Blinky Rides Again: RCMP suspect al-Qaida messages
Lions and Tigers and Steganography, Nell... For those of you without a program, here is the new, official, Horsemen of the Infocalypse Scorecard: At 3:14 PM -0400 10/3/04, R. A. Hettinga wrote:
Horseman Color Character Nickname
1 Terrorism Red Shadow "Blinky" 2 Narcotics Pink Speedy "Pinky" 3 Money Laundering Aqua Bashful "Inky" 4 Paedophilia Yellow Pokey "Clyde"
Cheers, RAH ------- <http://cnews.canoe.ca/CNEWS/Canada/2004/12/08/pf-773871.html> December 8, 2004 RCMP suspect al-Qaida messages By JIM BRONSKILL OTTAWA (CP) - The RCMP has warned its investigators to be on the lookout for cleverly disguised messages embedded by al-Qaida in digital files police seize from terror suspects. An internal report obtained by The Canadian Press gives credence to the long-rumoured possibility Osama bin Laden's terrorist network and other extremist groups are using a technique known as steganography to hide the existence of sensitive communications. Steganography, from the Greek word stegos, meaning covered, and graphie, or writing, involves concealing a secret message or image within an apparently innocuous one. For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording. "Investigators in the course of their work on terrorist organizations and their members, including al-Qaida and affiliated groups, need to consider the possible use of steganography and seek to identify when steganography is known or suspected of being used," the report says. It recommends investigators consult the RCMP's technological crime program for assistance, including "comprehensive forensic examinations" of seized digital media. A heavily edited copy of the January 2004 report, Computer-assisted and Digital Steganography: Use by Al-Qaida and Affiliated Terrorist Organizations, was recently obtained from the Mounties under the Access to Information Act. Among the material stripped from the document is information on how best to detect, extract and view surreptitious messages. Steganography dates to before 400 B.C. The ancient Greeks hid messages in wax tablets, while invisible inks have long been used to convey secrets. Simple computer-assisted steganography helps apply such traditional methods in an electronic environment, the report notes. The messages may also be scrambled using cryptography to prevent them falling into the wrong hands. The RCMP seems especially concerned, however, about digital steganography - the use of special computer programs to embed messages. "There now exist nearly 200 software packages which perform digital steganography," the report says. A limited number of publicly available software tools are designed to detect the use of steganography, but the "success rate of these tools is questionable," the RCMP adds. Some only detect the use of specific software, while others are useful for scouring only certain types of files in which the secret message may be hidden. There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques. The phenomenon is "deeply troubling," said David Harris, a former Canadian Security Intelligence Service officer now with Ottawa-based Insignis Strategic Research. He suggested any delay in detecting disguised messages could be disastrous. "We're talking very often about time-sensitive issues: where is the bomb? Who's operating in connection with whom?" he said. "On that kind of basis, this is really, really disturbing as a development." Harris also questioned whether western security agencies have sufficient personnel and resources to uncover the messages. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
What a fuckin' joke. You mean they're only now realizing that Al-Qaeda could use stego? Do they think they're stupid? Nah...certainly the NSA are fully prepared to handle this. I doubt it's much of a development at all to those in the know. -TD
From: "R.A. Hettinga" <rah@shipwright.com> To: cryptography@metzdowd.com, cypherpunks@al-qaeda.net, osint@yahoogroups.com Subject: Blinky Rides Again: RCMP suspect al-Qaida messages Date: Thu, 9 Dec 2004 09:14:41 -0500
Lions and Tigers and Steganography, Nell...
For those of you without a program, here is the new, official, Horsemen of the Infocalypse Scorecard:
At 3:14 PM -0400 10/3/04, R. A. Hettinga wrote:
Horseman Color Character Nickname
1 Terrorism Red Shadow "Blinky" 2 Narcotics Pink Speedy "Pinky" 3 Money Laundering Aqua Bashful "Inky" 4 Paedophilia Yellow Pokey "Clyde"
Cheers, RAH -------
<http://cnews.canoe.ca/CNEWS/Canada/2004/12/08/pf-773871.html> December 8, 2004
RCMP suspect al-Qaida messages By JIM BRONSKILL
OTTAWA (CP) - The RCMP has warned its investigators to be on the lookout for cleverly disguised messages embedded by al-Qaida in digital files police seize from terror suspects.
An internal report obtained by The Canadian Press gives credence to the long-rumoured possibility Osama bin Laden's terrorist network and other extremist groups are using a technique known as steganography to hide the existence of sensitive communications.
