Mafia Boss Using Crook Crypto Captured 378
boggis writes "Discovery is running a story on Bernardo Provenzano, the recently arrested 'boss of bosses' of the Sicilian Mafia. He apparently wrote notes to his henchmen using a modified form of the Caesar Cipher, which was easily cracked by the police and resulted in further arrests of collaborators. Discovery's cryptography expert describes it as a code that 'will keep your kid sister out'."
Substituion Cipher? (Score:4, Informative)
People have been using frequency analysis [wikipedia.org] for over a thousand years to crack substitution ciphers!
Re:Substituion Cipher? (Score:4, Funny)
Re:Substituion Cipher? (Score:5, Insightful)
Re:Thought they always were spoke in vague terms (Score:3, Interesting)
If you're interested in this kind of thing- or just looking for a good read- try picking up Excellent Cadavers. It's the story of two Italian judges who finally tire of the fear, the silence, and the corruption, and take on the Mafia; the article makes reference to this guy being involved in the murders of
Re:Substituion Cipher? (Score:2)
Rather surprised he can write, actually.
Re:Substituion Cipher? (Score:3, Insightful)
If only.. (Score:5, Interesting)
You see, now if you want to do secure pencil and paper ciphers here's how you do it.
Self-shrinking generators are broken but the best attack requires an insane amount of plain-text. Far, far, more than you could ever generate by hand. If Mr Mafia had used this instead of a crappy cipher from two thousand years ago then he might not have been caught.
Throughout history lives have literally depended on the strength of the cryptography people have deployed. I find it exciting that these times are still with us and are not mearly confined to the history books.
Simon
Re:If only.. (Score:3, Funny)
-nB
Re:If only.. (Score:2)
Re:If only.. (Score:2)
Re:If only.. (Score:3, Informative)
Or you could try the one in Cryptonomicon. The details elude me, but I recall it being something like RC4 with a deck of cards.
This was a cipher called Solitaire, which was created by Bruce Schneier. It has been horribly broken.
Simon
Re:If only.. (Score:3, Interesting)
What they need to do is fire up a dubbie and get one of these [lavarnd.org].
Solitaire (Score:5, Informative)
(The article does exist in the Internet Archive at
http://web.archive.org/web/20050206214237/http://
It does describe what sound like they might be some problems with the randomness of the keystream, but it doesn't seem like a complete break. Sorry for pasting the address, but Slashdot doesn't seem to like IA links much.)
Anyway, I'd be curious in knowing what the problems with it are.
Re:If only.. (Score:2, Informative)
To see all of the problems concerning the solitaire algorithm, see http://www.ciphergoth.org/crypto/solitaire/ [ciphergoth.org]
Re:If only.. (Score:5, Informative)
Re:If only.. (Score:2)
Re:If only.. (Score:5, Insightful)
Re:If only.. (Score:3, Interesting)
As for the decoy messages, they might be a good way to present disinformation, but you still need to face the fact that the real message has been read by the enemy. If he has to carefully watch two gates on 4 nights, you've still lost the advantage of surprise.
Re:If only.. (Score:3, Funny)
Umm, like for example Lech Walesa ?
Wouldn't have helped in this case anyways... (Score:3, Interesting)
Had he used a more secure algorithm, such as the one described, he would have needed to have kept the key (the appropriately shuffled deck of cards) somewhere, which police would just as easily have found at his home. Or we would have needed to remember the 108 bit number in his head, but somehow I doubt he would have
Re:Wouldn't have helped in this case anyways... (Score:5, Interesting)
If the police aren't looking for something like a deck-of-cards-as-key, then they won't find the key, all they'll find is a deck of cards.
I only say this because I recall reading an article some years back about drug dealers storing their business information on USB thumbdrives & wearing them as necklaces or on keychains. The police would arrest the dealer, but since the police didn't know what they had, the thumbdrive was treated as any other possesion & sealed up till the dealer was released.
You're still hiding your 'key', you're just hiding it in plain site & hoping no one sees it for what it is.
Re:If only.. (Score:2)
So why even bother with crypto?
