Bin Laden's 'treasure trove' of data could be tough to crack
Encryption could make it unreadable, but SEALs were prepared, experts say
- By Kevin McCaney
- May 06, 2011
As investigators examine what U.S. official have called a treasure trove of data retrieved from Osama bin Laden’s hideout in Pakistan, security experts are speculating about whether some of the data will be unreadable.
During the May 1 raid in which bin Laden was killed, Navy SEALs carried off five computers, 10 hard drives and more than 100 portable storage devices, such as DVDs and flash drives, along with paper documents, according to a number of reports.
The devices likely contain a lot of information, since bin Laden’s compound was not connected to the Internet and those USB thumb drives and DVDs contained his communications. But officials haven’t said whether, or how well, the electronics devices were encrypted.
What was on Osama bin Laden’s hard drive?
Psst, want to see photos of bin Laden’s body?
Investigators quickly found evidence that al Qaeda had considered — but apparently not followed up on — a rail attack on the 10th anniversary of the Sept. 11 attacks, according to a report by Reuters, although they didn’t specify where that information was stored. If could have been on paper or on an unencrypted device.
If the information on some of the hard drives and storage devices was encrypted well, it might never be retrieved, reported Security News Daily.
"Correctly implemented encryption is very difficult to break," Steve Santorelli of security research group Team Cymru, told SecurityNewsDaily. He described breaking it as a “huge, huge challenge.”
But retrieving data was likely a key part of the operation, which could increase the likelihood that data could be read, Greg Hoglund, CEO of HBGary, told InformationWeek.
Hogland said the military uses a technique called battlefield exploitation to extract data in the field. A part of the process is to try to extract data while a computer or drive is running, which makes it easier, according to the InformationWeek article. Even an encrypted drive can be accessed if it’s running, he said.
A CBS News TechTalk article called the process media extraction, and said the military uses the acronym DOMEX for it. The Army has said it provides DOMEX teams to troops in Afghanistan, the article said.
Despite the potential challenges, Denis McDonough, the deputy national security advisor, has said the electronic haul is "probably going to be impressive," CBS News reported.
Since the raid on bin Laden’s compound, the U.S. has stepped up drone attacks in Pakistan and Yemen and has rounded up 40 people in Abbottabad, Pakistan, with suspected ties to bin Laden, leading to speculation that those actions were based on the recovered data, although officials haven’t said where their information came from.
Kevin McCaney is a former editor of Defense Systems and GCN.