[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[dvd-discuss] STEGANOGRAPHY - Veiled Messages of Terrorists May Lurk in Cyberspace

Interesting that they's ask Morris...his son was the creator of the 
arpanet worm in the early 90s.

=========================================================================

October 30, 2001

STEGANOGRAPHY - Veiled Messages of Terrorists May Lurk in Cyberspace

By GINA KOLATA

The investigation of the terrorist attacks on the United States is drawing
new attention to a stealthy method of sending messages through the 
Internet.
The method, called steganography, can hide messages in digital photographs
or in music files but leave no outward trace that the files were altered.

Intelligence officials have not revealed many details about whether, or 
how
often, terrorists are using steganography. But a former French defense
ministry official said that it was used by recently apprehended terrorists
who were planning to blow up the United States embassy in Paris.

The terrorists were instructed that all their communications were to be 
made
through pictures posted on the Internet, the defense official said.

The leader of that terrorist plot, Jamal Beghal, told French intelligence
officials that he trained in Afganistan and that before leaving that 
country
for France, he met with an associate of Osama bin Laden. The plan was for 
a
suicide bomber to drive a minivan full of explosives through the embassy
gates.

The idea of steganography is to take advantage of the fact that digital
files, like photographs or music files, can be slightly altered and still
look the same to the human eye or sound the same to the human ear.

The only way to spot such an alteration is with computer programs that can
notice statistical deviations from the expected patterns of data in the
image or music. Those who are starting to look for such deviations say 
that
their programs are as yet imperfect but that, nonetheless, some are 
finding
widespread use of steganography on the Internet. For national security
reasons some of these experts do not want to reveal exactly what they 
find,
and where.

"Quite an alarming number of images appear to have steganography in them,"
said one expert who has looked for them, Chet Hosmer, the president and
chief executive of WetStone Technologies in Cortland, N.Y.

Mr. Hosmer says his company has not decided whether to reveal all the 
sites
where he is finding steganography. He has found it on the auction site 
eBay,
where people can post pictures anonymously, inserting hidden messages if
they choose to, and just as anonymously download them, retrieving the
messages. WetStone works under a contract to the Air Force.

At George Mason University, Dr. Neil F. Johnson, a steganography expert,
said he became so worried by steganography's potential to be used by
terrorists and criminals that he stopped publishing his research on how to
detect it, reasoning that if people knew how he detected it, and where, 
they
could devise methods to thwart him and move their messages to sites he has
not checked.

"I have no reason to think that Al Qaeda is not using steganography," Dr.
Johnson said, but he, like others, pointed to no proof. His research, he
said, is financed by "law enforcement."

"I think it's foolish to disclose what I'm scanning for, whether I'm
scanning and whether I'm detecting anything," Dr. Johnson said. "To give
that away tips one's hands."

Steganography, Greek for "hidden writing," is one of the most ancient ways
of passing secret messages, but until very recently few computer 
scientists
paid it much attention - it seemed more a relic of ancient times, sort of 
a
Paul Revere-type "one if by land two if by sea" way of sending 
information.

The ancient Greeks used it, writing a message on a wooden tablet and
covering the wood with wax. Sentries would think the tablets were blank, 
but
when they were delivered, their recipients would simply scrape off the wax
and read the message.

In World War II, Dr. Johnson said, the Allies became so suspicious about
hidden messages that the United States Office of Censorship "took extreme
actions, such as banning flower deliveries which contained delivery dates,
crossword puzzles and even report cards."

But in recent years, steganography has arrived on the Internet in a big 
way,
experts said, with free and easy-to-use programs to insert messages into
music or picture files. Many programs also allow users to choose an
encryption scheme to further hide the message, so even if the recipients
know it is there, they have to decode it to read it.

"In the past two years, the number of steganography tools available over 
the
Internet has doubled - it's 140 and growing," Dr. Johnson said. Some of 
the
newer ones, he said, prompt users at each step on how to proceed.

