Return-Path: <sentto-279987-2642-1002080068-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 02 Oct 2001 20:35:14 -0700 (PDT) Received: (qmail 31162 invoked by uid 510); 3 Oct 2001 03:34:34 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 3 Oct 2001 03:34:34 -0000 X-eGroups-Return: sentto-279987-2642-1002080068-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by n18.groups.yahoo.com with NNFMP; 03 Oct 2001 03:34:28 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 3 Oct 2001 03:34:28 -0000 Received: (qmail 39534 invoked from network); 3 Oct 2001 03:34:27 -0000 Received: from unknown (10.1.10.142) by m8.onelist.org with QMQP; 3 Oct 2001 03:34:27 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 3 Oct 2001 03:34:27 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id UAA10993 for iwar@onelist.com; Tue, 2 Oct 2001 20:34:26 -0700 Message-Id: <200110030334.UAA10993@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 2 Oct 2001 20:34:26 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:How.technology.is.used.to.mask.communications] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit How technology is used to mask communications BY LISA M. KRIEGER Mercury News A network of people conspired to kill thousands -- and caught the world by surprise. In an era when just planning a picnic takes a multitude of phone calls and e-mails, the near-silent organization of the World Trade Center and Pentagon assaults has left authorities mystified. If privacy is dead, as is often alleged, then how did it serve as an accomplice to this murder? In an age of satellites, digital spying and computer surveillance, the answer to that question is likely to add new weight to a growing field of science -- ``information hiding,'' or the use of emerging technologies to stay connected without being detected. In previous attacks, such as the 1998 bombings of U.S. embassies in Africa, suspected Islamic terror groups have used a camouflage technique known as stegano-graphy to hide secret messages within other electronic communications. Others have scrambled missives with encryption, a coding protection that makes a message easier for law enforcement to detect but harder to read. ``A different game is being played,'' said computer security expert Janah Moreh of Sigaba, a San Mateo company that provides e-mail security products. ``The players are able to take advantage of these new mediums.'' The failure of the world's most sophisticated and controversial surveillance system is now under study as investigators seek evidence of communications that could have have tipped them off to plans for the bloodiest terrorist assault in U.S. history. The conclusion thus far: The vast and scattered Al-Qaida confederation of terrorists has used a combination of very low-tech and very high-tech strategies to communicate -- yet evade detection. Ease of deception Much is thought to have been achieved using communication techniques so simple they never registered on surveillance screens, such as relying on human couriers to exchange important messages. A popular and time-honored strategy, it has been used by Saddam Hussein, members of the Irish Republican Army and other militants. But other Al-Qaida operations seemed to have used 21st century technologies, taking advantage of discoveries in information hiding. First formally recognized at an international conference in 1996, the field has burgeoned in the past six years, as electronic secrecy becomes more valued by corporations, academic researchers and individuals concerned with protecting privacy and civil liberties. The next International Workshop on Information Hiding will be in the Netherlands in October 2002. In some instances, terrorists are thought to have hidden in plain sight -- using unsecured e-mail from anonymous accounts on Yahoo and Hotmail, amid the enormous volume of e-mail traffic. In other instances, using encryption and steganography, they are thought to have altered or camouflaged their messages so well that surveillance failed to recognize them. ``Conventional surveillance makes the assumption that the people you're looking for aren't anonymous,'' Moreh said. ``On the Internet, you can communicate without a trace of who you are.'' Total secrecy in this increasingly transparent world is rarely possible -- even for a network as elusive as Al-Qaida. As Benjamin Franklin first observed, ``Three can keep a secret, if two of them are dead.'' Unabomber Theodore Kaczynski eluded detection for years only by living alone in a remote Montana cabin with no phone, no computer and paying cash for his $200-a-year living expenses. ``If you don't open your mouth, you're OK,'' said Kevin D. Murray, president of Murray Associates in Oldwick, N.J., a consulting company that specializes in electronic eavesdropping detection for businesses and governments. ``Bin Laden is technically aware. I'm sure he knows that if he uses a phone, he'll be heard,'' he said, referring to the suspected mastermind of the Sept. 11 attacks, Osama bin Laden. That's because the U.S. government and its allies use a wide range of tools to eavesdrop, ranging from electronic wiretaps on phones and computers to satellite surveillance. Scouring electronic files on Internet servers, federal authorities are said to have located copies of hundreds of e-mail messages in Arabic and English -- sent 30 to 45 days before the attack, using personal and public library computers and a variety of Internet service providers -- that suggest a plan behind the Sept. 11 tragedy. And much has been learned from terrorists themselves, who described the communication capabilities of the confederation during trials for the 1998 bombings of U.S. embassies in Kenya and Tanzania. Until relatively recently, U.S. intelligence had successfully eavesdropped on Al-Qaida phone conversations; while digital phones offer more privacy than analog phones, both can be overheard with the right equipment. Until a year ago, intelligence officials reportedly had tapped a conversation of bin Laden's with his mother, as well as others. Then he is thought to have discovered he was being heard, because he seems to have dropped most electronic communications. Authorities are hindered by two specific tools that can keep communications completely secret in a digital world: encryption and steganography. Using encryption When a message is encrypted, its contents are jumbled to baffle anyone who might intercept it. But if the recipient of the message knows the code, he can decipher it. Encryption technologies have become the locks and keys of the information age. Scrambled code protects sensitive information as it is transmitted over the Internet. But it can also hide terrorist messages. Encryption was used by Julius Caesar, as well as