* via http://theMezz.com/lists
The New York Times Friday, March 29, 2002 * subscribe at http://techPolice.com The hurdles to chasing terrorists online Susan Stellin The New York Times Friday, March 29, 2002 For all the sophisticated electronic tools the U.S. government has at its disposal, tracking the activities of suspected terrorist groups online has proved to be not unlike the search for Osama bin Laden and his operatives on the ground. . Even against a superior arsenal of technology, there are still plenty of ways for terrorists to avoid detection. . Although digital forensics has undoubtedly been useful in piecing together events since Sept. 11 - leading, for example, to the arrest of three of the suspects in the abduction and murder of an American reporter in Pakistan - information technology has significant limits in monitoring a widely dispersed terrorist network. . Terrorist groups are taking advantage of their knowledge of technology to evade surveillance through simple tactics, such as moving from one Internet caf� to the next, and more sophisticated ones, such as encryption. . "The Internet presents two main challenges," said David Lang, director of the computer forensics department at Veridian Corp., a company based in Arlington, Virginia, that provides systems for the Pentagon and U.S. intelligence. "One is it's ubiquitous: You can access it from just about anywhere in the world. The other thing is you can be easily hidden." . It is still relatively simple to communicate anonymously online. Many services enable users to send e-mail or browse the Web without leaving a digital trail - generally by disguising the unique number, known as an IP, or Internet protocol, address, that links a specific computer to e-mail messages sent or Web sites visited. . Some of those services have taken measures to prevent their technology from being put to ill use. Anonymizer.com, for instance, rejects subscribers from countries known for harboring terrorists, including Afghanistan and Pakistan. But individuals linked to terrorist groups appear to be relying on more low-tech methods to avoid detection. . "The interesting thing is there's no evidence that any of these people have ever used Anonymizer or any other privacy service," said Lance Cottrell, Anonymizer's president. "What you see them doing is using Internet caf�s and Yahoo and Hotmail and moving from caf� to caf�." . In the kidnapping and killing of Daniel Pearl, a Wall Street Journal reporter working in Pakistan - one of the few known cases in which suspected terrorists have been traced through e-mail - the abductors used Hotmail, Microsoft's Web-based e-mail service, to announce their deed. . Although the sender seemingly remains anonymous, Hotmail attaches the IP address of the sending computer to messages transmitted through its service, which left investigators with at least the beginning of a trail. . With the use of public look-up services on the Web, the IP address from a message received from the kidnappers on Jan. 30 could be traced to Cyber Internet Services, an Internet service provider in Pakistan. The IP address from an earlier message reached a dead end farther upstream at New Skies, a Netherlands-based company that provides Internet access by satellite to many countries, including Pakistan. . >From there, investigators are likely to have relied on cooperation from those >companies to trace the computer that was assigned that IP address when the message >was sent. . One challenge for investigators is that many people in developing countries such as Pakistan get Internet access through public places such as cybercaf�s, which do not necessarily ask customers for identification or keep the logs of Internet activity that service providers in the United States typically do. With help from the U.S. Federal Bureau of Investigation, Pakistani officials ultimately recovered copies of the e-mail on a computer belonging to a suspect arrested with two others in the case. It is not clear whether the messages were sent through a dial-up account or from an Internet caf�. . Getting cooperation from Internet service providers in other countries can also be a hurdle, although operating outside the reach of American laws regulating how Internet communications may be monitored presents some advantages. . "If it comes down to it, we would do a black-bag job on an ISP, literally, kick in the door in the middle of the night," said Mark Rasch, an expert on cyberlaw in Reston, Virginia, who formerly headed the Justice Department's cybercrime unit and is now a vice president at Predictive Systems, a security firm. . Rasch noted that within the United States, wiretaps for intelligence purposes face a lower threshold for approval, the assent of a secret three-judge panel. Wiretaps in criminal investigations, on the other hand, are approved in the regular courts and require a showing of "probable cause." . But even with relaxed laws, gathering intelligence, particularly without a suspect or lead, involves collecting and analyzing mountains of data. And government monitoring systems may not be quite as developed as some have speculated. . One of those tools, DCS-1000, generally referred to as Carnivore, can be installed at Internet service providers to monitor e-mail traffic - the digital version, essentially, of a wiretap. On a worldwide level, the National Security Agency operates a satellite network called Echelon in cooperation with Britain, Canada, Australia and New Zealand that monitors voice and data communications. Privacy groups have raised concerns about its use, but there is debate about whether in practice Echelon is very effective. . "Echelon as described doesn't exist," Mr. Rasch said. "The idea that the NSA has a program that captures every international phone call and analyzes every word and phrase isn't true. One of the biggest problems is there's just so much noise and so much traffic." . Such monitoring systems can in principle be programmed to look for certain keywords, such as bomb or target, within messages they capture. But given recent international events, such language is probably not uncommon, leaving investigators to determine which communications may represent serious threats. < < Back to Start of Article For all the sophisticated electronic tools the U.S. government has at its disposal, tracking the activities of suspected terrorist groups online has