Return-Path: <sentto-279987-4792-1023716183-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Mon, 10 Jun 2002 06:42:08 -0700 (PDT) Received: (qmail 4411 invoked by uid 510); 10 Jun 2002 13:36:40 -0000 Received: from n16.grp.scd.yahoo.com (66.218.66.71) by all.net with SMTP; 10 Jun 2002 13:36:40 -0000 X-eGroups-Return: sentto-279987-4792-1023716183-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.199] by n16.grp.scd.yahoo.com with NNFMP; 10 Jun 2002 13:36:23 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 10 Jun 2002 13:36:23 -0000 Received: (qmail 63642 invoked from network); 10 Jun 2002 13:36:22 -0000 Received: from unknown (66.218.66.217) by m6.grp.scd.yahoo.com with QMQP; 10 Jun 2002 13:36:22 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 10 Jun 2002 13:36:22 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g5ADdgv17461 for iwar@onelist.com; Mon, 10 Jun 2002 06:39:42 -0700 Message-Id: <200206101339.g5ADdgv17461@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 10 Jun 2002 06:39:42 -0700 (PDT) Subject: [iwar] Hiding (and Seeking) Messages on the Web (fwd) Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: Per the message sent by alerts@theMezz.com: Hiding (and Seeking) Messages on the Web By Colin Soloway, Rod Nordland and Barbie Nadeau NEWSWEEK June 17 2002 issue One day last October, an intelligence-community analyst noticed something strange about a radical Islamist Web site she had been monitoring for several months. A previously open, innocuous part of the site was suddenly blocked. She checked her notes, found the old address for the link and typed it in - to find an otherwise empty page commanding in Arabic, MISSIONARIES ATTACK! OTHER "HIDDEN" PAGES ON the site included seemingly nonsensical phrases and quotations from the Qur'an - coded instructions for Qaeda operatives and their supporters. U.S. intelligence discovered Al Qaeda uses the Web as a communications network. Analysts believe Al Qaeda uses prearranged phrases and symbols to direct its agents. An icon of an AK-47 can appear next to a photo of Osama bin Laden facing one direction one day, and another direction the next. Colors of icons can change as well. Messages can be hidden on pages inside sites with no links to them, or placed openly in chat rooms. The messages and patterns of symbols are given to analysts at the CIA and National Security Agency to decipher. The operators of these sites, working from Pakistan, Malaysia, Indonesia, the gulf states and Britain, are sophisticated in their computer tradecraft. "These guys are no fools," says an intelligence source. Much of the intelligence from the sites comes from "traffic analysis." Analysts say they have seen "surges" in traffic since 9-11, in many cases prior to attempted attacks. "There was a surge about the time [shoe-bomber] Richard Reid got on the plane," says one analyst. "We would get surges, and then you would hear about people who were stopped." For more direct communication, Al Qaeda uses commercially available encryption software or hides messages inside graphics files by a process known as steganography. "They are giving strategic direction to their supporters by using the Web [and] using [cryptographic software] to transmit e-mail messages," says a British intelligence source. While encrypted communications keep the content of messages secret, they attract the attention of intelligence services, which track the messages to their source and recipient; meanwhile, much of the Web communications are hidden in the mass of unrelated "chatter" on radical Web sites. "The genius of this method is that they are hiding in plain sight," says the analyst. "It's three jigsaw puzzles mixed up in one box, when you're only interested in one of them." Some of the most valuable intelligence gleaned from the sites has been the connection between Islamic charities and Qaeda fund-raising operations. Analysts found the same bank-account numbers listed in Islamic humanitarian appeals on sites raising funds for jihad against the enemies of Islam. Several U.S.-based Islamic "charities" have been shut down thanks to the analysts' discovery of this fund-raising scam. <http://www.msnbc.com/news/764107.asp> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tied to your PC? Cut Loose and Stay connected with Yahoo! Mobile http://us.click.yahoo.com/QBCcSD/o1CEAA/Zr0HAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT