Investigators search for clues hidden in cyberspace

There could be more than meets the eye in photos, music files and videos on the web

 By KEVIN MURPHY
Knight Ridder News Service

 WASHINGTON _ Of all the footprints terrorists left on their way to the Sept. 11 attacks in New York and Washington, perhaps the hardest ones to detect are imprinted in cyberspace.

Investigators are trying to determine if associates of suspected terrorism mastermind Osama bin Laden issued secret orders online using a modern-day version of ancient communication method called steganography.

Steganography means "covered writing," such as invisible ink. In the computer world, the technique involves hiding a message inside a routine picture, music file or video that is placed on web sites or sent through emails.

Someone who knows where to look for the picture and has the right tools and codes can reveal text, a map, a diagram or other hidden messages. To everyone else, the picture looks only like a picture.

"It's so insidious, you don't even know there is any communication going on," said Gary Gordon, vice president of digital forensics technology for WetStone Technologies, Inc., which develops security applications for Internet systems.

The FBI has shown strong interest in how terrorists used the Internet. Agents obtained records from AOL and Yahoo and seized computers in public libraries in Broward County, Fla., and in Fairfax County, Va., that some hijackers used.

So far, the FBI has not said it has determined terrorists used steganography in plotting the Sept. 11 hijackings and airline crashes. But the bin Laden network used the technique in the past, FBI and terrorism authorities have said.

"It's part of an array of methods they have in communicating," said Jack Mattera, a former investigator for the State Department who directs computer investigations for The Intelligence Group, a consulting firm. "It's probably a significant factor."

Last week, ABC-News reported that French investigators seized a notebook full of secret codes from a suspect in a plot to bomb the U.S. Embassy in Paris. A French official said approval for the attack was hidden under an Internet-posted picture.

Photos of people, pets, outdoor scenes, famous paintings or any other image could be used to hide a message, Gordon said. Information doesn't have to be transmitted, such as by email, Gordon said.

Someone could merely set up their own web site with seemingly innocuous images and information that only associates know is meaningful. Or someone could hack into a web site, hide messages beneath photos and tell accomplices where to look, Gordon said.

"It's actually very simple," Mattera said. "It's knowing that it exists that's the problem."

There are thousands of potential places where terrorists could leave hidden messages, complicating the task of investigators.

"The problem they are dealing with is sheer volume," said Neil Johnson, associate director of the Center for Secure Information Systems at George Mason University in Virginia. "Who knows where this information has been disseminated or where they placed it."

Neil Livingstone, a terrorism authority who is chairman and chief executive officer of a corporate security company called Global Options, said the government keeps tabs on more than 5,000 web sites devoted to terrorism and other crime. But web sites where no one would suspect a terrorist to visit are believed to be the ones they use for steganography.

The way it is done may be relatively new, but the concept of hiding messages is old.

The practice has Greek origins dating back centuries. Reportedly, it was used in human form by putting a tattoo message on a shaved head. When hair regrew, the tattooed person was dispatched and his head was shaved again to reveal the message to the intended recipient.

Another version was used by an American agent in China in the 1930s.

"He'd say, `if you get a photo and I'm standing up, I'm okay, but if I sit down, I'm in trouble,"' Livingstone said. "That's the simplistic version of the story and we've come a long way since then,"

Today, steganography is used over the Internet by people in the drug and pornography trades and other criminal enterprises, Gordon said. But it is also used for legitimate corporate purposes, such as transmitting copyright or license information.

Last spring, there was an "Information Hiding Workshop" in Pittsburgh where experts traded technical information on steganography and other practices.

Mattera said the FBI has a serious challenge in trying to find and decode any messages used in the terrorism plot. But he said they could call on the expertise of agencies in the government "with some of the most powerful computers in the world."

The investigation will take time and there is always a chance that the perpetrators left more clues than they should have, he said.

"Criminals are not as smart as they think they are," Mattera said. "They always do something dumb."



 
The Intelligence Group Home | About The Firm | Our Team
Contact Us | Resources | News | Confidentiality