[iwar] [fc:Veiled.Messages.of.Terrorists.May.Lurk.in.Cyberspace]

From: Fred Cohen (fc@all.net)
Date: 2001-10-31 05:12:24


Return-Path: <sentto-279987-3698-1004533937-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 31 Oct 2001 05:13:07 -0800 (PST)
Received: (qmail 26296 invoked by uid 510); 31 Oct 2001 13:11:32 -0000
Received: from n20.groups.yahoo.com (216.115.96.70) by 204.181.12.215 with SMTP; 31 Oct 2001 13:11:32 -0000
X-eGroups-Return: sentto-279987-3698-1004533937-fc=all.net@returns.onelist.com
Received: from [10.1.4.55] by n20.groups.yahoo.com with NNFMP; 31 Oct 2001 13:11:10 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 31 Oct 2001 13:12:17 -0000
Received: (qmail 80916 invoked from network); 31 Oct 2001 13:12:16 -0000
Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 31 Oct 2001 13:12:16 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 31 Oct 2001 13:12:15 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9VDCOF11380 for iwar@onelist.com; Wed, 31 Oct 2001 05:12:24 -0800
Message-Id: <200110311312.f9VDCOF11380@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 31 Oct 2001 05:12:24 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Veiled.Messages.of.Terrorists.May.Lurk.in.Cyberspace]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Veiled Messages of Terrorists May Lurk in Cyberspace

By Gina Kolata, NY Times, 10/30/2001
<a href="http://www.nytimes.com/2001/10/30/science/physical/30STEG.html?todaysheadlines">http://www.nytimes.com/2001/10/30/science/physical/30STEG.html?todaysheadlines>

The investigation of the terrorist attacks on the United States is
drawing new attention to a stealthy method of sending messages through
the Internet.  The method, called steganography, can hide messages in
digital photographs or in music files but leave no outward trace that
the files were altered. 

Intelligence officials have not revealed many details about whether, or
how often, terrorists are using steganography.  But a former French
defense ministry official said that it was used by recently apprehended
terrorists who were planning to blow up the United States embassy in
Paris. 

The terrorists were instructed that all their communications were to be
made through pictures posted on the Internet, the defense official said. 

The leader of that terrorist plot, Jamal Beghal, told French
intelligence officals that he trained in Afganistan and that before
leaving that country for France, he met with an associate of Osama bin
Laden.  The plan was for a suicide bomber to drive a minivan full of
explosives through the embassy gates. 

The idea of steganography is to take advantage of the fact that digital
files, like photographs or music files, can be slightly altered and
still look the same to the human eye or sound the same to the human ear. 

The only way to spot such an alteration is with computer programs that
can notice statistical deviations from the expected patterns of data in
the image or music.  Those who are starting to look for such deviations
say that their programs are as yet imperfect but that, nonetheless, some
are finding widespread use of steganography on the Internet.  For
national security reasons some of these experts do not want to reveal
exactly what they find, and where. 

"Quite an alarming number of images appear to have steganography in
them," said one expert who has looked for them, Chet Hosmer, the
president and chief executive of WetStone Technologies in Cortland, N.Y. 

Mr.  Hosmer says his company has not decided whether to reveal all the
sites where he is finding steganography.  He has found it on the auction
site eBay, where people can post pictures anonymously, inserting hidden
messages if they choose to, and just as anonymously download them,
retrieving the messages.  WetStone works under a contract to the Air
Force. 

At George Mason University, Dr.  Neil F.  Johnson, a steganography
expert, said he became so worried by steganography's potential to be
used by terrorists and criminals that he stopped publishing his research
on how to detect it, reasoning that if people knew how he detected it,
and where, they could devise methods to thwart him and move their
messages to sites he has not checked.  "I have no reason to think that
Al Qaeda is not using steganography," Dr.  Johnson said, but he, like
others, pointed to no proof.  His research, he said, is financed by "law
enforcement."

"I think it's foolish to disclose what I'm scanning for, whether I'm
scanning and whether I'm detecting anything," Dr.  Johnson said.  "To
give that away tips one's hands."

Steganography, Greek for "hidden writing," is one of the most ancient
ways of passing secret messages, but until very recently few computer
scientists paid it much attention - it seemed more a relic of ancient
times, sort of a Paul Revere-type "one if by land two if by sea" way of
sending information. 

The ancient Greeks used it, writing a message on a wooden tablet and
covering the wood with wax.  Sentries would think the tablets were
blank, but when they were delivered, their recipients would simply
scrape off the wax and read the message. 