proved to be not unlike the search for Osama bin Laden and his operatives on the ground. . Even against a superior arsenal of technology, there are still plenty of ways for terrorists to avoid detection. . Although digital forensics has undoubtedly been useful in piecing together events since Sept. 11 - leading, for example, to the arrest of three of the suspects in the abduction and murder of an American reporter in Pakistan - information technology has significant limits in monitoring a widely dispersed terrorist network. . Terrorist groups are taking advantage of their knowledge of technology to evade surveillance through simple tactics, such as moving from one Internet caf� to the next, and more sophisticated ones, such as encryption. . "The Internet presents two main challenges," said David Lang, director of the computer forensics department at Veridian Corp., a company based in Arlington, Virginia, that provides systems for the Pentagon and U.S. intelligence. "One is it's ubiquitous: You can access it from just about anywhere in the world. The other thing is you can be easily hidden." . It is still relatively simple to communicate anonymously online. Many services enable users to send e-mail or browse the Web without leaving a digital trail - generally by disguising the unique number, known as an IP, or Internet protocol, address, that links a specific computer to e-mail messages sent or Web sites visited. . Some of those services have taken measures to prevent their technology from being put to ill use. Anonymizer.com, for instance, rejects subscribers from countries known for harboring terrorists, including Afghanistan and Pakistan. But individuals linked to terrorist groups appear to be relying on more low-tech methods to avoid detection. . "The interesting thing is there's no evidence that any of these people have ever used Anonymizer or any other privacy service," said Lance Cottrell, Anonymizer's president. "What you see them doing is using Internet caf�s and Yahoo and Hotmail and moving from caf� to caf�." . In the kidnapping and killing of Daniel Pearl, a Wall Street Journal reporter working in Pakistan - one of the few known cases in which suspected terrorists have been traced through e-mail - the abductors used Hotmail, Microsoft's Web-based e-mail service, to announce their deed. . Although the sender seemingly remains anonymous, Hotmail attaches the IP address of the sending computer to messages transmitted through its service, which left investigators with at least the beginning of a trail. . With the use of public look-up services on the Web, the IP address from a message received from the kidnappers on Jan. 30 could be traced to Cyber Internet Services, an Internet service provider in Pakistan. The IP address from an earlier message reached a dead end farther upstream at New Skies, a Netherlands-based company that provides Internet access by satellite to many countries, including Pakistan. . >From there, investigators are likely to have relied on cooperation from those >companies to trace the computer that was assigned that IP address when the message >was sent. . One challenge for investigators is that many people in developing countries such as Pakistan get Internet access through public places such as cybercaf�s, which do not necessarily ask customers for identification or keep the logs of Internet activity that service providers in the United States typically do. With help from the U.S. Federal Bureau of Investigation, Pakistani officials ultimately recovered copies of the e-mail on a computer belonging to a suspect arrested with two others in the case. It is not clear whether the messages were sent through a dial-up account or from an Internet caf�. . Getting cooperation from Internet service providers in other countries can also be a hurdle, although operating outside the reach of American laws regulating how Internet communications may be monitored presents some advantages. . "If it comes down to it, we would do a black-bag job on an ISP, literally, kick in the door in the middle of the night," said Mark Rasch, an expert on cyberlaw in Reston, Virginia, who formerly headed the Justice Department's cybercrime unit and is now a vice president at Predictive Systems, a security firm. . Rasch noted that within the United States, wiretaps for intelligence purposes face a lower threshold for approval, the assent of a secret three-judge panel. Wiretaps in criminal investigations, on the other hand, are approved in the regular courts and require a showing of "probable cause." . But even with relaxed laws, gathering intelligence, particularly without a suspect or lead, involves collecting and analyzing mountains of data. And government monitoring systems may not be quite as developed as some have speculated. . One of those tools, DCS-1000, generally referred to as Carnivore, can be installed at Internet service providers to monitor e-mail traffic - the digital version, essentially, of a wiretap. On a worldwide level, the National Security Agency operates a satellite network called Echelon in cooperation with Britain, Canada, Australia and New Zealand that monitors voice and data communications. Privacy groups have raised concerns about its use, but there is debate about whether in practice Echelon is very effective. . "Echelon as described doesn't exist," Mr. Rasch said. "The idea that the NSA has a program that captures every international phone call and analyzes every word and phrase isn't true. One of the biggest problems is there's just so much noise and so much traffic." . Such monitoring systems can in principle be programmed to look for certain keywords, such as bomb or target, within messages they capture. But given recent international events, such language is probably not uncommon, leaving investigators to determine which communications may represent serious threats. The New York Times Friday, March 29, 2002 ============================================================ We don�t want your money. We�ll settle for 10 seconds of your time. Come to fool.com and we�ll show you how to take control of your finances, lower your debt, and plan for a retirement the Foolish way. http://click.topica.com/caaaihCb1dhr0b2EDp2f/TheMotleyFool ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ This email was sent to: [email protected] EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================