Steganography, from the Greek word stegos, meaning covered, and graphie, or writing, involves concealing a secret message or image within an apparently innocuous one.
For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording.
"Investigators in the course of their work on terrorist organizations and their members, including al-Qaida and affiliated groups, need to consider the possible use of steganography and seek to identify when steganography is known or suspected of being used," the report says.
It recommends investigators consult the RCMP's technological crime program for assistance, including "comprehensive forensic examinations" of seized digital media.
A heavily edited copy of the January 2004 report, Computer-assisted and Digital Steganography: Use by Al-Qaida and Affiliated Terrorist Organizations, was recently obtained from the Mounties under the Access to Information Act.
Among the material stripped from the document is information on how best to detect, extract and view surreptitious messages.
Steganography dates to before 400 B.C. The ancient Greeks hid messages in wax tablets, while invisible inks have long been used to convey secrets.
Simple computer-assisted steganography helps apply such traditional methods in an electronic environment, the report notes. The messages may also be scrambled using cryptography to prevent them falling into the wrong hands.
The RCMP seems especially concerned, however, about digital steganography - the use of special computer programs to embed messages.
"There now exist nearly 200 software packages which perform digital steganography," the report says.
A limited number of publicly available software tools are designed to detect the use of steganography, but the "success rate of these tools is questionable," the RCMP adds.
Some only detect the use of specific software, while others are useful for scouring only certain types of files in which the secret message may be hidden.
There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques.
The phenomenon is "deeply troubling," said David Harris, a former Canadian Security Intelligence Service officer now with Ottawa-based Insignis Strategic Research.
He suggested any delay in detecting disguised messages could be disastrous.
"We're talking very often about time-sensitive issues: where is the bomb? Who's operating in connection with whom?" he said.
"On that kind of basis, this is really, really disturbing as a development."
Harris also questioned whether western security agencies have sufficient personnel and resources to uncover the messages.
-- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
On Thu, 9 Dec 2004, Tyler Durden wrote:
What a fuckin' joke. You mean they're only now realizing that Al-Qaeda could use stego? Do they think they're stupid?
Nah...certainly the NSA are fully prepared to handle this. I doubt it's much of a development at all to those in the know.
-TD
As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored. While the various alphabets have had a few years to get up to speed, the idea that they are still 99% ignorant does not surprise me in the least. //Alif -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
Oh, general cluelessness doesn't suprise me. What suprises me is that the writer of the original article seemed to believe that Stego was a new development. Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then? (I assume the answer is 'no'...they'll be smart enough at least to recognize that this was something around for a while that they were unaware of). NSA folks, on the other hand, I would assume have a soft version of a Variola Stego suitcase...able to quickly detect the presence of pretty much any kind of stego and then perform some tests to determine what kind was used. I bet they've been aware of Al Qaeda stego for a long time...that's probably the kind of thing they are very very good at. In the end it probably comes down to Arabic, however, and that language has many built-in ways of deflecting the uninitiated. I'd bet even NSA has a hard time understanding an Arabic language message, even after they de-stego and translate it. -TD
From: "J.A. Terranson" <measl@mfn.org> To: Tyler Durden <camera_lumina@hotmail.com> CC: rah@shipwright.com, cryptography@metzdowd.com, cypherpunks@al-qaeda.net, osint@yahoogroups.com Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages Date: Thu, 9 Dec 2004 12:19:55 -0600 (CST)
On Thu, 9 Dec 2004, Tyler Durden wrote:
What a fuckin' joke. You mean they're only now realizing that Al-Qaeda could use stego? Do they think they're stupid?
Nah...certainly the NSA are fully prepared to handle this. I doubt it's much of a development at all to those in the know.
-TD
As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored.
While the various alphabets have had a few years to get up to speed, the idea that they are still 99% ignorant does not surprise me in the least.
//Alif
-- Yours,
J.A. Terranson sysadmin@mfn.org 0xBD4A95BF
Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable.
The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top.
Rev Dr Michael Ellner
On Thu, 9 Dec 2004, Tyler Durden wrote:
Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then?
Thats an interesting question on several different levels: (1) There is (both within LEAs and the rest of us) a wide range of opinions as to the feasability of stego being used in the field for anything useful. Remember that USA "professional spies" (who spent over a year learning tradcraft IIRC) had continuous problems with very simple encryptions/decryptions in the real world. (2) The folks in the "Al Qaeda is Satan" camp generally believe that not only is stego in wide use, but that AlQ has somehow managed to turn it into a high bandwidth channel which is being used every day to Subvert The American Way Of Life and infect Our Precious Bodily Fluids. No amount of education seems to dissuade these people from their misbeliefs. (3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp. (4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense? -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
J.A. Terranson wrote:
On Thu, 9 Dec 2004, Tyler Durden wrote:
Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then?
