Here’s a fascinating story from a new content sharing partner with Military.com.
GlobalPost.com says its mission is to restore in-depth foreign reporting to the news cycle. With tight budgets in every corner of the media industry, paying for correspondents to live and work throughout the world is too expensive. But GlobalPost hopes to reverse that trend with excellent reporting about the world around from people who live in the beats they cover.
We’re excited to help where we can with this new startup and think DT readers will enjoy their coverage.
Throughout the ages, this ancient Silk Road town near the border of Afghanistan has been the place where the black market thrives and the military spoils of empires are hawked openly.
Here in the storefronts you can still buy antique field rifles left over from the British presence of the 19th century and find uniforms and revolvers from the Soviet occupation of Afghanistan in the 1980s.
Now the shops in this industrial rim of Peshawar are filling with military equipment and computers looted from the most recent empire to bog down in this hostile and impenetrable terrain: the United States of America.
In the age of computerized high-tech warfare, it is not just American hardware available on the black market. Now there is also vital technology and information up for grabs and — as military officials here and in the U.S. fear — leaking into the wrong hands in this region where the Taliban and elements of Al Qaeda have a known presence.
I was recently able to purchase a U.S. military laptop for $650 from a small kiosk, which is known as the “Sitara Market,” on the western edge of the sprawling open-air markets on the edge of Peshawar.
The laptop, which has clear U.S. military markings and serial numbers, contained restricted U.S. military information, as well as software for military platforms, the identities of numerous military personnel and information about weaknesses and flaws in American military vehicles being employed in the war in Afghanistan.
Longtime observers of the region and military experts say the open market on U.S. military hardware and technology is increasingly compromising the American military supply route that runs from the Pakistani seaport in Karachi through the Khyber Pass and into neighboring Afghanistan.
“This kind of trade has been happening in the past, but not so openly,” said Rahimullah Yusufzai, a Peshawar-based journalist who has reported from Afghanistan and Pakistan for several decades.
“In the past few months this has started in a big way,” he added.
Lt. Col. Mark Wright, a Pentagon spokesman, told GlobalPost, “There has been a fairly constant amount of pilferage or losses” as trucks operated by civilian contractors have been attacked or looted along the supply routes from Karachi to the Khyber Pass.
“We are concerned about securing the free flow of supplies,” he added, “and we are working with other countries in the region to support a logistics network to support our supply routes.”
Wright said that typically computers holding sensitive information are not trucked into Afghanistan and that the military would be investigating how the laptop — and the shelves lined with more military equipment and computers — ended up on the black market in Peshawar.
The leaking of the U.S. military’s electronic information on hard disks has happened in the past. In April, 2006, the Los Angeles Times uncovered the story of confidential military information being smuggled off Bagram air base in Afghanistan on miniature hard drives and sold in markets no more than two hundred yards away.
Embarrassed U.S. military officials cracked down on the brazen black marketers in Afghanistan, but now it appears the market has shifted to the Pakistani side of the border, and the trade is getting bolder.
Read the rest of this story at Military.com and GlobalPost and stay tuned for more coverage from this excellent resource.
– Christian
{ 23 comments… read them below or add one }
Anyone ever heard of encryption? Not that useless 128 bit stuff with passwords, but something more difficult, like some 4096 bit proprietary encryption with biometrics. No one should just be able to power up a stolen military (or civilian) laptop, and start scrolling though files. At least make it so only governments or sophisticated hackers can break in.
128 bit encrytion is probably enough though, better then no encryption. If they run the correct protocol 128 bit encryption has more then 12 billion possibilities, making it virtually impossible to crack without other pertinent information. It may take a super computer or group of super computer thousands years to crack. Simply put, we could use commercial products to encrypt that I am sure AQI would not be cracking. The encryption isn’t hard to do, we just have to do it. You would think they would have implemented this years ago.
