Horsemen of the Infocalypse, that is... Cheers, RAH ------- <http://www.nytimes.com/2004/12/20/technology/20covert.html?th=&pagewanted=print&position=> The New York Times December 20, 2004 On the Open Internet, a Web of Dark Alleys By TOM ZELLER Jr. The indictment early this month of Mark Robert Walker by a federal grand jury in Texas might have seemed a coup for the government in its efforts to police terrorist communications online. Mr. Walker, a 19-year-old student, is accused, among other things, of using his roommate's computer to communicate with - and offer aid to - a federally designated terrorist group in Somalia and with helping to run a jihadist Web site. "I hate the U.S. government," is among the statements Mr. Walker is said to have posted online. "I wish I could have been flying one of the planes on Sept. 11." By international terror standards, it was an extremely low-level bust. But the case, which was supposedly broken only after Mr. Walker's roommate tipped off the police, highlights the near impossibility of tracking terrorist communications online. Even George J. Tenet, the former director of central intelligence, speaking on the vulnerabilities of the nation's computer networks at a technology security conference on Dec. 1, noted the ability of terrorists to "work anonymously and remotely to inflict enormous damage at little cost or risk to themselves." He called for a wholesale taming of cyberspace. "I know that these actions would be controversial in this age where we still think the Internet is a free and open society with no control or accountability," Mr. Tenet said, "But, ultimately, the Wild West must give way to governance and control." Even if the government is able to shore up its networks against attack - one of many goals set forth by the intelligence reform bill passed last week - the ability of terrorists and other dark elements to engage in covert communications online remains a daunting security problem, and one that may prove impossible to solve. Late last month, an Internet privacy watchdog group revealed that the Central Intelligence Agency had contributed money for a counterterrorism project that promised, among other things, an automated surveillance system to monitor conversations on Internet chat rooms. Developed by two computer scientists at Rensselaer Polytechnic Institute in Troy, N.Y., as part of a National Science Foundation program called Approaches to Combat Terrorism, the chat room project takes aim at the possibility that terrorists could communicate through crowded public chat channels, where the flurry of disconnected, scrolling messages makes it difficult to know who is talking to whom. The automated software would monitor both the content and timing of messages to help isolate and identify conversations. Putting privacy concerns aside, some Internet specialists wonder whether such projects, even if successful, fail to acknowledge the myriad other ways terrorists can plot and communicate online. From free e-mail accounts and unsecured wireless networks to online programs that can shield Internet addresses and hide data, the opportunities to communicate covertly are utterly available and seemingly endless. Even after the Sept. 11 attacks, "the mass media, policy makers, and even security agencies have tended to focus on the exaggerated threat of cyberterrorism and paid insufficient attention to the more routine uses made of the Internet," Gabriel Weimann, a professor of communication at Haifa University in Israel, wrote in a report for the United States Institute of Peace this year. "Those uses are numerous and, from the terrorists' perspective, invaluable." Todd M. Hinnen, a trial attorney with the United States Justice Department's computer crime division, wrote an article on terrorists' use of the Internet for Columbia Science and Technology Law Review earlier this year. "There's no panacea," Mr. Hinnen said in an interview. "There has always been the possibility of meeting in dark alleys, and that was hard for law enforcement to detect." Now, every computer terminal with an Internet connection has the potential to become a dark alley. Shortly after Sept. 11, questions swirled around steganography, the age-old technique of hiding one piece of information within another. A digital image of a sailboat, for instance, might also invisibly hold a communiqui, a map or some other hidden data. A digital song file might contain blueprints for a desired target. But the troubling truth is that terrorists rarely have to be technically savvy to cloak their conversations. Even simple, prearranged code words can do the job when the authorities do not know whose e-mail to monitor or which Web sites to watch. Interviews conducted by Al Jazeera, the Arab television network, with the terror suspects Khalid Shaikh Mohammed and Ramzi bin al-Shibh two years ago (both have since been arrested), suggested that the Sept. 11 attackers communicated openly using prearranged code words. The "faculty of urban planning," for instance, referred to the World Trade Center. The Pentagon was the "faculty of fine arts." Other reports have suggested that Mohammed Atta, suspected of being the leader of the Sept. 11 hijackers, transmitted a final cryptic message to his co-conspirators over the Internet: "The semester