Originally created 10/10/01

How terrorists hide messages online



To terrorist cells such as Al Qaeda, a picture on the Web can be worth thousands of words.

Employing the 21st century version of a concept as old as secrets themselves, alleged terrorists affiliated with Osama bin Laden are believed to have exploited the vastness of the Internet to hide messages between conspirators in what amounts to plain sight.

According to declassified intelligence reports, court testimony and computer security experts, bin Laden's network has been a pioneer in adapting the ancient art of steganography to the Internet. U.S. officials and high-tech researchers seeking to counter such techniques are scrambling for methods to detect or derail them.

Online steganography - derived from the Greek words meaning "covered writing" - essentially involves hiding information or communications inside something so unremarkable that no one would suspect it's there. It's the cyber-equivalent of invisible ink or the "dead drops" that spies use to pass secrets.

Experts say Al Qaeda, along with the Palestinian terrorist groups Hezbollah and Hamas, have used computer software available for free on the Internet to communicate via virtually undetectable messages embedded electronically within innocuous photographs or music files of the sort that millions of Internet users send to each other each day.

Using it as a ruse, bin Laden's terror operatives allegedly have been able to bury maps, diagrams, photos of targets and messages within popular music, auction and sports sites as well as pornographic chat rooms - incongruous territory for devout Muslim fundamentalists.

Secrets even can be hidden in spam, the millions of unwanted e-mail messages ricocheting daily across the Internet that barely register with most users before they delete them. Communicating this way makes it extraordinarily difficult for law enforcement to pick up on, much less interdict or trace.

"The sender can transmit a message without ever communicating directly with the receiver. There is no e-mail between them, no remote logins, no instant messages," wrote Bruce Schneier of Counterpane Internet Security. "Steganography is a good way for terrorist cells to communicate... without any group knowing the identity of the other."

It's an old concept, written about in 474 B.C. by Greek historian Herodotus, who described how Histiaeus of Miletus shaved the head of a slave and tattooed a secret message on his scalp. When the slave's hair grew back, Histiaeus dispatched him to the Greeks, who shaved the slave's head and read the message.

During World War II, invisible ink was used by all sides. And the Germans perfected the use of "microdots," in which a page of writing could be reduced to the size of a dot on a letter - only to be enlarged by the recipients and read.

Computer steganography essentially piggy-backs information on empty or unimportant spaces in digital files. But those who want to employ the method don't need to understand the complex concepts at work - all they have to do is download software available free or for less than $50 from more than two dozen Internet sites.

Follow the instructions for using the software and, with a few mouse clicks, you've hidden a message that is all but undetectable, except by the person you have tipped to where to find it.

Photo or music files with such messages embedded are indistinguishable to the human eye or ear from identical ones lacking the secret data. (For an example of how this works, go to http://www.spammimic.com, and embed your own message in spam.)

That fact exponentially increases the difficulty for investigators trying to track terrorist communications online. "With the volume of documents, photos, video and sound files moving on the Internet, there is no system powerful enough to analyze every object for hidden messages," wrote Barry Collin(CQ), research fellow at the National Interagency Civil-Military Institute of the National Guard Bureau.

And an interceptor can be hamstrung even more if the hidden message is encrypted into code. Bin Laden's network allegedly does just that.

The Justice Department, citing the difficulty of monitoring and detecting cyber-communications among terrorists, is asking Capitol Hill to relax legal restrictions or force software writers to supply their secrecy code "keys" to the government in order to make it easier for agents to tap into everyday e-mail on a broad hunt for miscreants and de-scramble what they find.

Civil libertarians say such privacy invasions are unnecessary; efforts should be directed instead toward techniques to detect and disable cyber-steganography.

The intelligence community is hard at work with university researchers creating sophisticated detection programs that use complex algorithms to conduct statistical tests capable of identifying stenographic footprints.

One new software package of interest to the Air Force was developed by research professor Jessica Fridrich at Binghamton University in New York state. Called "Securestego," it allows a user to return a digital image modified by steganography to its original state - that could derail such a message before it could reach its intended receiver.