All Horsemen, All the Time: On the Open Internet, a Web of Dark Alleys

[R.A. Hettinga]

Horsemen of the Infocalypse, that is...

Cheers,
RAH
-------

<http://www.nytimes.com/2004/12/20/technology/20covert.html?th=&pagewanted=print&position=>

The New York Times

December 20, 2004

On the Open Internet, a Web of Dark Alleys
 By TOM ZELLER Jr.


The indictment early this month of Mark Robert Walker by a federal grand
jury in Texas might have seemed a coup for the government in its efforts to
police terrorist communications online. Mr. Walker, a 19-year-old student,
is accused, among other things, of using his roommate's computer to
communicate with - and offer aid to - a federally designated terrorist
group in Somalia and with helping to run a jihadist Web site.

 "I hate the U.S. government," is among the statements Mr. Walker is said
to have posted online. "I wish I could have been flying one of the planes
on Sept. 11."

By international terror standards, it was an extremely low-level bust. But
the case, which was supposedly broken only after Mr. Walker's roommate
tipped off the police, highlights the near impossibility of tracking
terrorist communications online.

 Even George J. Tenet, the former director of central intelligence,
speaking on the vulnerabilities of the nation's computer networks at a
technology security conference on Dec. 1, noted the ability of terrorists
to "work anonymously and remotely to inflict enormous damage at little cost
or risk to themselves." He called for a wholesale taming of cyberspace.

 "I know that these actions would be controversial in this age where we
still think the Internet is a free and open society with no control or
accountability," Mr. Tenet said, "But, ultimately, the Wild West must give
way to governance and control."

Even if the government is able to shore up its networks against attack -
one of many goals set forth by the intelligence reform bill passed last
week - the ability of terrorists and other dark elements to engage in
covert communications online remains a daunting security problem, and one
that may prove impossible to solve.

 Late last month, an Internet privacy watchdog group revealed that the
Central Intelligence Agency had contributed money for a counterterrorism
project that promised, among other things, an automated surveillance system
to monitor conversations on Internet chat rooms. Developed by two computer
scientists at Rensselaer Polytechnic Institute in Troy, N.Y., as part of a
National Science Foundation program called Approaches to Combat Terrorism,
the chat room project takes aim at the possibility that terrorists could
communicate through crowded public chat channels, where the flurry of
disconnected, scrolling messages makes it difficult to know who is talking
to whom. The automated software would monitor both the content and timing
of messages to help isolate and identify conversations.

 Putting privacy concerns aside, some Internet specialists wonder whether
such projects, even if successful, fail to acknowledge the myriad other
ways terrorists can plot and communicate online. From free e-mail accounts
and unsecured wireless networks to online programs that can shield Internet
addresses and hide data, the opportunities to communicate covertly are
utterly available and seemingly endless.

Even after the Sept. 11 attacks, "the mass media, policy makers, and even
security agencies have tended to focus on the exaggerated threat of
cyberterrorism and paid insufficient attention to the more routine uses
made of the Internet," Gabriel Weimann, a professor of communication at
Haifa University in Israel, wrote in a report for the United States
Institute of Peace this year. "Those uses are numerous and, from the
terrorists' perspective, invaluable."

 Todd M. Hinnen, a trial attorney with the United States Justice
Department's computer crime division, wrote an article on terrorists' use
of the Internet for Columbia Science and Technology Law Review earlier this
year. "There's no panacea," Mr. Hinnen said in an interview. "There has
always been the possibility of meeting in dark alleys, and that was hard
for law enforcement to detect."

 Now, every computer terminal with an Internet connection has the potential
to become a dark alley.

 Shortly after Sept. 11, questions swirled around steganography, the
age-old technique of hiding one piece of information within another. A
digital image of a sailboat, for instance, might also invisibly hold a
communiqui, a map or some other hidden data. A digital song file might
contain blueprints for a desired target.

 But the troubling truth is that terrorists rarely have to be technically
savvy to cloak their conversations. Even simple, prearranged code words can
do the job when the authorities do not know whose e-mail to monitor or
which Web sites to watch. Interviews conducted by Al Jazeera, the Arab
television network, with the terror suspects Khalid Shaikh Mohammed and
Ramzi bin al-Shibh two years ago (both have since been arrested), suggested
that the Sept. 11 attackers communicated openly using prearranged code
words. The "faculty of urban planning," for instance, referred to the World
Trade Center. The Pentagon was the "faculty of fine arts."

