So, by the time I finished this, this New York Times article has more details. Apparently, it really is just TrueCrypt. What's still missing is how the messages are created. Presumably, it's just notepad. It's also missing the protocol used. It is HTTP/FTP file upload? Or do they log on via SMB? Or is it a service like DropBox?
Anyway, I think my way is better for sending messages that I describe below:
CNN is reporting on how the Euro-ISIS terrorists are using encryption. The details are garbled, because neither the terrorists, the police, or the reporters understand what's going on. @thegrugq tries to untangle this nonsense in his post, but I have a different theory. It's pure guesswork, trying to create something that is plausibly useful that somehow fits the garbled story.
I assume what's really going is this.
This system works because it's completely contained on the USB drive. The terrorist can walk up to any Windows PC at a cyber-cafe and make this work. All the evidence is on the USB drive, so there's nothing left on the Windows computer that law-enforcement can track down. Likewise, the forum is likely to be something that the NSA is less likely to be monitoring. But if they are, they'll get some metadata, but still won't be able to break the PGP encoding.
This is all guesswork. I built this USB drive in the last hour and installed all the portable versions of the software (TrueCrypt, gpg4win, and IronPortable) on it to create these screenshots. It's a plausibly useful way of doing things such that stupid terrorists can't mess things up (leave unencrypted messages or metadata around). And, it matches (kinda) the garbled news account.
The moral of the story is that news stories ought to talk to experts. We can't figure out from the inaccurate accounts you can tell, and only make guesses like I have here.
Post a Comment