Crack the code

[William Knowles <wk () c4i org>]

http://www.hindustantimes.com/nonfram/100801/platefrm.asp

August 10, 2001   
Ravi Visvesvaraya Prasad

THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack
were running a cybercafe and using electronic mail to receive
instructions from abroad.

When the Delhi Police seized their computers and hundreds of encrypted
e-mail messages, they found a vast amount of pornographic films and
photographs on the hard disks. Thinking that the militants had amassed
their pornographic collection for personal enjoyment, the police
turned it over to the maalkhana as case property.

A few weeks later, a police officer in Delhi read in the USA Today
about the testimony furnished by George Tenet, Director, CIA, to the
US Congress. Tenet said that Islamic extremists were hiding their
messages within pornographic and sports images and movies, as well as
in music files, and were utilising heavily-visited electronic chat
rooms and bulletin boards as drop sites.

The intended recipient would download the file and decrypt the hidden
message. To all others who would download that file, it would seem to
be an innocuous image. Tenet was alarmed that the extremists had
successfully evaded the SIGINT (signals intelligence) and COMINT
(communications intelligence) interception operations of Americas
National Security Agency.

Hence, it occurred to this alert policeman in Delhi that the
pornography seized from the militants could contain hidden
instructions.

These developments have drawn attention to the recondite field of
steganography, the science of concealing encrypted messages within
innocuous cover messages, pictures or music in such a manner that an
interceptor or other recipients of the cover file would not even
suspect that hidden within it was an encrypted message.

In the simpler field of cryptography, an interceptor would be able to
discern that the encrypted message existed, and his challenge would be
merely to crack the code and decrypt the secret message; even this
simple task would take the best security agencies several weeks to
perform. The US Air Force Research Laboratory has forecast the future
information warfare technologies and the counter measures to fight it.
Steganography topped the list.

While the fundamentals of steganography were enunciated by Johannes
Trithemius of Frankfurt, it is in the last 18 months that
technological advances have taken place, mainly at German, Austrian,
Swiss, Italian and Finnish universities, Cambridge University in the
UK, and Carnegie Mellon and George Mason Universities in the US.
Security agencies have been rendered impotent by the inexpensive
steganographic software packages which conceal information in digital
audio, video and image files.

The first organisations to recognise the utility of steganographic
algorithms developed in European universities were Pakistani hacker
groups, the Palestinian cells of Hamas and Hizbollah, Osama bin Ladens
Al Qaida, and the LTTE. Al Qaida heeded bin Ladens directive that
mastering advanced technologies was integral to jehad. It was the
first to practise the research results of Professors Ross Anderson and
Fabien Petitcolas of Cambridge University, and conceal its messages in
dense packet internet traffic, and large bandwidth uncompressed audio,
video and image files.

These would be located at heavily visited pornographic sites, music
download sites, chat rooms and bulletin boards. Al Qaida began to use
these as message drop sites for their agents. A security analyst
detected steganographic activity even on heavy-traffic commercial
portals such as Amazon and eBay, who were not even aware that their
websites were being used for such purposes.

A security analyst recounted the case of a suspected Islamic militant.
The FBI in the US, which had placed him under surveillance using its
packet-sniffing tool Carnivore, was intrigued that while he kept
e-mailing photographs of his family to e-mail addresses that appeared
to be those of relatives, he never received any replies. He was found
to be sending instructions to his agents using DEMCOMs Steganos, which
was undetectable by FBIs Carnivore.

Packages that combine technical excellence with human psychological
factors to avoid suspicion are Texto, developed in Finnish
universities, which converts messages into blank verse poetry, and
Spam Mimic, developed by Peter Wayner, which encodes messages into
what looks like a junk e-mail.

While round one has gone to the terrorists, Indian security agencies
can fight back. Compressed video, music and image files have
predictable patterns that would be disrupted when a message is
inserted. It is possible to develop a stegoscanner program, akin to a
virus scanner, to examine hard drives and identify the electronic
fingerprints and signatures left behind by steganographic
applications.

A US steganography expert has formulated a roadmap for future efforts:
First, derive the signatures/indicators associated with each
steganographic package and write a scanner. The harder part is picking
up the dead drops. This would require thousands of police officers to
continuously monitor the websites, bulletin boards and chat rooms. The
next stage is difficult. Once all possible nodes are identified, one
should write a Trojan horse that would sit in the machines and scan
all activity.

Indias security agencies should utilise the latest steganographic
technologies for their internal communications, in contrast to the
insecure channels they use at present. They should also develop the
futuristic science of detecting these hidden messages and decrypting
them, in order to trace sensitive information being leaked out under
innocuous guises. For these, they should work together with the IITs,
just as the Center for Secure Information Systems in the US is a joint
venture between the National Security Agency and the George Mason
University. The Pentagon and CIA are funding steganalysis research at
the Carnegie Mellon.

If Osama bin Laden and the LTTE can put into practice the latest
technological breakthroughs from European universities, there is no
reason why India should not use its academia and industry. The
intelligence agencies should, for instance, examine the hard drives of
those Sudanese associates of bin Laden whom they caught some time
back.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.