Skip to comments.How terrorists hide messages online
Posted on 10/04/2001 6:46:51 PM PDT by Thanatos
For Editorial and Discussion use only:
By LISA HOFFMAN
Scripps Howard News Service
October 04, 2001
- To terrorist cells such as Al Qaeda, a picture on the Web can be worth thousands of words.
Employing the 21st century version of a concept as old as secrets themselves, alleged terrorists affiliated with Osama bin Laden are believed to have exploited the vastness of the Internet to hide messages between conspirators in what amounts to plain sight.
According to declassified intelligence reports, court testimony and computer security experts, bin Laden's network has been a pioneer in adapting the ancient art of steganography to the Internet. U.S. officials and high-tech researchers seeking to counter such techniques are scrambling for methods to detect or derail them.
Online steganography - derived from the Greek words meaning "covered writing" - essentially involves hiding information or communications inside something so unremarkable that no one would suspect it's there. It's the cyber-equivalent of invisible ink or the "dead drops" that spies use to pass secrets.
Experts say Al Qaeda, along with the Palestinian terrorist groups Hezbollah and Hamas, have used computer software available for free on the Internet to communicate via virtually undetectable messages embedded electronically within innocuous photographs or music files of the sort that millions of Internet users send to each other each day.
Using it as a ruse, bin Laden's terror operatives allegedly have been able to bury maps, diagrams, photos of targets and messages within popular music, auction and sports sites as well as pornographic chat rooms - incongruous territory for devout Muslim fundamentalists.
Secrets even can be hidden in spam, the millions of unwanted e-mail messages ricocheting daily across the Internet that barely register with most users before they delete them. Communicating this way makes it extraordinarily difficult for law enforcement to pick up on, much less interdict or trace.
"The sender can transmit a message without ever communicating directly with the receiver. There is no e-mail between them, no remote logins, no instant messages," wrote Bruce Schneier of Counterpane Internet Security. "Steganography is a good way for terrorist cells to communicate... without any group knowing the identity of the other."
It's an old concept, written about in 474 B.C. by Greek historian Herodotus, who described how Histiaeus of Miletus shaved the head of a slave and tattooed a secret message on his scalp. When the slave's hair grew back, Histiaeus dispatched him to the Greeks, who shaved the slave's head and read the message.
During World War II, invisible ink was used by all sides. And the Germans perfected the use of "microdots," in which a page of writing could be reduced to the size of a dot on a letter - only to be enlarged by the recipients and read.
Computer steganography essentially piggy-backs information on empty or unimportant spaces in digital files. But those who want to employ the method don't need to understand the complex concepts at work - all they have to do is download software available free or for less than $50 from more than two dozen Internet sites.
Follow the instructions for using the software and, with a few mouse clicks, you've hidden a message that is all but undetectable, except by the person you have tipped to where to find it.
Photo or music files with such messages embedded are indistinguishable to the human eye or ear from identical ones lacking the secret data. (For an example of how this works, go to http://www.spammimic.com, and embed your own message in spam.)
That fact exponentially increases the difficulty for investigators trying to track terrorist communications online. "With the volume of documents, photos, video and sound files moving on the Internet, there is no system powerful enough to analyze every object for hidden messages," wrote Barry Collin(CQ), research fellow at the National Interagency Civil-Military Institute of the National Guard Bureau.
And an interceptor can be hamstrung even more if the hidden message is encrypted into code. Bin Laden's network allegedly does just that.
The Justice Department, citing the difficulty of monitoring and detecting cyber-communications among terrorists, is asking Capitol Hill to relax legal restrictions or force software writers to supply their secrecy code "keys" to the government in order to make it easier for agents to tap into everyday e-mail on a broad hunt for miscreants and de-scramble what they find.
Civil libertarians say such privacy invasions are unnecessary; efforts should be directed instead toward techniques to detect and disable cyber-steganography.
The intelligence community is hard at work with university researchers creating sophisticated detection programs that use complex algorithms to conduct statistical tests capable of identifying stenographic footprints.
One new software package of interest to the Air Force was developed by research professor Jessica Fridrich at Binghamton University in New York state. Called "Securestego," it allows a user to return a digital image modified by steganography to its original state - that could derail such a message before it could reach its intended receiver.
.....but the "code" that is not shown by the browser.....
.....is where the really kewl stuff is.....
