[iwar] [fc:How.the.terror.trail.went.unseen]

From: Fred Cohen (fc@all.net)
Date: 2001-10-10 21:19:42


Return-Path: <sentto-279987-2860-1002773833-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 10 Oct 2001 21:24:08 -0700 (PDT)
Received: (qmail 18326 invoked by uid 510); 11 Oct 2001 04:19:36 -0000
Received: from n22.groups.yahoo.com (216.115.96.72) by 204.181.12.215 with SMTP; 11 Oct 2001 04:19:36 -0000
X-eGroups-Return: sentto-279987-2860-1002773833-fc=all.net@returns.onelist.com
Received: from [10.1.1.223] by n22.groups.yahoo.com with NNFMP; 11 Oct 2001 04:19:44 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_4_1); 11 Oct 2001 04:17:12 -0000
Received: (qmail 3805 invoked from network); 11 Oct 2001 04:17:12 -0000
Received: from unknown (10.1.10.142) by 10.1.1.223 with QMQP; 11 Oct 2001 04:17:12 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 11 Oct 2001 04:19:43 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA11342 for iwar@onelist.com; Wed, 10 Oct 2001 21:19:42 -0700
Message-Id: <200110110419.VAA11342@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 10 Oct 2001 21:19:42 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:How.the.terror.trail.went.unseen]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

How the terror trail went unseen
 
 Duncan Campbell   08.10.2001 
 
  Scientists and politicians row over whether it was planned using
hi-tech or lo-tech

  Investigations into how the terror attackers managed to evade
detection are producing the unusual situation that statements from the
FBI have become more trustworthy than those in the press. 
 
 In two successive briefings, senior FBI officials have stated that the
agency has as yet found no evidence that the hijackers who attacked
America used electronic encryption methods to communicate on the
internet.  But this has not prevented politicians and journalists
repeating lurid rumours that the coded orders for the attack were
secretly hidden inside pornographic web images, or from making claiming
that the hijacks could have been prevented if only western governments
had been given the power to prevent internet users from using secret
codes. 
 
 The latest evidence from the FBI suggests that the hijackers easily hid
under the noses of the American government, not by using advanced
technology but by being as American as apple pie. 
 
 Although many e-mail messages sent to and from key members of the
hijack team have been found and are being studied, none of them,
according to the FBI, used encryption.  Nor did they use steganography,
a technique which allows an encrypted file to be hidden inside a larger
file, such as a .jpeg or .gif image, or an .mp3 music file. 
 
 Steganography, hides a coded message inside picture or music files by
making numerous small changes to data.  The changes are invisible to
ordinary viewers or listeners, but can be read by special software. 
 
 Allegations that Osama bin Laden's terror group was using steganography
resurfaced at the end last week, after a French investigator claimed
that arrested terrorist suspect Kamel Daoudi had been found in
possession of a so-called "codebook", written in Arabic. 
 
 Former French Defence Ministry official Alexis Debat told US television
last Thursday that the book was "a major breakthrough in the
investigation".  Although French and American experts have claimed that
the discovery of the "codebook" could be as important as the breaking of
codes in the second world war, no details of its contents have been
published.  Oddly, the discovery of the codebook was never mentioned the
previous week, when British police arrested Daoudi in Leicester,
England, and searched his premises.  He was then deported to France. 
 
 The first claim that bin Laden's followers were operating a
communications network based on encrypted messages concealed inside
pornographic pictures was made by the newspaper USA Today.  Their 6
February 2001 report luridly alleged that his group had relayed the
"encrypted blueprints of the next terrorist attack against the United
States", including maps of targets, inside "X-rated pictures on several
pornographic web sites" (see  USA Today [0]). 
 
 Last month's attacks have provided the first, tragic, test of who was
right about the net, encryption and terrorism.  The answers, so far as
they are known, were given late in September by the FBI at a Washington
briefing.  FBI assistant director Ron Dick, head of the US National
Infrastructure Protection Centre, told reporters that the hijackers had
used the net, and "used it well". 
 
 FBI investigators had been able to locate hundreds of email
communications, sent 30 to 45 days before the attack.  Records had been
obtained from internet service providers and from public libraries.  The
messages, in both English and Arabic, were sent within the US and
internationally.  They had been sent from personal computers or from
public sites such as libraries.  They used a variety of ISPs, including
accounts on Hotmail. 
 
