The perpetrators of November’s terrorist attacks in Paris used burner phones, according to details that emerged over the weekend, calling into question how extensive their use of encryption may have been. The details contradict earlier reports leaked by officials who were supposedly familiar with the investigation.
“The three teams in Paris were comparatively disciplined,” according to a 55-page report compiled by French authorities and reported by The New York Times over the weekend. “They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.”
Related Story: http://www.washingtonexaminer.com/article/2576953
One woman who was taken hostage during the attacks and who spoke with the Times on the condition of anonymity said the attackers seized phones from their victims. They wanted to speak with the police, but were evidently frustrated by “Press 1” and “Press 2” menu options presented to them upon making the calls. They then began attempting to text their accomplices instead.
However, the report notes, officials have been unable to locate emails or other electronic communications exchanged by the attackers in the months leading up to the event, prompting them to believe that some form of encrypted platform must have been used.
Yet the report also notes that investigators found “crates” of disposable cellphones held in reserve by the attackers, and security footage shows they made extensive use of the devices. That includes video of one perpetrator outside the Stade de France soccer stadium shortly before he killed himself by detonating an explosive vest.
“Security camera footage showed Bilal Hadfi, the youngest of the assailants, as he paced outside the stadium, talking on a cellphone. The phone was activated less than an hour before he detonated his vest,” according to the Times.
No, it’s suggestive of a verbose boot. Using encryption looks like “reading a message” because you decrypt it first. https://t.co/EuckEYuH6j
— Julian Sanchez (@normative) March 20, 2016
The report also describes a witness who saw one of the assailants using a laptop, and suggests that was evidence of encryption. “It was bizarre — he was looking at a bunch of lines, like lines of code. There was no image, no Internet,” the woman said. The Times suggests she must have witnessed encryption, saying, “Her description matches the look of certain encryption software.”
The Cato Institute’s Julian Sanchez, a senior fellow in privacy and technology, took issue with that description in a message on Twitter. “No, it’s suggestive of a verbose boot. Using encryption looks like ‘reading a message’ because you decrypt it first,” Sanchez wrote.
Related Story: http://www.washingtonexaminer.com/article/2578700
While the report does not do much to help clarify the role encryption played in the Paris attacks, it does suggest there is more confusion involved than initial statements indicated. Officials who spoke with CNN in December on the condition of anonymity said encryption did play a role, but failed to provide many specifics.
