Forgot your password?
typodupeerror

Mafia Boss Using Crook Crypto Captured 378

Posted by Zonk
from the never-heard-of-pgp-and-email dept.
boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
This discussion has been archived. No new comments can be posted.

Mafia Boss Using Crook Crypto Captured

Comments Filter:
  • Substituion Cipher? (Score:4, Informative)

    by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Tuesday April 18, 2006 @11:14AM (#15149333) Homepage Journal
    God, he used a simple (rot3) substitution Cipher, with not even a Vigenère keyword and didn't expect it to get broken?

    People have been using frequency analysis [wikipedia.org] for over a thousand years to crack substitution ciphers!
  • If only.. (Score:5, Interesting)

    by Ckwop (707653) * <Simon.Johnson@gmail.com> on Tuesday April 18, 2006 @11:15AM (#15149340) Homepage

    You see, now if you want to do secure pencil and paper ciphers here's how you do it.

    • Get two decks of cards, including the jokers. You should have 108 cards in all.
    • Encode a face up card as one and a face down card as zero.
    • Find a dense primitive polynomial [wikipedia.org] of order 108.
    • Randomize the face up and face down cards in the pack.
    • Construct a self-shrinking linear feedback shift register [wikipedia.org].
    • The keystream you clock off is reasonably secure.

    Self-shrinking generators are broken but the best attack requires an insane amount of plain-text. Far, far, more than you could ever generate by hand. If Mr Mafia had used this instead of a crappy cipher from two thousand years ago then he might not have been caught.

    Throughout history lives have literally depended on the strength of the cryptography people have deployed. I find it exciting that these times are still with us and are not mearly confined to the history books.

    Simon

    • by networkBoy (774728)
      I'm willing to bet he "discovered" this cipher on his own. Had he researched it at all he would have known better.
      -nB
      • Since he's italian, maybe he heard that Caesar used it, and wanted to do the same? It says in the article that he dropped out of school at 8 years old, and that he conducted business on a typewriter, so he probably wouldnt have been able to handle any more complex a crypto scheme
    • Or you could try the one in Cryptonomicon. The details elude me, but I recall it being something like RC4 with a deck of cards.
    • Re:If only.. (Score:5, Informative)

      by Redwin (805980) on Tuesday April 18, 2006 @11:45AM (#15149696)
      Considering ancient cyphers, if I remember correctly the ancient Chinese used to write messages Ceaser cypher style messages on fabric that had to be wrapped around a pole. The pole had to be the exact length and thickness or the text wouldn't align up and the decyphering process couldn't be started. If anyone was stopped, they could hand over the fabric covered in text and it would be meaningless without knowing what kind of pole was used to algin everything up.
      • That sir, is cool. I'd love to mod you up as +1 informative/interesting but alas I am without mod points. Anyway Kudos for that most interesting factoid. I may have to try that one out on an anniversary present for the wife.
      • Re:If only.. (Score:5, Insightful)

        by anotherone (132088) on Tuesday April 18, 2006 @12:51PM (#15150416)
        Trivial to break. Wrapping the cloth around a pole is just an easier way of looking at every x letters. It'd take about 2 minutes to brute force the value for x manually, a program with a dictionary could do it in milliseconds.
    • Indeed the "pizzini" (cryptograms) have not been intercepted while in transit, but found at his home after his arrest (... which police made using other sources, unrelated to the pizzini...).

      Had he used a more secure algorithm, such as the one described, he would have needed to have kept the key (the appropriately shuffled deck of cards) somewhere, which police would just as easily have found at his home. Or we would have needed to remember the 108 bit number in his head, but somehow I doubt he would have

      • by TubeSteak (669689) on Tuesday April 18, 2006 @01:26PM (#15150801) Journal
        I think an appropriately shuffled deck of cards would be somewhat innocuous.

        If the police aren't looking for something like a deck-of-cards-as-key, then they won't find the key, all they'll find is a deck of cards.