Thats an interesting question on several different levels:
(1) There is (both within LEAs and the rest of us) a wide range of opinions as to the feasability of stego being used in the field for anything useful. Remember that USA "professional spies" (who spent over a year learning tradcraft IIRC) had continuous problems with very simple encryptions/decryptions in the real world.
(2) The folks in the "Al Qaeda is Satan" camp generally believe that not only is stego in wide use, but that AlQ has somehow managed to turn it into a high bandwidth channel which is being used every day to Subvert The American Way Of Life and infect Our Precious Bodily Fluids. No amount of education seems to dissuade these people from their misbeliefs.
(3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp.
(4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense?
It only makes sense that transmitted stego payloads be simple codewords or signals. For hand carried chunks of data, simple disguise is sufficient The bulk transport of dangerous data is a threat model that doesnt fit the situation. Perhaps LEA confuse themselves thinking al-q is inciting a cultural revolution? . .
On Thu, 9 Dec 2004, R.W. (Bob) Erickson wrote:
Perhaps LEA confuse themselves thinking al-q is inciting a cultural revolution?
In all seriousness, there is some of that fear within the LE community. I'm sure it's about the same as when the weathermen were running around the pentagon's bathrooms (i.e., a very small subset of only the dumbest LEAs belive it), but that is certainly in the background noise. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
-- On 9 Dec 2004 at 16:15, J.A. Terranson wrote:
(3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp.
I have used stego for practical purposes. The great advantage of stego is that it conceals your threat model. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG aV25L9tGoz00uU3bzcY+rbFDV5nX9BCkK67CRwcd 4mBXnVakFBPiPRCdugeDolUdtnd8iueWgYFwR3Pch
--- "R.A. Hettinga" <rah@shipwright.com> wrote:
Lions and Tigers and Steganography, Nell...
For those of you without a program, here is the new, official, Horsemen of the Infocalypse Scorecard:
At 3:14 PM -0400 10/3/04, R. A. Hettinga wrote:
Horseman Color Character Nickname
1 Terrorism Red Shadow "Blinky" 2 Narcotics Pink Speedy "Pinky" 3 Money Laundering Aqua Bashful "Inky" 4 Paedophilia Yellow Pokey "Clyde"
Cheers, RAH -------
<http://cnews.canoe.ca/CNEWS/Canada/2004/12/08/pf-773871.html> December 8, 2004
RCMP suspect al-Qaida messages By JIM BRONSKILL
<snort> The RCMP couldn't find a hidden terrorist message even if someone shoved half of it up the ass of Commissioner Giuliano Zaccardelli, and the other half up the ass of Deputy Commissioner Paul Gauvin, and then sent them a map with clear directions written on it leading directly to the location of both assholes. No, I don't like them at all. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
Steve Thompson wrote:
--- "R.A. Hettinga" <rah@shipwright.com> wrote:
Lions and Tigers and Steganography, Nell...
For those of you without a program, here is the new, official, Horsemen of the Infocalypse Scorecard:
At 3:14 PM -0400 10/3/04, R. A. Hettinga wrote:
Horseman Color Character Nickname
1 Terrorism Red Shadow "Blinky" 2 Narcotics Pink Speedy "Pinky" 3 Money Laundering Aqua Bashful "Inky" 4 Paedophilia Yellow Pokey "Clyde"
Cheers, RAH -------
<http://cnews.canoe.ca/CNEWS/Canada/2004/12/08/pf-773871.html> December 8, 2004
RCMP suspect al-Qaida messages By JIM BRONSKILL
<snort>
The RCMP couldn't find a hidden terrorist message even if someone shoved half of it up the ass of Commissioner Giuliano Zaccardelli, and the other half up the ass of Deputy Commissioner Paul Gauvin, and then sent them a map with clear directions written on it leading directly to the location of both assholes.
No, I don't like them at all.
Regards,
Steve
______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
You tell them, Steve Insanity is a great cover for an insurectionist!
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote:
Steve Thompson wrote:
[assholes]
You tell them, Steve
I believe I just did.
Insanity is a great cover for an insurectionist!
