‘Cyber terrorist’ trades cufflinks for handcuffs

You might raise less attention to yourself if you wear a t-shirt.

Graham Cluley
Graham Cluley
@[email protected]

"Cyber terrorist" trades cufflinks for handcuffs

British counter-terrorism police have charged a 33-year-old man with a variety of terrorism offences.

33-year-old Samata Ullah was arrested by officers on a street in Cardiff in September, and according to a Metropolitan Police news release is charged with belonging to ISIS, training others in the use of encryption programs (with the knowledge that the skills would be used for perpetrating terrorist acts).

Ullah is said to have had in his possession books about guided missiles, and… a pair of USB-equipped cufflinks:

Sign up to our free newsletter.
Security news, advice, and tips.

On or before 22 September 2016 Samata Ullah had in his possession an article namely one Universal Serial Bus (USB) cufflink that had an operating system loaded on to it for a purpose connected with the commission, preparation or instigation of terrorism, contrary to section 57 Terrorism Act 2000.

I was curious as to what section 57 of the Terrorism Act actually said, so here it is for your edification:

Possession for terrorist purposes.

A person commits an offence if he possesses an article in circumstances which give rise to a reasonable suspicion that his possession is for a purpose connected with the commission, preparation or instigation of an act of terrorism.

It is a defence for a person charged with an offence under this section to prove that his possession of the article was not for a purpose connected with the commission, preparation or instigation of an act of terrorism.

In proceedings for an offence under this section, if it is proved that an article –

  1. was on any premises at the same time as the accused, or
  2. was on premises of which the accused was the occupier or which he habitually used otherwise than as a member of the public,

the court may assume that the accused possessed the article, unless he proves that he did not know of its presence on the premises or that he had no control over it.

A person guilty of an offence under this section shall be liable –

  1. on conviction on indictment, to imprisonment for a term not exceeding 15 years, to a fine or to both, or
  2. on summary conviction, to imprisonment for a term not exceeding six months, to a fine not exceeding the statutory maximum or to both.

I am not a lawyer, but my reading is that if the cops find a USB stick in your possession, and they have “reasonable suspicion” that you’re going to use it in connection with terrorism, it’s up to you to prove that there’s a perfectly innocent explanation.

The question is, would the British police be more suspicious of a USB stick containing Windows 10 or TAILS?

And would the fact that you have said operating system installed on your USB cufflink prove that you’re up to no good, or just a bit of a geek? After all, I imagine many an IT spod would be keen to purchase just such a pair of cufflinks from Amazon now they know they exist.

Whatever answer you may have to those questions, I really hope that charges like this won’t lead to the public thinking that encryption is a bad thing, typically used by terrorists, rather than a tool that helps protect all of us against criminals every day.

Ullah has been remanded in custody to appear at the Old Bailey on 28 October.

Hat-tip: Thanks to Rob Rosenberger for suggesting the title for this article.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

9 comments on “‘Cyber terrorist’ trades cufflinks for handcuffs”

  1. Pete

    Section 57 of the Terrorism Act successfully demonstrates that the state's fundamental premise — that the way to protect freedoms is by interfering with them — is as broken as ever.

    This article reminded me that, unlike here in the U.S., where the legal system gives lip service to the presumption of innocence until proven guilty, in the UK they don't even make a pretense of adhering to that principle.

    In a way, I suppose that's more up front. At least the citizenry isn't walking around deluded that they have a right the system consistently violates.

    1. Chris · in reply to Pete

      Of course, in this specific example the individual in question has also been charged with Section 11 (membership of ISIS), Section 5 and Section 56 offence(s) and 'had in his possession articles namely a book about guided missiles and a PDF version of a book about advanced in missile guidance and control' (follow Graham's link above). Still, I'm sure he is a regular boy scout and this is just the state overreaching. Who amongst us doesn't enjoy reading about missile guidance as a bit of light bedtime reading?

      At least our (and your) citizenry can walk around without somebody trying to cut their head off in the street or shoot down our airliners or whatever else this charming individual had in mind.

      1. Pete · in reply to Chris

        Chris: Sorry I didn’t successfully communicate my point, which is not about the individual in question (Mr. Ullah). Neither I nor the article above (as far as I can tell) question the likelihood of this charming individual's ill intent. The question is not about whether Section 57 "worked" in his case, but rather about its downside potential, particularly as it applies to someone who is simply carrying a USB device, but is in fact not a member of ISIS, and is not otherwise involved in scumbaggery.

        Mr. Ullah is a symptom of problems for which ill-conceived laws provide only Band-Aids…laws that come with an ever-increasing price in the surrender of freedom in the name of security.

        Your reply is an example of the false alternative. Because I condemn the state's (and apparently your) presumption that its application of the law will always be fair, reasonable, and not in conflict with fundamental rights, that does NOT mean I condemn that which is right about either US or UK society, especially the degree (albeit limited, and constantly being eroded) to which those fundamental rights were intended to be protected.

