Re: Blinky Rides Again: RCMP suspect al-Qaida messages
* Adam Shostack: On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | There have been numerous media reports in recent years that terrorist | groups, including al-Qaida, were using steganographic techniques. | | As far as I know, these news stories can be tracked back to a | particular USA Today story. There's also been a bunch of stories how | a covert channel in TCP could be used by terrorists to hide their | communication. There's very good evidence that Al Qaida does *not* use strong crypto. However, they use some form of crypto. From a recent press release of our attorney general: | Als mitgliedschaftliche Betätigung im Sinne der Strafvorschrift des § | 129b StGB für die Ansar al Islam wird den Beschuldigten vor allem | zur Last gelegt, einen Mordanschlag auf den irakischen | Ministerpräsidenten während seines Staatsbesuches in Deutschland am | 2. und 3. Dezember 2004 geplant zu haben. Dies ergibt sich aus dem | Inhalt einer Vielzahl zwischen den Beschuldigten seit dem 28. November | 2004 verschlüsselt geführter Telefongespräche http://www.generalbundesanwalt.de/news/index.php?Artikel=158Thema=5Start=0 (Very rough translation: The persons are accused of being members of Ansar al Islam and planning the assassination of the Iraqi prime minister during his visit to Germany on the 2nd and 3rd December, 2004. This follows from the contents of a multitude of encrypted telephone calls the accussed exchanged since November 28, 2004.) Probably, they just used code words, and no real cryptography. I'm trying to obtain a confirmation, though.
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
-- On 9 Dec 2004 at 16:15, J.A. Terranson wrote: (3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp. I have used stego for practical purposes. The great advantage of stego is that it conceals your threat model. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG aV25L9tGoz00uU3bzcY+rbFDV5nX9BCkK67CRwcd 4mBXnVakFBPiPRCdugeDolUdtnd8iueWgYFwR3Pch
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
On Sat, Dec 11, 2004 at 10:24:09PM +0100, Florian Weimer wrote: | * R. A. Hettinga quotes a news article: | | There have been numerous media reports in recent years that terrorist | groups, including al-Qaida, were using steganographic techniques. | | As far as I know, these news stories can be tracked back to a | particular USA Today story. There's also been a bunch of stories how | a covert channel in TCP could be used by terrorists to hide their | communication. There's very good evidence that Al Qaida does *not* use strong crypto. I blogged on this at http://www.emergentchaos.com/archives/000561.html is was the first time I'd given such a talk since 9/11. It wasn't useful after we'd made the decision to stop hemorrhaging money by shutting down the Freedom Network. (That was May or June of 2001.) So I did a fair bit of reading about Al Qaeda's use of crypto. One of the more interesting techniques I found was the 'draft message' method. (http://www.jihadwatch.org/archives/002871.php) It seems consistent that Al Qaeda prefers being 'fish in the sea' to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they're almost right! We love that they use bad crypto.) There's other evidence for this. In particular, the laptops captured have been exploited very quickly, in one case by a Wall St Journal reporter. So rumors of steganography or advanced crypto techniques have a burden of proof on them. And see the link there to Ian Grigg's http://www.financialcryptography.com/mt/archives/000246.html
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
On Sun, 12 Dec 2004, Major Variola (ret) wrote: Psyops ain't just for the (overt) military you know... http://www.fortwayne.com/mld/newssentinel/news/editorial/10367781.htm Truth be told, lies are part of Pentagon strategy By JOSEPH L. GALLOWAY Knight Ridder Newspapers WASHINGTON - The first casualty when war comes is truth. So said Sen. Hiram Johnson, a California Republican, in the year 1917. There is a struggle inside the Pentagon over where to draw the line in conducting so-called information operations or propaganda in the wars in Afghanistan and Iraq and who will be involved. On one side are the information warfare activists, led by Defense Secretary Donald H. Rumsfeld and Assistant Secretary Douglas Feith. On the other are those who believe that telling lies to the media is wrong and military public affairs officers should never be involved in that. The wrangling has been going on since soon after the 9/11 attacks in 2001 when a Pentagon war planner, speaking anonymously, told a Washington Post reporter, This is the most information-intensive war you can imagine. We're going to lie about things. Not long afterward the Pentagon opened its controversial Office of Strategic Influence amid reports that its mission included planting false news stories in the international media. A public outcry led to the hasty shuttering of that office, but Rumsfeld served notice that while the office may have been closed, its mission would be continued by other entities. The defense secretary told reporters on Nov. 18, 2002: Fine, you want to savage this thing, fine. I'll give you the corpse. There's the name. You can have the name, but I'm going to keep doing every single thing that needs to be done, and I have. This week the Los Angeles Times reported that CNN had been targeted in an information war operation three weeks before the start of the attack against Fallujah. On Oct. 14 Marine 1st Lt. Lyle Gilbert, a public affairs spokesman, went on camera to declare that troops crossed the line of departure - that the Fallujah operation was under way. It was not. The U.S. commanders obviously hoped that the false news broadcast by CNN would trigger certain moves by the insurgents and foreign terrorists holding the Sunni city - moves that then could be analyzed to gain information on how they would defend Fallujah. Marine sources in Iraq flatly deny that Lt. Gilbert's statement to CNN was a deception operation or part of a larger psy-war operation. They say the distinction between public affairs and information operations is very clear and jealously