stego in the wild: bomb-making CDs

John Denker jsd at av8n.com
Fri Dec 26 00:40:39 EST 2003 

] Thursday 25 December 2003, 17:13 Makka Time, 14:13 GMT
]
] Saudis swoop on DIY bomb guide
] 
] Authorities in the kingdom have arrested five people after
] raiding computer shops selling compact disks containing
] hidden bomb-making instructions, a local newspaper reported
] on Thursday.
] 
] Police were questioning four owners of computer shops in the
] southern Jazan region and a fifth person believed to have
] supplied the CDs to the shops, Al-Watan newspaper said.
] 
] Officials were not immediately available for comment.
] 
] The daily said some of the shop owners might not have known
] about the bomb-making tutorial files hidden on the CDs. Only
] someone with technical knowledge would be able to find the
] files.

That was quoted from:
http://english.aljazeera.net/NR/exeres/C8061E36-E4E5-4EB5-A103-19DCF838E835.htm
and the same story, almost verbatim, was carried by Reuters.

Comments:
 1) This is not entirely unprecedented.  Al Qaeda for years has
    been hiding recruitment and training footage in the middle
    of otherwise-innocuous video tape cassettes.  
 2) OTOH using a commercial distribution channel bespeaks a 
    certain boldness ... somebody is "thinking big".  
 3) Also: as a rule, anything you do with computers generates 
    more headlines than doing the same thing with lower-tech methods.
    This is significant to terrorists, who are always looking for
    headlines.  Conversely it is significant to us, who have much
    to lose when our not-so-fearless leaders over-react.
 4) One wonders how many CDs were distributed before the operation
    was terminated.
 5) I wonder how the authorities found out about it.
 6) The article speaks of technical skill ... I wonder how 
    much technical skill was required.  Probably not much.
 7) Did it rely entirely on security-by-obscurity, or was there 
    crypto involved also?
    (The latter is possible;  whatever leak told the authorities
    where to look could also have told them the passphrase...
    but the article didn't mention crypto.)

I suspect there is a lot more to this story......

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list