CRACK
THE CODE |
HINDUSTAN
TIMES, AUGUST 10, 2001
http://www.hindustantimes.com/nonfram/100801/platefrm.asp
Ravi Visvesvaraya Prasad
THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack
were running a cybercafe and using electronic mail to receive instructions
from abroad.
When the Delhi Police seized their computers and hundreds of encrypted
e-mail messages, they found a vast amount of pornographic films and
photographs on the hard disks. Thinking that the militants had amassed
their pornographic collection for personal enjoyment, the police turned
it over to the maalkhana as case property.
A few weeks later, a police officer in Delhi read in the USA Today
about the testimony furnished by George Tenet, Director, CIA, to the
US Congress. Tenet said that Islamic extremists were hiding their
messages within pornographic and sports images and movies, as well
as in music files, and were utilising heavily-visited electronic chat
rooms and bulletin boards as "drop sites".
The intended recipient would download the file and decrypt the hidden
message. To all others who would download that file, it would seem
to be an innocuous image. Tenet was alarmed that the extremists had
successfully evaded the SIGINT (signals intelligence) and COMINT (communications
intelligence) interception operations of America's National Security
Agency.
Hence, it occurred to this alert policeman in Delhi that the pornography
seized from the militants could contain hidden instructions.
These developments have drawn attention to the recondite field of
steganography, the science of concealing encrypted messages within
innocuous cover messages, pictures or music in such a manner that
an interceptor or other recipients of the cover file would not even
suspect that hidden within it was an encrypted message.
In the simpler field of cryptography, an interceptor would be able
to discern that the encrypted message existed, and his challenge would
be merely to crack the code and decrypt the secret message; even this
simple task would take the best security agencies several weeks to
perform. The US Air Force Research Laboratory has forecast the future
information warfare technologies and the counter measures to fight
it. Steganography topped the list.
While the fundamentals of steganography were enunciated by Johannes
Trithemius of Frankfurt, it is in the last 18 months that technological
advances have taken place, mainly at German, Austrian, Swiss, Italian
and Finnish universities, Cambridge University in the UK, and Carnegie
Mellon and George Mason Universities in the US. Security agencies
have been rendered impotent by the inexpensive steganographic software
packages which conceal information in digital audio, video and image
files.
The first organisations to recognise the utility of steganographic
algorithms developed in European universities were Pakistani hacker
groups, the Palestinian cells of Hamas and Hizbollah, Osama bin Laden's
Al Qaida, and the LTTE. Al Qaida heeded bin Laden's directive that
mastering advanced technologies was integral to jehad. It was the
first to practise the research results of Professors Ross Anderson
and Fabien Petitcolas of Cambridge University, and conceal its messages
in dense packet internet traffic, and large bandwidth uncompressed
audio, video and image files.
These would be located at heavily visited pornographic sites, music
download sites, chat rooms and bulletin boards. Al Qaida began to
use these as message "drop sites" for their agents. A security analyst
detected steganographic activity even on heavy-traffic commercial
portals such as Amazon and eBay, who were not even aware that their
websites were being used for such purposes.
A security analyst recounted the case of a suspected Islamic militant.
The FBI in the US, which had placed him under surveillance using its
packet-sniffing tool Carnivore, was intrigued that while he kept e-mailing
photographs of his family to e-mail addresses that appeared to be
those of relatives, he never received any replies. He was found to
be sending instructions to his agents using DEMCOM's Steganos, which
was undetectable by FBI's Carnivore.
Packages that combine technical excellence with human psychological
factors to avoid suspicion are Texto, developed in Finnish universities,
which converts messages into blank verse poetry, and Spam Mimic, developed
by Peter Wayner, which encodes messages into what looks like a junk
e-mail.
While round one has gone to the terrorists, Indian security agencies
can fight back. Compressed video, music and image files have predictable
patterns that would be disrupted when a message is inserted. It is
possible to develop a stegoscanner program, akin to a virus scanner,
to examine hard drives and identify the electronic fingerprints and
signatures left behind by steganographic applications.
A US steganography expert has formulated a roadmap for future efforts:
First, derive the signatures/indicators associated with each steganographic
package and write a scanner. The harder part is picking up the dead
drops. This would require thousands of police officers to continuously
monitor the websites, bulletin boards and chat rooms. The next stage
is difficult. Once all possible nodes are identified, one should write
a Trojan horse that would sit in the machines and scan all activity.
India's security agencies should utilise the latest steganographic
technologies for their internal communications, in contrast to the
insecure channels they use at present. They should also develop the
futuristic science of detecting these hidden messages and decrypting
them, in order to trace sensitive information being leaked out under
innocuous guises. For these, they should work together with the IITs,
just as the Center for Secure Information Systems in the US is a joint
venture between the National Security Agency and the George Mason
University. The Pentagon and CIA are funding steganalysis research
at the Carnegie Mellon.
If Osama bin Laden and the LTTE can put into practice the latest technological
breakthroughs from European universities, there is no reason why India
should not use its academia and industry. The intelligence agencies
should, for instance, examine the hard drives of those Sudanese associates
of bin Laden whom they caught some time back. |
|