guarded by the public affairs community. Also this week the Washington Post brought new attention on the friendly-fire killing of Army Ranger Pat Tillman, a former NFL football star who gave up the spotlight to become a soldier. For days after the death of Tillman, military commanders and spokesmen both in Afghanistan and at Fort Bragg left out any mention of his having been killed by American bullets as they spun the story of a hero killed in battle. That incident brought to mind the false stories about the rescue and heroism of Pvt. Jessica Lynch foisted on reporters during the opening days of the attack into Iraq. The official picture painted initially was of a young woman who fought to the last bullet before being wounded and captured. The truth was that Pvt. Lynch was injured when the vehicle in which she was riding crashed and she was knocked unconscious. She never fired a shot. An investigation of the Tillman death and the information given to the media is presently under way, according to an Army spokesman. Defense Department spokesman Larry DiRita says he has asked his staff for more information on how the Oct. 14 Marine incident came to pass. Critics point to one troubling recent development: the decision by commanders in Iraq in mid-September to combine information operations, psychological operations and public affairs into a single strategic communications office run by an Air Force brigadier general who reports directly to Gen. George Casey, the American commander. Gen. Richard B. Myers, chairman of the Joint Chiefs of Staff, wrote a letter in late September warning American commanders of the problems of lumping military public affairs in with information operations. Myers warned that public affairs and information operations must remain separate. But his warning seems to have fallen on deaf ears in Iraq because civilian leaders in the Pentagon and the National Security Council insisted on a blended effort of both public affairs and psy-ops to woo Iraqi and Arab support for America's efforts in Iraq. In the old days of the Cold War America's propaganda war was fought by the U.S. Information Agency, which was strictly forbidden from distributing any propaganda inside the United States. USIA was first gutted and then folded into the State Department during the mid-1990s. Everyone involved in this argument would do well to heed Gen. Myers'
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
--- J.A. Terranson [EMAIL PROTECTED] wrote: On Sat, 11 Dec 2004, Bill Stewart wrote: The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about copy the disk and return the computer that came out of the Steve Jackson case, not that they're always followed; Actually (at least here in the Midwest), it's copy (image) the machine and provide a copy of that image. The computer and original drive stay locked in the evidence locker till the case is over. I can't say what the legal practice is in Canada. I imagine it depends on whether the legal proceedings are politically charged; whether the cops are out to discover evidence, or if they are looking to destroy evidence; or any of a number of motivating factors. From a purely technical perspective, there is no possible reason why the police would ever need to keep the computers and all copies of data related to an investigation. It is possible to image everything on a hard disk in an afternoon, including the extra bits available through, say, the, READ LONG(10) command in the SCSI protocol, which are normally used for ECC and CRC on each sector. Depending on the device, it may also be possible to access the spares tracks. In the rare event that a forensics firm is looking to scoop data that was overwritten, the police should be able to provide a copy of the original data back to the individual or business at a trivial cost in comparison to the costs of the forensic proceedures. Apart from data stored in flash memory, or similar less common places, there is no good reason why the actual computer hardware would need to be confiscated, except in the most exceptional circumstances where in-situ testing might need to be done with the original equipment. But in that case, the police should be required to acquire hardware that duplicates the original, so that they cannot be said to have tampered or damaged the originals. For correctness, the original computer equipment should be used once for the acquisition of a read-only copy of the data residing on it. However, it seems that the police will pretend that they are more incompetent than they actually are in order to use confiscation as extra-judicial punishment -- and that is just the common case where there are only legitimate legal proceedings at issue. In some cases, the police (in canada) are apparently willing to go to great lengths to destroy evidence and impose extra-judicial sanction on the subject of an `investigation', which may not exist at all in a legal sense, by way of employing clandestine tactics. In terms of my experience, the near total loss of my computers and other materials was carried out over a period of about three years, in an incrimental fashion that did not have even the pretense of legitimacy, but which nevertheless accompanied a subtle PR campaign that sought to suggest that there was some sort of hush-hush investigation that as a result of so-called exceptional circumstances, necessitated the particular methods that I observed. Total bullshit, actually, but we know that SpookWorld is exempt from the normal rules of civilised behaviour because of the special nature of its denizens. Anyhow, my assessment of the needs of computer forensic proceedures is probably quite accurate. The reality of conflicting and extra-legal agendas at work in some cases (such as the Steve Jackson incident) has apparently dictated a deliberately 'stupid' approach on the part of law enforcement personnel when it suits them. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
On Sat, 11 Dec 2004, Bill Stewart wrote: The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about copy the disk and return the computer that came out of the Steve Jackson case, not that they're always followed; Actually (at least here in the Midwest), it's copy (image) the machine and provide a copy of that image. The computer and original drive stay locked in the evidence locker till the case is over. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