 Other reports have suggested that Mohammed Atta, suspected of being the
leader of the Sept. 11 hijackers, transmitted a final cryptic message to
his co-conspirators over the Internet: "The semester begins in three more
weeks. We've obtained 19 confirmations for studies in the faculty of law,
the faculty of urban planning, the faculty of fine arts, and the faculty of
engineering."

And increasingly, new tools used to hide messages can quickly be found with
a simple Web search. Dozens of free or inexpensive steganography programs
are available for download. And there is ample evidence that terrorists
have made use of encryption technologies, which are difficult to break. The
arrest in Pakistan in July of Muhammad Naeem Noor Khan, thought to be an Al
Qaeda communications specialist, for instance, yielded a trove of ciphered
messages from his computers.

Still, the mere act of encrypting a message could draw attention, so
numerous software programs have been developed to hide messages in other
ways.

 At one Web site, spammimic.com, a user can type in a phrase like "Meet me
at Joe's" and have that message automatically converted into a lengthy bit
of prose that reads like a spam message: "Dear Decision maker; Your e-mail
address has been submitted to us indicating your interest in our briefing!
This is a one-time mailing there is no need to request removal if you won't
want any more," and so forth.

The prose is then pasted into an e-mail message and sent. A recipient
expecting the fake spam message can then paste it into the site's decoder
and read the original message.

 Another free program will convert short messages into fake dialogue for a
play. And still simpler schemes require no special software at all - or
even the need to send anything.

 In one plan envisioned by Mr. Hinnen in his law review article, a group
need only provide the same user name and password to all of its members,
granting them all access to a single Web-based e-mail account. One member
simply logs on and writes, but does not send, an e-mail message. Later, a
co-conspirator, perhaps on the other side of the globe, logs on, reads the
unsent message and then deletes it.

 "Because the draft was never sent," Mr. Hinnen wrote, the Internet service
provider "does not retain a copy of it and there is no record of it
traversing the Internet - it never went anywhere." The message would be
essentially untraceable.

 Michael Caloyannides, a computer forensics specialist and a senior fellow
at Mitretek Systems, a nonprofit scientific research organization based in
Falls Church, Va., said the nature of a networked universe made it possible
for just about anyone to communicate secretly. Conspirators do not even
need to rely on code-hiding programs, because even automated teller
machines can be used to send signals, Dr. Caloyannides explained,

 A simple withdrawal of $20 from an account in New York might serve as an
instant message to an accomplice monitoring the account electronically from
halfway around the world, for example.

Dr. Caloyannides, who will conduct a workshop next May for government
officials and others trying to track terrorist communications, also pointed
to hundreds of digitally encrypted messages daily on public Usenet
newsgroups. The messages often come from faked e-mail accounts; the
intended recipients are often unknown. But a covert correspondent expecting
a secret communiqui at a particular newsgroup need only download a batch of
messages and then use an encryption key on one with some prearranged
subject line, "like 'chocolate cake,' " Dr. Caloyannides said.

 Lt. Col. Timothy L. Thomas, an analyst at the United States Army's Foreign
Military Studies Office at Fort Leavenworth, Kan., wrote last year in the
journal Parameters, the U.S. Army War College quarterly, that the threat of
cyberplanning may be graver than the threat of terrorist attacks on the
world's networks.

 "We used to talk about the intent of a tank," Colonel Thomas explained in
an interview. "If you saw one, you knew what it was for. But the intent of
electrons - to deliver a message, deliver a virus, or pass covert
information - is much harder to figure."

This has long frustrated intelligence analysts, according to James Bamford,
an author and a specialist on the National Security Agency.

 "In the cold war days, you knew which communications circuits to watch,"
he said. "We knew that most of it was high-frequency anyway, so we had the
place surrounded by high-frequency intercepts. Those frequencies weren't
going anywhere, so you just sat there with the headphones on and listened."

 The problem now, Mr. Bamford said, is that the corridors for communication
have become infinite and accessible to everyone. "You just don't sit and
listen to a particular channel," he said. "It's all over the place. It's a
'needle in the haystack' problem that you have."

 Russ Rogers, a former Arab linguist with the National Security Agency and
the Defense Information Systems Agency, said he feared security agencies
might not realize how dense the haystack has become.

 "We've become a little bit arrogant," said Mr. Rogers, the author of a new
book, "Hacking a Terror Network: The Silent Threat of Covert Channels,"
which uses fictional situations to highlight the ways terrorists can
communicate secretly online.

 "We feel like we created the Internet, that we've mastered the network,"
Mr. Rogers said. "But we're not paying attention to how it's being used to
work against us."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'