At 2:47 PM -0800 12/28/01, Bill Stewart wrote: >... >So tracing a single transmission may be hard, but tracing an ongoing pattern >is easier, unless there's a trusted Usenet site in some >country where you don't have jurisdiction problems. >That means that A.A.M + PGP is fine for an occasional >"Attack at Dawn" message, but not necessarily for routine traffic.
A background stream of ordinary, unencrypted voice and e-mail to family and friends, plus some pre-established code phrases, is all one needs for the occasional "Attack at Dawn" message. From press reports, that appears to be what the September 11 cell used. > >So it helps to add an extra step - posting the anonymous message >through a web2news gateway through an anonymizer, >or a mail2news gateway from a webmail account from a cybercafe, >or mail2news through an open relay somewhere in the world >(since open relays are usually people who haven't bothered >configuring their mail systems, and are less likely to keep logs >unless that's the default, plus you can spread your messages >among lots of different relays.) > I would assume cybercafes are prime targets for signal intelligence organizations and all e-mail traffic they generate is recorded. More generally, imagine you are a consultant to some nefarious organization and think about what it would take to convince them that the method you propose is safe, capable of being taught to their covert agents, and tolerant of the inevitable slip ups in the field (and remember their attitude toward warrantee disclaimers). All this is fun speculation, but avoids the original question in the thread: is it possible to reliably detect stego use, given certain weakness in many widely available methods? Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