“As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:
develop a CPU that can test 1 billion IDEA keys per second
build a parallel machine that consists of one million of these processors
mass produce them to an extent that everyone can own one hundred of these machines
network them all together and start working through the 128 bit key space”
from site:http://www.mycrypto.net/encryption/encryption_crack.html
“Lt. Col. Mark Wright, a Pentagon spokesman, told GlobalPost, ‘There has been a fairly constant amount of pilferage or losses’ as trucks operated by civilian contractors have been attacked or looted along the supply routes from Karachi to the Khyber Pass.”
We Talibans always get tipped off by “Defensetech”‘s articles, LOL ! Allah akhbar!
You can encrypt all you want, but having physical access to a data source-is a whole different ball game, there are plenty of ways to retrieve data besides using time consuming brute force attack.
You can encrypt all you want, but having physical access to a data source-is a whole different ball game, there are plenty of ways to retrieve data besides using time consuming brute force attack.
I saw a similar story on CNN International about a week ago.
Very scary, but how’d they get our equipment?
I dont think GIs would leave such lying around?
Unless local “help” stole the equip?
Otherwise theyd have to get them from taking our guys prisoners or from bribes to defense firms?
Very scary.
Now Pakistan is an enemy NOT ally in this case.
@stephen russell:
Some is equipment stolen from or sold by Afghan National Army and Afghan police troops (/deserters) – note the old camouflage patterns.
Other equipment was looted from truck convoys and other supply transports (or, again, sold by corrupt people).
It’s a fact of life – guerrillas take government equipment and use it for their purposes.
There would be no guerrillas if the government/occupier was able to prevent that from happening.
@DynamicIP,
Name one that has ever cracked 128bit des or 256bit aes? DES hasn’t been cracked in its 30 years existence. So when you make broad statements like there are other ways to attack besides brute force you might also want to say the encryption algorithm as all aren’t equal. No one has cracked 2048 over bit RSA for that matter either. Different encryption algorithms have different goals. Military encryption should be the most secure using 3DES. It hasn’t been cracked, and for sure the likes of AQI aren’t cracking it. Honestly neither are the chinese or russians thats why they always use DOS attacks to flood networks.
Instead of cracking down on blackmarkets. They could have created an “amnesty & rewards” program to promote the recovery of lost/stolen equipment. It might allow for a way with which to gather information about how equipment is taken. I wonder if the Army has a “bait” program to track theft rings?
As for encryption. The Army or any contractor can adopt a free program like TrueCrypt with cascading ciphers, system encryption, multiple keyfiles, etc. It would be better than nothing.
Regarding, “increasingly compromising the American military supply route”. I think Afghanistan is showing a need for new & alternative methods of heavy logistics.
128 bit encrytion is probably enough though, better then no encryption. If they run the correct protocol 128 bit encryption has more then 12 billion possibilities, making it virtually impossible to crack without other pertinent information. It may take a super computer or group of super computer thousands years to crack. Simply put, we could use commercial products to encrypt that I am sure AQI would not be cracking. The encryption isn’t hard to do, we just have to do it. You would think they would have implemented this years ago.
“As key lengths increase, the number of combinations that must be tried for a brute force attack increase exponentially. For example a 128-bit key would have 2^128 (3.402823669209e+38) total possible combinations. For example, to theoretically crack the 128-bit IDEA key using brute force one would have to:
develop a CPU that can test 1 billion IDEA keys per second
build a parallel machine that consists of one million of these processors
mass produce them to an extent that everyone can own one hundred of these machines
network them all together and start working through the 128 bit key space”
from site:http://www.mycrypto.net/encryption/encryption_crack.html
Posted by: Greg at February 13, 2009 02:35 PM
Sorry Greg some kid cracked the 256 DES a few years ago with a Apple machine as part of a contest. It took him about 3 weeks.
@ Albert Scott
Post a link. You are just talking you know not what you speak of. I am on a mac pro now. I have like 6 macs, and that is BS. No way in hell. No where near the computing power. Your talking somewhere in the neighborhood of 120 TB of ram to attempt it. Thats a super duper computer. Mac pro max is 32 GB of Ram. How are you going to accomplish it with a single Mac pro, or even 10 linked together.
