April 28, 2006

e-mail hack involved in Madrid Bombing

It seems that the swine responsible for the March 11, 2004 train bombings used a simple e-mail hack to avoid detection... From the International Herald-Tribune:
Madrid suspects tied to e-mail ruse
One of the leading figures indicted in the March 11, 2004, train bombings in Madrid used a simple trick that allowed him to communicate with his confederates on ordinary e- mail accounts but avoided government detection, according to the judge investigating the case.

Instead of sending the messages, the suspect, Hassan El Haski, saved them as drafts on accounts he shared with other radicals, according to papers issued by the judge, Juan del Olmo. They all knew the password and so they could access the accounts to read his comments and post replies, according to the judge.

This ruse meant that there was no digital trail that the authorities could easily trace, according to the judge and government. Had the messages been e- mailed, the government might have monitored them, as is common across Europe.

Intelligence officials have said in the past that terrorist groups were using the trick, which investigators call a "virtual dead drop." But few concrete examples have come to light, especially in an attack as extreme as the Madrid bombings, which killed 191 people.

Few details of this use of e-mail accounts were given in the lengthy indictment that named 29 suspects, mostly North African, this month. The government charges that these e-mail accounts were apparently used from as early as late 2003 until after the March bombings. But it does not detail how many people shared the accounts, and what kinds of instructions were given.

"This is probably a common method of communication among jihadists in Europe," Javier Jordán, the director of the Center for Security Studies and Analysis at the University of Granada, said in a telephone interview.

"Haski is a person who traveled a lot and had lots of contacts," he said. "If he used this method, a logical interpretation is that many others did too."
That loophole is probably already closed in Yahoo, GMail, Hotmail, etc... but there are lots of small services out there that would still be usable. As long as the e-mail is on one server system, reading stays difficult without cooperation from that ISP. Once it gets routed into the Internet, then detection becomes easy. Crap... Posted by DaveH at April 28, 2006 3:54 PM
Comments
Post a comment









Remember personal info?