For instance, a seemingly innocent digital photo of a dog could be doctored to contain a picture of an explosive device or hidden wording. Of course, the _real_ message wasn't hidden in subtle stego bits - it was whether the picture was Bush's dog, Cheney's dog, or Blair's dog. It recommends investigators consult the RCMP's technological crime program for assistance, including comprehensive forensic examinations of seized digital media. The more serious problem is what this means for computer evidence search and seizure procedures - the US has some official rules about copy the disk and return the computer that came out of the Steve Jackson case, not that they're always followed; I don't know if the Canadians are more or less polite about returning computers, but this kind of thing increases the chances of harassment of various ethnic and political organizations We're keeping your computer as evidence of potential crimes, but we haven't actually charged you with a crime yet and won't do so unless we can find the hidden stego evidence. Bill Stewart [EMAIL PROTECTED]
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
* R. A. Hettinga quotes a news article: There have been numerous media reports in recent years that terrorist groups, including al-Qaida, were using steganographic techniques. As far as I know, these news stories can be tracked back to a particular USA Today story. There's also been a bunch of stories how a covert channel in TCP could be used by terrorists to hide their communication. Unfortunately, when such stories are retold for the second time, the could be used part tends to change to is used. 8-(
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
It seems consistent that Al Qaeda prefers being 'fish in the sea' to standing out by use of crypto. Also, given the depth and breadth of conspiracies they believe in, it seems that they might see all us cryptographers as a massive deception technique to get them to use bad crypto. (And hey, they're almost right! We love that they use bad crypto.) Right. Although only based on very limited experiences, where I've come across those in interesting lines of business, the strong impression I get is that they would not touch any new or geeky tool that had some claimed benefits that couldn't be proven on examination. This was most forcefully put to me by a dealer of narcotics in Amsterdam (I wasn't buying, just trying to be polite at a party ;) who said that he and his like would not use any of the payment systems that had supposed privacy built in, as they assumed that the makers were lying about the privacy provisions. As far as 3 systems that the guy was aware of, he was dead right twice, and for the third, I'd say he was approximately right. So, if this is a valid use case and we can extend from small time narcotics payments to big time terrorism chitchat, we could suggest that they will be using standard people tools, and trying hard to stay unobservable in the mass of traffic. In this sense, one could say they were using steganography, but I think it is more useful to say they are simply staying out of sight. Either way, the public policy implication is to challenge any specious claims of how we need to control XXX because terrorists use it. In the case of crypto, it would appear they don't use much, and what's more, they shouldn't. And see the link there to Ian Grigg's http://www.financialcryptography.com/mt/archives/000246.html I was hoping that the 'Terrorist Encyclopedia' had made its way to somewhere like smoking gun or cryptome by now. iang
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
On Thu, 9 Dec 2004, Tyler Durden wrote: Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then? Thats an interesting question on several different levels: (1) There is (both within LEAs and the rest of us) a wide range of opinions as to the feasability of stego being used in the field for anything useful. Remember that USA professional spies (who spent over a year learning tradcraft IIRC) had continuous problems with very simple encryptions/decryptions in the real world. (2) The folks in the Al Qaeda is Satan camp generally believe that not only is stego in wide use, but that AlQ has somehow managed to turn it into a high bandwidth channel which is being used every day to Subvert The American Way Of Life and infect Our Precious Bodily Fluids. No amount of education seems to dissuade these people from their misbeliefs. (3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp. (4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense? -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
J.A. Terranson wrote: On Thu, 9 Dec 2004, Tyler Durden wrote: Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then? Thats an interesting question on several different levels: (1) There is (both within LEAs and the rest of us) a wide range of opinions as to the feasability of stego being used in the field for anything useful. Remember that USA professional spies (who spent over a year learning tradcraft IIRC) had continuous problems with very simple encryptions/decryptions in the real world. (2) The folks in the Al Qaeda is Satan camp generally believe that not only is stego in wide use, but that AlQ has somehow managed to turn it into a high bandwidth channel which is being used every day to Subvert The American Way Of Life and infect Our Precious Bodily Fluids. No amount of education seems to dissuade these people from their misbeliefs. (3) The other camp believes that stego is a lab-only toy, unsuitable for much of anything besides scaring the shit out of the people in the Satan camp. (4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense? It only makes sense that transmitted stego payloads be simple codewords or signals. For hand carried chunks of data, simple disguise is sufficient The bulk transport of dangerous data is a threat model that doesnt fit the situation. Perhaps LEA confuse themselves thinking al-q is inciting a cultural revolution?
