How Anonymous Remailers Made the WTC Attacks So Much Easier For Terrorists

US Federal agents retracing the steps of the September 11 hijackers have found a digital trail. Proof that the Internet is now used for a lot more than buying CDs and sending messages to friends abroad. It can now initiate identity theft and infrastructural security breaches. At the centre of it all are private computer services commonly known as 'anonymous remailers', believed to have make the WTC attacks possible with negligible possibilities of detection.

In a nutshell, anonymous remailers -- like pretty good privacy, anon.penet.fi and anonymizer -- are programs that accept outgoing email on a service provider's Web site, strip identifying information (such as sender's name, email address, ISP number), and then send it to its destination devoid of anything that could link it to its source.

Good remailers route messages through several other remailers before delivering it, to further conceal the source. Better ones pause for a random amount of time (anywhere from a couple minutes to days) during each hop, to remove correlations between the time a message was sent and received.

This is unlike conventional email, which is notoriously difficult to hide behind especially if a pursuer is determined to track down a sender. All email messages contain routing data - where it originated and how it got to its destination - that can be used, in conjunction with log files, timing information and even law enforcement subpoenas, to track down its origin.

Similarly, every computer on the Internet has an Internet Protocol (IP) address, that lets email servers and sites know where to send the data. Therefore, even if users visit a site without giving their name or company affiliation, the visit can still be traced to their computer or network.

None of this can happen if data is routed through anonymous remailers: an effective way of sending anonymous, totally untraceable information over the Internet.

One of the first signs that the terrorists were tech savvy enough to exploit this utility came from an FBI document obtained by the German magazine Der Spiegel, which disclosed how the hijackers purchased their airline tickets. Several used a pay-per-use public Internet terminal at a store in Florida, while some chose paperless electronic tickets.

The modus operandi in both cases was the same - routing all requests and other communication through anonymous remailers, thereby making their digital footprints impossible to trace.

The second hint came soon after the FBI announced that a man named Abdulaziz Alomari with a birth date of December 24, 1972 was on the flight that hit the North Tower. Immediately, a man by that name and with that birth date informed a Saudi Arabian newspaper that he was alive and well.

Later, as more names released by the FBI corresponded to living people, remailer-aided identity theft (which was seen as an irritating consequence of modern life before September 11) stood exposed as a fatal breach of national security.

This, added to the claim of US officials that Osama bin Laden had turned to data-hiding steganography software to communicate with operatives, tolled the final death knell for anonymous remailers all over the world.

It doesn't end here. "I am not concerned whether the remailer network is, or was, used by the actual terrorists," one operator wrote on the politech mailing list. "What concerns me are the inevitable bogus threats and tips to various newsgroups, federal offices and officials".

Detractors, however, see the shutting down of these services as an invasion of privacy and threat to the freedom of speech, since anonymous remailers are also invaluable tools for legitimate uses - such as providing a safe way for victims of abuse to participate in support forums without revealing their identities. Another operator posted: "Shutting down freedom of speech would be to do the terrorists' job for them. I will not surrender to terror. I will not carry out the will of these cowards. They will have to do it themselves: I'm keeping my remailer up".

Such sentiment is still limited. When asked to make a choice between security and "freedom of speech", a majority veer towards the former. The popular opinion is that like everything else on the Internet, anonymous remailers are a privilege that must be respected if they are to be preserved.

Thus, the future of privacy and security - both online and in society at large - depends upon users not abusing the protection technology can provide. A conclusion best summed up by French President Jacques Chirac at the 23rd International Conference of Data Protection Commissioners, where he told delegates to "respect freedom of thought, but don't let the Internet become the tool of the enemies of liberty and human dignity".

September 11 made one thing clear - no one will underestimate the keyboard ever again.

Mail must be moved to electronic or hybrid electronic-physical delivery, which has no potential to transmit bioagents.

Email or web communication is cheaper and faster than first-class physical mail, so businesses should be given STRONG tax and legislative incentive to offer that mode of correspondence to customers.

A new class of physical delivery should be launched, whereby an email or web form is converted to physical mail in the recipient's zip code and delivered by carrier. It could include GIFs, JPEGs, or other images, just like an ordinary email. A person would need to subscribe to this kind of service, leaving a credit card or other means of electronic payment, OR go to a business with a pay-to-mail machine, like a market or library.

