How did Osama bin Laden email without the US discovering?


"It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden's ability to maintain it for so long."

How did the world's most wanted terrorist managed to maintain email communication with his far-flung web of associates without being detected by US spooks, who were working awfully hard to sniff his headers out?

With an epic sneakernet. We know now, because after assassinating him, the US Navy SEALs departed bin Laden's Abbottabad home with about 100 flash memory drives that officials say appear to archive emails between bin Laden and his al Qaeda network around the world. From a report published today by the Associated Press:

Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer without an Internet connection, then save it using a thumb-sized flash drive. He then passed the flash drive to a trusted courier, who would head for a distant Internet cafe.

At that location, the courier would plug the memory drive into a computer, copy bin Laden's message into an email and send it. Reversing the process, the courier would copy any incoming email to the flash drive and return to the compound, where bin Laden would read his messages offline.

"How bin Laden emailed without being detected by US" (Adam Goldman and Matt Apuzzo, reporting for AP)

Related reading: This Time article ventures analysis on what bin Laden's family life was like. The short version: Big Love.


    1. Reminds me of the US combined arms exercise in the middle east, where at one point the OPFOR commander had to resort to motorcycle couriers to get his orders out.

      Even so, the end result was a “sunk” carrier. This using what amounted coastal fishing boats and small civilian aircrafts “carrying” anti-ship missiles.

      Basically it was a demonstration that the Carrier was a potential liability in a modern naval engagement.

  1. So now Homeland Security will consider anyone carrying a flash drive to be a terrorist, right?

    1. I’m ashamed of you, assigning that level of incompetence to Homeland Security.

      Anyone with a computer is more likely.

  2. Low-Tech Maxim: Low-tech attacks work (even against high tech devices and systems).

    ~D. Walker

    Original Author,
    Roger G. Johnston – Argonne Vulnerability Assessment Team

  3. GPG? TrueCrypt?

    Come on, this flash drive nonsense is obvious and not sexy. Where is the real spy $h1t?

  4. We used to call that kind of file transfer between non-networked computers “sneaker net”. Bin Laden was kickin’ it old skool!

  5. I’m sorry but I don’t get it. The cunning aspect of his plan was that he used a thumb drive and an underling to walk to the internet cafe. Is that it? The gobsmacking revelation, cut and paste? How did this remove any electronic fingerprints? For that matter, what are electronic fingerprints?

    OK, so when the email was sent, it didn’t trigger any statistical triggers, contained no keywords and was completely transparent to the suite of NSA’s interception and analysis tools for which several billion dollars a year are allocated? How was this possible. Was it encrypted or don’t we talk about that possibility? How is encryption, such an important aspect of email security missing from a revelation about how the most wanted man in the world maintained email security?

    Presumably Goldman and Apuzzo are simply reporting a government release so this article tells more the people behind the release than anything about Bin Laden’s employment of email security.

    1. OK, so when the email was sent, it didn’t trigger any statistical triggers, contained no keywords and was completely transparent to the suite of NSA’s interception and analysis tools for which several billion dollars a year are allocated? How was this possible. Was it encrypted or don’t we talk about that possibility? How is encryption, such an important aspect of email security missing from a revelation about how the most wanted man in the world maintained email security?

      These are excellent points, and there is one very simple possible answer that occurs to me, although I have no proof of its correctness one way or another:

      Maybe all that fancy Echelon / Carnivore stuff doesn’t actually work. Maybe all the spying is for naught.

  6. The sneaker net is alive in Cuba too. Really tough to track content creators when it never touches the internet except for downloads or uploads.

  7. I don’t understand how the sneakernet thing helped him avoid US scrutiny. The emails still go through an email account, even if OBL isn’t the one physically logging in. I thought the US government were snarfing up all the email they could get their hands on – what difference does it make to the CIA that it’s the courier pasting the textfiles into an email instead of OBL heading down to the cybercafe in disguise, or going to his trusted neighbour’s house, and typing them himself?

    1. I was wondering that too. Maybe it’s a matter of being sent through a variety of machines? Between that, normal security measures, the (possible) cooperation of the Pakistani government, and the (almost certain) incompetence and semicompetence dominant in US intelligence (and, you know, every other large group of people) that might be enough, but it really sounds like a terrible excuse. At best it acted as a red herring, which would work until someone follows one of the couriers back.

    2. Seriously. What a flimsy story. I hope it’s a bad summary of something more clever.

      The details in that piece seem oriented not to inform us of what was going on with bin laden’s communication, but rather to be all scary to terrorists who want to use the internet.