I suppose it could be, although I am give to belive that residents of the White Room Hotel may only carry out insurection in the program room, and even then only while under direct adult supervision. I have been told that this makes the task somewhat more difficult, what with the sometimes necessity of colouring outside the lines on the page (so to speak). Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
Steve Thompson wrote:
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote:
Steve Thompson wrote:
[assholes]
You tell them, Steve
I believe I just did.
Insanity is a great cover for an insurectionist!
I suppose it could be, although I am give to belive that residents of the White Room Hotel may only carry out insurection in the program room, and even then only while under direct adult supervision. I have been told that this makes the task somewhat more difficult, what with the sometimes necessity of colouring outside the lines on the page (so to speak).
Regards,
Steve
______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
Yes, you have a point there.I guess a better cover would be as local coordinator of Neighborhood Watch --bob
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote:
Steve Thompson wrote:
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote: [Colouring outside the lines]
Yes, you have a point there.I guess a better cover would be as local coordinator of Neighborhood Watch
c.f. "Take back the night", et. cetera. (And put it where?) Anyhow, isn't insurrection illegal or something? ISTR reading about the natural right of the corrupt state to exist unconditionally, and it's obligation to crush any question of change for any reason. The structure of the state in fact defines its identity as a 'person'; and since changeing the state structure could be viewed as the murder of the state's personality, the state has the right, nay, obligation to preserve its identity unchanged. (Isn't this pretty much polysci 101 material?) Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
Steve Thompson wrote:
c.f. "Take back the night", et. cetera. (And put it where?)
Anyhow, isn't insurrection illegal or something? ISTR reading about the natural right of the corrupt state to exist unconditionally, and it's obligation to crush any question of change for any reason.
The structure of the state in fact defines its identity as a 'person'; and since changeing the state structure could be viewed as the murder of the state's personality, the state has the right, nay, obligation to preserve its identity unchanged. (Isn't this pretty much polysci 101 material?)
Regards,
Steve
Yep, the state fights to preserve its "life" while the people suffer their own. The mistake of top down thinking lies in the inability to really model large populations with rules, too much of the action happens at the fine grained level of every day staying alive. When change comes, it will happen as the cummulative effects of millions of stuborn folk who subvert excessive authourity, 'cause they need to. As the state tries to squeeze more gold out of the untaxed ecconomy ordinary people will swarm to new work-arounds --bob cpunks write scripts
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote:
Steve Thompson wrote:
[take back the night]
Yep, the state fights to preserve its "life" while the people suffer their own. The mistake of top down thinking lies in the inability to really model large populations with rules, too much of the action happens at the fine grained level of every day staying alive.
Actually, there's a false dichotomy there, but the misconception is so common that nobody notices it.
When change comes, it will happen as the cummulative effects of millions of stuborn folk who subvert excessive authourity, 'cause they need to.
Perhaps not. It may be that enough people are not too inconvenienced by the way things are today (and tomorrow). Only people on the margins will be affected in that scenario, which is largely insignificant to the perpetuation of the corrupt state. Right?
As the state tries to squeeze more gold out of the untaxed ecconomy ordinary people will swarm to new work-arounds
And so it goes.
--bob cpunks write scripts
And code. Can't forget the code. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
On 2004-12-10T15:50:22-0500, Steve Thompson wrote:
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote:
Steve Thompson wrote:
--- "R.W. (Bob) Erickson" <roberte@ripnet.com> wrote: [Colouring outside the lines]
Yes, you have a point there.I guess a better cover would be as local coordinator of Neighborhood Watch
c.f. "Take back the night", et. cetera. (And put it where?)
Anyhow, isn't insurrection illegal or something? ISTR reading about the natural right of the corrupt state to exist unconditionally, and it's obligation to crush any question of change for any reason.
The structure of the state in fact defines its identity as a 'person'; and since changeing the state structure could be viewed as the murder of the state's personality, the state has the right, nay, obligation to preserve its identity unchanged. (Isn't this pretty much polysci 101 material?)
Not typically. The idea that the state has its own identity is obvious, because it has a name -- the "state". It is clearly an atomic entity, in the same sense as a beehive or ant colony (to borrow unapologetically from R. Dawkins). However, discussion of the state as an singular entity that acts to preserve itself is typically delayed until study of Leviathan. Then it's expanded when studying Kant's theory of International Relations. Those are typically 2nd-year courses, at a minimum. IR is typically 3rd or 4th year, but Leviathan is discussed in any number of classes, just not polysci 101.