 According to the FBI, the conspirators had not used encryption or
concealment methods.  Once found, the emails could be openly read.  None
of them contained plans for the New York attack hidden inside porn
pictures. 
 
 The allegation that any terrorist communications were hidden inside
internet porn has, so far, proven unsupported.  A few days before the
attack, a team from the University of Michigan reported they had
searched for images that might contain such messages, using a network of
computers to look for the "signature" of steganography.  According to
researchers at the  Centre for Information Technology Integration [1],
they "analysed two million images but have not been able to find a
single hidden message". 
 
 Despite the forthright position taken by the FBI, some US newspapers
have continued to report technological myths in circulation before the
attack.  Two weeks ago, the Washington Post  claimed [2] that the
inventor of the widely used PGP (Pretty Good Privacy) encryption system,
Phil Zimmermann, had been "crying every day...  overwhelmed with
feelings of guilt".  Although the FBI had already said they had found no
evidence of these terrorists using encryption, Post readers were told
that Zimmermann "has trouble dealing with the reality that his software
was likely used for evil". 
 
 In a public statement in response, Zimmermann accused the Post of
serious misrepresentation in publishing things he never said.  "Read my
lips," he said, "I have no regrets about developing PGP." His grief had
been for the victims, not for culpability about his invention. 
 
 Other US newspapers have also reported that bin Laden has access to
satellites more powerful than the NSA's, and uses a communications
company controlled by a relative to overcome US monitoring.  Neither the
satellites nor the company exist. 
 
 In Britain, Foreign secretary Jack Straw provoked a storm of protest
from scientists and computer security specialists by claiming on the BBC
that the media and civil liberties campaigners had paved the way for the
terror attacks on America. 
 
 Mr Straw had told the BBC's Today programme that the BBC had been a
"mouthpiece piece for ....  non-governmental organisations" who he
claimed had forced him and the government to back down on plans to
prohibit internet users from using secret codes, known as cryptography. 
The interviewer rejected the charge. 
 
 "We knew that terrorists were going to use this", Mr Straw claimed. 
The people who had opposed his 1998 plan to provide automatic government
access to all private internet communications would now be regretting
their "two dimensional view", he prophesied. 
 
 But scientists who have promoted the use of secret codes on the net to
protect privacy and make business safe say that Straw is completely
wrong.  It's an "effort to divert attention from what will increasingly
be seen as a massive failure ...  of the intelligence services", said
former British Ministry of Defence electronic security chief Dr Brian
Gladman.  "The terrorist use of encrypted internet communications was
not a significant factor."
 
 In a press briefing at FBI headquarters in Washington two weeks ago,
bureau assistant director Ron Dick told reporters that hundred of
e-mails from the hijackers had been found and were being examined.  But
the conspirators had not used encryption or concealment methods.  The
FBI said that their e-mails could be openly read. 
 
 Evidence from questioning terrorists and monitoring their messages
reveal that they did use word to make their discussions sound inocuous
to eavesdroppers.  Osama bin Laden was referred to as the director".  An
Arabic word for babyfood meant "bomb".  The recently publicised
"codebook" probably contained no more than a list of clandestine phrases
to use when sending messages. 
 
 The real clue as to how the terrorists escaped detection by the world's
mightiest electronic surveillance system emerged last year in
Manchester, when a house suspected of being used by bin Laden
sympathisers was searched.  The police and the FBI found a manual in
Arabic, entitled "Military Studies in the Jihad Against the Tyrants". 
 
 It was a how-to-do-it guide to murder and mayhem.  It told bin Laden's
suicide squads how to "act, pretend and mask" themselves while operating
inside enemy territory in Europe and the United States. 
 
 The hijackers, many of whom lived in the United States for years,
obeyed.  They shaved their beards and wore western clothes.  They hid
their Korans.  Some joined gyms and chatted about sports to neighbours. 
They took flying lessons and even military courses at US academies. 
Some brought their families to stay, warning them to flee at the last
possible moment before the carnage began. 
 
 They ate western food, and some even drank.  No doubt they shopped at
Walmart, and watched the Simpsons on TV.  The Manchester terror manual
even warned them "don't break parking regulations". 
 
