|
By
Robert Vamosi
June 28, 2001 4:50 AM PT
COMMENTARY--Echelon, if you don't already know, is the
National Security Agency's (NSA) electronic surveillance
system, designed to monitor telephone calls, faxes, and
e-mails worldwide. The system looks for words or phrases
that could be used by terrorist organizations to plot their
next attack. The trouble is, most world-class criminals and
terrorists aren't sending incriminating plain-text e-mails.
They're using other methods to communicate, such as
steganography (hiding files within a file).
The idea that the United States government is eavesdropping
on our lives should be distressing to everyone, but few
Americans even know about it or are as riled up about it as
our European neighbors. Recently, ministers in the European
community argued for the use of strong 128-bit encryption
for even basic e-mail.
Unfortunately, the use of strong encryption can cause
problems for systemwide antivirus products. For more
information on Echelon, the American Civil Liberties Union,
along with several other free speech organizations, has
created an informative Web site, Echelonwatch.org.
Instead of rooting through my e-mails, I think the NSA
should be researching how to detect messages hidden within
other messages. Steganography is one popular method, where a
message (either text or image) can be hidden within other
files containing text, images, or even sound, without a
perceptible change in the original file's quality.
The concept predates modern computing. Greek soldiers
tattooed maps on their heads, and then grew their hair out;
after arriving behind enemy lines, they delivered the
message by shaving their heads. Romans obscured messages by
applying layers of wax onto the tablets on which they were
written, then melted the wax to read the message. Microdots,
used during World War II, is yet another example. During the
recent U.S. Embassy bombing case, several documents came to
light that suggest Osama bin Laden and his associates have
been using steganography to hide terrorist plans inside
pornography and MP3 files that are freely distributed over
the Internet.
Unfortunately, identifying whether or not a file contains
hidden data requires no less than a careful comparison of
the compromised file to the original--which is not always
possible. The human eye can't always detect photographic
loss because most steganography programs use subtle
algorithmic transformations of the color palette table
(that's why black and white photos work the best). And, even
if you did suspect that a secret message may be hidden
inside one of your files, often you need to know which
software program was used, and then figure out the password
to unlock the file (if encrypted, which it probably is).
At last summer's Black Hat Security Briefings, I spoke with
some computer forensic experts who admitted that
steganography is all but impossible to detect. One expert I
spoke with had been in law enforcement before switching to
computer forensics and still uses the tried-and-true
interrogation methods gleaned from his years in law
enforcement. Often, he said, after building a sound case
against an individual, that person will crack during
interrogation and share secrets and even passwords. That's
how the government learned of bin Laden's antics.
Recently, someone on BugTraq suggested that defaced Web
sites might contain hidden stegnographic messages. Indeed,
even corporate logos on HTML-enriched e-mail could be rife
with secret information. But until someone figures out a way
to parse the code of every GIF, BMP, JPG, or MP3 file, we're
left with idle speculation. In the meantime, I wish the NSA
would find something better to do than read all of our
e-mail.
Related Hyperlinks
http://members.tripod.com/steganography/stego/software.html
http://www.blackhat.com/
Credits
By Robert Vamosi
AnchorDesk |