Re:If only.. (Score:5, Funny)
Or in other words (Score:2, Funny)
Svefg Cbfg! (Score:2)
Behold the power of ROT13 times 2! (Score:5, Funny)
Behold twice the power of a ROT13 used twice!
Re:Behold the power of ROT13 times 2! (Score:5, Funny)
Re:Svefg Cbfg! (Score:2, Funny)
hear he tried yEnc but was flamed by henchmen that preferred uuencode.
I have a feeling this was more about the man seeing himself as a "Cesar", than encryption methodology however.
You didn't expect (Score:4, Funny)
Re:You didn't expect (Score:2, Insightful)
Re:You didn't expect (Score:5, Insightful)
Re:You didn't expect (Score:3, Funny)
He was really just ahead of his time. You just wait, I'll be he'll write a tell-all book from prison: "10 Habits of Highly Effective Mobsters."
I can just imagine....
Manager: "Hi Joe, what's happening."
Cubie: "Oh, hi Stan.
Manager: "It's a new team-building technique I'm trying out."
Manager beats Cubie savagely
Re:You didn't expect (Score:4, Insightful)
Re:You didn't expect (Score:3, Insightful)
Talent or Sheer Violence (Score:2)
Maybe, he just whacked anyone who dared to disagree. Everyone else just fell into line.
I think this is one occupation where traditional management styles may not apply.
Re:You didn't expect (Score:2)
If they were then they would have used "braintography" where they hide messages inside the brain either by direct surgical insertion or careful manipulation of neurons (aka brainstegonography [wikipedia.org]).
Sorry, what does cryptography have to do with brain surgeons again?
Re:You didn't expect (Score:3, Insightful)
This is undoubtably the case for many in the profession, especially considering the hurdles necessary to get there, but if I were to go under the knife, I'd prefer someone with rediculously fine motor control and the experience of thousands of hours of drills.
The actual act--open head, cut something out--while certainly complicated, hopefully shouldn't require much thought..unless som
Re:of course not (Score:2)
Hello, My name is Simon. (Score:2)
Re:Hello, My name is Simon. (Score:2)
Re:Hello, My name is Simon. (Score:2)
(rot-25 [fizzl.net])
Not very smart (Score:5, Informative)
To put that into computer terms, he ROT13ed the text. This sort of cipher was used by Caesar not because it was secure, but because most people couldn't read. Even those that could read undoubtedly lacked sufficient education to consider a cryptoanalysis of the text. But if someone does consider a cryptoanalysis, it is incredibly easy to break this cipher.
Simply substituting the first letter with each letter of the alphabet allows for a brute force attempt at decoding by then replacing the rest of the letters with the exact same offset used on the first character. This method ensures that the message will be decrypted even if the alphabet has additional characters. (Either for purposes of obfuscation or additional information.) The only method that can be used to prevent an attacker from using this simple decoding method (you don't even need a computer!) is to mangle the alphabet somehow. For example, if the alphabet is backwards an attacker would have more trouble decrypting the cipher. Even then, however, a simple statistical analysis on the occurance of the letters would quickly decrypt the message and reveal the secret alphabet used.
That being said, this particular mobster was smart enough to realize that a simple cipher like this would be insufficient to deter a decoder. So he attempted to confuse would-be attackers by using a number code to obscure names. I imagine that he thought that attackers would assume that he was using a codebook to keep track of the assigned names. Unfortunately (for him), his 8th grade education was obviously insufficient for him to know that his number sequences are very similar to compression techniques. Anyone with experience would note that the codes were far too long, and that the number 1 appeared quite often. Its appearance suggests that its a "trigger" for interpreting the next number differently.
So there you have it, security through obscurity does not work.
Re:Not very smart (Score:2, Funny)
Re:Not very smart (Score:2)
Re:Not very smart (Score:3, Insightful)
I have a feeling that this has more to do with careful control of the information pipelines, large payoffs to corrupted officials, lots of money poured into lawyers, and the ability to disappear when things get hot. The purpose of using a cipher is to create a last line of defense in the case that your information pipeline is compromised.
Given that murder has no statute of limitations, he would have been equally stupid to use a more secure cryto but with unsecur
Re:Not very smart (Score:2, Informative)
Re:Not very smart (Score:4, Interesting)
Or the godfather just wanted to play it old school all the way thinking it was the way to go. But then again, he lived in a stable.
