[ISN] Crack the code

From: William Knowles (wkat_private)
Date: Mon Aug 13 2001 - 01:44:34 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] Tripwire.com Forums defaced"

    http://www.hindustantimes.com/nonfram/100801/platefrm.asp
    
    August 10, 2001   
    Ravi Visvesvaraya Prasad
    
    THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack
    were running a cybercafe and using electronic mail to receive
    instructions from abroad.
    
    When the Delhi Police seized their computers and hundreds of encrypted
    e-mail messages, they found a vast amount of pornographic films and
    photographs on the hard disks. Thinking that the militants had amassed
    their pornographic collection for personal enjoyment, the police
    turned it over to the maalkhana as case property.
    
    A few weeks later, a police officer in Delhi read in the USA Today
    about the testimony furnished by George Tenet, Director, CIA, to the
    US Congress. Tenet said that Islamic extremists were hiding their
    messages within pornographic and sports images and movies, as well as
    in music files, and were utilising heavily-visited electronic chat
    rooms and bulletin boards as drop sites.
    
    The intended recipient would download the file and decrypt the hidden
    message. To all others who would download that file, it would seem to
    be an innocuous image. Tenet was alarmed that the extremists had
    successfully evaded the SIGINT (signals intelligence) and COMINT
    (communications intelligence) interception operations of Americas
    National Security Agency.
    
    Hence, it occurred to this alert policeman in Delhi that the
    pornography seized from the militants could contain hidden
    instructions.
    
    These developments have drawn attention to the recondite field of
    steganography, the science of concealing encrypted messages within
    innocuous cover messages, pictures or music in such a manner that an
    interceptor or other recipients of the cover file would not even
    suspect that hidden within it was an encrypted message.
    
    In the simpler field of cryptography, an interceptor would be able to
    discern that the encrypted message existed, and his challenge would be
    merely to crack the code and decrypt the secret message; even this
    simple task would take the best security agencies several weeks to
    perform. The US Air Force Research Laboratory has forecast the future
    information warfare technologies and the counter measures to fight it.
    Steganography topped the list.
    
    While the fundamentals of steganography were enunciated by Johannes
    Trithemius of Frankfurt, it is in the last 18 months that
    technological advances have taken place, mainly at German, Austrian,
    Swiss, Italian and Finnish universities, Cambridge University in the
    UK, and Carnegie Mellon and George Mason Universities in the US.
    Security agencies have been rendered impotent by the inexpensive
    steganographic software packages which conceal information in digital
    audio, video and image files.
    
    The first organisations to recognise the utility of steganographic
    algorithms developed in European universities were Pakistani hacker
    groups, the Palestinian cells of Hamas and Hizbollah, Osama bin Ladens
    Al Qaida, and the LTTE. Al Qaida heeded bin Ladens directive that
    mastering advanced technologies was integral to jehad. It was the
    first to practise the research results of Professors Ross Anderson and
    Fabien Petitcolas of Cambridge University, and conceal its messages in
    dense packet internet traffic, and large bandwidth uncompressed audio,
    video and image files.
    
    These would be located at heavily visited pornographic sites, music
    download sites, chat rooms and bulletin boards. Al Qaida began to use
    these as message drop sites for their agents. A security analyst
    detected steganographic activity even on heavy-traffic commercial
    portals such as Amazon and eBay, who were not even aware that their
    websites were being used for such purposes.
    
    A security analyst recounted the case of a suspected Islamic militant.
    The FBI in the US, which had placed him under surveillance using its
    packet-sniffing tool Carnivore, was intrigued that while he kept
    e-mailing photographs of his family to e-mail addresses that appeared
    to be those of relatives, he never received any replies. He was found
    to be sending instructions to his agents using DEMCOMs Steganos, which
    was undetectable by FBIs Carnivore.
    
    Packages that combine technical excellence with human psychological
    factors to avoid suspicion are Texto, developed in Finnish
    universities, which converts messages into blank verse poetry, and
    Spam Mimic, developed by Peter Wayner, which encodes messages into
    what looks like a junk e-mail.
    
    While round one has gone to the terrorists, Indian security agencies
    can fight back. Compressed video, music and image files have
    predictable patterns that would be disrupted when a message is
    inserted. It is possible to develop a stegoscanner program, akin to a
    virus scanner, to examine hard drives and identify the electronic
    fingerprints and signatures left behind by steganographic
    applications.
    
    A US steganography expert has formulated a roadmap for future efforts:
    First, derive the signatures/indicators associated with each
    steganographic package and write a scanner. The harder part is picking
    up the dead drops. This would require thousands of police officers to
    continuously monitor the websites, bulletin boards and chat rooms. The
    next stage is difficult. Once all possible nodes are identified, one
    should write a Trojan horse that would sit in the machines and scan
    all activity.
    
    Indias security agencies should utilise the latest steganographic
    technologies for their internal communications, in contrast to the
    insecure channels they use at present. They should also develop the
    futuristic science of detecting these hidden messages and decrypting
    them, in order to trace sensitive information being leaked out under
    innocuous guises. For these, they should work together with the IITs,
    just as the Center for Secure Information Systems in the US is a joint
    venture between the National Security Agency and the George Mason
    University. The Pentagon and CIA are funding steganalysis research at
    the Carnegie Mellon.
    
    If Osama bin Laden and the LTTE can put into practice the latest
    technological breakthroughs from European universities, there is no
    reason why India should not use its academia and industry. The
    intelligence agencies should, for instance, examine the hard drives of
    those Sudanese associates of bin Laden whom they caught some time
    back.
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 03:29:37 PDT