        I only say this because I recall reading an article some years back about drug dealers storing their business information on USB thumbdrives & wearing them as necklaces or on keychains. The police would arrest the dealer, but since the police didn't know what they had, the thumbdrive was treated as any other possesion & sealed up till the dealer was released.

        You're still hiding your 'key', you're just hiding it in plain site & hoping no one sees it for what it is.
    • Don't know about Italy, but in the U.S. he would have been compelled to cough up his key to the Feds or be held for contempt until he rotted.

      So why even bother with crypto?

    • by David Mazzotta (590711) <.dzot. .at. .usa.net.> on Tuesday April 18, 2006 @12:14PM (#15150061) Homepage
      I'm just trying to imagine the look on Paulie Walnuts' face as you explain that.
  • by gowen (141411)
    8 jqe3 y8j qh 9rr34 y3 d97oeh[5 43r7w3.
  • Behold the power of Rot 13 [rot13.com]! It's ten times more powerful than that weak Rot 3.
  • by WebHostingGuy (825421) * on Tuesday April 18, 2006 @11:16AM (#15149356) Homepage Journal
    these people to be brain surgeons did you?
    • by Zephyros (966835)
      Certainly not, but I would think that those whose livelihoods and lives depended upon secrecy would be a little more careful with information. Okay, so according to TFA, the guy dropped out of school when he was 8. Maybe he wasn't the sharpest knife in the silverware cabinet - hell, maybe he was a spoon - but he seemed to have some leadership talent. You don't become a "boss of bosses" otherwise. Part of leadership is making sure if you don't know yourself how something important works, you have somebody yo
      • by qwijibo (101731) on Tuesday April 18, 2006 @11:33AM (#15149537)
        A good leader would delegate tasks like communication security to someone who could do that well. However, I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies. =)
        • I get the feeling that someone who dropped out of school at 8 and became a mob boss may not have been keeping up to date on the latest management training strategies.

          He was really just ahead of his time. You just wait, I'll be he'll write a tell-all book from prison: "10 Habits of Highly Effective Mobsters."

          I can just imagine....

          Manager: "Hi Joe, what's happening."
          Cubie: "Oh, hi Stan. ... What's with the baseball bat?"
          Manager: "It's a new team-building technique I'm trying out."
          Manager beats Cubie savagely
        • by lRem (914073) on Tuesday April 18, 2006 @12:34PM (#15150252) Homepage
          Given that he steered the mafia for 50 years, evading the police and keeping control over the organisation at the same time, furthermore without usage of any modern technology including cryptography... Well, I would call him a good leader. Probably way better than your typical manager with a bucket load of certificates.
      • >>but he seemed to have some leadership talent. You don't become a "boss of bosses" otherwise.

        Maybe, he just whacked anyone who dared to disagree. Everyone else just fell into line.

        I think this is one occupation where traditional management styles may not apply.
    • You didn't expect these people to be brain surgeons did you?

      If they were then they would have used "braintography" where they hide messages inside the brain either by direct surgical insertion or careful manipulation of neurons (aka brainstegonography [wikipedia.org]).

      Sorry, what does cryptography have to do with brain surgeons again?
      • by zippthorne (748122)
        Aparantly people believe brain surgeons must be very smart, considering the delicate nature of the organ they concentrate on.

        This is undoubtably the case for many in the profession, especially considering the hurdles necessary to get there, but if I were to go under the knife, I'd prefer someone with rediculously fine motor control and the experience of thousands of hours of drills.

        The actual act--open head, cut something out--while certainly complicated, hopefully shouldn't require much thought..unless som
  • xfmm tpo tpnfujnft tboub hpuub hfu xbdlfe
  • Not very smart (Score:5, Informative)

    by AKAImBatman (238306) * <akaimbatman@@@gmail...com> on Tuesday April 18, 2006 @11:19AM (#15149397) Homepage Journal
    He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher

    To put that into computer terms, he ROT13ed the text. This sort of cipher was used by Caesar not because it was secure, but because most people couldn't read. Even those that could read undoubtedly lacked sufficient education to consider a cryptoanalysis of the text. But if someone does consider a cryptoanalysis, it is incredibly easy to break this cipher.

