U.K. CASE REVEALS TERROR TACTICS

The Wall Street Journal

  • FEBRUARY 7, 2011

By ALISTAIR MACDONALD And CASSELL BRYAN-LOW

LONDON—A British Airways PLC employee named Rajib Karim allegedly exchanged electronic messages with an al Qaeda cleric in Yemen for more than two years, his activities cloaked by an encrypted fortress he created on a laptop computer and an external hard drive, prosecutors say.

Rajib Karim, shown in an undated police photo.

UKTERROR1

The sophisticated encryption tactics Mr. Karim allegedly used to shield his communications with U.S.-born radical cleric Anwar al-Awlaki—and the small clue he left behind that enabled police forensics teams to defeat them—are center stage in a high-profile trial here in which Mr. Karim is accused of preparing for terrorist acts related to his work at the airline and to his alleged communications with Mr. Awlaki.

The case provides a rare and detailed look at how terror suspects may be able to communicate surreptitiously—and how difficult and laborious it is for law enforcement to crack their codes.

Mr. Karim used layer upon layer of encryption and other techniques to prevent others from being able to read the messages and access other data stored on his computer equipment, prosecutors allege.

The encryption is so complex and layered that “I could give an analogy of Russian dolls,” Detective Constable Stephen Ball, the policeman in charge of the computer forensics in Mr. Karim’s case, said in court Thursday.

Mr. Karim, a 31-year-old Bangladeshi national, pleaded guilty in November to fund-raising for the purposes of terrorism; possessing documents likely to be of use to a person committing or preparing to commit an act of terrorism; and engaging in conduct for the preparation of terrorist acts, all charges mainly related to his association with a banned Bangladeshi terrorist group.

Mr. Karim, who is in custody, is being tried on four counts of engaging in conduct in preparation of terrorist acts, including providing information about his employer to others for terrorist purposes.

James Wood, a lawyer for Mr. Karim, told the court that while his client had committed some offenses, “that which he has admitted is the limit of his criminal actions.” Mr. Wood didn’t dispute that Mr. Karim had encrypted the messages.

Lawyers for Mr. Karim didn’t respond to requests to comment for this article.

The methods that terror suspects use to conceal their communications are “a real problem” for police and intelligence authorities, says Lord Alan West, who was security adviser to former Prime Minister Gordon Brown. Other experts say such problems have been made worse by off-the-shelf software.

PA Photos /LandovBritish Airways planes at Heathrow Airport.

UKTERROR2

UKTERROR2

Keeping Secrets

Among the steps Rajib Karim allegedly used to encrypt messages:

• Messages were stored on an external hard drive in files that appeared to have been created in one kind of program, but in fact used a different type of program

• The program used enables each file to run as a separate, password-protected ‘virtual hard drive’

• Text contained in those files also was in scrambled form unless decrypted with the help of a custom-built software program

• Messages allegedly contained false names and other coded words

• Didn’t exchange messages as emails, which can be intercepted; instead uploaded them to publicly available websites that host files

• Used software to erase some electronic fingerprints from laptop

WSJ research

The previous government had even looked into whether they should make it a criminal offense for suspects to not hand over decryption codes, Lord West said.

The time needed to break such codes was one reason the previous British government under Mr. Brown argued for holding terror suspects for as long as 28 days without charge, Lord West added. The current government of Prime Minister David Cameron recently reduced this to 14 days.

Upon raiding Mr. Karim’s apartment police recovered, among other things, a laptop and an external hard drive able to store some 320 gigabytes of data, according to prosecutors. The hard drive held some 35,000 files including messages with Mr. Karim’s brother, with Mr. Awlaki—a leader of terror group al Qaeda in the Arabian Peninsula—and with other colleagues, prosecutors say.

Mr. Karim allegedly hid the messages and other data stored on the drive by changing the suffix at the end of the name of key files, which would typically tell a computer what program would be needed to open them up. That included four files labeled “Quran DVD Collection,” which appeared to be compressed files because they took the suffix “.rar,” which relates to a type of software that reduces the size of a file, according to prosecutors.

Mr. Ball said he noted these files were unusually large, and discovered that they were actually created in a different program, Pretty Good Privacy, which enabled each file to run as a separate, encryption-protected “virtual hard drive.” Without the correct password, the files were completely unintelligible.

It’s the equivalent of “a safe with a combination,” Mr. Ball said in court. He sent the files to British intelligence services, which returned them decrypted, or unlocked. Once able to open the files, Mr. Ball testified, he still wasn’t able to read most of the messages contained with them: Mr. Karim had enciphered the text, leaving it scrambled and unreadable.

Mr. Karim left police a clue, however. On the external hard drive was a disguised file that looked like it was meant for viewing thumbnail-size photographs—but that actually consisted of text with instructions for using a spreadsheet containing a purpose-built formula to decipher the message, according to Mr. Ball. The spreadsheet also worked in reverse, enciphering messages before sending to another member of the group, Mr. Ball said.

Those instructions helped Mr. Ball decrypt the messages and see that—according to prosecutors’ account—Mr. Karim was passing to Mr. Awlaki information about British Airways’ computer and security systems that could be vitally important for those wishing to conduct a terrorist attack.

Still, it took many more months for the messages to fully come into focus. There were many spreadsheets on the hard drive, and sometimes numerous versions of each one. Even once unscrambled, prosecutors allege the messages contained false names and other coded words, further obscuring their contents. The names of countries and people, as well as their sex, were changed, and their movements and activity were discussed as if involved in business transactions, prosecutors allege.

As an additional layer of protection, prosecutors say, Mr. Karim and his colleagues didn’t exchange their messages as emails, which can be intercepted. They instead uploaded them to public websites that host files, where another member of the group could then download them to his or her own machine.

In a further safeguard, prosecutors allege, Mr. Karim used software to erase other electronic fingerprints from his laptop, including a program called “Windows Washer” that effectively deletes traces of Internet browsing history from the machine.

Write to Alistair MacDonald at alistair.macdonald@wsj.com and Cassell Bryan-Low at cassell.bryan-low@wsj.com

Share

Leave a Reply

Search All Posts
Categories