There was a bulletin board that was distributing soft porn avi files that had all kinds of text comments embedded in the files. The one I remember seeing was an avi of Jamie Lee Curtis removing a blouse. Opening this file with a text editor revealed instructions for hacking into TRW credit reports along with a bunch of jokes and show off scarism. They also had instructions for other bulletin boards to goto for obtaining the embedding software. It was pretty low tech stuff and judging from the maturity level of the writing, I would judge that the board was set up and being run by adolesents. I seem to remember reading that the board was busted by the FBI for one thing or another, it was located in Live Oak, CA, just North of Yuba City.
No kidding, makes you wonder why they even need encryption..
.....FR's new software doesn't let us use the.....
.....FR's new software doesn't let us use the.....
.....but then i'd have to.....
.....well u know.....
.....still gotta few bugs.....
PCs keep records of website visits and ISPs keep records of website visits by a paticular computer so it shouldnt be too difficult to crack this thing open. Not as difficult as cracking the Enigma Machine during WW2.
I can imagine that there are some folks that will find this challenge irresistible to tackle.....and just for the fun of it.
......any other way......
...... than this?........
.....but it's easier to find your place in code.....
.....when you put in some markers.....
Hint: Caesar Cipher
.....(if you have arabic fonts you'll get it).....
"Through weeks of interviews with U.S. law-enforcement officials and experts, USA TODAY has learned new details of how extremists hide maps and photographs of terrorist targets and post instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other popular Web sites. Citing security concerns, officials declined to name the sites. Experts say it's difficult for law enforcement to intercept the messages.
"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," says Ben Venzke, special projects director for iDEFENSE, a cyberintelligence company."
U.S. officials and militant Muslim groups say terrorists began using encryption which scrambles data and then hides the data in existing images about five years ago.
But the groups recently increased its use after U.S. law enforcement authorities revealed they were tapping bin Laden's satellite telephone calls from his base in Afghanistan and tracking his activities."
NetSecurity, About. Sep, 17, 2001:
Methods Terrorists Use
August 2001, CITI Techreport
Detecting Steganographic Content on the Internet
US alert: coded message reveals bin Laden terror plot, July 20, 2001
US alert: coded message reveals bin Laden terror plot
"The United States is expecting a terrorist attack orchestrated by the Saudi extremist Osama bin Laden soon, and has placed its forces in the Middle East on the highest level of alert.
State Department officials said intelligence services had intercepted a coded message to one of bin Laden's senior operatives outlining plans for the attack."
Newsmax, Feb. 9, 2001
U.S. Makes Cyberwar on Bin Laden
"Since 1994, bin Laden has used modern technology such as laptop computers, regular computers, faxes, cell phones, e-mails and the Internet to help set up his networks in Western Europe and 50 other countries, U.S. government officials said.
But to counter his vulnerability to the NSA and America's superior electronic warfare resources, including Vortex satellites that vacuum up microwave transmissions, bin Laden has resorted to "the application of traditional tradecraft" to the Net world, Venzke said. In the past, spies "hid micro dots in letters," he said. Today, bin Laden operatives hide encrypted messages "in the middle of a porno picture." or use chat rooms or other seemingly harmless venues to deliver covert orders."
Wired News, Feb. 7, 2001:
Bin Laden: Steganography Master?
"WASHINGTON -- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet. So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement.
The Clinton administration substantially relaxed -- but did not remove -- regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins.
Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use.
"We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices."
There is more, but you all get the Idea..
Are there many foreign Arabs where you live? We have some in a few our out cities out there, but Ive never seen any in the small city near where I live.
Where the hell is prism when you need him?
Encription does not just involve passwords, which would be relatively easy to hack into with certain programs. Encription involves using public and private keys (long series of random characters) that must be shared. I encript using my public key and you decrypt using the private part that I shared with you earlier.
That's right they probably used a tool to accomplish some task. I also use tools and this one would come in handy for some tasks I might want to do. I'm not about to give a blank check to any government to check out my activities whenever they see fit. If the government, educators and certain other folks were not in the prohibition business, all of whatever planning and preparation they did in secret would have gone down the toilet if the pilots would have plugged 'em when they exposed themselves.
Most of them weren't supposed to be here anyway. It's the liberal handlers in govm't, media and education that are the problem, not Freedom and individual rights.