Bruce Schneier, a founder of Counterpane, an Internet security company,
likened steganography to what is known as a dead drop - a message, money 
or
papers left in a hiding place to be picked up by someone.

"The effect is that the sender can transmit a message without ever
communicating directly with the receiver," Mr. Schneier wrote in a recent
newsletter. "There is no e-mail between them, no remote log-ins, no 
instant
messages. All that exists is a picture posted in a public forum, and then
downloaded by anyone sufficiently enticed by the subject (both third 
parties
and the intended receiver of the secret message.)"

Mr. Hosmer said he became interested in steganography three years ago when
he conducted a study for the Air Force looking at potential areas for
cybercrime and cyberterrorism.

"We wanted to see what kinds of tools and weapons were being used by
terrorist organizations," he said. To his surprise, he said, 
steganography,
an area he had paid little attention to, stood out because it could be so
effective in hiding the very fact that people were communicating - 
thwarting
attempts to detect terrorist activities by looking for flurries of
communications between members.

Mr. Hosmer found more than 100 free steganography programs on the Internet
and said he was shocked when the providers of the programs said there had
been over a million downloads of the technology.

"It really struck us: why were there so many downloads?" Mr. Hosmer said.
Some, he said, may be hackers or people who are using it for fun. But, he
said, he doubts that those are the only users.

"We said, `This is really startling, that there are so many people who are
communicating without people knowing that they are communicating.' And
because these programs were coming from around the world, we were very
concerned."

Mr. Hosmer's company began looking at millions of digital pictures that 
were
posted on the Internet. They scanned auction sites and pornographic sites,
where people can post and download digital images anonymously.

"We started getting hits," Mr. Hosmer said, adding that about 0.6 percent 
of
millions of pictures on auction and pornography sites had hidden messages.
The messages they found on eBay were encrypted and unreadable, he said. 
The
company also noticed that some of the same photos seemed to be used over 
and
over again, with different messages each time. "If you're very 
sophisticated
at this, you would never use an image again," Mr. Hosmer said.

One limitation in published steganography detection programs is that often
they miss images hidden in the most frequently used format, JPEG, said Dr.
Jessica Fridrich, a research professor at the Center for Intelligent 
Systems
at the State University of New York at Binghamton.

It is hard to see evidence of steganography in such files because the
detection methods look for statistical evidence that an image's data have
been distorted. But JPEG files are distorted by their very nature - the
digital data are altered when the files are compressed to send them
electronically.

Dr. Fridrich said that a steganography detection program she developed 
also
had that limitation but that she had greatly improved the program so that,
even though it still did not work well for JPEG images, it was much better
at finding images in other formats. She said she was providing it to the 
Air
Force, which was paying for her group's work. "I believe that the Air 
Force
made this program available to other government agencies," she said.

The best published method for finding steganography in JPEG files, Dr.
Fridrich said, is one developed by Niels Provos, a graduate student at the
University of Michigan. Mr. Provos said he had seen no steganography in 
the
two million images from eBay he had examined.

On the other hand, Mr. Provos can miss steganography - he said he had
trouble finding small messages and was unable to detect a short message in 
a
photograph that was sent to him. He was told beforehand that an 
unencrypted
message had been inserted.

Mr. Provos publishes his research, enabling others to know how he detects
steganography and, as a consequence, how to avoid his detection system.
"When I started my research, which was a couple of years ago, it was, of
course, in a completely different political situation," he said.

Now, he says, he asked himself again if publication was advisable. He
concluded it was, arguing that research thrived when people could freely
exchange ideas.

Of course, those whose business it is to intercept terrorist 
communications
would never reveal anything they have learned about steganography.

Asked what the National Security Agency - the nation's codemaking and
codebreaking agency - knows, Dr. Robert Morris, a retired cryptographer 
who
was chief scientist there, said, "We wouldn't talk about it."