Veiled Messages of Terrorists May Lurk in Cyberspace

[R. A. Hettinga]

http://www.nytimes.com/2001/10/30/science/physical/30STEG.html?todaysheadlines=&pagewanted=print




October 30, 2001

Veiled Messages of Terrorists May Lurk in Cyberspace

By GINA KOLATA

he investigation of the terrorist attacks on the United States is drawing
new attention to a stealthy method of sending messages through the
Internet. The method, called steganography, can hide messages in digital
photographs or in music files but leave no outward trace that the files
were altered.

Intelligence officials have not revealed many details about whether, or how
often, terrorists are using steganography. But a former French defense
ministry official said that it was used by recently apprehended terrorists
who were planning to blow up the United States embassy in Paris.

The terrorists were instructed that all their communications were to be
made through pictures posted on the Internet, the defense official said.

The leader of that terrorist plot, Jamal Beghal, told French intelligence
officals that he trained in Afganistan and that before leaving that country
for France, he met with an associate of Osama bin Laden. The plan was for a
suicide bomber to drive a minivan full of explosives through the embassy
gates.

The idea of steganography is to take advantage of the fact that digital
files, like photographs or music files, can be slightly altered and still
look the same to the human eye or sound the same to the human ear.

The only way to spot such an alteration is with computer programs that can
notice statistical deviations from the expected patterns of data in the
image or music. Those who are starting to look for such deviations say that
their programs are as yet imperfect but that, nonetheless, some are finding
widespread use of steganography on the Internet. For national security
reasons some of these experts do not want to reveal exactly what they find,
and where.

"Quite an alarming number of images appear to have steganography in them,"
said one expert who has looked for them, Chet Hosmer, the president and
chief executive of WetStone Technologies in Cortland, N.Y.

Mr. Hosmer says his company has not decided whether to reveal all the sites
where he is finding steganography. He has found it on the auction site
eBay, where people can post pictures anonymously, inserting hidden messages
if they choose to, and just as anonymously download them, retrieving the
messages. WetStone works under a contract to the Air Force.

At George Mason University, Dr. Neil F. Johnson, a steganography expert,
said he became so worried by steganography's potential to be used by
terrorists and criminals that he stopped publishing his research on how to
detect it, reasoning that if people knew how he detected it, and where,
they could devise methods to thwart him and move their messages to sites he
has not checked.

"I have no reason to think that Al Qaeda is not using steganography," Dr.
Johnson said, but he, like others, pointed to no proof. His research, he
said, is financed by "law enforcement."

"I think it's foolish to disclose what I'm scanning for, whether I'm
scanning and whether I'm detecting anything," Dr. Johnson said. "To give
that away tips one's hands."

Steganography, Greek for "hidden writing," is one of the most ancient ways
of passing secret messages, but until very recently few computer scientists
paid it much attention - it seemed more a relic of ancient times, sort of a
Paul Revere-type "one if by land two if by sea" way of sending information.

The ancient Greeks used it, writing a message on a wooden tablet and
covering the wood with wax. Sentries would think the tablets were blank,
but when they were delivered, their recipients would simply scrape off the
wax and read the message.

In World War II, Dr. Johnson said, the Allies became so suspicious about
hidden messages that the United States Office of Censorship "took extreme
actions, such as banning flower deliveries which contained delivery dates,
crossword puzzles and even report cards."

But in recent years, steganog raphy has arrived on the Internet in a big
way, experts said, with free and easy-to-use programs to insert messages
into music or picture files. Many programs also allow users to choose an
encryption scheme to further hide the message, so even if the recipients
know it is there, they have to decode it to read it.

"In the past two years, the number of steganography tools available over
the Internet has doubled - it's 140 and growing," Dr. Johnson said. Some of
the newer ones, he said, prompt users at each step on how to proceed.

Bruce Schneier, a founder of Counterpane, an Internet security company,
likened steganography to what is known as a dead drop - a message, money or
papers left in a hiding place to be picked up by someone.

"The effect is that the sender can transmit a message without ever
communicating directly with the receiver," Mr. Schneier wrote in a recent
newsletter. "There is no e-mail between them, no remote log-ins, no instant
messages. All that exists is a picture posted in a public forum, and then
downloaded by anyone sufficiently enticed by the subject (both third
parties and the intended receiver of the secret message.)"

Mr. Hosmer said he became interested in steganography three years ago when
he conducted a study for the Air Force looking at potential areas for
cybercrime and cyberterrorism.

"We wanted to see what kinds of tools and weapons were being used by
terrorist organizations," he said. To his surprise, he said, steganog
raphy, an area he had paid little attention to, stood out because it could
be so effective in hiding the very fact that people were communicating -
thwarting attempts to detect terrorist activities by looking for flurries
of communications between members.

Mr. Hosmer found more than 100 free steganography programs on the Internet
and said he was shocked when the providers of the programs said there had
been over a million downloads of the technology.

"It really struck us: why were there so many downloads?" Mr. Hosmer said.
Some, he said, may be hackers or people who are using it for fun. But, he
said, he doubts that those are the only users.

"We said, `This is really startling, that there are so many people who are
communicating without people knowing that they are communicating.' And
because these programs were coming from around the world, we were very
concerned."

Mr. Hosmer's company began looking at millions of digital pictures that
were posted on the Internet. They scanned auction sites and pornographic
sites, where people can post and download digital images anonymously.

"We started getting hits," Mr. Hosmer said, adding that about 0.6 percent
of millions of pictures on auction and pornography sites had hidden
messages. The messages they found on eBay were encrypted and unreadable, he
said. The company also noticed that some of the same photos seemed to be
used over and over again, with different messages each time. "If you're
very sophisticated at this, you would never use an image again," Mr. Hosmer
said.

One limitation in published steganography detection programs is that often
they miss images hidden in the most frequently used format, JPEG, said Dr.
Jessica Fridrich, a research professor at the Center for Intelligent
Systems at the State University of New York at Binghamton.

It is hard to see evidence of steganography in such files because the
detection methods look for statistical evidence that an image's data have
been distorted. But JPEG files are distorted by their very nature - the
digital data are altered when the files are compressed to send them
electronically.

Dr. Fridrich said that a steganography detection program she developed also
had that limitation but that she had greatly improved the program so that,
even though it still did not work well for JPEG images, it was much better
at finding images in other formats. She said she was providing it to the
Air Force, which was paying for her group's work. "I believe that the Air
Force made this program available to other government agencies," she said.

The best published method for finding steganography in JPEG files, Dr.
Fridrich said, is one developed by Niels Provos, a graduate student at the
University of Michigan. Mr. Provos said he had seen no steganography in the
two million images from eBay he had examined.

On the other hand, Mr. Provos can miss steganography - he said he had
trouble finding small messages and was unable to detect a short message in
a photograph that was sent to him. He was told beforehand that an
unencrypted message had been inserted.

Mr. Provos publishes his research, enabling others to know how he detects
steganography and, as a consequence, how to avoid his detection system.
"When I started my research, which was a couple of years ago, it was, of
course, in a completely different political situation," he said.

Now, he says, he asked himself again if publication was advisable. He
concluded it was, arguing that research thrived when people could freely
exchange ideas.

Of course, those whose business it is to intercept terrorist communications
would never reveal anything they have learned about steganog raphy.

Asked what the National Security Agency - the nation's codemaking and
codebreaking agency - knows, Dr. Robert Morris, a retired cryptographer who
was chief scientist there, said, "We wouldn't talk about it."

Copyright 2001 The New York Times Company | Privacy Information
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com