http://www.newscientist.com/news/news.jsp?id=ns99991340 15:56 25 September 2001 Will Knight New research indicates that terrorists are not using advanced computer tools to hide messages in innocuous-looking web images. In February 2001, US agents suggested that terror groups, including Osama Bin Laden's al-Qaida organisation, were hiding messages in web images. The FBI has suggested that recent terrorist atrocities in the US could even have been co-ordinated using images uploaded to ordinary internet sites such as eBay. Now Niels Provos and Peter Honeyman of the University of Michigan have found strong evidence suggesting such steganography - the science of obfuscating communications - is not used. They used detection software and brute force computing power to scan millions of images posted to the internet and found no hidden messages. "We have analysed over two million images downloaded from eBay but have not been able to find a single hidden message," they write in their paper, Detecting Steganographic Content on the Internet. Redundant code Messages can be hidden within redundant parts of the digital information used to generate images in formats such as JPEG. This offers advantages over encryption, which only hides the meaning of a message, because the message itself disappears. Provos and Honeyman ran computer programs to analyse the digital information behind images and identify any portions that might have been altered. They further checked these portions to see if any changes could be explained by normal copying errors. The pair employed a bank of distributed computers to check through millions of images. After weeks of analysis, however, they found no hidden messages. Extra layer The technique may not be infallible. The methods used by Provos and Honeyman were particularly aimed at uncovering use of steganographic tools already released on the internet. There are more advanced methods of hiding communications within images that involve using active, as well as redundant parts, of the underlying code. Sushil Jajodia of the Centre for Secure Information Systems at George Mason University in Virginia, US, says that this could have evaded detection but would require considerable technical sophistication. Jajodia says that a message might also be encrypted before hiding. "This would add an extra layer of security," he says. But he also stresses that there are far simpler methods for hiding communications. Using a code word in a telephone conversation or a radio broadcast would provide a far easier way to communicate in secret, he says. Magnus Ranstorp, of the Centre for the Study of Terrorism and Political Violence at the University of St Andrews in the UK, agrees. He told New Scientist: "These groups do use encryption, but some of the most important information is relayed non-technologically, it is often carried by human couriers." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Sep 26 2001 - 09:11:47 PDT