Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

How terrorists hide messages online
Scripps Howard News Service ^ | 10/4/01 | Scripps Howard News Service

Posted on 10/04/2001 6:46:51 PM PDT by Thanatos

For Editorial and Discussion use only:

How terrorists hide messages online

By LISA HOFFMAN
Scripps Howard News Service
October 04, 2001

- To terrorist cells such as Al Qaeda, a picture on the Web can be worth thousands of words.

Employing the 21st century version of a concept as old as secrets themselves, alleged terrorists affiliated with Osama bin Laden are believed to have exploited the vastness of the Internet to hide messages between conspirators in what amounts to plain sight.

According to declassified intelligence reports, court testimony and computer security experts, bin Laden's network has been a pioneer in adapting the ancient art of steganography to the Internet. U.S. officials and high-tech researchers seeking to counter such techniques are scrambling for methods to detect or derail them.

Online steganography - derived from the Greek words meaning "covered writing" - essentially involves hiding information or communications inside something so unremarkable that no one would suspect it's there. It's the cyber-equivalent of invisible ink or the "dead drops" that spies use to pass secrets.

Experts say Al Qaeda, along with the Palestinian terrorist groups Hezbollah and Hamas, have used computer software available for free on the Internet to communicate via virtually undetectable messages embedded electronically within innocuous photographs or music files of the sort that millions of Internet users send to each other each day.

Using it as a ruse, bin Laden's terror operatives allegedly have been able to bury maps, diagrams, photos of targets and messages within popular music, auction and sports sites as well as pornographic chat rooms - incongruous territory for devout Muslim fundamentalists.

Secrets even can be hidden in spam, the millions of unwanted e-mail messages ricocheting daily across the Internet that barely register with most users before they delete them. Communicating this way makes it extraordinarily difficult for law enforcement to pick up on, much less interdict or trace.

"The sender can transmit a message without ever communicating directly with the receiver. There is no e-mail between them, no remote logins, no instant messages," wrote Bruce Schneier of Counterpane Internet Security. "Steganography is a good way for terrorist cells to communicate... without any group knowing the identity of the other."

It's an old concept, written about in 474 B.C. by Greek historian Herodotus, who described how Histiaeus of Miletus shaved the head of a slave and tattooed a secret message on his scalp. When the slave's hair grew back, Histiaeus dispatched him to the Greeks, who shaved the slave's head and read the message.

During World War II, invisible ink was used by all sides. And the Germans perfected the use of "microdots," in which a page of writing could be reduced to the size of a dot on a letter - only to be enlarged by the recipients and read.

Computer steganography essentially piggy-backs information on empty or unimportant spaces in digital files. But those who want to employ the method don't need to understand the complex concepts at work - all they have to do is download software available free or for less than $50 from more than two dozen Internet sites.

Follow the instructions for using the software and, with a few mouse clicks, you've hidden a message that is all but undetectable, except by the person you have tipped to where to find it.

Photo or music files with such messages embedded are indistinguishable to the human eye or ear from identical ones lacking the secret data. (For an example of how this works, go to http://www.spammimic.com, and embed your own message in spam.)

That fact exponentially increases the difficulty for investigators trying to track terrorist communications online. "With the volume of documents, photos, video and sound files moving on the Internet, there is no system powerful enough to analyze every object for hidden messages," wrote Barry Collin(CQ), research fellow at the National Interagency Civil-Military Institute of the National Guard Bureau.

And an interceptor can be hamstrung even more if the hidden message is encrypted into code. Bin Laden's network allegedly does just that.

The Justice Department, citing the difficulty of monitoring and detecting cyber-communications among terrorists, is asking Capitol Hill to relax legal restrictions or force software writers to supply their secrecy code "keys" to the government in order to make it easier for agents to tap into everyday e-mail on a broad hunt for miscreants and de-scramble what they find.

Civil libertarians say such privacy invasions are unnecessary; efforts should be directed instead toward techniques to detect and disable cyber-steganography.

The intelligence community is hard at work with university researchers creating sophisticated detection programs that use complex algorithms to conduct statistical tests capable of identifying stenographic footprints.

One new software package of interest to the Air Force was developed by research professor Jessica Fridrich at Binghamton University in New York state. Called "Securestego," it allows a user to return a digital image modified by steganography to its original state - that could derail such a message before it could reach its intended receiver.


