How terrorists hide messages online

Scripps Howard News Service ^ | 10/4/01 | Scripps Howard News Service

[poweqi]

Yes those are cool. But the codes I swa were NOT like that. I'm telling ya it was WIERD!

[Thanatos]

"Yes but you still have to communicate otherwise so your partner can unlock the image. "

Ask and ye shall recieve.. Here is an article that just passed thru the wires.:

Former French official: Notebook might contain codes to decipher bin Laden messages

By JOCELYN NOVECK
The Associated Press
10/5/01 9:54 AM

PARIS (AP) -- A former French Defense Ministry official says he believes police have found a notebook belonging to a suspected member of a terrorist group containing codes that could be used to decipher messages within Osama bin Laden's network.

Intelligence officials "may be able, with that, to go back to the messages that they may have intercepted already," said Alexis Debat, a teacher and author who until last year worked at the Defense Ministry.

In a telephone interview, he said "it would be a major breakthrough" if authorities were now able to decipher terrorist codes. But he added: "I don't know if they've been able to make something of it." He said the information had been passed to U.S. intelligence officials.

Debat said he got his information not from intelligence officials but from judicial officials close to the case, who told him the notebook with Arabic writing, "seemed to be a code book," and was found in the apartment of Kamel Daoudi. Daoudi has been placed under formal investigation in France for suspected links to a terror network.

Daoudi, 27, is a former computer student believed by investigators to have played a key role in a network of Islamic extremists linked to bin Laden and plotting attacks on U.S. interests in France including an attack on the U.S. Embassy in Paris.

He spent time in training camps in Afghanistan before returning to France this summer, judicial officials have said on condition of anonymity.

French police had hoped to arrest Daoudi during a Sept. 21 roundup of seven other suspects in the Essonne region south of Paris. However, he escaped to Britain, where he was detained four days later and sent back to France.

Police searching his apartment are said to have found the frames of cellular phones and dismantled alarm clocks, leading them to believe he was working on a detonation system, as well as computer materials and papers in Arabic that are still being examined. Daoudi is believed to be a computer enthusiast who worked at a cybercafe.

French intelligence officials reportedly believe Daoudi kept communications going with group members in other European countries -- such as the Netherlands and Belgium -- and also with Afghanistan, through images transmitted on the Internet.

His apartment in Essonne was also once occupied by Djamel Beghal, another suspected member of the group. Beghal told investigators in Dubai that he was recruited by a top bin Laden aide to oversee a suicide bombing at the U.S. Embassy, which was to have taken place before next March.

The operation never took place, because Beghal was arrested in late July in Dubai with a false passport. He has since withdrawn many of his statements, saying he was never tapped by bin Laden for a mission and that he testified under physical and mental duress in Dubai. He, also, has been placed under formal investigation for suspected links to a terror group.

In London, a man who allegedly ran a company offering Islamic combat training courses appeared in court Friday on weapons charges, along with another man accused of training some of the hijackers involved in the Sept. 11 attack on the Pentagon.

Both were denied bail after prosecutors presented evidence allegedly linking them to extremist activities.

[Thanatos]

I like your analysis and explanation. Very well written and thoughtout.

It is easy to come up with encryption methods that are virtually impossible to break and detect..

That is why I feel that the terrorist Network, that has been attacking us and our allies for the last 10 or so years, are using this particular method.. (and probably among others)..

Steganography hides the existence of messages, whereas cryptography deals with hiding the contents of messages. A steganography program (like steghide for example) embeds the file that contains the message you want to hide in another file, for example in an image or sound file. The most secure technique to use steganography is to use it together with cryptography. That means you encrypt the message and hide it in a file afterwards.

Depending on the method used to hide or encrypt messages, there are things that good and bad things depending on the method.

For example, your method mentioned, the "Pen and Paper", is and has been used for years (Decades) and it's good Points is that it is almost impossible to detect, unless the message itself is physically intercepted.. The bad points is that since it is a physical item, it must be handcarried, and that means access to Transportation and delivery systems that can be detected and intercepted.