  8. Write note on paper.
    Burn paper.
    Wait for eventual destruction of all matter in universe and state of near thermodynamic equilibrium wherein all possible logic-states of energy happen; specifically the recreation of our entire universe but with the note transported to a pre-addressed location.

  9. Can’t wait until this gets posted to /. in approx. 2-4 months. They’ll have some wickedly insightful comments.

  10. That’s all fine and good about the email, but I think the real question here is how did he get his Lolcats?

  11. Putting it on a flash drive and sending it from a cafe? That’s the meticulous sneaky way he did it? YOU HAVE GOT TO BE KIDDING.

  12. “I don’t understand how the sneakernet thing helped him avoid US scrutiny.”

    Assume that the US is able to determine that the e-mails in question originate from Osama Bin Laden. Had they all been sent from his “secure” compound, they would then know where he was (most likely) located. If instead, they were sent from multiple machines spread out over a wide geographical area, determining his exact location becomes a much harder task.

    The important thing is not what e-mail address(es) OBL was using (although that certainly would be handy), but where he was physically living.

  13. So to avoid detection, instead of emailing from home, he sent all his emails from a distant internet cafe.

    The devious bastard was obviously a criminal genius on a par with Moriarty. And I’ll bet he used an ‘alias’ too. No wonder it took so long to find him.

  14. Wow. How sophisticated. If only someone had thought to warn NSA they were wasting their time on Carnivore.

  15. On the plus side, we could coordinate the takeover of all the world’s governments from this comment thread and they would never even notice.

  16. You gotta be kidding! The organization that is alleged to be preparing bi-bombs and dirty bombs did not even have the technology of basic spammers (hiding the origins of the spam). Also, if there was to be a response, what address did it go to and the NSA could not get that? The whole explanation looks completely bogus…

  17. Gotta say, I had a great mental image of Osama finally getting his long-awaited flash drive from his trusted courier. He opens it up excitedly, waiting to find out the latest news from the front, only to find 20 emails offering to give him a larger penis.

    1. It’s even been standardized…back in 1990. Check out RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers

      1. I am glad he did not, given that the first working implementation was done by Norwegians. Next thing we know there would be a Carrier fleet in the Norwegian sea, to “safeguard” the oil fields.

  18. I thought we learned a while back that AQ members communicate by using the same email account. Write the message, save it as a draft. Someone else logs in, opens the draft, writes the reply and saves it as a draft. It’s never transmitted so it can’t be traced to/from anywhere. Or did I dream that?

  19. I’m going to assume that there was encryption or some other obfuscation scheme going on, but, even if there wasn’t, this simple method is still effective. It greatly extends the effort needed to trace the source of the e-mails, and if done extremely carefully it would be near-impossible to figure out. And even if they managed to nab a courier in the act of sending Osama’s emails and downloading his cat videos, that would only ensure that Osama disappeared immediately and so wouldn’t really help.

    However, if it was really plain-text email, it’s probably safe to say that the CIA was able to intercept some of it (which is giving them the benefit of the doubt – perhaps they aren’t actually capable of reliably doing this if random internet cafes are used, other than just permanently monitoring all internet cafe traffic, which I guess is a possibility). Even if the courier knew to not always use the same internet cafe, he inevitably would have ended up with some sort of pattern in his usage that the CIA could track. They could then presumably post people at the cafe they thought he would show up to next, and either capture him or follow him.

    I mean, how do we know this isn’t what happened? We know they knew Osama was in the house for at least a few months before the raid, monitoring as best they could from across the street (or wherever). We know they found out because of the couriers. Has it been explained exactly how the couriers were traced? I haven’t really paid close attention.

    But, yeah, as described it’s pretty lame. Perhaps that was the intent, to imply that Osama wasn’t that smart, despite his ten years of evasion being evidence to the contrary

  20. I always thought that sneakerNET meant a network…otherwise, if it was just the one carrier, it would be just Sneaker-Dude.

  21. My boss has a similar system. he insists his secretary to print every email he gets out of his printer and he gets them in his in tray. he then writes his replies on them and outs them back in the out trap where his sec types them out and replies them.

  22. They just walked down the street to one of the open computer labs at the local army school. They may have even sent the e-mail while sitting next to a US “advisor.”

  23. Don’t forget our CIA operative in Islamabad from a few months back, gunning down those guys on the motorcycle. I find it highly likely this was part of the tracing operation. Remember how the administration tried to play it down as much as possible?