TOPICS: Extended News; Foreign Affairs; News/Current Events
KEYWORDS: alqaeda; alqaida; communications
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-78 next last
To: Thanatos
We wouldn't have to worry about terrorists sending messages to each other within the U.S. if we never let them in the country. Throw the bums out!!
21 posted on 10/04/2001 7:33:18 PM PDT by NoControllingLegalAuthority
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texaggie79
.....btw.....

.....FR's new software doesn't let us use the.....

.....!!!! thingy.....

22 posted on 10/04/2001 7:35:05 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 11 | View Replies]

To: Texaggie79
.....btw.....

.....FR's new software doesn't let us use the.....

.....!!!! thingy.....

23 posted on 10/04/2001 7:37:16 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 11 | View Replies]

To: cyberaxe
Explain this:

How terrorists hide messages online
Reply 23 to Texaggie79 by cyberaxe
9261858 posted on 10/04/2001 19:37:16 PDT

How terrorists hide messages online
Reply 22 to Texaggie79 by cyberaxe
9261802 posted on 10/04/2001 19:35:05 PDT

24 posted on 10/04/2001 7:39:29 PM PDT by Texaggie79
[ Post Reply | Private Reply | To 23 | View Replies]

To: Ron in Acreage
read #19
25 posted on 10/04/2001 7:41:35 PM PDT by Ron in Acreage
[ Post Reply | Private Reply | To 19 | View Replies]

To: Texaggie79
TRANSLATION: ALL YOUR BASE ARE BELONG TO US.
26 posted on 10/04/2001 7:42:49 PM PDT by Dick Bachert
[ Post Reply | Private Reply | To 6 | View Replies]

To: Texaggie79
.....i could.....

.....but then i'd have to.....

.....well u know.....

27 posted on 10/04/2001 7:48:04 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 24 | View Replies]

To: cyberaxe
That is a price I'm willing to pay!
28 posted on 10/04/2001 7:51:29 PM PDT by Texaggie79
[ Post Reply | Private Reply | View Replies]

To: Texaggie79
....."Forum Version 2.0a Copyright © 1999 Free Republic, LLC".....

.....still gotta few bugs.....

29 posted on 10/04/2001 7:57:03 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 28 | View Replies]

To: Thanatos
Two dogs, four fliers, 50,000 walkers, and 91101, does it add up to>>>>>terrorism?
30 posted on 10/04/2001 7:59:42 PM PDT by Grassontop
[ Post Reply | Private Reply | To 1 | View Replies]

To: DonQ
Seems to me that the keys to being able to receive the messages is to just have an unencrypt program and know which website to visit. If thats the case then the confiscated computers should reveal some really useful stuff.

PCs keep records of website visits and ISPs keep records of website visits by a paticular computer so it shouldnt be too difficult to crack this thing open. Not as difficult as cracking the Enigma Machine during WW2.

I can imagine that there are some folks that will find this challenge irresistible to tackle.....and just for the fun of it.

31 posted on 10/04/2001 8:01:04 PM PDT by backtobasics
[ Post Reply | Private Reply | To 22 | View Replies]

To: cyberaxe
.......can you type........

......any other way......

...... than this?........

32 posted on 10/04/2001 8:02:54 PM PDT by Texaggie79
[ Post Reply | Private Reply | To 29 | View Replies]

To: Thanatos
There was a blurb on this on Dateline I think it was. They would set up an email account with an ISP. Then, they would compose emails, but never send them. The emails remained in the "out" box and could be read by anybody having the userid/password. But never actually get sent.
33 posted on 10/04/2001 8:03:12 PM PDT by djf
[ Post Reply | Private Reply | To 1 | View Replies]

To: Texaggie79
yes

.....but it's easier to find your place in code.....

.....when you put in some markers.....

34 posted on 10/04/2001 8:07:09 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 32 | View Replies]

To: Texaggie79
Ibgd Yehrw Knexl!

Hint: Caesar Cipher

35 posted on 10/04/2001 8:24:04 PM PDT by Hoosier Patriot
[ Post Reply | Private Reply | To 3 | View Replies]

To: Hoosier Patriot
.....Èä áÇÏä ÓíÌÇÑÉ.....

.....(if you have arabic fonts you'll get it).....

36 posted on 10/04/2001 8:50:21 PM PDT by cyberaxe
[ Post Reply | Private Reply | To 35 | View Replies]

To: ALL
Reading thru the Replies to this posting.. It seems that most are from "Skeptics" who seem to want to blow off the fact that the very people who murdered over 5000 AMERICAN and International Citizens used this method to plan and coordinate their attack against our Homeland.