What makes a good secret communication channel is one that no-one can either detect, and no-one has the ability to "Filter" out the encoded messages. For Example, the US has some highly sophisicated crypto equipment to hide and disguise the communication. They involve the use of either one use codes, or daily codes that are imputed using paper strips with holes in them and can be destroyed easily and quickly. The only problem with this is that the fact that the communication IS encrypted makes it a target for hostile or "nosey" people or agencies who will then target those lines of communication because they know that is where the information they want is located. We used to Joke about in the AF that it was almost more secure to use an open and unsecure line because since there are so many of them, it would be more secure because it would be lost in the jungle of "Common Messages"..

A good example of this took place durning WWII with the Battle of Midway. Naval Intelligance was able to track Japanese Incrypted communications and decode their messages, but about 1 or 2 months before the battle, the Japanese changed their codes, and the "Codebreakers" were not able to decypher their communications and were at a loss to their plans. But they had gotten some information that the Island of Midway would be a target, but they were not able to confirm that "Objective AF" was indeed midway and not some other place. So a Message was incrypted and sent over the secure lines that "Midway's Fresh Water Condensers were offline".. and since the US knew that their codes were compromised, when they intercepted a message that "AF's fresh Water Condensers were offline", American Intelligance knew that Midway was the target and not the western coast of the US. They were able to then Position our Carriers for the Battle and not send them to protect the west coast, and we won the battle. BUT the messages to the commander on Midway to prepare for the attack was NOT sent over the secure comm lines, but over unsecure open lines thru normal everyday traffic because Naval intelligance knew the Japanese did not have the capability to monitor ALL of them because there was just too much.

So basically, here you have the best of two world. You have an encrypted system and a system that is available to everyone but is so massive that no-one has the resources to monitor them all. Which is more secure.. Neither, BUT if you can incorporate BOTH Systems, then you will have a Highly secure system that can be easily accessed by the Intended person, but is "Under the Nose's" of everyone so much that they don't realize that they have in their hands messages and "Dead-Drops" that have information that could have saved thousands of people, but because it was hidden nobody realized what it was.

Which is more secure.. A piece of paper hidden under a rock near a stream? or a piece of paper slipped between a couple of pages of a book sitting on a shelf in a Library?

The Library Book is more secure.....

Since about 1995, it has been reported that Al-Quiada has been using steganography to keep it's network of terrorist informed, and to coordinate attacks. There are several methods to do this.. One method is to use SPAM e-mail for the message. Would you actually read this message? :
-----------cut here------------------