    Simply substituting the first letter with each letter of the alphabet allows for a brute force attempt at decoding by then replacing the rest of the letters with the exact same offset used on the first character. This method ensures that the message will be decrypted even if the alphabet has additional characters. (Either for purposes of obfuscation or additional information.) The only method that can be used to prevent an attacker from using this simple decoding method (you don't even need a computer!) is to mangle the alphabet somehow. For example, if the alphabet is backwards an attacker would have more trouble decrypting the cipher. Even then, however, a simple statistical analysis on the occurance of the letters would quickly decrypt the message and reveal the secret alphabet used.

    That being said, this particular mobster was smart enough to realize that a simple cipher like this would be insufficient to deter a decoder. So he attempted to confuse would-be attackers by using a number code to obscure names. I imagine that he thought that attackers would assume that he was using a codebook to keep track of the assigned names. Unfortunately (for him), his 8th grade education was obviously insufficient for him to know that his number sequences are very similar to compression techniques. Anyone with experience would note that the codes were far too long, and that the number 1 appeared quite often. Its appearance suggests that its a "trigger" for interpreting the next number differently.

    So there you have it, security through obscurity does not work.
    • by Anonymous Coward
      Yeah, it only worked until the guy was 73 years old.
      • Correction: It only worked until the police got ahold of his messages.
      • Re:Not very smart (Score:3, Insightful)

        by AKAImBatman (238306) *
        it only worked until the guy was 73 years old.

        I have a feeling that this has more to do with careful control of the information pipelines, large payoffs to corrupted officials, lots of money poured into lawyers, and the ability to disappear when things get hot. The purpose of using a cipher is to create a last line of defense in the case that your information pipeline is compromised.

        Given that murder has no statute of limitations, he would have been equally stupid to use a more secure cryto but with unsecur
    • Re:Not very smart (Score:2, Informative)

      by AKAImBatman (238306) *
      Minor correction to myself: The article seems to suggest that he was 8 years old when he dropped out of school, not in 8th grade.
    • Re:Not very smart (Score:4, Interesting)

      by Alarash (746254) on Tuesday April 18, 2006 @11:46AM (#15149702)
      Well, to be fair, the guy lived in a stable, and was a grandpa. So I don't think he knew much about algorithms and stuff. But, even if he was a godfather that eluded the police for 43 years, I don't think he's smart. Even if he didn't have any knowledge about cryptology (-graphy? Gee, I never know), he should have hired somebody who did know about it as an "advisor". But then, there's a trust issue, and I'm not sure the poor guy would have survived after he advised on picking the correct encryption system.

      Or the godfather just wanted to play it old school all the way thinking it was the way to go. But then again, he lived in a stable.

    • Re:Not very smart (Score:2, Insightful)

      by hackstraw (262471) *
      So there you have it, security through obscurity does not work.

      So, my private key is not good anymore?

    • In the Provenzano code the key is the +3 shift," mathematics expert Alessandro Martignago told Discovery News.

      eh... They had to get the specialists of integer additions to crack the case?
  • When I started reading the headline and blurb, I thought "oh he probably used PGP or something". Then my jaw dropped when I read that he was using the Caesar cipher, which is so weak that it can't really even be considered encryption any more. I mean, people on the internet regularly use a variant of it (rot13) to hide movie spoilers.

    Even HTTP passwords are better hidden, using base64 by default! Dumbass doesn't even begin to describe this.

    • Well, his security system wasn't really cryptography-based. It was based on (relatvely) secure channels. Rather than trying to prevent the police from decoding his messages he was trying to prevent them from intercepting them in the first place. Often the problem is that merely sending a message is already conveying information, even if the message is not decoded - e.g. a phone call or email message gives another person the chance to trace down your location, even if they cannot read your message.

      The cyph

  • by Rob T Firefly (844560) on Tuesday April 18, 2006 @11:22AM (#15149427) Homepage Journal
    Also seized from his rooms were records for bookies operations filling several Barbie diaries with real plastic locks, and hit orders folded tightly into paper origami footballs.
    • Also seized from his rooms were records for bookies operations filling several Barbie diaries with real plastic locks, and hit orders folded tightly into paper origami footballs.