In World War II, Dr.  Johnson said, the Allies became so suspicious
about hidden messages that the United States Office of Censorship "took
extreme actions, such as banning flower deliveries which contained
delivery dates, crossword puzzles and even report cards." But in recent
years, steganog raphy has arrived on the Internet in a big way, experts
said, with free and easy-to-use programs to insert messages into music
or picture files.  Many programs also allow users to choose an
encryption scheme to further hide the message, so even if the recipients
know it is there, they have to decode it to read it. 

"In the past two years, the number of steganography tools available over
the Internet has doubled - it's 140 and growing," Dr.  Johnson said. 
Some of the newer ones, he said, prompt users at each step on how to
proceed. 

Bruce Schneier, a founder of Counterpane, an Internet security company,
likened steganography to what is known as a dead drop - a message, money
or papers left in a hiding place to be picked up by someone. 

"The effect is that the sender can transmit a message without ever
communicating directly with the receiver," Mr.  Schneier wrote in a
recent newsletter.  "There is no e-mail between them, no remote log-ins,
no instant messages.  All that exists is a picture posted in a public
forum, and then downloaded by anyone sufficiently enticed by the subject
(both third parties and the intended receiver of the secret message.)"

Mr.  Hosmer said he became interested in steganography three years ago
when he conducted a study for the Air Force looking at potential areas
for cybercrime and cyberterrorism.  "We wanted to see what kinds of
tools and weapons were being used by terrorist organizations," he said. 
To his surprise, he said, steganog raphy, an area he had paid little
attention to, stood out because it could be so effective in hiding the
very fact that people were communicating - thwarting attempts to detect
terrorist activities by looking for flurries of communications between
members. 

Mr.  Hosmer found more than 100 free steganography programs on the
Internet and said he was shocked when the providers of the programs said
there had been over a million downloads of the technology. 

"It really struck us: why were there so many downloads?" Mr.  Hosmer
said.  Some, he said, may be hackers or people who are using it for fun. 
But, he said, he doubts that those are the only users. 

"We said, `This is really startling, that there are so many people who
are communicating without people knowing that they are communicating.'
And because these programs were coming from around the world, we were
very concerned."

Mr.  Hosmer's company began looking at millions of digital pictures that
were posted on the Internet.  They scanned auction sites and
pornographic sites, where people can post and download digital images
anonymously. 

"We started getting hits," Mr.  Hosmer said, adding that about 0.6
percent of millions of pictures on auction and pornography sites had
hidden messages.  The messages they found on eBay were encrypted and
unreadable, he said.  The company also noticed that some of the same
photos seemed to be used over and over again, with different messages
each time.  "If you're very sophisticated at this, you would never use
an image again," Mr.  Hosmer said.  One limitation in published
steganography detection programs is that often they miss images hidden
in the most frequently used format, JPEG, said Dr.  Jessica Fridrich, a
research professor at the Center for Intelligent Systems at the State
University of New York at Binghamton. 

It is hard to see evidence of steganography in such files because the
detection methods look for statistical evidence that an image's data
have been distorted.  But JPEG files are distorted by their very nature
- the digital data are altered when the files are compressed to send
them electronically. 

Dr.  Fridrich said that a steganography detection program she developed
also had that limitation but that she had greatly improved the program
so that, even though it still did not work well for JPEG images, it was
much better at finding images in other formats.  She said she was
providing it to the Air Force, which was paying for her group's work. 
"I believe that the Air Force made this program available to other
government agencies," she said. 

The best published method for finding steganography in JPEG files, Dr. 
Fridrich said, is one developed by Niels Provos, a graduate student at
the University of Michigan.  Mr.  Provos said he had seen no
steganography in the two million images from eBay he had examined.  On
the other hand, Mr.  Provos can miss steganography - he said he had
trouble finding small messages and was unable to detect a short message
in a photograph that was sent to him.  He was told beforehand that an
unencrypted message had been inserted. 

Mr.  Provos publishes his research, enabling others to know how he
detects steganography and, as a consequence, how to avoid his detection
system.  "When I started my research, which was a couple of years ago,
it was, of course, in a completely different political situation," he
said. 

Now, he says, he asked himself again if publication was advisable.  He
concluded it was, arguing that research thrived when people could freely
exchange ideas.  Of course, those whose business it is to intercept
terrorist communications would never reveal anything they have learned
about steganog raphy.  Asked what the National Security Agency - the
nation's codemaking and codebreaking agency - knows, Dr.  Robert Morris,
a retired cryptographer who was chief scientist there, said, "We
wouldn't talk about it."

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more!
http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST