Bin Laden's e-mail system ridiculously not secure, but Paulie would approve

Recent reports describing Osama bin Laden’s stealth communications say that he appears to have composed e-mails, saved them to a thumb drive and given the drive to a messenger, who then drove to a distant Internet café, logged on, plugged it in and hit send.

Spencer Ackerman, writing in the Danger Room blog, notes that no IT manager would allow such practices, primarily those associated with thumb drives, because of the security risks.

The Defense Department has wrestled with its policy covering the use of removable media, which are known to harbor and transfer viruses and malicious code, going back and forth over whether they should be banned.

Even many thumb drives certified under the Federal Information Processing Standards have proved to be vulnerable to hacking. The GCN Lab’s Greg Crowe recently concluded that secure thumb drives need to move from FIPS 140-2 Level 2 certification to Level 3.

But bin Laden was no IT manager.

Since his May 1 killing, several news reports based on information gleaned from his Abbottabad, Pakistan, compound have compared the way he ran al Qaeda to the way a gangster runs his operation, and in thumb drive/e-mail respect, the analogy could be on target.

Early on in Martin Scorcese’s “GoodFellas,” Ray Liotta’s character describes a similar way in which the boss, Paulie, handled his communications. Paulie wasn’t in hiding, but he was security conscious and he refused to talk on the phone. “He wouldn’t have one in his house,” Liotta says.

So some of his underlings had to handle the calls for him. “He used to get all his calls second hand and you’d have to call the people back from an outside phone. There were guys, that’s all they did, all day long, was take care of Paulie’s phone calls.”

That part of “GoodFellas” was set in the 1950s. It seems that in the underworld, some things haven’t changed that much.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

inside gcn

  • security in the cloud (ShutterStock image)

    Cloud security is the agency’s responsibility

Reader Comments

Wed, May 25, 2011 Marc Gartenberg DC metro area

Am I the Victim or the Crime? Should an international cybercriminal worry about encryption? No, the point is to get the message out and the less protected the better? If someone wants to get their message out, the less secure the better.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group