      Not to mention the little paper fortune tellers that ran the operation.

      Ok, ok, will Vito grow up to marry Rick Springfield?

      *fwip*fwip*fwip*fwip*fwip

      Yes! Oooooh!
  • No evil genius he! You would think that a "boss of bosses" -- I guess that makes him a middle manager? -- would have at least an administrative assistant who could tell him he's acting dumb. But then, I guess it doesn't work for Donald Trump either.

    Really, there should be a new term for this: Disorganized crime.

  • I AM.... (Score:5, Funny)

    by i_want_you_to_throw_ (559379) on Tuesday April 18, 2006 @11:22AM (#15149433) Homepage Journal
    your kid sister you insensitive clod!
  • by gregarican (694358) on Tuesday April 18, 2006 @11:23AM (#15149445) Homepage
    this book [simonsingh.com]. I found it an enjoyable yet educational walk through the history of encoding/decoding. Cool stuff. I guess Sicilian mobsters typically aren't Mensa members...
    • Seconded. Especially for the puzzles in the back. I had a great time doing one of them the hard way by making a crappy frequency analysis [wikipedia.org] graph (pictured in the wikipedia article).

      The only bad part was the amount of hypothetical "Adam" and "Eve" style in there, which was a bit of a shock to someone used to code and grammar books which just bluntly state their points.

      Realistically, though, I would never have taken the time to learn those basics of cryptography if the level had been much higher, so it's highl

    • Check out his TV show - probably floating around the internet somewhere. 6-part series about the history of cryptography. Neat stuff, probably doubly so if you've read the book.
  • by Viol8 (599362) on Tuesday April 18, 2006 @11:24AM (#15149452)
    ... but it still took the police almost 50 years to catch him
    so he must've been doing something right. I imagine the ceaser
    code was simply to prevent other knuckle dragging criminals from
    understanding the message, not a load of top crypto crackers
    at police HQ.
  • This is a good example of when you should outsource. If your business is not security, you should get security consultants to give you advice on securing your communications. Even the paranoid can hire multiple unrelated consultants and compare their recommendations. If they had done this, they might be using something out of date, but at least it would help. For example, no one would still recommend PGP 2.3 with 512 bit RSA keys, but it would have at least been an improvement over this.

    This is also an
  • At least he could've gone fancy and use a Secret Decoder Wheel or something.
  • by thomn8r (635504) on Tuesday April 18, 2006 @11:32AM (#15149525) Homepage
    Now, right this minute, every other mobster is in a mad rush to implement a real crypto scheme. The cops, for the sake of some PR, have pretty much guaranteed that it will be harder to decode such communications in the future.

    There was an American mobster a few years ago who did something using PGP, and the only way the FBI were able to crack it was to bug his keyboard http://www.theregister.co.uk/2000/12/06/mafia_tria l_to_test_fbi/ [theregister.co.uk]

    • There was an American mobster a few years ago who did something using PGP, and the only way the FBI were able to crack it was to bug his keyboard

      Well we don't know if that's the only way they had of breaking it. It was probably one of the easiest though. Often the weakest part of any cryto algorithm isn't the algorithm. It's cheaper and faster to go for the soft targets first.
    • You generally don't catch mobsters through breaking cryptography. You generally get the group's peons, threaten them with jail and/or search the house of everyone they know (who you also know is in the mob, these things are more public than people assume), and then eventually smack people around with RICO.

      This guy put about as much thought into data (rather than operational) security as I think would be worth it.
  • by 2short (466733) on Tuesday April 18, 2006 @11:32AM (#15149535)
    "Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."

    Considering my kid sister is a mathematician at NSA... Hmm, maybe he meant a hypothetical kid sister?
  • h4x0r (Score:2, Funny)

    by mdboyd (969169)
    Looks like the mafia boss was pretty 1337 ;)
  • Odds are if you were holding one of the Godfather's messages long enough to decipher it, that means you had to get it from someone in the mafia. They took these from him, which is one thing. Of course you can do that if you're the police/fbi/etc. and you've captured the boss. If you're just some shmoe, you can break the code all you want, the boss is still coming after you.
  • Do not keep copies of orders to henchmen after their execution.