begins in three more weeks. We've obtained 19 confirmations for studies in the faculty of law, the faculty of urban planning, the faculty of fine arts, and the faculty of engineering." And increasingly, new tools used to hide messages can quickly be found with a simple Web search. Dozens of free or inexpensive steganography programs are available for download. And there is ample evidence that terrorists have made use of encryption technologies, which are difficult to break. The arrest in Pakistan in July of Muhammad Naeem Noor Khan, thought to be an Al Qaeda communications specialist, for instance, yielded a trove of ciphered messages from his computers. Still, the mere act of encrypting a message could draw attention, so numerous software programs have been developed to hide messages in other ways. At one Web site, spammimic.com, a user can type in a phrase like "Meet me at Joe's" and have that message automatically converted into a lengthy bit of prose that reads like a spam message: "Dear Decision maker; Your e-mail address has been submitted to us indicating your interest in our briefing! This is a one-time mailing there is no need to request removal if you won't want any more," and so forth. The prose is then pasted into an e-mail message and sent. A recipient expecting the fake spam message can then paste it into the site's decoder and read the original message. Another free program will convert short messages into fake dialogue for a play. And still simpler schemes require no special software at all - or even the need to send anything. In one plan envisioned by Mr. Hinnen in his law review article, a group need only provide the same user name and password to all of its members, granting them all access to a single Web-based e-mail account. One member simply logs on and writes, but does not send, an e-mail message. Later, a co-conspirator, perhaps on the other side of the globe, logs on, reads the unsent message and then deletes it. "Because the draft was never sent," Mr. Hinnen wrote, the Internet service provider "does not retain a copy of it and there is no record of it traversing the Internet - it never went anywhere." The message would be essentially untraceable. Michael Caloyannides, a computer forensics specialist and a senior fellow at Mitretek Systems, a nonprofit scientific research organization based in Falls Church, Va., said the nature of a networked universe made it possible for just about anyone to communicate secretly. Conspirators do not even need to rely on code-hiding programs, because even automated teller machines can be used to send signals, Dr. Caloyannides explained, A simple withdrawal of $20 from an account in New York might serve as an instant message to an accomplice monitoring the account electronically from halfway around the world, for example. Dr. Caloyannides, who will conduct a workshop next May for government officials and others trying to track terrorist communications, also pointed to hundreds of digitally encrypted messages daily on public Usenet newsgroups. The messages often come from faked e-mail accounts; the intended recipients are often unknown. But a covert correspondent expecting a secret communiqui at a particular newsgroup need only download a batch of messages and then use an encryption key on one with some prearranged subject line, "like 'chocolate cake,' " Dr. Caloyannides said. Lt. Col. Timothy L. Thomas, an analyst at the United States Army's Foreign Military Studies Office at Fort Leavenworth, Kan., wrote last year in the journal Parameters, the U.S. Army War College quarterly, that the threat of cyberplanning may be graver than the threat of terrorist attacks on the world's networks. "We used to talk about the intent of a tank," Colonel Thomas explained in an interview. "If you saw one, you knew what it was for. But the intent of electrons - to deliver a message, deliver a virus, or pass covert information - is much harder to figure." This has long frustrated intelligence analysts, according to James Bamford, an author and a specialist on the National Security Agency. "In the cold war days, you knew which communications circuits to watch," he said. "We knew that most of it was high-frequency anyway, so we had the place surrounded by high-frequency intercepts. Those frequencies weren't going anywhere, so you just sat there with the headphones on and listened." The problem now, Mr. Bamford said, is that the corridors for communication have become infinite and accessible to everyone. "You just don't sit and listen to a particular channel," he said. "It's all over the place. It's a 'needle in the haystack' problem that you have." Russ Rogers, a former Arab linguist with the National Security Agency and the Defense Information Systems Agency, said he feared security agencies might not realize how dense the haystack has become. "We've become a little bit arrogant," said Mr. Rogers, the author of a new book, "Hacking a Terror Network: The Silent Threat of Covert Channels," which uses fictional situations to highlight the ways terrorists can communicate secretly online. "We feel like we created the Internet, that we've mastered the network," Mr. Rogers said. "But we're not paying attention to how it's being used to work against us." -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'