FC: Are terrorists using crypto and stego? Or is it just media hype?

[Declan McCullagh <declan () well com>]

[In response to some questions I received: I've said in the past that we 
should assume for purposes of political debate that terrorists will use 
crypto and stego, because if they're not now, they eventually will. The 
Sep. 11 attackers were cunning, if nothing else. But there is a huge 
difference between expecting that terrorists will eventually go in this 
direction -- and accepting as fact vague and self-promoting reports that 
the 19 suicide-hijackers did. (This reminds me of the good ol'days when we 
didn't actually know if Nazis were online or not. This prompted Gerard Van 
der Leun to write a corollary to Godwin's law: "As global connectivity 
improves, the probability of actual Nazis being on the net approaches one." 
(http://www.cbbrowne.com/info/godwin.html) --DBM]

*********

Date: Wed, 10 Oct 2001 22:07:44 -0700
To: declan () well com, politech () politechbot com
From: Lizard <lizard () mrlizard com>
Subject: Re: FC: Dutch government moves to limit encryption, citing terrorists
Cc: ame () heise de
In-Reply-To: <5.0.2.1.0.20011010232513.02636da0 () mail well com>

Has anyone yet found a case where some alphabet soup agency had, in hand, 
an ecrypted file, and said, "We know this file contains some kind of Evil 
Plot, but we can't tell what it is due to that darn encryption!"?

If so, I'd like to know how they managed to know who to watch, which files 
to grab, etc, but not enough to just use Tempest or similair technologies 
(or good old spying!) to GET THE DAMN PASSWORD FROM THE USER.

REAL crackers don't bother with brute-force cracking;they trick the user. 
Given that terrorists are not the brightest apples in the pond, I can't 
imagine the same techniques can't be used on them.

*********

From a longtime Politech subscriber (obviously I haven't confirmed this 
myself, so treat it for what it's worth):

> You might like to know that Iomart are in financial trouble of the
> deep-shit-without-a-depth-guauge variety. They're not going bust
> yet, but they're flailing around in search of a new business model
> after their colocation business flopped. (Guess who used to be one
> of their customers?)
>
> This sort of nonsense looks like something one of their PR people
> came up with. (Compare and contrast with the French police reports
> that they've found some Al Quaida code books ... hand-written in
> Arabic. Someone is pushing the anti-crypto, anti-stego bandwagon
> rather hand in the UK right now ...)

*********

Subject: RE: U.K. firm finds hidden messages that "might" implicate bin Laden
Date: Wed, 10 Oct 2001 23:15:02 -0700
From: "Clinton D. Fein" <clinton.fein () apollomedia com>
To: <declan () well com>
Cc: <victoria.masterson () businessam co uk>

Hats off to Phil Worms, the PR person representing Iomart. He couldn't
have wished for a more company focused article had he written the piece
himself.

"Iomart, headed by the chief executive Angus MacSween, is the only UK
company and one of only a handful worldwide which are providing their
services free to help the US government's security effort." (Let's not
forget Starbucks or Oracle, leaving only two fingers!).

It couldn't possibly be that other companies don't have the PR machines
in place or are providing services more discreetly rather than risk
appearing exploitative of a terrible tragedy. No doubt Iomart's
"possible" opening of a US office in Hendon, Virginia, within three
months, is to be closer to assist the Pentagon should they need it.

Fortuitously enough, we are exploring launching a new product that finds
hidden journalism in regurgitated press releases that "might" actually
be informative. Perhaps I'll make it available free.

Clinton
____________________________

Clinton Fein
President
ApolloMedia Corporation
370 7th Street, Suite 6
San Francisco, CA  94103
VOX 415-552-7655
FAX 415-552-7656
http://apollomedia.com/
______________________________

*********

From another Politech subscriber, again, treat this for what it's worth):

first something unrelated:
http://www.fas.org/irp/news/2000/06/000605-terror.htm (last year
already!)

iomart has bought the bancrupt company that tried to make a map of
the whole internet last year in order to find the source of every
message, to fight piracy and brand name and copyright infringement.
it's owned by the latter's founder, and has its own share of financial
troubles, if i understood correctly what news i found about the two
when i looked recently.

another company, german biodata, owner of image searcher cobion
which has a similar goal of brand name infringement finding (and
makes a lot of press releases every once in a while about how they
claim this helps find missing children and fight child pornography and
nazi symbols), recently had some news about financial woes, too, so in
this context i suspect that the demand for this type of service is very,
very low - nobody seems to want to run themselves into countless silly
legal affairs like "sportswear company adidas sues animal park
websites for stripes on tigers and zebras that they say infringe their
trade mark", and the investment they all had at their beginnings from
three letter orgs in law enforcement or worse seems to have pulled out
when they didn't find anything useful there either.

