1. He was hacking the whole internet using his speed typing skills.

    2. He was looking at porn – you might have seen lines of code, he saw blonde, brunette, redhead…..

    3. she saw a line of gibberish across the screen…The New York Times writes: “Her description matches the look of certain encryption software, which ISIS claims to have used during the Paris attacks.”

      Yes, because we all know that, to computer-ignorant laypeople and people who need glasses, encryption software looks just like gibberish.

      Strangely, so does everything else on a computer.

      Very clever, NYT, you masters of investigative journalism, you.

    4. So moving forward, programmers like me can’t sit at a cafe with a laptop without some nosy snitch looking over my shoulder and deciding to call in the cops because I’m typing lines of code…

      The Stasi are alive and well in America, from the NSA on down. We’ll all be hiding untraceable typewriters under our floorboards next…

    5. The terrorist was reading the matrix. I do it all the time, I can see the lacy undies Angelina Jolie thinks she’s wearing right now.

  3. Oh, sure, the terrorists have picked up on what drug dealers have been doing forever to evade detection: Use a disposable phone. Okay, that being saId, this is nothing like Apple’s refusal to support the FBI’s investigation of a phone purchased by a government agency for employee use.

    I don’t know why government agencies are buying smart phones for employee use anyway, especially at the country health agency level, but if they are, they should now establish some policies regarding passwords, as in “no passwords, ever!” There shouldn’t be anything on a government employee’s smart phone that should be considered private and require a password. It’s illegal for a government employee to use government time or resources for personal use.

    While the FBI may never get into the San Bernadino government health agency smart phone, they should now be able to get into any other government phones being used by terrorists and paid for by the taxpayers.

    1. I wouldn’t doubt there’s a state or even federal-level policy, probably a provision of HIPAA, that requires password-protecting official devices.

    2. Uhh…even if there was such a requirement for the phone if you’re planning on shooting up or blowing up some people do you really care about the ‘company’ policy of not putting passwords on devices?

      A better plan might be to buy special ‘government’ phones that already have a backdoor installed. Actually, I quite like this idea. That way, hackers everywhere know exactly what to do when they want government information. Hmm…

  4. “There are hundreds of independent encryption software tools out there. When the authorities go after Apple like they’re doing in the San Bernardino case, what they’re actually doing is potentially weakening the “industry”-level encryption or security measures that protect average law-abiding folks from criminals and hackers.”

    Well duh, those should be illegal too! Criminals, all of them! -Progderp

    This is the same argument I’ve used in gun control discussions for years. You can actually make firearms yourself, and this is exactly what has happened with biker gangs in Australia. Yet somehow, making the thing illegal means no one can have it in the minds of the progderp. I suppose, in their minds, there is simply no way for brown people to be smart enough to encrypt something without Apple.

  5. any other government phones being used by terrorists and paid for by the taxpayers.

    A category numbering in the millions. Literally.

  6. Europe believes that security is necessary for freedom (see the 60 Minutes interview last week with the Interpol guy). The US is the opposite. Who’s right? I trust Ben Franklin on this issue. You can’t get into a cell phone? OK then do some good old fashioned police work. And decriminalize speech and religion under the secular caliphate (‘laicite’). You’ll be fine, Europe. I promise.

  7. You know who else went dark…

    1. Rachel Dolezal?

    2. *yawns then crawls into the sunlight*

      Your mother?

  8. The Paris attacks were a fraud, just like 9/11, Boston, Sandy Hook, Norway, “Batman shootings”, San Bernardino etc. etc.

    Dream On?:

    “……In your dream, 9/11 was not a scam”
    In your dreams, the war on terror is not a scam,
    In your dream, al -qaeda was not a scam,
    In your dream I.S.I.S. is not a scam”

    Lyrics excerpted from “Dreams [Anarchist Blues]”:
    https://www.youtube.com/watch?v=QMXtoUtXrTU

    Regards, onebornfree

  9. And they found dozens of boxes of unused cellphones in the apartment they raided after the attacks.

    Well, crap. I can see easily enough what the statists will say next: oblige cell phone owners to register with the government, and make possession of an unregistered cell phone a federal pound-you-in-the-ass prison offense.

    1. My reaction too. They’ll probably either make it a crime to own more than one phone, or impose a waiting period between phone purchases, or put a punitive tax on phone purchases.

  10. As for encryption, it’s not clear to the extent that it played in the planning stages.

    It’s not clear that I should give a crap. I still have the right to secure communication. Either ban it outright or shut up already, instead of this passive/aggressive ‘well who know how many people could have been saved’ bullshit.

  11. And it turns out, they weren’t really Muslims at all! So there’s no need to worry about Muslim immigration in any amounts, anywhere, ever!!!

  12. I’ve made $64,000 so far this year working online and I’m a full time student. Im using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. Heres what I do,

    ——————- http://www.richi8.com

  13. I’ve made $64,000 so far this year working online and I’m a full time student. Im using an online business opportunity I heard about and I’ve made such great money. It’s really user friendly and I’m just so happy that I found out about it. Heres what I do,

    ——————- http://www.richi8.com

  14. Start working at home with Google! It’s by-far the best job I’ve had. Last Wednesday I got a brand new BMW since getting a check for $6474 this – 4 weeks past. I began this 8-months ago and immediately was bringing home at least $77 per hour. I work through this link, go to tech tab for work detail.
    +_+_+_+_+_+_+_+_+ http://www.net-jobs25.com

Please to post comments

Comments are closed.