| Submit your comments on this article |
| Great White North |
| Mounties warn al-Qaeda hiding messages in digital files |
| 2004-12-09 |
| The RCMP has warned its investigators to be on the lookout for cleverly disguised messages embedded by al-Qaida in digital files police seize from terror suspects. An internal report obtained by The Canadian Press gives credence to the long-rumoured possibility Osama bin Laden's terrorist network and other extremist groups are using a technique known as steganography to hide the existence of sensitive communications. Steganography, from the Greek word stegos, meaning covered, and graphie, or writing, involves concealing a secret message or image within an apparently innocuous one. For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording. "Investigators in the course of their work on terrorist organizations and their members, including al-Qaida and affiliated groups, need to consider the possible use of steganography and seek to identify when steganography is known or suspected of being used," the report says. It recommends investigators consult the RCMP's technological crime program for assistance, including "comprehensive forensic examinations" of seized digital media. A heavily edited copy of the January 2004 report, Computer-assisted and Digital Steganography: Use by Al-Qaida and Affiliated Terrorist Organizations, was recently obtained from the Mounties under the Access to Information Act. The RCMP seems especially concerned, however, about digital steganography - the use of special computer programs to embed messages. "There now exist nearly 200 software packages which perform digital steganography," the report says. A limited number of publicly available software tools are designed to detect the use of steganography, but the "success rate of these tools is questionable," the RCMP adds. Some only detect the use of specific software, while others are useful for scouring only certain types of files in which the secret message may be hidden. There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques. The phenomenon is "deeply troubling," said David Harris, a former Canadian Security Intelligence Service officer now with Ottawa-based Insignis Strategic Research. He suggested any delay in detecting disguised messages could be disastrous. "We're talking very often about time-sensitive issues: where is the bomb? Who's operating in connection with whom?" he said. "On that kind of basis, this is really, really disturbing as a development." Harris also questioned whether western security agencies have sufficient personnel and resources to uncover the messages. |
| Posted by:Dan Darling |
| #12 I thought some of those viruses and trojan horses were thought to be practices for a future attack. Didn't some of them come out of Red China? |
| Posted by: trailing wife 2004-12-09 9:52:18 PM |
| #11 Thanks, Phil-- that's more or less what I thought. Seems like Clarke really was a self-aggrandizing little shit. |
| Posted by: lex 2004-12-09 4:15:29 PM |
| #10 lex, 'cyberattacks' are like Y2K, good for scaring the masses, but really don't stand up to serious scrutiny. You want to lie awake worrying about something, then worry about a coordinated attack with an infectious agent bringing down the healthcare system. |
| Posted by: phil_b 2004-12-09 4:13:37 PM |
| #9 Ptah, do you think we're more vulnerable or less vulnerable today to cyber-attacks of the sort Richard Clarke was always hollering about five years ago? |
| Posted by: lex 2004-12-09 4:03:33 PM |
| #8 *nods* not any different from the spy-novel drop location. |
| Posted by: Ptah 2004-12-09 4:00:50 PM |
| #7 Or you have one Hotmail account that everyone has access to. Just leave messages in the draft folder and never send them, just post, read or delete. |
| Posted by: Steve 2004-12-09 3:35:45 PM |
| #6 Simpler ways to get around traffic issues too. I can put an encrypted file on my web site and anyone who knows it's there can call it up from any library, Internet cafe, or other public Internet access point. It can be self-decrypting with a password and I can change the contents anytime I please. I could also slip the same file onto any website that I can gain access to, such as a corporate website where I work. |
| Posted by: Tom 2004-12-09 2:34:21 PM |
| #5 Tom, the idea is to not convey the impression that a message is being sent: If they send an encrypted message, then our guys may not know what the message is or be able to crack it, but traffic analysis will tell our gyys whether something big is coming up. a couple of the last orange alerts were partly due to detecting elevated levels of message traffic. Messages hidden in porn pics would be lost in the vast traffic in them in the internet. |
| Posted by: Ptah 2004-12-09 10:04:59 AM |
| #4 There are many ways to do this. A simple-minded method would use two files, one a 24 color BMP, the other a 2 color BMP of equal dimensions where the message is typed in using the text tool of Windows Paint (or drawn if it is a schematic). You can use Imagemagick tools to zero out the least significant bit in the red value of every pixel of the 24 color BMP. You then go pixel by pixel in the 2 color BMP, and where it is black, you set the least significant bit in the red value of the corresponding pixel in the 24 color BMP. The change in color intensity is so slight, one wouldn't normally notice. To reproduce the message, start off with a blank 2 color BMP of the same size as the 24 color BMP, go pixel by pixel in the 24 color bmp, and if the red value of the pixel's color is odd, set the corresponding pixel in the 2 color BMP. The use of the BMP (or TIFF) file is a giveaway, since the lossy compression in JPEG or PNG files would add noise, if not destroy, the embedded message. There may be ways around this, such as using all three colors instead of just red, and using a majority vote algorithm for each pixel. |
| Posted by: Ptah 2004-12-09 10:00:20 AM |
| #3 Not clear to me why they would bother considering the quality of standard encryption methods that are readily available. |
| Posted by: Tom 2004-12-09 9:51:18 AM |
| #2 Steganography is a real technique, really being used by Bad Guys. |
| Posted by: too true 2004-12-09 9:47:15 AM |
| #1 "The threat, however, is SO serious, that the RCMP feels it necessary to examine every pornographic digital image on the Internet for hidden messages." |
| Posted by: Anonymoose 2004-12-09 9:38:39 AM |