here's some stuff i dug out recently upon another announcement of a
wondrous "whole web map to fight all evil" in the austrian quintessenz
q/depesche list (that was the news about www.gridpatrol.de by
hamburg, germany firm "mediatime" on october 4th) :

the article at the bottom only survived on my disk, but not even on
google, even though it's just one year old.
ps:http://www.google.de/search?q=whitelaw+actis&hl=de second find
when i looked "cash flow"
;)

 http://www.heise.de/tp/deutsch/inhalt/te/8967/1.html
was i think where i originally got the link to it from, but i think it also
had a discussion about it on slashdot.

www.actis-technology.com ; business family:
http://www.businessam.co.uk/TodaysPaper/TodaysArticles/0,2910,28589,00.html
(almost fell bancrupt itself in summer, see "receiver called in at
buchanan")

then here was iomart buying actis
http://www.businessam.co.uk/TodaysPaper/TodaysArticles/0,2910,38026,00.html

 http://www.actis-technology.com/Actis_NI_brochure.pdf webfilter

here's da old thang, sorry for totally garbled line breaks :

http://people.ft.com/ft/gx.cgi/ftc?pagename=View&c=Article&amp;cid=FT3G54ELIEC&amp;live=true&amp;tagid=IXLAI5JTS7C&amp;useoverridetemplate=IXLUBP2SS7C

                       Special Feature       20 Oct 2000


                                            Uncovering the Dark Side of 
the world
wide web

                                            By Ma
rcus Gibson

                                            In an achievement that is 
almost the
equivalent of the
                                            Human Genome project for the
internet, a new Scottish
                                            software company has not only
succeeded in plotting a map
                                            of the world wide web but has also
uncovered its Dark
                                            Side.

                       The achievement had its beginnings three years ago at a
brainstorming session between a
                       group of software programmers in Scotland. "How do we
write a program that detects
                       anything bad that's going on on the internet?" asked
Stephen Whitelaw, former Glasgow
                       University lecturer and chief executive of Buchanan
International, a security software
                       company based outside Glasgow.

[...]

**********

Date: Thu, 11 Oct 2001 01:55:51 -0700
From: "G. Armour Van Horn" <vanhorn () whidbey com>
To: declan () well com
Subject: Re: FC: U.K. firm finds hidden messages that "might" implicate 
binLaden

I wouldn't take them seriously at all, and I'd hope that someone is 
debunking them inside the Beltway. By now the authorities have certainly 
been able to search the homes of the hijackers, did any of them own 
computers? If they visited cybercafes or libraries to check for their 
messages, would they have been able to install the decrypting software for 
the stego-ed messages? If at libraries, as one of the articles suggests, 
how could they get the porn through the filters.

And perhaps most telling of all, how would bin Laden, or anyone else in 
Afghanistan, find a consistent and reliable Internet connection to send 
from? If it was important to control and coordinate his evil program, as it 
obviously was, I'm certain that the primary methods would have been chosen 
with care, and that any communication sent over the Internet would have 
been less important and/or supplemental.

As always, feel free to use my comments in any way you see fit.

Van Van Horn

**********

[Below message is humor, for those who don't grok ROT13 --DBM]

From: goetz99 () gmx net
To: declan () well com
Date: Thu, 11 Oct 2001 10:35:54 +0200
Subject: Re: FC: U.K. firm finds hidden messages that "might" implicate bin 
Laden

u:
>     In recent weeks, Iomart experts have unearthed hundreds of files,
>     some of them containing Arabic text and dates which have been
>     passed on to investigators.

a german hacker "group" (really a schizphrenic who counts himself as
several) has performed a massive web content filtering using
advanced multicluster rot-13 technology on binary files. almost
0.07456843 percent of all binary files over ten megabytes of size
were found to contain the name "bin laden". moreover, using dual-rot13
attacks, an overwhelming number even of seemingly plaintext files
containing the name "bin laden" IN THE CONTEXT OF RECENT ANTI-
US TERRORISM was found on internet servers at the locations
207.25.71.25 and cnn.com .

**********

Date: Thu, 11 Oct 2001 10:03:23 -0400
To: declan () well com
From: Brian McWilliams <brian () pc-radio com>
Subject: Anti-Terror Hackers Claim Arab National Bank Breach

Hi Declan,

FYI ...

Vigilante hackers apparently penetrated the security of a Saudi bank 
Wednesday, even as the hackers' own Web site was defaced by a notorious 
computer prankster, Fluffi Bunni.

http://www.newsbytes.com/news/01/171035.html

B.

**********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------