  24. So the emails were encrypted in… Arabic? No wonder the NSA’s keyword scanning systems for terrorism were thwarted. Genius!

  25. 1) put me down as a +1 for the “how is this an ‘epic sneakernet’?” thing.

    2) Basic media test. “Who is saying this?” The US government. “What do they have to gain if I believe it?” That OBL was still a genuine threat, which makes killing him look sensible.
    Not saying that the information is false; just that there is reason to think that this might be spin.

  26. “We know now…”

    We don’t know anything. All we ‘know’ about anything connected with this is second- or third-hand.

    We do know who gets to write history … and that there are billions and billions of reasons to make it come out right.

  27. Do they mean he didnt have a hard-wired telephone connection? If so, big deal, lots of people use only mobile phones now. I dont see why that is such a big deal???

  28. I, for one, think this thumbdrive-to-cybercafe is realistic. It corresponds to my general idea of those terrorist networks – a band of not very inteligent losers, out-siders and borderline psychos. They tend to gather in groups of the same kind (like neo-nazis here in Europe). They want to be part to something greater (a feared terror network). They want payback for everything the society (America, the West, everybody else) did to them. And they want to hurt people, because deep inside, they are just bullies.
    What I want to say is that the super intelligent, Lex Luthor or Moriarty like ubervillain is just a product of media sensationalism or hystery. Their success is more luck than genius. To me, Four Lions is more realistic than 24.

  29. Seems to me, depending on how lazy the couriers were this should have been easy to spot.

    Unless they actually mailed the memory cards to other countries to be used in internet cafes, they could have at the very least figured out that every single email was coming from Pakistan, and gee drawn the conclusion that he was located somewhere there. Depending on how lazy they were, you could look at the locations and frequency and probably pin point the neighborhood he was in.

    Makes me wonder what it took so long.

  30. Anonymous sources are not used to protect the source.

    Not for about 40 solid years now.

    “Official speaking under condition of anonymity” == lying for propaganda purposes.

    Say it and put your career on the line, Anonymous military dude.

    Or do the American people not deserve that?

  31. I love the way they try to make this sound like it sound like this is some masterful genius plot.

  32. You have all missed the point.

    This clearly proves, beyond the shadow of a doubt, that Windows XP’s dreadful “Safely Remove Hardware” function is what set Bin Laden off in the first place.

    Ladies and gentlemen, we were never dealing with a madman here. We were dealing with an unfortunate victim of bad design and poor engineering.

  33. so is anyone else picturing that scene in GoodFellas where Paulie’s minions are dashing back and forth between payphones in the rain to “take care of his calls”?

  34. To everyone who said “will, this is easy, they should have caught him a long time ago,” please remember that OBL is not the only terrorist sending emails. This is how I imagine the setup:

    Each captain has an email address that receives emails only from OBL. The courier goes to a random internet cafe and sets up a throwaway email address on yahoo/hotmail/gmail/etc., then sends the email. If OBL has specified “wait for a reply,” the courier does so. Then the courier doesn’t use that email address again, effectively “burning” that identity. This makes a pattern hard to establish, because the address sending it is always different. And, because the dedicated address of the captain doesn’t receive a lot of traffic, he is hard to find, too.

    In order to establish patttern and trap said terrorist “mastermind” using this system, a security agency would first have to identify a captain’s account. Then, tracking back the IP’s of the emails sent to that captain’s account, they realize they all come from Internet cafe’s in one region. They then start keeping an eye on the cafe’s, looking for a person randomly using all of them. Once this preson is identified, they start tracking the person. Then once they figure out what’s going on, they STILL have to find out who is in the blasted compound, because he NEVER LEAVES. Depending on security, that could take many months. Then they have to set up the actual operation to nab said terrorist, which could take further months of planning.

    So, to boil it all down, real-life counterterrorism, espionage, and military operations are much more complicated than Modern Warfare 2 would lead you to believe.

  35. oh, btw – what’s with all the encryptin’ and plain text mailing? why not just take a screenshot of your typed message and attach it to your mail as .png or . jpg? wouldn’t this add another level of security, unless all e-mail attachments get OCR’ed?

  36. Of course they were watching the email to and from the net cafe courriers, they just don’t want to brag about that in hopes that the next target will make the same mistakes. Bin Laden was killed exactly 10 years to the hour that he sent the final order to proceed with the WTC attack, after the muscle hijackers had been sent to the U.S. The U.S. prefers exactly 10 years from the offending act when possible, in order to obtain the most intelligence in the mean time. The only question is how long they’d had him under surveillance.

Comments are closed.