Dear Friend ; Thank-you for your interest in our publication 
. If you no longer wish to receive our publications 
simply reply with a Subject: of "REMOVE" and you will 
immediately be removed from our club ! This mail is 
being sent in compliance with Senate bill 1627 ; Title 
6 , Section 303 ! Do NOT confuse us with Internet scam 
artists . Why work for somebody else when you can become 
rich within 96 weeks . Have you ever noticed more people 
than ever are surfing the web and the baby boomers 
are more demanding than their parents ! Well, now is 
your chance to capitalize on this . We will help you 
deliver goods right to the customer's doorstep and 
use credit cards on your website ! The best thing about 
our system is that it is absolutely risk free for you 
! But don't believe us ! Prof Simpson who resides in 
New Mexico tried us and says "Now I'm rich, Rich, RICH" 
! We are a BBB member in good standing ! If not for 
you then for your loved ones - act now . Sign up a 
friend and your friend will be rich too . Thanks ! 
Dear Friend ; Thank-you for your interest in our letter 
. If you are not interested in our publications and 
wish to be removed from our lists, simply do NOT respond 
and ignore this mail ! This mail is being sent in compliance 
with Senate bill 1622 ; Title 6 ; Section 305 . This 
is NOT unsolicited bulk mail ! Why work for somebody 
else when you can become rich within 88 days ! Have 
you ever noticed how many people you know are on the 
Internet plus how many people you know are on the Internet 
! Well, now is your chance to capitalize on this . 
WE will help YOU turn your business into an E-BUSINESS 
plus use credit cards on your website ! You can begin 
at absolutely no cost to you ! But don't believe us 
. Ms Simpson who resides in Colorado tried us and says 
"My only problem now is where to park all my cars" 
. This offer is 100% legal ! Because the Internet operates 
on "Internet time" you must act now . Sign up a friend 
and your friend will be rich too ! Best regards ! Dear 
Salaryman , Your email address has been submitted to 
us indicating your interest in our briefing . We will 
comply with all removal requests ! This mail is being 
sent in compliance with Senate bill 1625 ; Title 2 
; Section 305 . This is a ligitimate business proposal 
. Why work for somebody else when you can become rich 
in 72 WEEKS ! Have you ever noticed most everyone has 
a cellphone & people are much more likely to BUY with 
a credit card than cash ! Well, now is your chance 
to capitalize on this ! WE will help YOU process your 
orders within seconds and SELL MORE ! The best thing 
about our system is that it is absolutely risk free 
for you ! But don't believe us ! Prof Ames of Illinois 
tried us and says "I was skeptical but it worked for 
me" ! This offer is 100% legal . Do not go to sleep 
without ordering ! Sign up a friend and you get half 
off . Thank-you for your serious consideration of our 
offer ! Dear Friend , This letter was specially selected 
to be sent to you . We will comply with all removal 
requests ! This mail is being sent in compliance with 
Senate bill 1624 , Title 9 ; Section 309 . This is 
not a get rich scheme ! Why work for somebody else 
when you can become rich as few as 16 weeks . Have 
you ever noticed nearly every commercial on television 
has a .com on in it and people love convenience ! Well, 
now is your chance to capitalize on this . We will 
help you decrease perceived waiting time by 120% plus 
use credit cards on your website . You can begin at 
absolutely no cost to you . But don't believe us ! 
Mr Ames who resides in Nebraska tried us and says "Now 
I'm rich, Rich, RICH" . We are licensed to operate 
in all states ! For the sake of your family order now 
! Sign up a friend and you get half off . Thank-you 
for your serious consideration of our offer ! 

-----------cut here-------------------------

Inside the above SPAM is a hidden message. Copy and Paste the above message to this Webpage to decode the message.

If you Look Closly at the above message, you will notice something strange, there are some extra spaces between some words and punctuation marks, some extra marks, and some of the grammer is wierd.. all of these are used to encrypt the evil message is have encoded inside it.

This message could be posted to a mailing list that is used to Spam everyone in the world, (The CD's are easy to get ahold of and you can then add the e-mail address's of the people you NEED to contact to the list for this example, let us say 5 cell leader's e-mail address are added to the mailing list.) and not only will over 50 million people get this message, but also those 5 people who need to read it. Out of the 50 million, 50 million minus 5 will trash the message. and the 5 will be able to read the message and get their orders. All within a few minutes of it being sent to the mastermind, and all completly secure.

This is only one way these evil people may have communicated. And it does not take a math genius to do it.. Or any fancy software.. The example above takes a person who has access to the web, and the ability to Copy and Paste, and it takes about 5 seconds to encode/decode the message. And I am not a Math Genius, but I was able to create a message that people would throw out without thinking about it, but to the right people, it would be able to kill over 5000 people.

So that is why I pretty much posted this Article.. Here on Free Republic are people dedicated to Protecting and Defending the US Constitution from enemies, both foreign and Domestic. We have here the resources and the brainpower to begin, in our small way, to help defend our way of life and to protect our Country.

Here on Free Republic are thousand of people who research alot of websites, get lots of e-mail, and, well, like to surf.. We can help our country by keeping a lookout for these type of messages, look for Jpegs, wav's, MP3's, gif's, bmp's, etc.. etc.. and if we find any with hidden messages, we forward them to the FBI.

Alot of us served our country by wearing a uniform, now we are too old to serve, BUT we do know how to use our computers, and we can serve our Nation by helping to root out the Terrorist Network that attacked our Nation by keeping an eye out and trying to decrypt their communication network.

That is why I posted this Article here..

