How Bin Laden Sent and Received Email

Only slighty more roundabout than RMS's system for browsing the web.

tl; dr: Write email. Copy to USB. Give it to courier who takes it to a distant internet cafe and sends it out. Incoming email is copied into the same USB and delivered back.

This flags up all sorts of wrong. A counter terrorism official demands anonymity to tell us some very mundane facts:<p>1) Bin Laden sent e-mail. 2) He sent it via a very simple if slow method. 3) The US has these e-mails including the receiving address.<p>Why would they publish this tipping off their targets? Why does the official require anonymity?<p>A nasty thought does occur which is that this makes an excellent reason for governments to insist that ISPs and email providers hold all emails indefinitely for future investigations.

For all the cheering about Bin Laden's demise, its this trove of information that people really should be cheering about. It sounds like they basically got a full snapshot of the Al Quada organization at the time of the raid. Intelligence analysts right now must be the having the most thrilling yet most critically intense time of their careers.

The hype-to-content of this article is ridiculous.<p><i>It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden's ability to maintain it for so long.</i><p>Really? <i>Really?</i> It's still more efficient than traditional post, and I'm guessing there wouldn't be this level of hullabaloo if that had been the mode of communication.

According to my girlfriend who grew up in Africa, this is normal behavior when you have to pay for internet by the minute.

I remember watching the movie "Traitor" a few years back and wondering if Al Qaida used something similar to what the fictional terrorists were using in that movie.<p>(From what I remember, they were merely writing messages and saving them as drafts. Then others would log on and read the drafts. No emails were sent.)<p>Interesting though how much he relied on couriers.

Surely the lamest thing I read today. I was expecting some elaborate multiple encryption and obfuscation scheme involving proxies and anonymisers in addition to sneaker net in and out of the hideout.

It is absolutely amazing to me that terrorist organizations would not use encrypted email.

I cannot help but think of the recent story about Knuth and his secretary, reading (and replying to) mail by proxy as well..

This doesn't surprise me, having 100+ USB's lying around with content does.

There doesn't seem to be a mention of encryption anywhere. I'm surprised they didn't avail themselves of a little PGP. If a giant notorious terrorist organization isn't using public key cryptography, who is?

I think strong crypto + several VPN providers would be as safe and easier to automate.<p>(This, BTW, is why I am generally against anti-piracy enforcement actions and warantless wiretapping. When you force normal people to use strong cryptography and VPN providers or mesh networks, the terrorists are much harder to pick out. They just look like kids downloading movies.)

Doesn't this system still lead to a large trail of emails going back to Pakistan (assuming the courier didn't go all the way into Afghanistan to send each email). Presumably, some of the computers that were on the receiving end of those emails have been seized by US intelligence in various raids. The IP of the sender would be easy to trace for the CIA, and the content of the emails would have at least indicated that the sender was in a key decision-making position within the organization.<p>Without some other security steps, like VPNs or proxies, the US would have certainly been able to trace the country of origin of these communications.

SMTP over sneakernet

Pretty lo-tech solution but it worked for many years so why not. What's surprising is that they left behind so many usb flash drives; with them being so cheap why not buy hundreds of low capacity drives and destroying them after each dispatch.

Why did they use USB sticks and not something that courier can chew/swallow, like MicroSD?

A simple SOCKS proxy would have saved him a lot of trouble.

this article doesn't even mention email!