Return-Path: <sentto-279987-2481-1001709387-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 28 Sep 2001 13:38:08 -0700 (PDT) Received: (qmail 7473 invoked by uid 510); 28 Sep 2001 20:36:50 -0000 Received: from n25.groups.yahoo.com (216.115.96.75) by 204.181.12.215 with SMTP; 28 Sep 2001 20:36:50 -0000 X-eGroups-Return: sentto-279987-2481-1001709387-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by mv.egroups.com with NNFMP; 28 Sep 2001 20:36:27 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 28 Sep 2001 20:36:26 -0000 Received: (qmail 55599 invoked from network); 28 Sep 2001 20:36:26 -0000 Received: from unknown (10.1.10.142) by l7.egroups.com with QMQP; 28 Sep 2001 20:36:26 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 28 Sep 2001 20:36:26 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id NAA14076 for iwar@onelist.com; Fri, 28 Sep 2001 13:36:26 -0700 Message-Id: <200109282036.NAA14076@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 28 Sep 2001 13:36:26 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Add.'Steganography'.to.Terrorism's.Secret.Arsenal] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Long Island Newsday September 26, 2001 Add 'Steganography' to Terrorism's Secret Arsenal By Clive Thompson Clive Thompson, editor at large for the technology magazine Shift, writes the Net.Cetera column for Currents. LOOK AT MY photo down in the corner of this page. It's your typical newspaper head shot. Pretty innocuous, right? Maybe. But consider this: It could hold several thousand words of a secret message - hidden inside the image. If I were conspiring in some covert plot, I could have made some illicit plans and technologically encoded them in the photo, which my colleagues could then easily extract with specialized software. I'd be communicating with them brazenly, in public - right under the noses of authorities. This seems like a typically florid James Bond fantasy, but it's not. It's called steganography - hiding messages inside other forms of media, such as pictures, music files and videos. And in the wake of the World Trade Center and Pentagon attacks, security experts now believe it's the way that Osama bin Laden - or whoever masterminded the assault - coordinated the hijackings. Messages may have been hidden in places as surreal as porn sites and sports chat rooms. Steganography zigs where other forms of secret writing zag. Most ways of hiding messages rely on encryption - scrambling the document in such a way that it'll be gibberish unless you know the secret password to decode it. It's a powerful and effective method: The government frequently encounters terrorist e-mail that's heavily encrypted. But every encryption can, eventually, be cracked open - if you have enough time and computer power. Steganography, in contrast, doesn't try to encrypt things at all. Instead, it relies on hiding the message in such a way that the government will never even know the message is there. It's like the Purloined Letter, in Edgar Allan Poe's famous story: The villian leaves the evidence in plain sight, and the police ignore it because they think it's just an ordinary letter. Steganography is an ancient craft, but security experts say it's exploding in the digital world. That's because there are so many places to hide messages in plain sight, including images or sound files on Web sites. It's child's play, technologically. There are dozens of point-and-click steganographic software programs out there, many free, including JTeg Shell (www.tiac.net/users/korejwa/jsteg.htm), Scramdisk (www.scramdisk.clara.net) and MP3Stego (www.cl.cam.ac.uk/~fapp2/steganography /mp3stego). Conspirators could take their plans, encode them in a picture of Britney Spears and leave them on an innocuous-looking Yahoo home page - for quick, easy distribution to collaborators worldwide. And here's the catch: It's dead simple to retrieve the message, if you know it's there. But if you don't - if you're a government agent trying to intercept terrorist plans - how do you know where to look? There are probably billions of images and sound files online. There's no way any spy hunter could inspect them all. The exploding size of our multimedia Internet provides fantastic cover for such communications. What's more, the recent terrorists' messages are likely in foreign languages that many spy hunters don't speak. All of which is why security experts are breaking out in a cold sweat whenever they think about it. If terrorists are truly using steganography - and there's no reason they aren't - it calls for entirely new code-breaking techniques we don't yet have. In the new world of the Net, a picture really is worth a thousand words. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:51 PDT