[ISN] On the Open Internet, a Web of Dark Alleys

InfoSec News isn at c4i.org
Wed Dec 22 02:37:34 EST 2004


December 20, 2004

The indictment early this month of Mark Robert Walker by a federal
grand jury in Texas might have seemed a coup for the government in its
efforts to police terrorist communications online. Mr. Walker, a
19-year-old student, is accused, among other things, of using his
roommate's computer to communicate with - and offer aid to - a
federally designated terrorist group in Somalia and with helping to
run a jihadist Web site.

"I hate the U.S. government," is among the statements Mr. Walker is
said to have posted online. "I wish I could have been flying one of
the planes on Sept. 11."

By international terror standards, it was an extremely low-level bust.  
But the case, which was supposedly broken only after Mr. Walker's
roommate tipped off the police, highlights the near impossibility of
tracking terrorist communications online.

Even George J. Tenet, the former director of central intelligence,
speaking on the vulnerabilities of the nation's computer networks at a
technology security conference on Dec. 1, noted the ability of
terrorists to "work anonymously and remotely to inflict enormous
damage at little cost or risk to themselves." He called for a
wholesale taming of cyberspace.

"I know that these actions would be controversial in this age where we
still think the Internet is a free and open society with no control or
accountability," Mr. Tenet said, "But, ultimately, the Wild West must
give way to governance and control."

Even if the government is able to shore up its networks against attack
- one of many goals set forth by the intelligence reform bill passed
last week - the ability of terrorists and other dark elements to
engage in covert communications online remains a daunting security
problem, and one that may prove impossible to solve.

Late last month, an Internet privacy watchdog group revealed that the
Central Intelligence Agency had contributed money for a
counterterrorism project that promised, among other things, an
automated surveillance system to monitor conversations on Internet
chat rooms. Developed by two computer scientists at Rensselaer
Polytechnic Institute in Troy, N.Y., as part of a National Science
Foundation program called Approaches to Combat Terrorism, the chat
room project takes aim at the possibility that terrorists could
communicate through crowded public chat channels, where the flurry of
disconnected, scrolling messages makes it difficult to know who is
talking to whom. The automated software would monitor both the content
and timing of messages to help isolate and identify conversations.

Putting privacy concerns aside, some Internet specialists wonder
whether such projects, even if successful, fail to acknowledge the
myriad other ways terrorists can plot and communicate online. From
free e-mail accounts and unsecured wireless networks to online
programs that can shield Internet addresses and hide data, the
opportunities to communicate covertly are utterly available and
seemingly endless.

Even after the Sept. 11 attacks, "the mass media, policy makers, and
even security agencies have tended to focus on the exaggerated threat
of cyberterrorism and paid insufficient attention to the more routine
uses made of the Internet," Gabriel Weimann, a professor of
communication at Haifa University in Israel, wrote in a report for the
United States Institute of Peace this year. "Those uses are numerous
and, from the terrorists' perspective, invaluable."

Todd M. Hinnen, a trial attorney with the United States Justice
Department's computer crime division, wrote an article on terrorists'
use of the Internet for Columbia Science and Technology Law Review
earlier this year. "There's no panacea," Mr. Hinnen said in an
interview. "There has always been the possibility of meeting in dark
alleys, and that was hard for law enforcement to detect."

Now, every computer terminal with an Internet connection has the
potential to become a dark alley.

Shortly after Sept. 11, questions swirled around steganography, the
age-old technique of hiding one piece of information within another. A
digital image of a sailboat, for instance, might also invisibly hold a
communiqué, a map or some other hidden data. A digital song file might
contain blueprints for a desired target.

But the troubling truth is that terrorists rarely have to be
technically savvy to cloak their conversations. Even simple,
prearranged code words can do the job when the authorities do not know
whose e-mail to monitor or which Web sites to watch. Interviews
conducted by Al Jazeera, the Arab television network, with the terror
suspects Khalid Shaikh Mohammed and Ramzi bin al-Shibh two years ago
(both have since been arrested), suggested that the Sept. 11 attackers
communicated openly using prearranged code words. The "faculty of
urban planning," for instance, referred to the World Trade Center. The
Pentagon was the "faculty of fine arts."

Other reports have suggested that Mohammed Atta, suspected of being
the leader of the Sept. 11 hijackers, transmitted a final cryptic
message to his co-conspirators over the Internet: "The semester begins
in three more weeks. We've obtained 19 confirmations for studies in
the faculty of law, the faculty of urban planning, the faculty of fine
arts, and the faculty of engineering."