--- Justin <justin-cypherpunks@soze.net> wrote:
state's personality, the state has the right, nay, obligation to
On 2004-12-10T15:50:22-0500, Steve Thompson wrote: [snip] preserve
its identity unchanged. (Isn't this pretty much polysci 101 material?)
Not typically. The idea that the state has its own identity is obvious, because it has a name -- the "state". It is clearly an atomic entity, in the same sense as a beehive or ant colony (to borrow unapologetically from R. Dawkins). However, discussion of the state as an singular entity that acts to preserve itself is typically delayed until study of Leviathan. Then it's expanded when studying Kant's theory of International Relations.
This is what happens when one picks up ideas from people who present them second-hand (or at even greater distances from their origin) and who do not make proper footnotes.
Those are typically 2nd-year courses, at a minimum. IR is typically 3rd or 4th year, but Leviathan is discussed in any number of classes, just not polysci 101.
My bad. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
* R. A. Hettinga quotes a news article:
There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques.
As far as I know, these news stories can be tracked back to a particular USA Today story. There's also been a bunch of stories how a covert channel in TCP could be used by terrorists to hide their communication. Unfortunately, when such stories are retold for the second time, the "could be used" part tends to change to "is used". 8-(
On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | > There have been numerous media reports in recent years that terrorist | > groups, including al-Qaida, were using steganographic techniques. | | As far as I know, these news stories can be tracked back to a | particular USA Today story. There's also been a bunch of stories how | a covert channel in TCP could be used by terrorists to hide their | communication. There's very good evidence that Al Qaida does *not* use strong crypto. I blogged on this at http://www.emergentchaos.com/archives/000561.html is was the first time I'd given such a talk since 9/11. It wasn't useful after we'd made the decision to stop hemorrhaging money by shutting down the Freedom Network. (That was May or June of 2001.) So I did a fair bit of reading about Al Qaeda's use of crypto. One of the more interesting techniques I found was the 'draft message' method. (http://www.jihadwatch.org/archives/002871.php) It seems consistent that Al Qaeda prefers being 'fish in the sea' to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they're almost right! We love that they use bad crypto.) There's other evidence for this. In particular, the laptops captured have been exploited very quickly, in one case by a Wall St Journal reporter. So rumors of steganography or advanced crypto techniques have a burden of proof on them. And see the link there to Ian Grigg's http://www.financialcryptography.com/mt/archives/000246.html
* Adam Shostack:
On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | > There have been numerous media reports in recent years that terrorist | > groups, including al-Qaida, were using steganographic techniques. | | As far as I know, these news stories can be tracked back to a | particular USA Today story. There's also been a bunch of stories how | a covert channel in TCP could be used by terrorists to hide their | communication.
There's very good evidence that Al Qaida does *not* use strong crypto.
However, they use some form of crypto. From a recent press release of our attorney general: | Als mitgliedschaftliche Betdtigung im Sinne der Strafvorschrift des ' | 129b StGB f|r die "Ansar al Islam" wird den Beschuldigten vor allem | zur Last gelegt, einen Mordanschlag auf den irakischen | Ministerprdsidenten wdhrend seines Staatsbesuches in Deutschland am | 2. und 3. Dezember 2004 geplant zu haben. Dies ergibt sich aus dem | Inhalt einer Vielzahl zwischen den Beschuldigten seit dem 28. November | 2004 verschl|sselt gef|hrter Telefongesprdche <http://www.generalbundesanwalt.de/news/index.php?Artikel=158&Thema=5&Start=0
(Very rough translation: "The persons are accused of being members of "Ansar al Islam" and planning the assassination of the Iraqi prime minister during his visit to Germany on the 2nd and 3rd December, 2004. This follows from the contents of a multitude of encrypted telephone calls the accussed exchanged since November 28, 2004.") Probably, they just used code words, and no "real" cryptography. I'm trying to obtain a confirmation, though.
It seems consistent that Al Qaeda prefers being 'fish in the sea' to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they're almost right! We love that they use bad crypto.)
Right. Although only based on very limited experiences, where I've come across those in "interesting lines of business", the strong impression I get is that they would not touch any new or geeky tool that had some claimed benefits that couldn't be proven on examination. This was most forcefully put to me by a dealer of narcotics in Amsterdam (I wasn't buying, just trying to be polite at a party ;) who said that he and his like would not use any of the payment systems that had supposed privacy built in, as they assumed that the makers were lying about the privacy provisions. As far as 3 systems that the guy was aware of, he was dead right twice, and for the third, I'd say he was approximately right. So, if this is a valid use case and we can extend from small time narcotics payments to big time terrorism chitchat, we could suggest that they will be using standard people tools, and trying hard to stay unobservable in the mass of traffic. In this sense, one could say they were using steganography, but I think it is more useful to say they are simply staying out of sight. Either way, the public policy implication is to challenge any specious claims of how we need to control XXX because terrorists use it. In the case of crypto, it would appear they don't use much, and what's more, they shouldn't.
