http://www.hindustantimes.com/nonfram/100801/platefrm.asp August 10, 2001 Ravi Visvesvaraya Prasad THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack were running a cybercafe and using electronic mail to receive instructions from abroad. When the Delhi Police seized their computers and hundreds of encrypted e-mail messages, they found a vast amount of pornographic films and photographs on the hard disks. Thinking that the militants had amassed their pornographic collection for personal enjoyment, the police turned it over to the maalkhana as case property. A few weeks later, a police officer in Delhi read in the USA Today about the testimony furnished by George Tenet, Director, CIA, to the US Congress. Tenet said that Islamic extremists were hiding their messages within pornographic and sports images and movies, as well as in music files, and were utilising heavily-visited electronic chat rooms and bulletin boards as drop sites. The intended recipient would download the file and decrypt the hidden message. To all others who would download that file, it would seem to be an innocuous image. Tenet was alarmed that the extremists had successfully evaded the SIGINT (signals intelligence) and COMINT (communications intelligence) interception operations of Americas National Security Agency. Hence, it occurred to this alert policeman in Delhi that the pornography seized from the militants could contain hidden instructions. These developments have drawn attention to the recondite field of steganography, the science of concealing encrypted messages within innocuous cover messages, pictures or music in such a manner that an interceptor or other recipients of the cover file would not even suspect that hidden within it was an encrypted message. In the simpler field of cryptography, an interceptor would be able to discern that the encrypted message existed, and his challenge would be merely to crack the code and decrypt the secret message; even this simple task would take the best security agencies several weeks to perform. The US Air Force Research Laboratory has forecast the future information warfare technologies and the counter measures to fight it. Steganography topped the list. While the fundamentals of steganography were enunciated by Johannes Trithemius of Frankfurt, it is in the last 18 months that technological advances have taken place, mainly at German, Austrian, Swiss, Italian and Finnish universities, Cambridge University in the UK, and Carnegie Mellon and George Mason Universities in the US. Security agencies have been rendered impotent by the inexpensive steganographic software packages which conceal information in digital audio, video and image files. The first organisations to recognise the utility of steganographic algorithms developed in European universities were Pakistani hacker groups, the Palestinian cells of Hamas and Hizbollah, Osama bin Ladens Al Qaida, and the LTTE. Al Qaida heeded bin Ladens directive that mastering advanced technologies was integral to jehad. It was the first to practise the research results of Professors Ross Anderson and Fabien Petitcolas of Cambridge University, and conceal its messages in dense packet internet traffic, and large bandwidth uncompressed audio, video and image files. These would be located at heavily visited pornographic sites, music download sites, chat rooms and bulletin boards. Al Qaida began to use these as message drop sites for their agents. A security analyst detected steganographic activity even on heavy-traffic commercial portals such as Amazon and eBay, who were not even aware that their websites were being used for such purposes. A security analyst recounted the case of a suspected Islamic militant. The FBI in the US, which had placed him under surveillance using its packet-sniffing tool Carnivore, was intrigued that while he kept e-mailing photographs of his family to e-mail addresses that appeared to be those of relatives, he never received any replies. He was found to be sending instructions to his agents using DEMCOMs Steganos, which was undetectable by FBIs Carnivore. Packages that combine technical excellence with human psychological factors to avoid suspicion are Texto, developed in Finnish universities, which converts messages into blank verse poetry, and Spam Mimic, developed by Peter Wayner, which encodes messages into what looks like a junk e-mail. While round one has gone to the terrorists, Indian security agencies can fight back. Compressed video, music and image files have predictable patterns that would be disrupted when a message is inserted. It is possible to develop a stegoscanner program, akin to a virus scanner, to examine hard drives and identify the electronic fingerprints and signatures left behind by steganographic applications. A US steganography expert has formulated a roadmap for future efforts: First, derive the signatures/indicators associated with each steganographic package and write a scanner. The harder part is picking up the dead drops. This would require thousands of police officers to continuously monitor the websites, bulletin boards and chat rooms. The next stage is difficult. Once all possible nodes are identified, one should write a Trojan horse that would sit in the machines and scan all activity. Indias security agencies should utilise the latest steganographic technologies for their internal communications, in contrast to the insecure channels they use at present. They should also develop the futuristic science of detecting these hidden messages and decrypting them, in order to trace sensitive information being leaked out under innocuous guises. For these, they should work together with the IITs, just as the Center for Secure Information Systems in the US is a joint venture between the National Security Agency and the George Mason University. The Pentagon and CIA are funding steganalysis research at the Carnegie Mellon. If Osama bin Laden and the LTTE can put into practice the latest technological breakthroughs from European universities, there is no reason why India should not use its academia and industry. The intelligence agencies should, for instance, examine the hard drives of those Sudanese associates of bin Laden whom they caught some time back. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 03:29:37 PDT