For those who don't and won't want to use this, postcards should be available. However, you should get your fingerprint and photo taken at that time.

To answer your question... the cost of end-to-end physical mail delivery must go up, as the cheaper electronic alternatives become viable. It should become impossible to send physical email anonymously. Email and web delivery cost next to nothing, and the infrastructure that supports can only get more widespread and cheaper.

We need to take the bull by the horns, embrace the new technology and electronic delivery modes which are available in our country more than anywhere else on the planet. There is no need to pretend that physical mail is not an unprofitable anachronism; it certainly is. We can put another light year between our own economy and those of our would-be, presumed arch-enemies, the illiterate of the world.

More from the same source:

.

The issue of online privacy has always been debatable. Now, the US attacks have added fuel to the fire, thanks to the effectiveness with which the terrorists used technology to cover their tracks. According to a report, at least 19 of them went online to purchase tickets, plan the attacks and coordinate their moves.

Now, with new restrictions in place, free speech activists warn that increasing government surveillance on the Internet will only curb freedom instead of preserving it. This has brought into the limelight technologies and tools such as cryptography, encryption and steganography, which allow browsers to maintain their anonymity online.

Organisations such as the Electronic Frontier Federation and Electronic Privacy Information Center are campaigners of free speech online. EPIC has a whole section dedicated to snoop proof mail, anonymous remailers, cookie busters, html filters, voice privacy and other references.

Easy access to this kind of anonymous software has obviously been a boon for some. The encryption technology developed by Philip Zimmermann, called pretty good privacy (PGP) is also currently being investigated by US authorities trying to find out if it was used by the terrorists. Politicians and defence experts have also warned that Osama bin Laden is known to be a crypto-aficionado who enjoys access to privacy protecting software and hardware.

So, what is cryptography? According to this FAQ, a cryptosystem or cipher system is "a method of disguising messages so that only certain people can see through the disguise. Cryptography is the art of creating and using cryptosystems. Cryptanalysis is the art of breaking cryptosystems. Cryptology is the study of both cryptography and cryptanalysis".

Encryption is the process of changing a 'plain text' message to a 'disguised' (ciphertext) one, while decryption converts the ciphertext to plain text. Both processes use a 'key', and the coding is such that decryption can only be completed with the proper key. SSH Communication's cryptography page has detailed information on the technology, while the security portal from information security professionals has a huge database of links to anonymity and privacy resources. This page offers technical insights into how encryption works, using the public and asymmetric key system and hash algorithms.

Also in focus now is the FBI cyber snooping program, 'Carnivore', opponents of which say its usage on a public network violates one's privacy.

Carnivore is a third generation online detection software (the first was never disclosed, while the second version was called Omnivore). It is essentially a 'packet sniffer' that can see all information passing over a network. It can capture email messages to and from an account, as well as network traffic to and from a specific user/IP address. However, this FAQ clarifies that, unlike what news reports have implied, Carnivore is a passive wiretap that does not interfere with communication.

A recent proposal by President George Bush to permit increased Internet surveillance, expand FBI's wiretapping powers and use Carnivore for a 48-hour period without a judge's approval drew a mixed response. The main reasons for the controversy are that people are worried about privacy implications, how the system works and how it can be misused. This ZDNet report tackles the issue in the wake of the attacks.

There were also allegations that Osama bin Laden has also used an ancient art called steganography that allows one to hides messages in pixels! However, this was later found to be untrue according a study by Niels Provos and Peter Honeyman at the University of Michigan.

Keeping all of this in mind, then, could the US federal and intelligence authorities have anticipated the attack if they had more surveillance power? Computer forensic experts have warned that it would be a leap to conclude that the attack may have been prevented if stricter surveillance laws were in place.

While developers of encryption technology, like Philip Zimmermann, say it may be too late to stop its distribution, one thing is clear: the debate about privacy and free speech online is far from over.

More Like This:
-- Cryptography Resource
-- Anonymiser
-- Electronic Privacy
-- Steganography Software
-- FBI's Carnivore Page
-- Senate okays FBI spying
-- Congress mulls over stiff crypto wars
-- A Constitutional right to decode?

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.