Re:Not very smart (Score:2, Insightful)
So, my private key is not good anymore?
Re:Not very smart (Score:3, Funny)
eh... They had to get the specialists of integer additions to crack the case?
Re:Not very smart (Score:2)
Right up until someone captures the ring. Which means that the rings would have to be disposed of in a secure fashion, or the message would be open to all. When you think about this for a bit, it's easy to realize that the use and disposal of so many "codebooks" would have eventually resulted in a huge slip-up.
Please help me pick up my jaw from the desk (Score:2)
Even HTTP passwords are better hidden, using base64 by default! Dumbass doesn't even begin to describe this.
Re:Please help me pick up my jaw from the desk (Score:3, Insightful)
The cyph
High security. (Score:5, Funny)
Re:High security. (Score:3, Funny)
Not to mention the little paper fortune tellers that ran the operation.
Ok, ok, will Vito grow up to marry Rick Springfield?
*fwip*fwip*fwip*fwip*fwip
Yes! Oooooh!
What, he couldn't afford a consultant? (Score:2, Troll)
Really, there should be a new term for this: Disorganized crime.
I AM.... (Score:5, Funny)
He should've at least read (Score:4, Interesting)
Re:He should've at least read (Score:2)
The only bad part was the amount of hypothetical "Adam" and "Eve" style in there, which was a bit of a shock to someone used to code and grammar books which just bluntly state their points.
Realistically, though, I would never have taken the time to learn those basics of cryptography if the level had been much higher, so it's highl
Re:He should've at least read (Score:2)
OK , he doesn't know cryptography... (Score:5, Insightful)
so he must've been doing something right. I imagine the ceaser
code was simply to prevent other knuckle dragging criminals from
understanding the message, not a load of top crypto crackers
at police HQ.
Re:OK , he doesn't know cryptography... (Score:3, Insightful)
That my friend is probably due to the social engineering skills of his organisation. Probably a combination of convincing, bribing, forcing, scaring etc...
Re:OK , he doesn't know cryptography... (Score:2)
I don't know. Maybe it isn't a coincidence that this guy has been cought just after Berlusconi lost the election.
Re: interesting posit (Score:2)
OK, that was an awful joke since I did think your post was rather insightful.
This is why you outsource. (Score:2)
This is also an
Gee... (Score:2)
Showing your hand: word to the wise-guys (Score:3, Interesting)
There was an American mobster a few years ago who did something using PGP, and the only way the FBI were able to crack it was to bug his keyboard http://www.theregister.co.uk/2000/12/06/mafia_tria l_to_test_fbi/ [theregister.co.uk]
Re:Showing your hand: word to the wise-guys (Score:3, Informative)
Well we don't know if that's the only way they had of breaking it. It was probably one of the easiest though. Often the weakest part of any cryto algorithm isn't the algorithm. It's cheaper and faster to go for the soft targets first.
Re:Showing your hand: word to the wise-guys (Score:2)
This guy put about as much thought into data (rather than operational) security as I think would be worth it.
Keep my kid sister out!? Impressive! (Score:5, Funny)
Considering my kid sister is a mathematician at NSA... Hmm, maybe he meant a hypothetical kid sister?
Re:Keep my kid sister out!? Impressive! (Score:2, Funny)
Re:Keep my kid sister out!? Impressive! (Score:2)
Re:Keep my kid sister out!? Impressive! (Score:2)
h4x0r (Score:2, Funny)
Didn't need crazy encryption (Score:4, Insightful)
Note to self: (Score:2)
Now that this is taken care of, I'll order my henchmen to stop keeping logs of our communications.
And the secret message is... (Score:4, Funny)
Must have taken after the Italians from WWII (Score:2)
Oh, if only he could have gotten his hands on a 4-rotor steckered Enigma. At least that would have stood up for a day or 2.
