First of all, I’d like to thank everyone who has responded to my post regarding the former head of the CIA Bin Laden using saying that the source of the Bin Laden video can’t be tracked “because there’s too much material on the Internet.” For the sake of avoiding confusion, I purposely avoided getting into technical details in my original post. However, it’s clear that many people have questions regarding the details of how Bin Laden could be tracked, so I will outline my responses here.
Freenet, Anonymous Remailers
Q: Couldn’t Bin Laden have covered his tracks by posting the video to an anonymous Freenet site or by sending it via an Anonymous Remailer?
A: Sure, Freenet or anonymous remailers could be used to make content available anonymously, but that’s not what happened in this case. The story is that someone – who has posted over 100 times over a period of several months – announced this on a public internet forum. I saw the forum the announcement was posted on before it was shut down Friday morning. If they had the resources to shut the forum down, they also had the resources to determine what IP the post was coming from.
Even if that IP is a proxy or shell server, they could then sniff the proxy or shell and get the IP connected to it, getting one step closer to the source. They could simply repeat until they have the original source, or the public computer that’s being used to upload the content from. If the user is posting over a hundred times, I doubt he’s going to 100 different cyber cafe’s… eventually he’ll use the same public terminal and the CIA could be waiting there for him, or at least watching and following him.
Complicated Chain of Custody
Q: Imagine the tape being in a chain of custody, A->B->C->D -E before it reaches the CIA. ‘A ‘ being the origin point where the tape is created. The director hops on a bike and takes the tape thirty miles or so down the mountain to ‘B’, a guy in a small nearby town with internet access, who sends the tape online to ‘C’ who lives five hundred miles or so a way in a Gulf state. ‘C’ makes a copy, packs it nicely with a note saying, ‘new Bin Laden message!’ and has ‘D’ deliver it anonymously to ‘E’ an Arabic Television Network whose people upon discovering the tape report the find to the CIA before broadcasting it. The point of this is this: if B and C are unknown factors in this chain then it is nearly impossible to track the data that was transmitted through a random search.
A: You are very right that are several ways to obfuscate the source of such an announcement. However, the story is that someone from Al-Qaeda’s production arm, As-Sahab, posted an announcement to a public internet forum. The person who posted the original announcement had over 100 prior posts to the forum that the SITE Institute had been watching for months.
So, in your model of custody, A could be the origin of the video, B could be some guy on a bike, C could be the original poster, D could be a proxy server, shell account provider, or a public computer, and E could be the server on which the public forum resides.
The CIA shut down the public forum (E) on which the original announcement was made. If that’s the case, they certainly had the resources to obtain the IP address of device D. Even if computer D keeps no logs, a packet sniffer could be setup to determine the location of person C. The CIA could then surveil person or device C. If person C is using a public terminal, that means setting up cameras and waiting for the guy to show up. If person C is using a proxy server, anonymous remailer, or shell account, that means setting up a packet sniffer upstream of the server. Either way, once you have person C, you have a way to reach person B, and I’m sure the CIA is plenty capable of following a guy on a bike.
It’s key to remember that the original user posted over 100 times to the forum, which means he would have to use a chain of custody like this over 100 times. If he ever returns to the same public terminal, you’ve got him, but the excuse given was that there’s too much material on the Internet, which doesn’t make sense at all.
Summary
I will amend this FAQ as I get more email, but in the mean time let me re-iterate that I’m not suggesting that the CIA should be able to sniff packets that were already sent. I’m suggesting that there were over 100 opportunities to trace at least significant part of the chain of custody and that “there’s too much material on the internet” is NOT a valid reason for not being able to track “public enemy number one.” We’re spending $2 trillion on a war, and Bin Laden was a big part of the excuse. Surely the CIA can dedicate some resources to tracking him, despite all the material on the internet.
