[ISN] Hiding (and Seeking) Messages on the Web

From: InfoSec News (isnat_private)
Date: Mon Jun 10 2002 - 03:12:48 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] Hacker group defaces naval websites"

    By Colin Soloway, Rod Nordland and Barbie Nadeau
    June 17 issue 
    One day last October, an intelligence-community analyst noticed 
    something strange about a radical Islamist Web site she had been 
    monitoring for several months. A previously open, innocuous part of 
    the site was suddenly blocked. She checked her notes, found the old 
    address for the link and typed it in - to find an otherwise empty page 
    commanding in Arabic, MISSIONARIES ATTACK!
    OTHER "HIDDEN" PAGES ON the site included seemingly nonsensical 
    phrases and quotations from the Qur'an - coded instructions for Qaeda 
    operatives and their supporters. U.S. intelligence discovered Al Qaeda 
    uses the Web as a communications network. Analysts believe Al Qaeda 
    uses prearranged phrases and symbols to direct its agents. An icon of 
    an AK-47 can appear next to a photo of Osama bin Laden facing one 
    direction one day, and another direction the next. Colors of icons can 
    change as well. Messages can be hidden on pages inside sites with no 
    links to them, or placed openly in chat rooms. The messages and 
    patterns of symbols are given to analysts at the CIA and National 
    Security Agency to decipher.
    The operators of these sites, working from Pakistan, Malaysia, 
    Indonesia, the gulf states and Britain, are sophisticated in their 
    computer tradecraft. "These guys are no fools," says an intelligence 
    Much of the intelligence from the sites comes from "traffic 
    analysis." Analysts say they have seen "surges" in traffic since 9-11, 
    in many cases prior to attempted attacks. "There was a surge about the 
    time [shoe-bomber] Richard Reid got on the plane," says one analyst. 
    "We would get surges, and then you would hear about people who were 
    For more direct communication, Al Qaeda uses commercially available 
    encryption software or hides messages inside graphics files by a 
    process known as steganography. "They are giving strategic direction 
    to their supporters by using the Web [and] using [cryptographic 
    software] to transmit e-mail messages," says a British intelligence 
    While encrypted communications keep the content of messages 
    secret, they attract the attention of intelligence services, which 
    track the messages to their source and recipient; meanwhile, much of 
    the Web communications are hidden in the mass of unrelated "chatter" 
    on radical Web sites. "The genius of this method is that they are 
    hiding in plain sight," says the analyst. "It's three jigsaw puzzles 
    mixed up in one box, when you're only interested in one of them."
    Some of the most valuable intelligence gleaned from the sites 
    has been the connection between Islamic charities and Qaeda 
    fund-raising operations. Analysts found the same bank-account numbers 
    listed in Islamic humanitarian appeals on sites raising funds for 
    jihad against the enemies of Islam. Several U.S.-based Islamic 
    "charities" have been shut down thanks to the analysts' discovery of 
    this fund-raising scam. 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 06:11:25 PDT