Best cipher is no match for bad practices. (Score:3, Insightful)
DMCA to the rescue!!! (Score:3, Funny)
Re:DMCA to the rescue!!! (Score:2)
like corporations... (Score:3, Funny)
It's possible (Score:2)
Oh my! (Score:2)
But seriously, though these guys were bad, I'm surprised how much the old world still hangs on to what they believe is "tried and tested" stuff which is outdated and vulnerable. If these guys had any PGP/GPG user, he'd have laughed at caesar subsitution (and showed a copy of bsdgames). Some people in parts of the world use strong harmful "natural" medicine (with little effect but other harmful side effects --- note: many natura
Most interesting part... (Score:2)
Just how the heck can they express themselves without those letters? That must leave pretty big holes in their keyboards!
Re:Most interesting part... (Score:5, Interesting)
For this, I turn to the advise of Mark Twain:
He is completely correct - there's no need for letters if they sound like others. Bekause of this, I suggest that we should follow in his footsteps.
Cryptography is not the important point (Score:5, Informative)
The important point is that he managed to stay at large, not as a fugitive, in the neighbourhood of Corleoni (Sicily, Italy) for almost 43 years without being noticed or identified and while still heading at full steam the Cosa Nostra [wikipedia.org]!
So, as far as security and privacy is concerned, a good design can make poor technology rock!
Deja vu (Score:2)
"Hah. Don't kid yourself. They're not very organized."
False security (Score:3, Insightful)
I dont know how many managers, executives, or non IT type people I have talked to that think once the firewall is in place we never have to think about it again. Or now that we have an antivirus we can go and do whatever we want and not worry about downloads and such again.
Then they turn the deaf ear until... unfortunately for this guy its going to cost him more than just a few dollars and some downtime.
Kid-sister turned him in? (Score:2)
So after 50 years, she finally cracked it and turned her brother in.
The Cesar Cypher was Created... (Score:2)
Crude, maybe, but dumb, no way (Score:5, Interesting)
The coded notes are more likely have been intended to prevent his fellow mafiosi from getting too close and knowing too much. There was nothing dumb about this man's rule as a godfather. He evaded capture for forty years, rebuilt the organization after the disasters of the Riina years, retained power by remaining as invisible to his fellow mobsters as he was to the authorities, and simply survived into his 70s in a "profession" in which many are lucky to reach their thirties.
Yes, it's good news that another gruesome killer is behind bars. But the more worrying question is why the godfather found it unnecessary to take more stringent precautions, suggesting that clearing out the Mafia-infested lands of Western Sicily and the corruption-prone "public works" economy still has a very long way to go. It's going to take more than a few smart remarks about cryptography to do that.
IT Consultant (Score:3, Interesting)
Frankly, I'm surprised that someone who's responsible for moving around millions, or even perhaps billions, of dollars of ill-gotten gain won't spend $250K a year on a team of competent IT consultants. I wouldn't think it'd be too hard to find a bent IT guy to give advice on security, encryption, what can be recovered from a hard drive etc. Either they think they're too smart to be caught this way, or they think the cops are too dumb to break their encryption, or they just haven't modernized their business practices because they think the old ways still work.
Interestingly, by all accounts Al Queda is much more technically savvy.
Re:IT Consultant (Score:5, Funny)
Hello, mafia! For $250K/year, I am an IT guy who can give advice on security, encryption, what can be recovered from a hard drive etc. In addition to IT, I enjoy pasta, Chianti, parmigiano, and pitted olives (preferably all in one night). Salary is negotiable if you can provide an "Italian woman," something I keep hearing about but, being a geek, haven't figured out the details of just yet.
References available upon request.
Re:Proving once again... (Score:2)
Just like the wheel or fire, being old doesnt make it obscure or uncommon.
In fact, everybody who ever looked at the puzzle page of a newspaper will know it and how to break it...
Re:Proving once again... (Score:2)
Re:How many letters are in the alphabet? (Score:3, Informative)
Re:How many letters are in the alphabet? (Score:2)
Re:How many letters are in the alphabet? (Score:2)
You need to RTFA. He was using the Italian alphabet, which only contains 21 letters. With an offset of +3, the last letter would be '24'.
Re:More alliteration please (Score:2)
"Corleonesque Crime Captain Captured: Cops Crack Crappy Caesar Crypto Concealing Critical Communications"
yes it's one big conspiracy (Score:2)
Nope, can't be that, it's probably people trying to keep the Womyn from realizing their true potential.