And see the link there to Ian Grigg's http://www.financialcryptography.com/mt/archives/000246.html
I was hoping that the 'Terrorist Encyclopedia' had made its way to somewhere like smoking gun or cryptome by now. iang
For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording.
Of course, the _real_ message wasn't hidden in subtle stego bits - it was whether the picture was Bush's dog, Cheney's dog, or Blair's dog.
It recommends investigators consult the RCMP's technological crime program for assistance, including "comprehensive forensic examinations" of seized digital media.
The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about "copy the disk and return the computer" that came out of the Steve Jackson case, not that they're always followed; I don't know if the Canadians are more or less polite about returning computers, but this kind of thing increases the chances of harassment of various ethnic and political organizations "We're keeping your computer as evidence of potential crimes, but we haven't actually charged you with a crime yet and won't do so unless we can find the hidden stego evidence." ---- Bill Stewart bill.stewart@pobox.com
On Sat, 11 Dec 2004, Bill Stewart wrote:
The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about "copy the disk and return the computer" that came out of the Steve Jackson case, not that they're always followed;
Actually (at least here in the Midwest), it's copy ("image") the machine and provide a copy of that image. The computer and original drive stay locked in the evidence locker till the case is over. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
--- "J.A. Terranson" <measl@mfn.org> wrote:
On Sat, 11 Dec 2004, Bill Stewart wrote:
The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about "copy the disk and return the computer" that came out of the Steve Jackson case, not that they're always followed;
Actually (at least here in the Midwest), it's copy ("image") the machine and provide a copy of that image. The computer and original drive stay locked in the evidence locker till the case is over.
From a purely technical perspective, there is no possible reason why the
I can't say what the legal practice is in Canada. I imagine it depends on whether the legal proceedings are politically charged; whether the cops are out to discover evidence, or if they are looking to destroy evidence; or any of a number of motivating factors. police would ever need to keep the computers and all copies of data related to an investigation. It is possible to image everything on a hard disk in an afternoon, including the extra bits available through, say, the, READ LONG(10) command in the SCSI protocol, which are normally used for ECC and CRC on each sector. Depending on the device, it may also be possible to access the spares tracks. In the rare event that a forensics firm is looking to scoop data that was overwritten, the police should be able to provide a copy of the original data back to the individual or business at a trivial cost in comparison to the costs of the forensic proceedures. Apart from data stored in flash memory, or similar less common places, there is no good reason why the actual computer hardware would need to be confiscated, except in the most exceptional circumstances where in-situ testing might need to be done with the original equipment. But in that case, the police should be required to acquire hardware that duplicates the original, so that they cannot be said to have tampered or damaged the originals. For correctness, the original computer equipment should be used once for the acquisition of a read-only copy of the data residing on it. However, it seems that the police will pretend that they are more incompetent than they actually are in order to use confiscation as extra-judicial punishment -- and that is just the common case where there are only legitimate legal proceedings at issue. In some cases, the police (in canada) are apparently willing to go to great lengths to destroy evidence and impose extra-judicial sanction on the subject of an `investigation', which may not exist at all in a legal sense, by way of employing clandestine tactics. In terms of my experience, the near total loss of my computers and other materials was carried out over a period of about three years, in an incrimental fashion that did not have even the pretense of legitimacy, but which nevertheless accompanied a subtle PR campaign that sought to suggest that there was some sort of hush-hush investigation that as a result of so-called exceptional circumstances, necessitated the particular methods that I observed. Total bullshit, actually, but we know that SpookWorld is exempt from the normal rules of civilised behaviour because of the special nature of its denizens. Anyhow, my assessment of the needs of computer forensic proceedures is probably quite accurate. The reality of conflicting and extra-legal agendas at work in some cases (such as the Steve Jackson incident) has apparently dictated a deliberately 'stupid' approach on the part of law enforcement personnel when it suits them. Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
participants (11)
-
Adam Shostack -
Bill Stewart -
Florian Weimer -
Ian Grigg -
J.A. Terranson -
James A. Donald -
Justin -
R.A. Hettinga -
R.W. (Bob) Erickson -
Steve Thompson -
Tyler Durden