Correction sought (`Secrets concealed by software' London Times)

Perry E. Metzger perry at piermont.com
Mon Oct 8 16:40:10 EDT 2001 

>From Dave Farber's list:

>From: Ross Anderson <Ross.Anderson at cl.cam.ac.uk>
>To: letters at the-times.co.uk
>Cc: ukcrypto at chiark.greenend.org.uk
>Date: Mon, 08 Oct 2001 14:23:58 +0100
>Subject: Correction sought
>
>
>The Editor,
>The Times,
>Dear Sir:
>
>In Friday's article, `Secrets concealed by software' [1], you quoted
>me as saying that rather than using steganography, it was `likely that
>they [al-Qaida] sent thousands of innocent messages along with their
>live orders, so that the secret information was missed.'
>
>Your claim is untrue. I did not say that.
>
>Your reporter called me and told me he had had a briefing from the
>security services that al-Qaida were using steganography, that is,
>hiding messages inside other objects such as MP3 files or images.  He
>asked me whether I thought this was plausible. I replied that although
>it was technically possible, it was unlikely; and that, according to
>the FBI, the hijackers had sent ordinary emails in English or Arabic.
>I explained that the main problem facing police communications
>intelligence is traffic selection - knowing which of the billions of
>emails to look at - rather than the possibility that the emails might
>be encrypted or otherwise camouflaged. A competent opponent is
>unlikely to draw attention to himself by being one of the few users of
>encryption or anonymity services.
>
>For just the same reason, he is unlikely to draw attention to himself
>be sending unreasonably large numbers of messages as cover traffic.
>Instead, he will hide his messages among the huge numbers of quite
>innocuous messages that are sent anyway. Throwaway email accounts with
>service providers such as hotmail are the natural way to do this.
>
>Unfortunately, the story that bin Laden hides his secret messages in
>pornographic images on the net appears to be too good for the tabloids
>to pass up. It appears to have arisen from work done by Niels Provos
>at the University of Michigan. In November last year, he wrote in a
>technical report that he could find no evidence that messages were
>being hidden in online images. By February this year, this had been
>been conflated by USA Today, an American popular paper, with an
>earlier FBI briefing on cryptography into a tale that terrorists could
>be using steganography to hide messages [2]. Similar material has
>surfaced in a number of the racier areas of the net [3], despite being
>criticised a number of times by more technically informed writers [4].
>
>It is unclear what national interest is served by security agencies
>propagating this lurid urban myth. Perhaps the goal is to manufacture
>an excuse for the failure to anticipate the events of November 11th.
>Perhaps it is preparaing the ground for an attempt at bureaucratic
>empire-building via Internet regulation, as a diversionary activity
>from the much harder and less pleasant task of going after al-Qaida.
>Perhaps the vision of bin Laden as cryptic pornographer is being spun
>to create a subconscious link, in the public mind, with the scare
>stories about child pornography that were used before September 11th
>to justify government plans for greater Internet regulation.
>
>Whatever the security services' motive, it is quite unclear to me why
>a `quality newspaper' should have run this story, even after its
>technical and operational implausibility were explained to you in
>detail (see also `Al-Qaeda hid coded messages on porn websites' [5]).
>
>Could you kindly publish this letter as a correction.
>
>Yours Faithfully
>
>Ross Anderson
>Reader in Security Engineering
>University of Cambridge
>
>[1] http://www.thetimes.co.uk/article/0,,2001340010-2001345085,00.html
>
>[2] http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm
>
>[3] http://www.feedmag.com/templates/printer.php3?a_id=1624
>
>[4] http://www.wired.com/news/politics/0,1283,41658,00.html
>
>[5] http://www.thetimes.co.uk/article/0,,2001340010-2001345211,00.html



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list