Return-Path: <sentto-279987-1594-997637710-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sun, 12 Aug 2001 10:36:12 -0700 (PDT) Received: (qmail 17571 invoked by uid 510); 12 Aug 2001 17:35:36 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by 204.181.12.215 with SMTP; 12 Aug 2001 17:35:36 -0000 X-eGroups-Return: sentto-279987-1594-997637710-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by ck.egroups.com with NNFMP; 12 Aug 2001 17:35:10 -0000 X-Sender: partners@7pillars.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_1); 12 Aug 2001 17:35:09 -0000 Received: (qmail 81476 invoked from network); 12 Aug 2001 17:35:09 -0000 Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 12 Aug 2001 17:35:09 -0000 Received: from unknown (HELO sirius.infonex.com) (63.215.252.2) by mta1 with SMTP; 12 Aug 2001 17:35:09 -0000 Received: from localhost (partners@localhost) by sirius.infonex.com (8.8.8/8.8.8) with SMTP id KAA18091; Sun, 12 Aug 2001 10:35:08 -0700 (PDT) X-Authentication-Warning: sirius.infonex.com: partners owned process doing -bs X-Sender: partners@sirius.infonex.com To: pak-india@yahoogroups.com, c4i@yahoogroups.com, iwar@yahoogroups.com In-Reply-To: <9l5gh4+4tfg@eGroups.com> Message-ID: <Pine.SOL.3.96.1010812103310.17722B-100000@sirius.infonex.com> From: 7Pillars Partners <partners@7pillars.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 12 Aug 2001 10:34:23 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] Re: Article on Steganography in India Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Some perspective on this might be interesting. We invented the tradecraft being used here, and in fact I discussed it in two public papers: _Defense-In-Depth: Design Notes_ (1997) http://www.7pillars.com/papers/didfinal.htm _Considering the Net as an Intelligence Tool_ (1996) http://www.7pillars.com/papers/IntelNet.html An important factor here is a failure of the intelligence community, which teaches tradecraft as something that's dogmatic. If, on the other hand, you understand the fundamental principles behind the tradecraft, you can surf the technological advances to your advantage. We've been working on crypto and stego along these lines, and they're useful tools for both defense and offense. It may not be within the 'main' topic of the mailing lists, but I suspect the interest is out there. Michael Wilson Managing Partner, 7Pillars Partners On Sun, 12 Aug 2001, Ravi V Prasad wrote: > Article by me on Steganography in India > > Hindustan Times, Friday, 10 August 2001, Edit page > > Crack the code > Ravi Visvesvaraya Prasad > > http://www.hindustantimes.com/nonfram/100801/platefrm.asp > > THE LASHKAR-e-Tayyeba militants responsible for the Red Fort attack > were running a cybercafe and using electronic mail to receive > instructions from abroad. > > When the Delhi Police seized their computers and hundreds of > encrypted e-mail messages, they found a vast amount of pornographic > films and photographs on the hard disks. Thinking that the militants > had amassed their pornographic collection for personal enjoyment, the > police turned it over to the maalkhana as case property. > > A few weeks later, a police officer in Delhi read in the USA Today > about the testimony furnished by George Tenet, Director, CIA, to the > US Congress. Tenet said that Islamic extremists were hiding their > messages within pornographic and sports images and movies, as well as > in music files, and were utilising heavily-visited electronic chat > rooms and bulletin boards as "drop sites". > > The intended recipient would download the file and decrypt the hidden > message. To all others who would download that file, it would seem to > be an innocuous image. Tenet was alarmed that the extremists had > successfully evaded the SIGINT (signals intelligence) and COMINT > (communications intelligence) interception operations of America's > National Security Agency. > > Hence, it occurred to this alert policeman in Delhi that the > pornography seized from the militants could contain hidden > instructions. > > These developments have drawn attention to the recondite field of > steganography, the science of concealing encrypted messages within > innocuous cover messages, pictures or music in such a manner that an > interceptor or other recipients of the cover file would not even > suspect that hidden within it was an encrypted message. > > In the simpler field of cryptography, an interceptor would be able to > discern that the encrypted message existed, and his challenge would > be merely to crack the code and decrypt the secret message; even this > simple task would take the best security agencies several weeks to > perform. The US Air Force Research Laboratory has forecast the future > information warfare technologies and the counter measures to fight > it. Steganography topped the list. > > While the fundamentals of steganography were enunciated by Johannes > Trithemius of Frankfurt, it is in the last 18 months that > technological advances have taken place, mainly at German, Austrian, > Swiss, Italian and Finnish universities, Cambridge University in the > UK, and Carnegie Mellon and George Mason Universities in the US. > Security agencies have been rendered impotent by the inexpensive > steganographic software packages which conceal information in digital > audio, video and image files. > > The first organisations