Further, from Wikipedia http://en.wikipedia.org/wiki/Brute_force_attack
The resources required for a brute force attack scale exponentially with increasing key size, not linearly. As a result, doubling the key size for an algorithm does not simply double the required number of operations, but rather squares them. Although algorithms which use 56-bit keys (e.g. the obsolete DES) are now vulnerable to brute force attack, this is not true of more modern encryption algorithms such as AES, Twofish and Serpent which use 128-, 192- or 256-bit keys as standard.
There is a physical argument that a 128-bit symmetric key is secure against brute force attack. The so-called Von Neumann-Landauer Limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of ln(2)kT per bit erased in a computation, where T is the temperature of the computing device in kelvin, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2
Finally I wrote encryption ciphers in college on a few sun sparcs. Maybe if you parallel processed 100 of those together you could get it done. I don’t know though at at least 10 grand a piece i don’t know how you would do it. It is completely out with a Mac, as what parallel programming software would you use to link them together? Its non-existent.
Keep in mind that
a)
you won’t learn about it if someone finds a way how to crack high-end encryption
b)
commercial encryption standards have been manipulated to keep vulnerabilities in their algorithm that can be exploited
c)
AQ/Taleban won’t spend much resources on cracking a code on an unimportant laptop – they’re well-informed anyway and aren’t technology fanatics
i remember seeing on this site a long time ago of a airship designed by darpa that could carry mega tonnage of supplies frompoint a to point b.just build these things and start a steady supply run and forego ground transport across any border area period.
Camp:
You do realize that an “amnesty and rewards” program is the same as incentivizing them to steal our stuff, right? If DOD adds to the demand for stolen items, the supply of stolen items is guaranteed to increase to meet it. So “amnesty and rewards” is a bad idea. “Bait” is maybe better, but requres the Army to be way more creative than it is capable of.
I don’t know anything about encryption algorithims or 3DES or any of the rest of it, but I do know that having one man on the inside is worth a lot of stolen thumb drives. If AQ is the threat, the real vulnerability is not weak encryption but TCN and local workers.
Exactly the point I am trying to make. Lets not make excuses not to use encryption and just do it. The more likely scenario is an inside leak.
HA dumb ass yanks this does not surprise me you lost your computers,the games must of been rubbish for your play station generation soldiers.Be more careful
TDS4S,
You have to start with the basic premise, that people usually steal to make money. And if a person gets caught they normally go to jail. After that you have to decide which is better. To let the items be sold on the black market, or recover & attempt to gain information as to how they were stolen. Said info could lead to finding ones own weak points (who, what, when, where, and how), and is rather important to detecting the patterns of theft. People involved in such organizations may also have other exploitable info, and possibly an understanding of your opponents supply methods.
In regards to, “adds to the demand”. You could also say the Army is offering a better value, because items won’t have to be transported long distances with great risk. Artificially increasing a price on certain devices can have benefits as well. And think about how much cheaper it would be to retrieve items, than to buy brand new equipment. Though, compromised equipment would have to be “cleaned”, so as to avoid spiked devices (info in that as well). One should also take into account the value these items are to others. Are they simply trophies, can they be used in other ways, etc? Finding methods to reduce or destroy the “re-sale value” is also important in reducing theft.
nice input adam ,maybe you could tell us what country your from so we can talk about how great the dump you live in is
It is better to have a thousand enemies outside your door than having one in side your house.
Everything boils down to control or the lack of it.
Use it, Don’t use it.
As a former Marine Reading these type of stories amaze and anger me. If the property being sold in these markets is
Why did Christian disable the discussion forum of his latest article after this one, called “New Armor Plates in the Works”, at least as I write? That’s absolutely not Christian of him!
Did this nameless three-man team that designed the new bullet-vest maybe ask him to do that, to protect its product’s image? (Just like they didn’t say which maximum CALIBRE it was designed to resist either…)
This is the reason for an alternative logistics route. That hardware was robbed before it got near the border. Of course the Afghan police and some/most? ANA are corrupt, AQ in uniform. In any event, we are not going to kill and bomb our way outta this, it will probably end with negotiation, but there will be a US presence in A-stan or a long time.