Bin Laden's tech habit could trip up his terrorist group
- By John Zyskowski
- May 23, 2011
Every week brings more tantalizing disclosures about the operations at Osama bin Laden's compound in Pakistan.
As it turns out, although bin Laden went to great lengths to avoid leaving a detectable digital trail — no e-mail, Internet connections, etc. — the terrorist leader’s desire for technology abstinence was far from complete. According to Pentagon officials, he relied heavily on laptop computers and portable storage devices for planning and issuing commands, and those devices are now in the hands of the U.S. government.
Whether U.S. officials can crack the codes that encrypt the tantalizing treasure trove of data presumably stored on the devices is an open question, but that possibility makes the intelligence value of the May 2 raid potentially more important than the terrorist leader's death, many experts say.
A multiagency task force led by the CIA has been established to triage, catalog and analyze that intelligence, reports Amber Corrin for FCW.com. Other task force members include the Homeland Security Department, Defense Intelligence Agency, Office of the Director of National Intelligence, FBI, National Media Exploitation Center, National Counterterrorism Center, National Geospatial-Intelligence Agency, National Security Agency and Treasury Department.
But efforts to access the terrorist group’s digital records likely started on site in Pakistan only minutes after the first U.S. special forces set foot inside bin Laden’s walled compound, which could increase the chances of success, Greg Hoglund, CEO of HBGary, told InformationWeek’s Mathew Schwartz.
That’s because it’s easier to access information from an encrypted computer drive while it is still running, Hoglund and others have said. He added that it would take a computer specialist accompanying the assault team about 15 to 30 minutes to scan and record what’s in the active computer’s memory and make a copy of the hard drive. The raid lasted about 40 minutes.
A CBS News Tech Talk article said the Army has deployed tactical computer forensics experts in neighboring Afghanistan for the past few years. Called DOMEX teams, they specialize in a technique called media exploitation.
However, if the computers in bin Laden’s home were powered off at the time of the raid and their owners had been using readily available encryption software and avoiding weak pass phrases, it might be impossible to access the data, experts said.
Pentagon officials said bin Laden’s compound served as a major command-and-control center from which he played an active role in leading al Qaeda, providing strategic, operational and tactical direction to the group.
To deliver those orders while escaping detection by U.S. spy agencies, bin Laden and his associates used e-mail, portable flash drives and a sneakernet, report Adam Goldman and Matt Apuzzo for the Associated Press. A U.S. counterterrorism official said bin Laden wrote his messages on a computer without an Internet connection, saved the messages to a thumb drive and then gave the drive to a courier. The courier would take the drive to an Internet café far from bin Laden’s home, plug it into a computer, paste the text into an e-mail message and send it. The process would be reversed for incoming messages.
That technique allowed bin Laden to stay in touch with his followers worldwide without leaving an electronic trail that could lead back to his precise location. But it also created a sizable cache of electronic records, including e-mail addresses and communication patterns, that could be invaluable to the U.S. analysts now sifting through them.
John Zyskowski is a senior editor of Federal Computer Week. Follow him on Twitter: @ZyskowskiWriter.