to recognise the utility of steganographic > algorithms developed in European universities were Pakistani hacker > groups, the Palestinian cells of Hamas and Hizbollah, Osama bin > Laden's Al Qaida, and the LTTE. Al Qaida heeded bin Laden's directive > that mastering advanced technologies was integral to jehad. It was > the first to practise the research results of Professors Ross > Anderson and Fabien Petitcolas of Cambridge University, and conceal > its messages in dense packet internet traffic, and large bandwidth > uncompressed audio, video and image files. > > These would be located at heavily visited pornographic sites, music > download sites, chat rooms and bulletin boards. Al Qaida began to use > these as message "drop sites" for their agents. A security analyst > detected steganographic activity even on heavy-traffic commercial > portals such as Amazon and eBay, who were not even aware that their > websites were being used for such purposes. > > A security analyst recounted the case of a suspected Islamic > militant. The FBI in the US, which had placed him under surveillance > using its packet-sniffing tool Carnivore, was intrigued that while he > kept e-mailing photographs of his family to e-mail addresses that > appeared to be those of relatives, he never received any replies. He > was found to be sending instructions to his agents using DEMCOM's > Steganos, which was undetectable by FBI's Carnivore. > > Packages that combine technical excellence with human psychological > factors to avoid suspicion are Texto, developed in Finnish > universities, which converts messages into blank verse poetry, and > Spam Mimic, developed by Peter Wayner, which encodes messages into > what looks like a junk e-mail. > > While round one has gone to the terrorists, Indian security agencies > can fight back. Compressed video, music and image files have > predictable patterns that would be disrupted when a message is > inserted. It is possible to develop a stegoscanner program, akin to a > virus scanner, to examine hard drives and identify the electronic > fingerprints and signatures left behind by steganographic > applications. > > A US steganography expert has formulated a roadmap for future > efforts: First, derive the signatures/indicators associated with each > steganographic package and write a scanner. The harder part is > picking up the dead drops. This would require thousands of police > officers to continuously monitor the websites, bulletin boards and > chat rooms. The next stage is difficult. Once all possible nodes are > identified, one should write a Trojan horse that would sit in the > machines and scan all activity. > > India's security agencies should utilise the latest steganographic > technologies for their internal communications, in contrast to the > insecure channels they use at present. They should also develop the > futuristic science of detecting these hidden messages and decrypting > them, in order to trace sensitive information being leaked out under > innocuous guises. For these, they should work together with the IITs, > just as the Center for Secure Information Systems in the US is a > joint venture between the National Security Agency and the George > Mason University. The Pentagon and CIA are funding steganalysis > research at the Carnegie Mellon. > > If Osama bin Laden and the LTTE can put into practice the latest > technological breakthroughs from European universities, there is no > reason why India should not use its academia and industry. The > intelligence agencies should, for instance, examine the hard drives > of those Sudanese associates of bin Laden whom they caught some time > back. > > by > Ravi Visvesvaraya Prasad > > "Crack the code" > > Hindustan Times, Friday, 10 August 2001, Edit page > > http://www.hindustantimes.com/nonfram/100801/platefrm.asp > > > > To unsubscribe, send a blank email to: > pak-india-unsubscribe@yahoogroups.com > > Please follow the List Rules, posted in the "Files" section at http://groups.yahoo.com/group/pak-india, and sent to members every month as a reminder. > > To see archives of previous messages, go to http://groups.yahoo.com/group/pak-india > > To Post a message, email it to pak-india@yahoogroups.com > Please choose an appropriate subject line. > > Please do not violate copyrights or any third party rights while posting messages & uploading files & photos > > If you are referring to a published source, please post only its URL and abstract, and your opinions of the article. Please do not post substantial portions of articles that have been previously published elsewhere. > > Attachments are not permitted, in order to guard against viruses. Please post plain-text messages only. > > Please do not forward messages to non-members who are not on the list. > > Before using material from this list in articles, please take the prior permission of the person who posted that particular content. > > Replies to a message are sent to all members of the list. Please quote only the relevant portions of the original message, and not the entire original message. > > To Unsubscribe, send any email to: pak-india-unsubscribe@yahoogroups.com > > You can change your subscription settings at http://groups.yahoo.com/group/pak-india > > You can contact the List owner at: pak-india-owner@yahoogroups.com > > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:39 PDT