Bin Laden's e-mail system ridiculously not secure, but Paulie would approve

Recent reports describing Osama bin Laden’s stealth communications say that he appears to have composed e-mails, saved them to a thumb drive and given the drive to a messenger, who then drove to a distant Internet café, logged on, plugged it in and hit send.

Spencer Ackerman, writing in the Danger Room blog, notes that no IT manager would allow such practices, primarily those associated with thumb drives, because of the security risks.

The Defense Department has wrestled with its policy covering the use of removable media, which are known to harbor and transfer viruses and malicious code, going back and forth over whether they should be banned.

Even many thumb drives certified under the Federal Information Processing Standards have proved to be vulnerable to hacking. The GCN Lab’s Greg Crowe recently concluded that secure thumb drives need to move from FIPS 140-2 Level 2 certification to Level 3.

But bin Laden was no IT manager.

Since his May 1 killing, several news reports based on information gleaned from his Abbottabad, Pakistan, compound have compared the way he ran al Qaeda to the way a gangster runs his operation, and in thumb drive/e-mail respect, the analogy could be on target.

Early on in Martin Scorcese’s “GoodFellas,” Ray Liotta’s character describes a similar way in which the boss, Paulie, handled his communications. Paulie wasn’t in hiding, but he was security conscious and he refused to talk on the phone. “He wouldn’t have one in his house,” Liotta says.

So some of his underlings had to handle the calls for him. “He used to get all his calls second hand and you’d have to call the people back from an outside phone. There were guys, that’s all they did, all day long, was take care of Paulie’s phone calls.”

That part of “GoodFellas” was set in the 1950s. It seems that in the underworld, some things haven’t changed that much.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.