>From Dave Farber's list:
>From: Ross Anderson <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED] >Date: Mon, 08 Oct 2001 14:23:58 +0100 >Subject: Correction sought > > >The Editor, >The Times, >Dear Sir: > >In Friday's article, `Secrets concealed by software' [1], you quoted >me as saying that rather than using steganography, it was `likely that >they [al-Qaida] sent thousands of innocent messages along with their >live orders, so that the secret information was missed.' > >Your claim is untrue. I did not say that. > >Your reporter called me and told me he had had a briefing from the >security services that al-Qaida were using steganography, that is, >hiding messages inside other objects such as MP3 files or images. He >asked me whether I thought this was plausible. I replied that although >it was technically possible, it was unlikely; and that, according to >the FBI, the hijackers had sent ordinary emails in English or Arabic. >I explained that the main problem facing police communications >intelligence is traffic selection - knowing which of the billions of >emails to look at - rather than the possibility that the emails might >be encrypted or otherwise camouflaged. A competent opponent is >unlikely to draw attention to himself by being one of the few users of >encryption or anonymity services. > >For just the same reason, he is unlikely to draw attention to himself >be sending unreasonably large numbers of messages as cover traffic. >Instead, he will hide his messages among the huge numbers of quite >innocuous messages that are sent anyway. Throwaway email accounts with >service providers such as hotmail are the natural way to do this. > >Unfortunately, the story that bin Laden hides his secret messages in >pornographic images on the net appears to be too good for the tabloids >to pass up. It appears to have arisen from work done by Niels Provos >at the University of Michigan. In November last year, he wrote in a >technical report that he could find no evidence that messages were >being hidden in online images. By February this year, this had been >been conflated by USA Today, an American popular paper, with an >earlier FBI briefing on cryptography into a tale that terrorists could >be using steganography to hide messages [2]. Similar material has >surfaced in a number of the racier areas of the net [3], despite being >criticised a number of times by more technically informed writers [4]. > >It is unclear what national interest is served by security agencies >propagating this lurid urban myth. Perhaps the goal is to manufacture >an excuse for the failure to anticipate the events of November 11th. >Perhaps it is preparaing the ground for an attempt at bureaucratic >empire-building via Internet regulation, as a diversionary activity >from the much harder and less pleasant task of going after al-Qaida. >Perhaps the vision of bin Laden as cryptic pornographer is being spun >to create a subconscious link, in the public mind, with the scare >stories about child pornography that were used before September 11th >to justify government plans for greater Internet regulation. > >Whatever the security services' motive, it is quite unclear to me why >a `quality newspaper' should have run this story, even after its >technical and operational implausibility were explained to you in >detail (see also `Al-Qaeda hid coded messages on porn websites' [5]). > >Could you kindly publish this letter as a correction. > >Yours Faithfully > >Ross Anderson >Reader in Security Engineering >University of Cambridge > >[1] http://www.thetimes.co.uk/article/0,,2001340010-2001345085,00.html > >[2] http://www.usatoday.com/life/cyber/tech/2001-02-05-binladen.htm > >[3] http://www.feedmag.com/templates/printer.php3?a_id=1624 > >[4] http://www.wired.com/news/politics/0,1283,41658,00.html > >[5] http://www.thetimes.co.uk/article/0,,2001340010-2001345211,00.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