    Now that this is taken care of, I'll order my henchmen to stop keeping logs of our communications.

  • by rehtonAesoohC (954490) on Tuesday April 18, 2006 @11:37AM (#15149591) Journal
    Be sure to drink your ovaltine?!
  • The Italians used some of the worst cipher systems during the war, and were pretty easy to break.

    Oh, if only he could have gotten his hands on a 4-rotor steckered Enigma. At least that would have stood up for a day or 2.
  • by UnknowingFool (672806) on Tuesday April 18, 2006 @11:38AM (#15149607)
    There's all sorts of ciphers that could be used. Unfortunately, usually the weak points are not the system but the people. In this case the cipher was easy to crack. But you could have an almost unbeatable system like a one-time pad like the Soviets used during the Cold War. However, low level lackeys re-used the pads, allowing the US to break some of their messages. During WWII, German coders did things like not changing the daily cipher key or sending the same message at the same time every day but using a different cipher.
  • by Pig Hogger (10379) <pig.hogger@noSpaM.gmail.com> on Tuesday April 18, 2006 @11:40AM (#15149639) Homepage Journal
    Thanks to the DMCA, he does not need to have a strong cypher, since this law makes it illegal to decrypt it anyways!!!
  • by Hatte (862605) on Tuesday April 18, 2006 @11:46AM (#15149706)
    Even the mafia has its PHBoB's.
  • Maybe he used a simple cipher because he wanted the codes to be cracked. Now the police have been arresting his enemies because he "secretly" mentioned them in his letters.
  • by mukund (163654)
    And they're worried about terrorists using modern cryptographic alogrithms... ;)

    But seriously, though these guys were bad, I'm surprised how much the old world still hangs on to what they believe is "tried and tested" stuff which is outdated and vulnerable. If these guys had any PGP/GPG user, he'd have laughed at caesar subsitution (and showed a copy of bsdgames). Some people in parts of the world use strong harmful "natural" medicine (with little effect but other harmful side effects --- note: many natura
  • ...wasn't that he was using an obsolete code, but that the Italian alphabet is missing k, j, w, x, and y.

    Just how the heck can they express themselves without those letters? That must leave pretty big holes in their keyboards!
    • by Sigma 7 (266129) on Tuesday April 18, 2006 @02:01PM (#15151145)
      ...wasn't that he was using an obsolete code, but that the Italian alphabet is missing k, j, w, x, and y.

      Just how the heck can they express themselves without those letters? That must leave pretty big holes in their keyboards!


      For this, I turn to the advise of Mark Twain:

      A Plan for the Improvement of English Spelling
            by Mark Twain

      For example, in Year 1 that useless letter "c" would be dropped to be replased either by "k" or "s", and likewise "x" would no longer be part of the alphabet. The only kase in which "c" would be retained would be the "ch" formation, which will be dealt with later. Year 2 might reform "w" spelling, so that "which" and "one" would take the same konsonant, wile Year 3 might well abolish "y" replasing it with "i" and Iear 4 might fiks the "g/j" anomali wonse and for all. Jenerally, then, the improvement would kontinue iear bai iear with Iear 5 doing awai with useless double konsonants, and Iears 6-12 or so modifaiing vowlz and the rimeining voist and unvoist konsonants. Bai Iear 15 or sou, it wud fainali bi posibl tu meik ius ov thi ridandant letez "c", "y" and "x" -- bai now jast a memori in the maindz ov ould doderez -- tu riplais "ch", "sh", and "th" rispektivli. Fainali, xen, aafte sam 20 iers ov orxogrefkl riform, wi wud hev a lojikl, kohirnt speling in ius xrewawt xe Ingliy-spiking werld.


