Return-Path: <sentto-279987-1593-997623536-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sun, 12 Aug 2001 06:41:10 -0700 (PDT) Received: (qmail 11952 invoked by uid 510); 12 Aug 2001 13:39:22 -0000 Received: from n5.groups.yahoo.com (216.115.96.55) by 204.181.12.215 with SMTP; 12 Aug 2001 13:39:22 -0000 X-eGroups-Return: sentto-279987-1593-997623536-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by hl.egroups.com with NNFMP; 12 Aug 2001 13:38:56 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_1); 12 Aug 2001 13:38:55 -0000 Received: (qmail 26442 invoked from network); 12 Aug 2001 13:38:54 -0000 Received: from unknown (10.1.10.26) by l10.egroups.com with QMQP; 12 Aug 2001 13:38:54 -0000 Received: from unknown (HELO web14504.mail.yahoo.com) (216.136.224.67) by mta1 with SMTP; 12 Aug 2001 13:38:54 -0000 Message-ID: <20010812133854.90333.qmail@web14504.mail.yahoo.com> Received: from [12.78.118.214] by web14504.mail.yahoo.com; Sun, 12 Aug 2001 06:38:54 PDT To: iwar@yahoogroups.com In-Reply-To: <9l5fd2+il7r@eGroups.com> From: "e.r." <fastflyer28@yahoo.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 12 Aug 2001 06:38:54 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Article on Steganography in India Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Without addressing the political problems that pervade the Indian sub-continent, if NSA SIGNIT and COMINT messiging has been compromised, this was not just a bit of porographic silliness, this was hard core Info war attacks on the Unite States. I do not think Kahmir was on the minds of the people who ran this operation, and I wonder if India, or Pakistans intelligence services were involved? --- Ravi V Prasad <r_v_p@yahoo.com> wrote: > Article by me on Steganography in India -- Ravi Visvesvaraya Prasad > > Hindustan Times, Friday, 10 August 2001, Edit page > > Crack the code > > by Ravi Visvesvaraya Prasad > > http://www.hindustantimes.com/nonfram/100801/platefrm.asp > > THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack > were running a cybercafe and using electronic mail to receive > instructions from abroad. > > When the Delhi Police seized their computers and hundreds of > encrypted e-mail messages, they found a vast amount of pornographic > films and photographs on the hard disks. Thinking that the militants > had amassed their pornographic collection for personal enjoyment, the > > police turned it over to the maalkhana as case property. > > A few weeks later, a police officer in Delhi read in the USA Today > about the testimony furnished by George Tenet, Director, CIA, to the > US Congress. Tenet said that Islamic extremists were hiding their > messages within pornographic and sports images and movies, as well as > > in music files, and were utilising heavily-visited electronic chat > rooms and bulletin boards as "drop sites". > > The intended recipient would download the file and decrypt the hidden > > message. To all others who would download that file, it would seem to > > be an innocuous image. Tenet was alarmed that the extremists had > successfully evaded the SIGINT (signals intelligence) and COMINT > (communications intelligence) interception operations of America's > National Security Agency. > > Hence, it occurred to this alert policeman in Delhi that the > pornography seized from the militants could contain hidden > instructions. > > These developments have drawn attention to the recondite field of > steganography, the science of concealing encrypted messages within > innocuous cover messages, pictures or music in such a manner that an > interceptor or other recipients of the cover file would not even > suspect that hidden within it was an encrypted message. > > In the simpler field of cryptography, an interceptor would be able to > > discern that the encrypted message existed, and his challenge would > be merely to crack the code and decrypt the secret message; even this > > simple task would take the best security agencies several weeks to > perform. The US Air Force Research Laboratory has forecast the future > > information warfare technologies and the counter measures to fight > it. Steganography topped the list. > > While the fundamentals of steganography were enunciated by Johannes > Trithemius of Frankfurt, it is in the last 18 months that > technological advances have taken place, mainly at German, Austrian, > Swiss, Italian and Finnish universities, Cambridge University in the > UK, and Carnegie Mellon and George Mason Universities in the US. > Security agencies have been rendered impotent by the inexpensive > steganographic software packages which conceal information in digital > > audio, video and image files. > > The first organisations to recognise the utility of steganographic > algorithms developed in European universities were Pakistani hacker > groups, the Palestinian cells of Hamas and Hizbollah, Osama bin > Laden's Al Qaida, and the LTTE. Al Qaida heeded bin Laden's directive > > that mastering advanced technologies was integral to jehad. It was > the first to practise the research results of Professors Ross > Anderson and Fabien Petitcolas of Cambridge University, and conceal > its messages in dense packet internet traffic, and large bandwidth > uncompressed audio, video and image files. > > These would be located at heavily visited pornographic sites, music > download sites, chat rooms and bulletin boards. Al Qaida began to use > > these as message "drop sites" for their agents. A security analyst > detected steganographic activity even on heavy-traffic commercial > portals such as Amazon and eBay, who were not even aware that their > websites were being used for such purposes. > > A security analyst recounted the case of a suspected Islamic > militant. The FBI in the US, which had placed him under surveillance > using its packet-sniffing tool Carnivore, was intrigued that while he > > kept e-mailing photographs of his family to e-mail addresses that > appeared to be those of relatives, he never received any replies. He > was found to be sending instructions to his agents using DEMCOM's > Steganos, which was undetectable by FBI's Carnivore. > > Packages that combine technical excellence with human psychological > factors to avoid suspicion are Texto, developed in Finnish > universities, which converts messages into blank verse poetry, and > Spam Mimic, developed by Peter Wayner, which encodes messages into > what looks like a junk e-mail. > > While round one has gone to the terrorists, Indian security agencies > can fight back. Compressed video, music and image files have > predictable patterns that would be disrupted when a message is > inserted. It is possible to develop a stegoscanner program, akin to a > > virus scanner, to examine hard drives and identify the electronic > fingerprints and signatures left behind by steganographic > applications. > > A US steganography expert has formulated a roadmap for future > efforts: First, derive the signatures/indicators associated with each > > steganographic package and write a scanner. The harder part is > picking up the dead drops. This would require thousands of police > officers to continuously monitor the websites, bulletin boards and > chat rooms. The next stage is difficult. Once all possible nodes are > identified, one should write a Trojan horse that would sit in the > machines and scan all activity. > > India's security agencies should utilise the latest steganographic > technologies for their internal communications, in contrast to the > insecure channels they use at present. They should also develop the > futuristic science of detecting these hidden messages and decrypting > them, in order to trace sensitive information being leaked out under > innocuous guises. For these, they should work together with the IITs, > > just as the Center for Secure Information Systems in the US is a > joint venture between the National Security Agency and the George > Mason University. The Pentagon and CIA are funding steganalysis > research at the Carnegie Mellon. > > If Osama bin Laden and the LTTE can put into practice the latest > technological breakthroughs from European universities, there is no > reason why India should not use its academia and industry. The > intelligence agencies should, for instance, examine the hard drives > of those Sudanese associates of bin Laden whom they caught some time > back. > > by > Ravi Visvesvaraya Prasad > > "Crack the code" > > Hindustan Times, Friday, 10 August 2001, Edit page > > http://www.hindustantimes.com/nonfram/100801/platefrm.asp > > > > __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT