dmolnar wrote:

Does anyone have pointers to documented instances of terrorists or criminals using stego or crypto? As opposed to the speculation recently seen regarding Osama bin Laden.

I very strongly suspect there's been no documented criminal use of stego in the computer age; we'd have heard it trumpeted in the past few weeks. Criminal use seems to be pretty rare but not unheard of. The FBI put a keyboard bug in Scarfo's computer because he was using PGP and they couldn't read his mail or files. I vaguely recall complaints that Echelon couldn't evesdrop on some European companies suspected of some form of nefarious dealings because they used encryption. Take that with a grain of salt, because I can't remember details, can't find a link, and may be remembering a hypothetical rather than an actual event. I've heard of a few cases where someone was attempting to use crypto (PGPDisk, probably) to encrypt the files on his computer, but did it wrong and the cops were able to read them. No details here, either; sorry. You can also find more criminal use of crypto when you consider that mere use of crypto has been criminalized in some places; I assume that's not what you were looking for. Terrorist use of crypto seems to be purely hypothetical at this point. It's probably being used, but no one's documented it that I've come across. Same caveat as above; if you expand the definition of terrorist to include Jim Bell, then there is certainly terrorist use of encryption. SRF -- Steve Furlong Computer Condottiere Have GNU, Will Travel 617-670-3793 "Good people do not need laws to tell them to act responsibly while bad people will find a way around the laws." -- Plato

At 07:25 PM 10/10/01 -0400, dmolnar wrote:

Hi,

Does anyone have pointers to documented instances of terrorists or criminals using stego or crypto? As opposed to the speculation recently seen regarding Osama bin Laden.

Thanks much, -David Molnar

The FBI docs (from cryptome.org, IIRC) mention that all the hijackers paid in *cash*, with *none* of them buying over the net (and using SSL in the process). Several of them *did* use the net to *reserve* but not pay for tickets; they probably wouldn't have used crypto (SSL) for that. \begin{rambling} There is *no* solid evidence that they used crypto in the open source literature. There are recent nearly-unverifiable claims that invisible writing (stego) was used; these claims would be made in any case, to condemn stego. Claims about videotape stego are now being made (10/10/01) and the videonetworks have bent over for it. Still, I wouldn't want to be scanning the latest Playboy to email to my brother in <random arabic country> right now. I've not even heard (not that that means much these days) reports of the hijackers' computers being seized. I would expect them to have use disk encryptors, e.g., in case their machine was stolen or needed repair. For communications security, the hijackers may have worried about traffic analysis too much. Maybe you'll have to give a fingerprint to use a library's machines from now on. \end{}