      He is completely correct - there's no need for letters if they sound like others. Bekause of this, I suggest that we should follow in his footsteps.
  • by VincenzoRomano (881055) on Tuesday April 18, 2006 @11:59AM (#15149868) Homepage Journal
    The (poor) cryptography used by Bernardo Provenzano [wikipedia.org] (more accurate infos in the Italian page [wikipedia.org]) was meant to be used only by himself to avoid possible sneakes by his waiters. That was enough.
    The important point is that he managed to stay at large, not as a fugitive, in the neighbourhood of Corleoni (Sicily, Italy) for almost 43 years without being noticed or identified and while still heading at full steam the Cosa Nostra [wikipedia.org]!
    So, as far as security and privacy is concerned, a good design can make poor technology rock!
  • "Organized crime?"
    "Hah. Don't kid yourself. They're not very organized."
  • False security (Score:3, Insightful)

    by moankey (142715) on Tuesday April 18, 2006 @12:07PM (#15149968)
    He is just like any other technical layman. He had a false sense of security by using some form of security.

    I dont know how many managers, executives, or non IT type people I have talked to that think once the firewall is in place we never have to think about it again. Or now that we have an antivirus we can go and do whatever we want and not worry about downloads and such again.
    Then they turn the deaf ear until... unfortunately for this guy its going to cost him more than just a few dollars and some downtime.
  • Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'.

    So after 50 years, she finally cracked it and turned her brother in.

  • ...back when literacy rates were very low. Suprised someone would try this today.
  • by FishandChips (695645) on Tuesday April 18, 2006 @12:09PM (#15149994) Journal
    We cannot be sure that Provenzano's crude attempts at a code were intended to foil the police. Why should he care? By now, several hundred Mafia informers (the pentiti) have already told the police just about everything you could think of. Besides, pencil and paper have turned out to be quite a good system, probably yielding a fraction of the information that electronic eavesdropping would.

    The coded notes are more likely have been intended to prevent his fellow mafiosi from getting too close and knowing too much. There was nothing dumb about this man's rule as a godfather. He evaded capture for forty years, rebuilt the organization after the disasters of the Riina years, retained power by remaining as invisible to his fellow mobsters as he was to the authorities, and simply survived into his 70s in a "profession" in which many are lucky to reach their thirties.

    Yes, it's good news that another gruesome killer is behind bars. But the more worrying question is why the godfather found it unnecessary to take more stringent precautions, suggesting that clearing out the Mafia-infested lands of Western Sicily and the corruption-prone "public works" economy still has a very long way to go. It's going to take more than a few smart remarks about cryptography to do that.
  • IT Consultant (Score:3, Interesting)

    by Johnny Mnemonic (176043) <[mdinsmore] [at] [gmail.com]> on Tuesday April 18, 2006 @01:40PM (#15150929) Homepage Journal

    Frankly, I'm surprised that someone who's responsible for moving around millions, or even perhaps billions, of dollars of ill-gotten gain won't spend $250K a year on a team of competent IT consultants. I wouldn't think it'd be too hard to find a bent IT guy to give advice on security, encryption, what can be recovered from a hard drive etc. Either they think they're too smart to be caught this way, or they think the cops are too dumb to break their encryption, or they just haven't modernized their business practices because they think the old ways still work.

    Interestingly, by all accounts Al Queda is much more technically savvy.

    • by Motherfucking Shit (636021) on Tuesday April 18, 2006 @10:39PM (#15154547) Journal
      I wouldn't think it'd be too hard to find a bent IT guy to give advice on security, encryption, what can be recovered from a hard drive etc.
      Hmm.. you're right..

      Hello, mafia! For $250K/year, I am an IT guy who can give advice on security, encryption, what can be recovered from a hard drive etc. In addition to IT, I enjoy pasta, Chianti, parmigiano, and pitted olives (preferably all in one night). Salary is negotiable if you can provide an "Italian woman," something I keep hearing about but, being a geek, haven't figured out the details of just yet.

      References available upon request.

"If John Madden steps outside on February 2, looks down, and doesn't see his feet, we'll have 6 more weeks of Pro football." -- Chuck Newcombe

Working...