 The same FBI investigation, aimed at finding who bombed America's
embassy in Kenya in 1998, also brought to light major evidence of a
terrorist communications network operating through Britain and Germany. 
 
 Between 1996 and 1998, when the embassy was bombed, the FBI found that
Osama bin Laden and his staff had spent nearly 40 hours making satellite
phone calls from the mountains of Afghanistan.  The calls, which can be
sent and received from a special phone the size of a laptop computer,
were relayed via a commercial satellite to sympathisers in the west. 
 
 Even now, as US forces move in for the kill, bin Laden's satellite
phone has not been cut off.  But calls to the terrorist leader are going
unanswered.  His international phone number - 00873 682505331 - was
disclosed during a trial, held in New York earlier this year.  Caller to
his once-active satellite link now hear only a recorded messages saying
he is "not logged on". 
 
 According to US prosecutors, the phone most frequently called by
satellite was a mobile phone located in London.  This single phone was
used by " bin Laden and the other co-conspirators to carry out their
conspiracy to murder U.S.  nationals", US Attorney Kenneth Karas told
the jury. 
 
 "[It] gives you a window into how it is that Al Qaeda [the name of bin
Laden's international network] operates," he added.  Calls were so
frequent were so frequent that the phone, rented from 1-2-1, was dubbed
the "Jihad phone". 
 
 But, like all the other European phones and lines mentioned in the New
York trial, the "Jihad phone" didn't use encryption to prevent the
communications from being intercepted by the police or security
agencies.  It couldn't.  Yet investigators and surveillance centres
apparently knew nothing of what was going on at the time, and were
unable to piece together the links being run by the terror group. 
 
 Throughout the period, US intelligence did track bin Laden's satphone. 
They heard him talking to the Taliban about heroin exports, and even
monitored him chatting to his mother.  Tracking data based on the
position of his phone was used in 1998, when President Clinton
authorised the launch of cruise missiles intended to kill him.  But he
wasn't logged on, and survived.  And he never logged on again. 
 
 Although politicians have rushed to blame new technology, intelligence
experts say that the real problem has been getting agents inside the
terror groups.  They say that the CIA has been inexcusably lazy by
failing to recruit and run agents who were willing to risk dirt, disease
and death by joining the terror teams at their training camps.  But
without the information from such sources on who and what to look for,
America's vast global arsenal of satellites and listening centres, like
the giant satellite spy base at Menwith Hill near Harrogate, England,
and Bad Aibling, Bavaria, were blind and deaf. 
 
 British foreign secretary Jack Straw's suggestion that the inventors
and promoters of computer security now regret what they have done also
appears misleading.  One of the most famous of these experts is Dr
Whitfield Diffie from California, who jointly helped invent the system
now used as the foundation of internet business.  Speaking at a security
conference in Ireland last week, he said "the internet is so valuable as
a communication mechanism that people and corporations cannot afford not
to use it ...  it's only cryptography [secret codes] that makes it
safe."
 
 The evidence so far is that, when communicating, the terrorists used
simple open codes to conceal who and what they were talking about.  This
low-tech method works.  Unless given leads about who to watch, even the
vast "Echelon" network run by NSA and GCHQ cannot separate such messages
from innocuous traffic.  The problem, says Dr Gladman, is that "the
volume of communications is killing them [the spy agencies].  They just
can't keep up.  It's not about encryption."
 
 "Events have vindicated our position", adds Ian Miller, a computer
security specialist and one of the experts whom Mr Straw has accused of
being "naïve".  The attacks, he said, worked because they had "none of
the hallmarks of clandestine activity the intelligence agencies normally
look for.  They did nothing suspicious - until they did something
abominable". 
  
 Links
 
 [0] <a
href="http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm">http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm>
 [1] <a
href="http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf">http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf>
 [2] <a
href="http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html">http://www.washingtonpost.com/wp-dyn/articles/A1234-2001Sep20.html>
 
 Artikel-URL: <a
href="http://www.telepolis.de/english/inhalt/te/9751/1.html">http://www.telepolis.de/english/inhalt/te/9751/1.html>
 
 
----------------------------------------------------------------------
  Copyright © 1996-2001 All Rights Reserved. Alle Rechte vorbehalten
 Verlag Heinz Heise, Hannover    

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST