Shelly Palmer

Information Warfare: Surveillance & Encryption

Information warfare is ongoing, intensifying and global. This is not new, but it is newly relevant because the Internet and associated technologies fully democratize the weapons. While we are fighting an asymmetrical physical war, the information war is being fought on a much more level playing field. Or is it?

Hiding in Plain Sight

There is a significant amount of strategic communication being done using social media and social messaging apps. If you want to get a better understanding of how publicly available sites and apps are being used, do a quick experiment.

Visit Google Translate, choose English and type in a phrase such as “How to kill…” and translate it into Arabic. Now, copy and paste the phrase into the search bar of any social media site (Facebook, Twitter, etc.) and see what comes up. Try this with a bunch of words and phrases that you would never ordinarily think of – abhorrent, evil, terrible phrases about killing people or stabbing them or blowing them up. Searching these phrases in English yields similar results. If you speak French or any of the Romance languages, this exercise will give you a cursory understanding of how pervasive the problem is.

I previously covered the decentralized nature of the enemy and its strategic approach in an article entitled Death by Social Media. It explores how memes are being weaponized.

Going Dark

On the tactical side, the enemy is using exactly the same (commonly available) tools that we use to facilitate private communications – albeit in slightly different ways. The news media have been calling this the “Dark Web.” Many have confused it with the “Deep Web,” and some others are using the term “Darknet.” Each of these terms has a specific definition and is a term of art. None of them have to do with the cloak-and-dagger ideas being loosely associated with them. For the most part the Dark Internet is a file cabinet for pretty boring information.

The “Dark Web” refers to sites that are publicly available, but have hidden IP addresses, which makes it hard (but not impossible) to figure out who owns them. Dark Websites don’t generally SEO well (or at all), so you can’t find them with Google or other search engines.

The “Deep Web” refers to pages that are invisible to search engines. They are used for various legitimate purposes, including hiding password-protected pages.

If you want to go find a bunch of pages on the “Dark” or “Deep Web” pay a visit to It’s a good place to start.

Low-Tech Bad Guys

“Burner Phones” have received a lot of press lately. All burner phones are prepaid phones; all prepaid phones are not burner phones. To make a phone a burner phone, you send a friend of a friend of a friend to the corner drug store (because they have video surveillance and can associate the timestamp on the register receipt with the timestamp on the surveillance video) and have that person purchase a prepaid phone using cash.

When you get it, you use it for one or two calls or txts (if you got one with a data plan) and then toss it in the trash before the phone company gives you up to the authorities. Or, in the words of numerous Hollywood writers, “burn it.” This extraordinary use of ordinary technology was made famous by drug dealers; clearly it has other uses.

Higher-Tech Bad Guys (and Good Guys with IP to Protect)

Encryption algorithms are commonplace. They are used to encode information with the specific goal of preventing unauthorized parties from accessing it. For digital communication, there are two popular methods of encryption: symmetric key and public key.

The OpenPGP standard is one of the most popular versions of public key encryption, aka Pretty Good Privacy or PGP. There is a very good chance that your corporate IT department uses some version of PGP to encrypt your files – after all, it’s pretty good.

How good? Using current computer technology, a 2048-bit OpenPGP encrypted file cannot be decrypted. Someday it might be possible with a fully functional quantum computer, but these are still, for all practical purposes, theoretical devices.

Now, you’re going to push back with an argument that goes something like this: “Hey Shelly, you may think that a file encoded with 2048-bit OpenPGP encryption is unbreakable, but you don’t know that for sure. You have no idea what the NSA can or cannot do! How do you know that quantum computers don’t exist? Nothing is impossible!!!”

Yeah … no. 2048-bit OpenPGP encryption can’t be decrypted without a key because of the way computers work today. In the future, with new hardware and processor and bus speeds that are currently undreamt of, the computation may be able to be done in reasonable time – but not today.

This is not to say that the NSA or other government organizations can’t get the private keys to the encryption algorithms you use. That is a very different scenario. (I could probably socially engineer you out of anything by offering you free IMAX Star Wars tickets for December 17th.) I’m just saying that without your private key, the computational time required to break a 2048-bit key in a secure SSL certificate would take just a little over 6.4 quadrillion years.

What About Mobile Phone Encryption?

This is truly a gray area. There are apps such as Simlar, Wiper, Zoiper, CoverMe, CrypTalk, Signal and Threema that all offer some version of “secure” voice and txt on your mobile devices. What you don’t know is which of these companies allow government agencies to access (with or without a warrant) your supposedly secure communication. Since you don’t control the system, you simply can’t know what level of security you are buying. If you’re really worried, a $299.95 VoiceKeeper FSM-U1 cellphone scrambler (you need one for every phone) is a pretty low tech solution. Can it be unscrambled by the NSA? No one is going to tell you, because no one knows.

An Iterative Arms Race

This is an iterative arms race, and it will never end – ever! On any given day the good guys will be ahead of the bad guys or vice versa. I asked a highly placed FBI agent to articulate the biggest problem the bureau is facing and I was told, “The sheer volume of information we have to interpret.”

This is where the good guys (that’s us, by the way) do have a significant advantage. Our team has access to the best listening and best question/answering technology in the world. We have the best trained computer scientists and we are now learning to use man/machine partnerships to build machine learning tools capable of dealing with the immutable fact that the velocity of information is increasing and will always increase.

Today, the bad guys may be enjoying an almost level battlefield in the information war, but if we keep up our relentless pursuit of innovation, it won’t be level for long.