How terrorists hide messages online

http://www.knoxstudio.com/shns/story.cfm?pk=SIEGE-INVISIBLE-10-04-01&cat=WW



By LISA HOFFMAN

Scripps Howard News Service

October 04, 2001



- To terrorist cells such as Al Qaeda, a picture on the Web can be worth

thousands of words.



Employing the 21st century version of a concept as old as secrets

themselves, alleged terrorists affiliated with Osama bin Laden are believed

to have exploited the vastness of the Internet to hide messages between

conspirators in what amounts to plain sight.



According to declassified intelligence reports, court testimony and computer

security experts, bin Laden's network has been a pioneer in adapting the

ancient art of steganography to the Internet. U.S. officials and high-tech

researchers seeking to counter such techniques are scrambling for methods to

detect or derail them.



Online steganography - derived from the Greek words meaning "covered

writing" - essentially involves hiding information or communications inside

something so unremarkable that no one would suspect it's there. It's the

cyber-equivalent of invisible ink or the "dead drops" that spies use to pass

secrets.



Experts say Al Qaeda, along with the Palestinian terrorist groups Hezbollah

and Hamas, have used computer software available for free on the Internet to

communicate via virtually undetectable messages embedded electronically

within innocuous photographs or music files of the sort that millions of

Internet users send to each other each day.



Using it as a ruse, bin Laden's terror operatives allegedly have been able

to bury maps, diagrams, photos of targets and messages within popular music,

auction and sports sites as well as pornographic chat rooms - incongruous

territory for devout Muslim fundamentalists.



Secrets even can be hidden in spam, the millions of unwanted e-mail messages

ricocheting daily across the Internet that barely register with most users

before they delete them. Communicating this way makes it extraordinarily

difficult for law enforcement to pick up on, much less interdict or trace.



"The sender can transmit a message without ever communicating directly with

the receiver. There is no e-mail between them, no remote logins, no instant

messages," wrote Bruce Schneier of Counterpane Internet Security.

"Steganography is a good way for terrorist cells to communicate... without

any group knowing the identity of the other."



It's an old concept, written about in 474 B.C. by Greek historian Herodotus,

who described how Histiaeus of Miletus shaved the head of a slave and

tattooed a secret message on his scalp. When the slave's hair grew back,

Histiaeus dispatched him to the Greeks, who shaved the slave's head and read

the message.



During World War II, invisible ink was used by all sides. And the Germans

perfected the use of "microdots," in which a page of writing could be

reduced to the size of a dot on a letter - only to be enlarged by the

recipients and read.



Computer steganography essentially piggy-backs information on empty or

unimportant spaces in digital files. But those who want to employ the method

don't need to understand the complex concepts at work - all they have to do

is download software available free or for less than $50 from more than two

dozen Internet sites.



Follow the instructions for using the software and, with a few mouse clicks,

you've hidden a message that is all but undetectable, except by the person

you have tipped to where to find it.



Photo or music files with such messages embedded are indistinguishable to

the human eye or ear from identical ones lacking the secret data. (For an

example of how this works, go to http://www.spammimic.com, and embed your

own message in spam.)



That fact exponentially increases the difficulty for investigators trying to

track terrorist communications online. "With the volume of documents,

photos, video and sound files moving on the Internet, there is no system

powerful enough to analyze every object for hidden messages," wrote Barry

Collin(CQ), research fellow at the National Interagency Civil-Military

Institute of the National Guard Bureau.



And an interceptor can be hamstrung even more if the hidden message is

encrypted into code. Bin Laden's network allegedly does just that.



The Justice Department, citing the difficulty of monitoring and detecting

cyber-communications among terrorists, is asking Capitol Hill to relax legal

restrictions or force software writers to supply their secrecy code "keys"

to the government in order to make it easier for agents to tap into everyday

e-mail on a broad hunt for miscreants and de-scramble what they find.



Civil libertarians say such privacy invasions are unnecessary; efforts

should be directed instead toward techniques to detect and disable

cyber-steganography.



The intelligence community is hard at work with university researchers

creating sophisticated detection programs that use complex algorithms to

conduct statistical tests capable of identifying stenographic footprints.



One new software package of interest to the Air Force was developed by

research professor Jessica Fridrich at Binghamton University in New York

state. Called "Securestego," it allows a user to return a digital image

modified by steganography to its original state - that could derail such a

message before it could reach its intended receiver.