[Thanatos]

"Hmm, sorta like Stegano for the GIMP (GNU Image Manipulation Program)? "

Yep, that is exactally one of the technologies they are using

[Thanatos]

Here is a Link to an Arabic site that is dedicated to the discussion of steganography Al Kahf Net other resources page, If you go to their Main page (http://www.alkahf.net), it will take you automatically to a seemingly normal webpage (http://paintshoppro.org/vb/index.php) that is really a message board where some of these "Hidden Messages" may be found.. I cannot read arabic, so I have no clue what is being said..But why would a webpage that has details on steganography redirect you to a website on Photoshop??? Curious..

BTW, I have already forwarded the info to the FBI for them to investigate..

[Darth Sidious]

I've fallen and I can't get up

[Born in a Rage]

Check out this old post I came across last night.....

Alright, maybe I've been on too many threads today about Clinton not leaving office, using FEMA powers, etc.

But (and this is strictly a hypothetical) wouldn't this be an outstanding time (September) for one HUGE mother of all terrorist attacks to take place in New York, should he happen to be thinking along these lines? Coincides nicely with the pre-election theory.

9 Posted on 07/12/2000 11:19:09 PDT by mjohnq

bump for your post, T!

[VRWC_minion]

Insepct the Sore Loserman photos !

[Thanatos]

Hmm.. it's not there anymore.. :(

[Thanatos]

Now this is interesting..

I'm checking more into the website I posted about. the Al Kafa (The Cave) website.

It looks like they have links on just about anything you want to know on how to keep your communications safe from prying eyes.. AND I think I may have found how they are communicating with each other without detection.

On the re-directed link to the paintshoppro.org site, there is on the bottom right-hand corner where they take information about your MSN Instant Messanger and posts it to the webpage.. Now, IM does not cache or otherwise saves your conversations with other people and you can have many people join in your private Chat..

It looks like these people are using Hotmail.com to communicate with each other..

Whois info on paintshoppro.org website:

[whois.bulkregister.com]
Kabawe M. F. 
   1st Naprudnaya 7- 1
   Moscow,  129346
   RU

   Domain Name: PAINTSHOPPRO.ORG

   Administrative Contact:
        Atyab Internet    atyab@atyab.com
        Atyab
        Albalad
        Jeddah,  11
        SA
        Phone- 966 2 
        Fax- 966 2
   Technical Contact:
        Atyab Internet  atyab@atyab.com
        Atyab
        Albalad
        Jeddah,  11
        SA
        Phone- 966 2 
        Fax- 966 2

   Record updated on 2000-06-13 00:00:00.
   Record created on 2000-06-13.
   Record expires on 2002-06-13.
   Database last updated on 2001-10-05 04:31:53 EST.

   Domain servers in listed order:

   NS.ATYAB.COM                  208.56.139.154                
   NS2.ATYAB.COM                 208.56.138.141                


THRU Network Solutions Registery:

Registrant:
Personal (ALKAHF2-DOM)
   1 Naprudnaya 7 - 1
   Moscow, N/a 129346
   RU

   Domain Name: ALKAHF.NET

   Administrative Contact, Technical Contact, Billing Contact:
      Kabawe, Muhammad  (MK14947)  mared@CITYLINE.RU
      Personal
      1 Naprudnaya 7 - 1
      Moscow
      129346
      RU
      095 475 70 10

   Record last updated on 01-Jul-2001.
   Record expires on 13-Jul-2002.
   Record created on 13-Jul-1999.
   Database last updated on 4-Oct-2001 16:34:00 EDT.

   Domain servers in listed order:

   NS1.READYHOSTING.COM		63.119.175.103
   NS2.READYHOSTING.COM		63.119.175.104

[Texaggie79]

æÝí ÇáæÞÊ ÇáÍÇÖÑ ÝÅä ÃÛáÈ ÇáãÌÊãÚÇÊ ¡ æ ÍÊì ÇáÏíãÞÑÇØíÉ ÇáÊÞáíÏíÉ ÊÜõÚÇäí ãä ÓíØÑÉ ÈÚÖ ÇáãäÙãÇÊ æãÓÄæáíÊåÇ Úä ÊÓÑøÈ ÇáãÚáæãÇÊ ¡ ãËá the societies depicted in George Orwell's 1984 or Vladimir Nabokov's Bend Sinister, ÇáÃÎ ÇáÃßÈÑ æ íÍÇæáæä ÊÃÓíÓ ÃÖÎã ãÄÓøÓÇÊ ãÊÎÕøÕÉ ááÓíØÑÉ Úáì ßá ÔíÁ Ýí ÍíÇÊß ¡ ãä ÇáÈÑíÏ ¡ Åáì ÇáÍÓÇÈ ÇáãÕÑÝí ¡ æ ÍÊì ãÇ

[Texaggie79]

I thought they read right to left. How do they then insert english?

