Al-Qaida Shows Skills In Keeping Secrets
By Doug Tsuruoka
Investor's Business Daily
Wednesday November 6, 10:35 am ET
More than a year after the Sept. 11 attack, the U.S. still can't read Osama bin Laden's e-mail or eavesdrop on his cell phone calls.
The National Security Agency, the electronic listening post of U.S. intelligence, says bin Laden's al-Qaida terror network is sidestepping U.S. surveillance. The question is how.
Some code experts say al-Qaida is relying on a technique called steganography. Steganography, which means "hidden writing" in Greek, involves concealing secret messages in Internet messages or TV and radio broadcasts.
"The technology's out there," said Sushil Jajodia, director of the Center for Secure Information Systems at George Mason University. "It's possible al-Qaida's using it because it provides additional secrecy beyond encryption."
On the Net, the technique involves altering digital files to carry coded messages. The approach works for text written in Arabic, English or any other language.
Covert messages can be hidden in insignificant bits of a digital file without making anything look suspicious. Software encryption programs that hide messages in spam or images are available free on the Internet. Some popular programs are White Noise Storm and S-Tools.
The message looks like a jumble of meaningless characters until it's de-crypted. It can only be unscrambled with a code-cracking algorithm or key known only to the recipient.
When photos are used, the software inserts hidden data into the bytes of an image like a JPEG file.
You could have an image of, say, Mickey Mouse that carries instructions for an attack on a U.S. airport.
Encrypted data like these don't need to be sent from person to person - a step that makes it easier to track on the Net. The message or image can be sent to a Web site area like a chat room. Once posted, it can be seen by anyone. There's no direct way to trace who saw it. Even governments find encrypted e-mails and other data hard to crack.
Human rights workers in the Balkans, for instance, have successfully blocked local police from reading data in e-mails or computer drives by using encryption.
Cracking encrypted files isn't impossible, though. Niels Provos, an encryption expert, says it's possible to guess passwords and keys. "People end up using pets' names or other words for pass codes that can be found in a dictionary," he said. "Simply guessing millions of potential words often lets us find the encryption keys that were used."
But sensitive messages can be doubly hard to find if they're first encrypted, then hidden in a photo with steganography.
There's software that detects if an Internet file has been doctored in this way. But with billions of e-mails and images on the Net, there's a lot of stuff for the U.S. to scan.
"It's like a needle in a haystack," Jajodia said. "You have to know exactly where to look."
Al-Qaida is already known to use codes and encryption to hide data.
Ramzi bin al-Shibh, the ringleader of the al-Qaida cell in Pakistan, has been quoted in Arab news reports as saying he used complex codes to stay in contact with 9-11 hijacker Mohammad Atta through e-mails and Web chat rooms.
Using old-fashioned secret codes to write e-mail is another tactic.
One method involves a technique called substitution, where words in a text have another meaning based on a hidden code.
"I could use a word, say banana, in any language and you could read bomb," Jajodia said.
The practice can be made harder to detect by placing key words at the beginning of certain sentences or paragraphs. The words together form a secret message.
The practice might be easily cracked if Roman letters are used. But Western analysts might find it harder to flag if messages use Arabic script. The use of Arabic script and religious texts to carry secret messages has a long precedent.
Saladin, the 12th century Muslim leader who fought the Crusaders, often used codes written in Arabic to pass messages to followers.
Some experts say the technique works well with religious writing from the Koran.
The Koran is Islam's holy book, written 1,400 years ago. It contains the oral teachings of the prophet Mohammad. It has 114 suras, or chapters, that have 6,666 verses.
Verses from the Koran, or material derived from it, are posted on religious Web sites in the Middle East.
Terrorists, in theory, could scan daily postings of seemingly harmless religious material to get orders.
"Using the Koran in this manner could be code word-based," Jajodia said.
Some cryptologists doubt if terrorists are using old-fashioned substitution ciphers in Arabic, though.
They say it would look like gibberish if posted on a Web site - making it obvious a secret message is being sent. This would be especially true if codes were used with religious texts like the Koran, which usually have set words or verses.
These experts also say advanced encryption and steganography systems are much better, since they're virtually unbreakable.
Steganography also can be used to hide messages in online religious text.
Some Islamic militants hint they're using encrypted material to communicate over the Net.
Nine months before 9-11, Ahmed Jabril, a spokesman for the Islamic terror group Hezbollah, reportedly said in London, "Now it's possible to send a verse from the Koran, an appeal for charity and even a call for Jihad and know it will not be seen by anyone hostile to our faith, like the Americans."
Jajodia says steganography isn't hard to learn. "Middle Eastern students can take a few undergraduate and graduate courses in the U.S. and know enough to use these techniques," he said.
If al-Qaida's followers are using such electronic tricks, the U.S. has a big code gap to close.
Robert Steele, an ex-U.S. intelligence officer, says the government needs to use more than technology to intercept messages.
The U.S. also needs old-fashioned human intelligence on the ground to back up what electronic sweeps of the Internet uncover, he says.
Steele says this means infiltrating groups like al-Qaida with agents, rather than rely exclusively on high-tech monitoring .
"The U.S. has been very slow to focus on clandestine penetrations of groups like al-Qaida," Steele said. "It's also been very slow to focus on the Web as a place where we need to be detecting patterns and links (in Internet messages)."
biz.yahoo.com |
