Re: Terror groups hide behind Web encryption

[William Knowles <wk () C4I ORG>]

Amazing what kind of FUD is being pushed out to the news media
today, and while it sounds like new technology, Its really old hat.

> Hidden in the X-rated pictures on several pornographic Web sites
> and the posted comments on sports chat rooms may lie the encrypted
> blueprints of the next terrorist attack against the United States
> or its allies. It sounds farfetched, but U.S. officials and
> experts say it's the latest method of communication being used by
> Osama bin Laden and his associates to outfox law enforcement.

Some years back I did this as a proof of concept, I took an old domain
I wasn't using and with PGP and a few select steganography tools, We
had ourselves a digital dead drop that could have brought tears to an
old intelligence officer. :)

Steganography if you haven't figured out takes one piece of
information and hides it within another.

Computer files (images, sounds recordings, even disks) contain unused
or insignificant areas of data. Steganography takes advantage of these
areas, replacing them with information (encrypted mail, for instance).
The files can then be exchanged without anyone knowing what really
lies inside of them. An image of the space shuttle landing might
contain a private letter to a friend. A recording of a short sentence
might contain your company's plans for a secret new product.

[Pinched from: http://steganography.tripod.com/stego.html ]

Now I don't doubt that people are using these programs to create
websites so that normal Joe 12-packs can't see what is going on, but I
have a hard time beliving that terrorists like Osama bin Laden and his
associates are running porn sites and sports chat rooms, These are the
same guys that tried to get their deposit back on Ryder truck after
trying to blow up the World Trade Center in New York.

I also have to wonder if Osama bin Laden is really the most immediate
threat to the U.S. and its allies, or just the threat that the
intelligence community knows best.

I'm more worried about the next Aum Shinrikyo type of group that isn't
really on the radar of the intelligence community.

Lack of proof that terrorists are using steganography in websites is
another factor in this USAToday FUD, I suppose that www.qoqaz.net
could be one of those mirrored sites: http://63.249.218.164/home.htm

Or even more sinister...

Some the defaced sites listed on Attrition with photos are really
defaced with hidden messages on future attack plans and what site is
next to be compromised with new and updated information.

But sadly the only way most of us will find this out while watching
CNN Breaking News.

I wonder what's next?

William Knowles
wk () c4i org



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".