And increasingly, new tools used to hide messages can quickly be found
with a simple Web search. Dozens of free or inexpensive steganography
programs are available for download. And there is ample evidence that
terrorists have made use of encryption technologies, which are
difficult to break. The arrest in Pakistan in July of Muhammad Naeem
Noor Khan, thought to be an Al Qaeda communications specialist, for
instance, yielded a trove of ciphered messages from his computers.

Still, the mere act of encrypting a message could draw attention, so
numerous software programs have been developed to hide messages in
other ways.

At one Web site, spammimic.com, a user can type in a phrase like "Meet
me at Joe's" and have that message automatically converted into a
lengthy bit of prose that reads like a spam message: "Dear Decision
maker; Your e-mail address has been submitted to us indicating your
interest in our briefing! This is a one-time mailing there is no need
to request removal if you won't want any more," and so forth.

The prose is then pasted into an e-mail message and sent. A recipient
expecting the fake spam message can then paste it into the site's
decoder and read the original message.

Another free program will convert short messages into fake dialogue
for a play. And still simpler schemes require no special software at
all - or even the need to send anything.

In one plan envisioned by Mr. Hinnen in his law review article, a
group need only provide the same user name and password to all of its
members, granting them all access to a single Web-based e-mail
account. One member simply logs on and writes, but does not send, an
e-mail message. Later, a co-conspirator, perhaps on the other side of
the globe, logs on, reads the unsent message and then deletes it.

"Because the draft was never sent," Mr. Hinnen wrote, the Internet
service provider "does not retain a copy of it and there is no record
of it traversing the Internet - it never went anywhere." The message
would be essentially untraceable.

Michael Caloyannides, a computer forensics specialist and a senior
fellow at Mitretek Systems, a nonprofit scientific research
organization based in Falls Church, Va., said the nature of a
networked universe made it possible for just about anyone to
communicate secretly. Conspirators do not even need to rely on
code-hiding programs, because even automated teller machines can be
used to send signals, Dr. Caloyannides explained,

A simple withdrawal of $20 from an account in New York might serve as
an instant message to an accomplice monitoring the account
electronically from halfway around the world, for example.

Dr. Caloyannides, who will conduct a workshop next May for government
officials and others trying to track terrorist communications, also
pointed to hundreds of digitally encrypted messages daily on public
Usenet newsgroups. The messages often come from faked e-mail accounts;  
the intended recipients are often unknown. But a covert correspondent
expecting a secret communiqué at a particular newsgroup need only
download a batch of messages and then use an encryption key on one
with some prearranged subject line, "like 'chocolate cake,' " Dr.  
Caloyannides said.

Lt. Col. Timothy L. Thomas, an analyst at the United States Army's
Foreign Military Studies Office at Fort Leavenworth, Kan., wrote last
year in the journal Parameters, the U.S. Army War College quarterly,
that the threat of cyberplanning may be graver than the threat of
terrorist attacks on the world's networks.

"We used to talk about the intent of a tank," Colonel Thomas explained
in an interview. "If you saw one, you knew what it was for. But the
intent of electrons - to deliver a message, deliver a virus, or pass
covert information - is much harder to figure."

This has long frustrated intelligence analysts, according to James
Bamford, an author and a specialist on the National Security Agency.

"In the cold war days, you knew which communications circuits to
watch," he said. "We knew that most of it was high-frequency anyway,
so we had the place surrounded by high-frequency intercepts. Those
frequencies weren't going anywhere, so you just sat there with the
headphones on and listened."

The problem now, Mr. Bamford said, is that the corridors for
communication have become infinite and accessible to everyone. "You
just don't sit and listen to a particular channel," he said. "It's all
over the place. It's a 'needle in the haystack' problem that you

Russ Rogers, a former Arab linguist with the National Security Agency
and the Defense Information Systems Agency, said he feared security
agencies might not realize how dense the haystack has become.

"We've become a little bit arrogant," said Mr. Rogers, the author of a
new book, "Hacking a Terror Network: The Silent Threat of Covert
Channels," [1] which uses fictional situations to highlight the ways
terrorists can communicate secretly online.

"We feel like we created the Internet, that we've mastered the
network," Mr. Rogers said. "But we're not paying attention to how it's
being used to work against us."

[1] http://www.amazon.com/exec/obidos/ASIN/1928994989/c4iorg

More information about the ISN mailing list