the Masons, secret Greek societies and by fraternal organizations. Because encryption code is based in math, it is possible to identify the language of a code -- the so-called ``key'' to the code -- using mathematical principals, and then break open its contents. The invention of the computer was a breakthrough in cryptography, since its power made it possible to quickly create far more complex encryption. Numerous easy-to-download encryption software applications are now available online that enable users to protect messages. ``When information is a computer-readable form, the cost of searching through it becomes very simple and very cheap,'' said Martin E. Hellman, professor emeritus of electrical engineering at Stanford University, who was a member of the first team of researchers to publish research on how to create unbreakable codes. ``Encryption makes it very expensive,'' he said. It is not known if the World Trade Center terrorists hid their computer communications with encryption software. But there is previous evidence that terrorist groups routinely encrypt messages. This year's trial of the embassy bombing plotters revealed that bin Laden associates began to use encryption before 1998. Wadih El-Hage, one of the four convicted, sent encrypted e-mails under names like ``Norman'' to associates. Ramzi Yousef, the convicted mastermind of the 1993 World Trade Center bombing, is reported to have used encryption to conceal details of a plan to crash 11 U.S. airliners. NSA experts broke the encryption and foiled the plot -- saving many lives. Sometimes members of the Al-Qaida confederation have not used sophisticated Internet encryption tools, but simple code words, according to London's Sunday Times. For instance, ``working'' is said to mean jihad, ``tools'' meant weapons, ``potatoes'' mean grenades and ``the director'' was an alias for bin Laden, according to the Times. Any Internet-based communication can be encrypted with a program originating in Burlingame called PGP -- Pretty Good Privacy -- first posted on the Internet as shareware 10 years ago. The program was the first key-based encryption system that could not be easily intercepted by governments. Federal authorities are now investigating whether PGP was used by hijackers to organize the recent attacks. Breaking a code requires creativity and an ultra-fast computer, because strong encryption is available to almost anyone. Opening every encrypted message is like looking for a needle in a haystack among a bunch of haystacks. A ``brute force attack'' upon an encrypted message involves trying every possible key to the code to decrypt the text until finding one that works. There is a disadvantage to encryption: Because less than 1 percent of all Internet e-mail is encrypted, the use of encryption attracts attention. Even if a communication cannot be cracked, it is still subject to ``traffic analysis,'' which can determine where and when it was sent, said Sayan Chakrabotry, vice president of engineering for the e-mail security company Sigaba. About steganography Steganography, the ancient practice of concealing information, is a shadowy cousin to encryption. While encryption draws attention to a message, steganography camouflages it. Steganography, which means ``covered writing,'' simply takes one piece of information and hides it within another. It takes advantage of any computer file -- an image on a popular Web site, a sound recording, even a disk -- that contains unused or insignificant areas of data. ``Stego-tools,'' which are free and easily downloadable software programs, insert the message into the file. The file can then be exchanged without anyone knowing what really lies inside of it. To recover a hidden message posted on the Web, for instance, the sender first tells the recipient where it is, then the recipient extracts the information using the same software that created it. In ancient Greece, messengers used a primitive form of steganography by shaving their heads, tattooing information on their scalp and then growing their hair back to hide the images. They shaved their heads again only when the message reached the intended recipient. Now, it is possible to send a private letter to a friend buried within an image of Barry Bonds or describe corporate plans for a secret new product within a sentence of poetry. Steganography is an important tool in industry because it is used to insert a hidden ``trademark'' in easily duplicated images, music and software. By embedding information in a digital file, authors can assert rights of ownership. This approach is called ``watermarking.'' The same hide-seek-extract approach was found to have been used by bin Laden's followers to communicate in at least three terrorist acts, including the 1998 embassy bombings in Kenya and Tanzania, according to U.S. officials. Hidden messages have been planted in bulletin boards and Web sites, they say. Steganography leaves computer-detectable traces within an image, allowing an eavesdropper to detect that there has been tampering and that secret communication may be taking place. But in most instances, it is impractical to screen all digital music and all music Web images, so usually only the sender and recipient know it's there, making its discovery much less likely. So far, there is no evidence yet that it was used in the Sept. 11 attack. A team from the University of Michigan has searched two million Internet images for a ``signature'' of steganography but have not been able to find a single hidden message that describes recent terrorist plans. Because screening and intercepting steganography is so labor-intensive, and dissemination so simple, it is an increasingly popular way to communicate in secret. Methods on horizon In the future, newer and even more sophisticated tools will be devised to assist those who wish information to stay hidden, either for beneficial or nefarious reasons, experts said. And equally ingenious new tools will be created to detect them. ``Any organization or individual that has an interest in keeping communication secret or keeping information private will use whatever technology that is available to them,'' said Neil F. Johnson of the Center for Secure Information Systems at George Mason University in Fairfax, Va. ``It's the way things are,'' Johnson said. ``Anybody can use tools for good or evil. That doesn't make tools good or evil. ``It's not a technological problem, but a human problem,'' he said. Contact Lisa M. Krieger at <a href="mailto:lkrieger@sjmercury.com?Subject=Re:%20(ai)%20How%20technology%20is%20used%20to%20mask%20communications%2526In-Reply-To=%2526lt;B7DFDC42.17472%25rforno@infowarrior.org">lkrieger@sjmercury.com</a> or (408) 920-5565. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:53 PST