        I understand how difficult it is to drop deeply entrenched prejudices, such as the one that presumes the only form of government that can possibly work is one that gives “teeth” to its arbitrary laws via the mechanism of legalized coercion, or the threat thereof.

        Nevertheless, if everyone refuses to consider the possibility that coercion (even when it has the imprimatur of the state) in the long run destabilizes a civilization’s ability to safeguard those unalienable rights it was supposed to secure in the first place, then the mess that such refusal has already gotten us into will only get worse.

      2. coyote · in reply to Chris

        So..reading about missile guidance is now a crime, is it? And it might not be light reading to you but it might be to some others who are more inclined to understand the science behind it.

        Observe I'm not saying it is or isn't a crime to read about that thing (I do think it absurd however if it is); instead I'm saying it isn't a binary thing. It's completely stupid too, since who created the technology? And who also uses it? Wouldn't there be a legitimate reason to learn about it?

        Yes there would be to anyone who thinks in colours (which unfortunately for some things like this many and arguably most do not). Ethically I don't think there is, actually, but the fact the technology exists cannot be undone (the sad reality is mankind is inherently destructive). It's sad how people truly cannot see more than one thing at a time…it's a dark realisation, even, and it's folly too. The specific problem is exactly what was referred to; the rest is immaterial.

        1. Chris · in reply to coyote

          Of course it's not, and of course it's not binary. If you are an engineer, and perhaps interested in different engineering fields, that will be obvious and easy to prove. In the unlikely event that you are caught up in TACT legislation, you'd explain those PDFs in the context of maybe your qualification(s) in engineering, perhaps your work history, your interest in lots of other mechanical engineering topics and so on, and because you're innocent you would cooperate with Law Enforcement, because to not do so is foolhardy.

          On the other hand, if you have links to extremist groups, a handful of GCSEs, and work at Burger King with absolutely no interest in anything other than smoking hash and playing XBOX, and also have PDFs on missile guidance systems which can be shown to have been read multiple times but you 'have no idea how they got there, honest guv' – well, that's a rather different picture I'm painting, isn't it?

  2. Bob

    Most people in the U.K. incorrectly believe that this type of burden of proof doesn't exist; of course it does.

    In law it's referred to as a 'reverse onus'. Unless the defendant can prove his innocence then the court may find the offence proved and convict him. This is really problematic because it's extremely difficult to prove a negative – how can you prove your possession was legitimate?

    Assume this exchange:

    Prosecutor: "Why were you found in possession of a disguised USB drive?"

    Defendant: "I'm an I.T. aficionado"

    Prosecutor: "But this operating system is designed to allow clandestine and anonymous access to the internet; why would a 'normal' I.T. hobbyist want to conceal his online activities"

    And so on.

    It is incumbent upon the defendant to convince the court on the balance of probability that his explanation is legitimate. A court only need be satisfied beyond reasonable doubt (in reverse onus cases) that he is guilty in LAW and not in FACT unlike the majority of other criminal cases.

    It's extremely worrying that the innocent run the gauntlet of being convicted under rushed, ineffectual legislation.

    As a side note some of these cases are heard in camera (secret) and sometimes even the defendant doesn't get to see all of the evidence against him. Other times significant reporting restrictions are imposed.

  3. Simon

    There you go folks; Disable USB access, secure your BIOS/boot options and implement some form of DLP to prevent unwanted ingress/egress of data.

  4. LooseLaw

    Please note that by this legaleze, to have somethng "in your possession" it is sufficient if that thing is "on the same premises at the same time" as you are.

  5. Chris

    'The question is, would the British police be more suspicious of a USB stick containing Windows 10 or TAILS?'

    It wouldn't be relevant at the scene as it would be seized – very unlikely to get triaged then and there. Back with the Computer Forensics people, the presence and use of TAILS would most definitely be suggestive of somebody who wanted to clean up after themselves. Perhaps because they really, really want to be sure they are safe reading the Graham Cluley headlines on a friend's laptop, or perhaps because they are planning global jihad. Or perhaps they are just a bit of a tinfoil hat wearer…

    'And would the fact that you have said operating system installed on your USB cufflink prove that you're up to no good, or just a bit of a geek? After all, I imagine many an IT spod would be keen to purchase just such a pair of cufflinks from Amazon now they know they exist.'

    It would prove that the owner had an above average awareness of security and encryption issues, but nothing more and nothing less than that. A good* CF analyst would then be even more alert to the possibility of further encryption, steganography and so on. This character also likes security by obscurity so perhaps more USB storage built into an unlikely device.

    And yes, I do want a pair of USB cufflinks for Christmas now.

    *but this is the Police we are talking about here so, you know…

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.