[Cindy]

I hope someone shared this info with America's "intelligence" sources like the CIA, FBI, DIA, and of course, Homeland Security.

[Jesse]

It seems that most are from "Skeptics" who seem to want to blow off the fact that the very people who murdered over 5000 AMERICAN and International Citizens used this method to plan and coordinate their attack against our Homeland.

Your point? If you are arguing that the government should, because of these acts, forbid encryptation programs and insert backdoor keys, so sorry, but it won't fly.

This is akin to arguing that all guns, or typewriters, or knives should be restricted and registered.

The failure of the government to detect the plot of these and future terrorists, and the failure of anyone to stop the terrorists from using airliners to bring down the twins was not for a lack of regulations on the use or availability of a technology by the government.

The genie is out of the bottle. Just a basic knowledge of the cryptography of the 1800's if properly used would be enough to allow people to communicate with very secure encrypted messages. The RSA method of factoring primes is well known, and does not require anything to use other than a calculator. PGP is quite secure.

The idea that electronic surveillance is adequate intelligence is simply wishful thinking. The idea that giving the government the sole ability to control secure information transfer between individuals and maintain our freedom is ludicrous.

[Thanatos]

" hope someone shared this info with America's "intelligence" sources like the CIA, FBI, DIA, and of course, Homeland Security."

Yep, I sent all the info I have to the FBI.. Reading Drudge yesterday, it looks like they are fully aware of the Communication links the Terrorist are using.

XXXXX DRUDGE REPORT XXXXX SUN OCT 07, 2001 19:20:41 ET XXXXX

WHITE HOUSE CONVINCED: BIN LADEN GIVING ORDERS OVER INTERNET

President Bush and his senior advisers are convinced that terror lord Osama bin Laden is communicating with his agents via the Internet, government sources said on Sunday.

"[The Internet] appears to be a major mode of communication between bin Laden' and his network," revealed a White House insider who demanded anonymity.

"The Internet has proven to be a good place to hide and to communicate in real-time," added the source.

"We know there's been an exchange of email between bin Laden's top agents, but there also may be ongoing chats, like instant messages.'

Developing...

[Thanatos]

"Your point? If you are arguing that the government should, because of these acts, forbid encryptation programs and insert backdoor keys, so sorry, but it won't fly."

Nope, not my point at all.. Any type of technology can be used by both, the "Good side of the Force" and the "Dark Side of the Force".. Look at Fire, in the Right Hands, it can build a Nation. In the wrong hands, it can destroy a city and all who live there.

We need to be vigilant, just as firemen/women are to those who would use this technology and we must go about to do what we can to stop those who would murder from gaining from their bad use of this technology. I raised the issue that several years ago, people were panic'n over the fact that the goverment wanted a set of keys that would allow them to "Back-door" the technology so they can read the messages that "Bad Guys" are sending to each other. Alot of people thought it was an invasion of privacy and fought against it.. Not all security and encryption is created here in the United States, alot of it is developed in other contries, for the specific purpose of doing what the Terrorist are doing.. and in their hands, it is a dangerous tool, in the right hands, it can save a nation.. f

Banning completely will never work, just as you have pointed out and is a silly suggestion. No, my point is that we may want to re-think the request of our Law Enforcement and Intelligance communities have made and allow them access to particular messages under particular conditions... Just as wiretapping has brought down some really bad people, cryptotapping can do the same against the terrorist. That is my basic point in the reply you referenced.

[Ranger]

There was an article in mid Sept. that said a Syrian man was Bin Laden's cryto guy. He lived in Spain. When a safe house in Yemen was raided, 9 or 11 passports were found for him. Anyway, the point is, we need this guy or code books like the one found in france to discern their method. From there I think it gets easier.