Weak Win2k Encryption Exposes Al-Qaeda Files
The default encryption standards on exported versions of Windows 2000 may have revealed confidential details about the movements of the al-Qaeda network.
Two computers bought by Wall Street Journal reporters from looters in Kabul after it was captured by the Northern Alliance turned out to have been lifted from al-Qaeda headquarters and still contained documents relating to the terrorist group's activities.
Of the thousands of files stored on the machines some of the more interesting documents, including a number that may relate to 'Shoe Bomber' Richard Reid, were encrypted using Windows 2000's standard 40-bit DES Encrypting File System.
Using a cluster of computers, the Wall Street Journal managed to crack the 40-bit encryption keys. But this took five days as the computers had to cycle through over a trillion different keys.
Had the software been bought after March of last year, or in the US itself, the keys would have been 128-bit by default and billions of times harder to crack.
In related news, computer files found at the UK homes of two Muslims charged with intention to cause explosions allegedly contained bomb making instructions.