In Cyberspace: Finding Hidden Messages
Ironically, for an enemy that uses technology sparingly, terrorists are at an advantage in cyberspace. Seemingly innocuous e-mails sent and received by terminals in public libraries are virtually impossible to monitor, despite the millions of dollars spent on worldwide electronic eavesdropping systems like the super-secret Echelon network reportedly operated by the United States, the United Kingdom, Canada, New Zealand, and Australia. Such a network can watch for key words and anomalies associated with suspicious messages, but the sheer volume of e-mail sent today makes it difficult to analyze all the data collected.
"Sniffing" software, like the FBI's controversial Carnivore program, which sits on an Internet service provider's server and monitors electronic communications between specific addresses, needs to know who to target. Terrorists can open and close e-mail accounts with the push of a button. And there are just too many points where fiber-optic cable enters the United States for them to be monitored effectively, say computer security experts.
Even if intercepted, messages can be impossible to decipher if encrypted. An encrypted message by itself can attract the attention of authorities, but there are ways to hide text inside a picture, audio, or video file. The most effective secret messaging technique is steganography, the electronic equivalent of the "dead drop" used by spies. Easy-to-use, drag-and-drop steganography software is widely available on the Internet and is used by many human rights groups. All it takes is altering a single bit in each of the pixels that make up a picture. For example, a photograph of a chair for sale could be posted on a site like eBay and viewed by thousands. But only the sender and recipient would possess the software key needed to unlock the message hidden within the photograph, explains steganography expert Jessica Fridrich, a research professor at the State University of New York at Binghamton.
If the secret message is itself encrypted, intercepting it becomes even more difficult. Steganographic communication is currently foolproof, although progress is being made in its detection. Recently, Fridrich, working with a grant from the U.S Air Force, hit on a way to detect a steganographic message, identifying the presence of an altered bit by eliminating much of the electronic background noise that helps hide it. Called Securestego, the software program Fridrich has developed may help determine who is using steganography to communicate, but it cannot reveal the content of the hidden messages.
Experts are divided over the extent to which steganography is used by terrorists. "I'm not sure if I'm ahead of the curve or behind it," admits Fridrich. But given its effectiveness and availability, Fridrich works on the assumption that terrorists are using steganography. Such is the guessing game that defines this new shadow war.