A couple of Years ago, here on Free Republic, there was alot of discussion about the Clinton Administration wanting encryption suppliers to give "Back-Door" Codes to allow Federal Law Enforcement and Intelligance Agencies to be able to access and "Crack" messages used to encrypt messages.. The General Consense here on Free Republic was "Whoa.. no way.. Clinton just wants to infringe on our Constitutional Rights".. There were even people Freaking when Microsoft was developing WindowsME and they thought Microsoft had put in "Back-Door" keys in it's encryption. Well, I hate to break it to everyone.. This whole Article I posted is the reason why our Goverment was and is pushing for these codes.

As 20/20 Hindsight is our most infallible way of finding out what happened.. Here are some White Papers, Articles, and links to Software that shows how this is done and the Information that was linked to Osma Bin Laden's group Al-Qaida was using this for YEARS before the 911 attack on US Soil, our Embassies overseas, and the USS Cole.

US Today, Dated June 19, 2001
Terror groups hide behind Web encryption
Excerpt:
"Uncrackable encryption is allowing terrorists — Hamas, Hezbollah, al-Qaida and others — to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities."

US Today, Dated June 19, 2001
Terrorist instructions hidden online
Excerpt:

"Through weeks of interviews with U.S. law-enforcement officials and experts, USA TODAY has learned new details of how extremists hide maps and photographs of terrorist targets — and post instructions for terrorist activities — on sports chat rooms, pornographic bulletin boards and other popular Web sites. Citing security concerns, officials declined to name the sites. Experts say it's difficult for law enforcement to intercept the messages.

"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," says Ben Venzke, special projects director for iDEFENSE, a cyberintelligence company."

U.S. officials and militant Muslim groups say terrorists began using encryption — which scrambles data and then hides the data in existing images — about five years ago.

But the groups recently increased its use after U.S. law enforcement authorities revealed they were tapping bin Laden's satellite telephone calls from his base in Afghanistan and tracking his activities."

NetSecurity, About. Sep, 17, 2001:
Methods Terrorists Use

August 2001, CITI Techreport
Detecting Steganographic Content on the Internet

US alert: coded message reveals bin Laden terror plot, July 20, 2001
US alert: coded message reveals bin Laden terror plot
Excerpt:
"The United States is expecting a terrorist attack orchestrated by the Saudi extremist Osama bin Laden soon, and has placed its forces in the Middle East on the highest level of alert.

State Department officials said intelligence services had intercepted a coded message to one of bin Laden's senior operatives outlining plans for the attack."

Newsmax, Feb. 9, 2001
U.S. Makes Cyberwar on Bin Laden
Excerpt:
"Since 1994, bin Laden has used modern technology such as laptop computers, regular computers, faxes, cell phones, e-mails and the Internet to help set up his networks in Western Europe and 50 other countries, U.S. government officials said.

But to counter his vulnerability to the NSA and America's superior electronic warfare resources, including Vortex satellites that vacuum up microwave transmissions, bin Laden has resorted to "the application of traditional tradecraft" to the Net world, Venzke said. In the past, spies "hid micro dots in letters," he said. Today, bin Laden operatives hide encrypted messages "in the middle of a porno picture." or use chat rooms or other seemingly harmless venues to deliver covert orders."

Wired News, Feb. 7, 2001:
Bin Laden: Steganography Master?
Excerpt:
"WASHINGTON -- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet. So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement.

The Clinton administration substantially relaxed -- but did not remove -- regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins.

Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use.

"We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices."

steganographic software

There is more, but you all get the Idea..

37 posted on 10/04/2001 9:06:17 PM PDT by Thanatos
[ Post Reply | Private Reply | To 33 | View Replies]

To: Texaggie79
Well, now, we all can do that too. We can post messages that no one can read, unless they know how to read it. Do you know how to read this?

Are there many foreign Arabs where you live? We have some in a few our out cities out there, but I’ve never seen any in the small city near where I live.

38 posted on 10/04/2001 9:17:52 PM PDT by Fred25
[ Post Reply | Private Reply | To 6 | View Replies]

To: Alamo Girl, JohnHuang2 , Jimrob, Clinton's a liar, Askel5, Ed_in_NJ,Travis McGee,
Info Bump..
39 posted on 10/04/2001 9:22:34 PM PDT by Thanatos
[ Post Reply | Private Reply | To 37 | View Replies]

To: Thanatos prism
Yes but you still have to communicate otherwise so your partner can unlock the image.

Where the hell is prism when you need him?

40 posted on 10/04/2001 9:25:57 PM PDT by Askel5
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-78 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson