This sounds like that story that appeared here recently claiming that some al Qaeda messages were encoded in pornographic images by means of steganography.

In general, it's far from obvious to me that an encrypted message hidden in an image file could be cracked. It sounds like the kid got lucky, as he claims, and managed to limit the possibilities for an encryption key to the point that a brute force attack worked. If is ALWAYS better to be lucky than good.

bttttttttttttttttt

This is way over my head, but I always look for some computer savvy youngster to help when I have a problem with my computer technology.

This brings "outsourcing" to a new level.

Steganography is nothing new, and is also a method of watermarking.
There are various programs to create and detect/extract stenographic content.
FYI it's also possible to conceal content in MP3 files.

"The US government sent him letters of appreciation."

They should have sent him money, and enough of it to put him on the payroll for the long haul. Hell, they should have sent him the combined salaries of those who couldn't do the job he did.

He was obviously dealing with one of the intel networks, hence the secrecy.

Possible, but not reliable.

I'll bet that young Mr. Fardia has an all expenses paid ride at college if he should choose to go to work for our friends in Langley.

I often look to see what is behind pictures using a product readily available on a photo software product out now, that is actually designed for another purpose, but can be used effectively to see what is hiding behind the picture.

The Indians have a great aptitude for mathematics and computer science. Ross Perot once said they have an "extra gene" for it.

When you crack a code it seems like the last thing you would want to do is make it public.

I'll bet that young Mr. Fardia has an all expenses paid ride at college if he should choose to go to work for our friends in Langley.

And then a job with some high-tech firm as an H-1B no doubt.

Good point, like we are now outsourcing NSA, CIA functions?

He's lying. I cracked the code with my Dick Tracy decoder ring.

We always outsource CIA functions. Our CIA operators contact foreign nationals to gain information that they have. There is no chance that a US citizen could pass as a foreigner, with the wide ranging family connections that would be necessary.

The clever thing the kid probably did us use quotations from selected verses of the Qu'ran as the keylist. Although the US does have some Arabic linguists, we probably have few arabic linguists who are also trained as cryptographers.

"Give me your tired, your poor, your huddle masses, yearning to breath free: and if they are brilliant, that is ok too.

ping

...............and a team of bodyguards.

Bin Laden: Steganography Master?

By Declan McCullagh

Story location: http://www.wired.com/news/politics/0,1283,41658,00.html

02:00 AM Feb. 07, 2001 PT

WASHINGTON -- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet.

So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement.

USA Today reported on Tuesday that bin Laden and others "are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other websites, U.S. and foreign officials say."

The technique, known as steganography, is the practice of embedding secret messages in other messages -- in a way that prevents an observer from learning that anything unusual is taking place. Encryption, by contrast, relies on ciphers or codes to scramble a message.

The practice of steganography has a distinguished history: The Greek historian Herodotus describes how one of his cunning countrymen sent a secret message warning of an invasion by scrawling it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank.

Both Axis and Allied spies during World War II used such measures as invisible inks -- using milk, fruit juice or urine which darken when heated, or tiny punctures above key characters in a document that form a message when combined.

Modern steganographers have far-more-powerful tools. Software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files, that are sent to a recipient.

The software usually works by storing information in the least significant bits of a digitized file -- those bits can be changed without in ways that aren't dramatic enough for a human eye or ear to detect. One review, of a graphical image of Shakespeare before and after a message was inserted, showed JPEG files that appeared to have no substantial differences.

Steghide embeds a message in .bmp, .wav and .au files, and MP3Stego does it for MP3 files. One program, called snow, hides a message by adding extra whitespace at the end of each line of a text file or e-mail message.

Perhaps the strangest example of steganography is a program called Spam Mimic, based on a set of rules, called a mimic engine, by Disappearing Cryptography author Peter Wayner. It encodes your message into -- no kidding -- what looks just like your typical, quickly deleted spam message.

Some administration critics think the FBI and CIA are using potential terrorist attacks as an attempt to justify expensive new proposals such as the National Homeland Security Agency -- or further restrictions on encryption and steganography programs.

The Clinton administration substantially relaxed -- but did not remove -- regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins.
One thing's for certain: All of a sudden, the debate in Washington seems to be heading back to where it was in 1998, before the liberalization.

"I think it's baloney," says Wayne Madsen, a former NSA analyst and author. "They come out with this stuff. I think it's all contrived -- it's perception management."

Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use.

"We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices."

He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult."

But Freeh never complained about steganography -- at least when the committee met in open session.

Some of the more hawkish senators seemed to agree with the FBI director, a former field agent. "I think the terrorist attacks against United States citizens really heighten your concern that commercial encryption products will be misused for terrorist purposes," said Sen. Dianne Feinstein (D-Calif).

Sen. Jon Kyl (R-Ariz) added he was concerned about "the sophistication of the terrorists, the amount of money they have available (and) their use of technology like encryption."

In March 2000, Freeh said much the same thing to a Senate Judiciary subcommittee headed by Kyl. He echoed CIA Director George Tenet's earlier remarks, saying: "Hizbollah, HAMAS, the Abu Nidal organization and Bin Laden's al Qa'ida organization are using computerized files, e-mail and encryption to support their operations."