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
From: Tyler Durden [EMAIL PROTECTED] Sent: Dec 9, 2004 2:47 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages .. NSA folks, on the other hand, I would assume have a soft version of a Variola Stego suitcase...able to quickly detect the presence of pretty much any kind of stego and then perform some tests to determine what kind was used. I bet they've been aware of Al Qaeda stego for a long time...that's probably the kind of thing they are very very good at. Maybe, but I think it would be very hard to write a general-purpose stego detector, without knowing the techniques used for encoding the message. And if you know the distribution of your cover channel as well as your attacker, or can generate lots of values from that distribution even if you can'd describe it, you can encode messages in a way that provably can't be detected, down to the quality of your random number generator and the difficulty of guessing your key. I imagine this as something much like a virus scanner. Look for known stego programs, and also for signatures of known stegp programs. Really good programs might be impossible to find without doing, say, a password search. But it's worth noting that AQ has to do key management just like the rest of us, and that's hard when you are communicating with a lot of different people. If your stego is password-protected, some terrorist's laptop is going to have a post-it note on the screen with the password. .. -TD --John Kelsey
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
On Fri, 10 Dec 2004, Trei, Peter wrote: J.A. Terranson wrote: (4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense? For semaphores and codewords, stego isn't needed. Simply agree on a signal - if a post appears in alt.anonymous.messages with the subject To JAT, the intended recipient has got all the info he needs. Assuming you are willing to use your semaphores over overt channels. Rudimentary stego is useful when you want those same low-bandwidth messages delivered covertly. Stego is needed only when the message is too complex to have a codeword. Yet at the same time, stego is such a low bandwidth medium as to argue strongly against it's use for truly complex messaging systems. Even without software, 'numbers station' type transmissions can be sent anonymously through the net. We're not necessarily talking about an IP transport for these messages. My belief is that any unicast IP transport is inherently dangerous for critical *must-be-truly-anonymous* messaging. To put it another way, I would not (if I was AlQ, which I'm not. At least not this week...) use the internet for critical messaging. Just like I wouldn't use a satellite phone ;-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
Maybe, but I think it would be very hard to write a general-purpose stego detector, without knowing the techniques used for encoding the message. And if you know the distribution of your cover channel as well as your attacker, or can generate lots of values from that distribution even if you can'd describe it, you can encode messages in a way that provably can't be detected, down to the quality of your random number generator and the difficulty of guessing your key. Well, the first thing to remember is that Arabic more or less has a built-in method for distributing covert information...kind of like Hebrew, an Arabic word can be viewed in terms of a subset of consonants...for specific groupings there are lots of well-known associated words with the same letters. I'd bet a careful examination of bin Laden communiques will reveal the existence of pointers to such special words...the initated will know how to pull out those words and use them as passwords, etc... As for the sophistication of Al Qaeda software, remember we're probably not talking about a very centrally-organized group. Their members are scattered in all sorts of socio-eco-bandwidth environments so that off-the-shelf (where shelf=internet) stuff is going to be common. Remember too that broad categories of Stego can apparently be detected by FFT (someone here posted a link to a paper describing that). Put that and all sorts of other routines looking for specific Stego signatures inot a Variola suitcase and I bet they (NSA, though not police) can pull out practically anything they want to. BUT...that probably doesn't do them a ton of good...the plaintext will be in Arabic, it will speak symbolically, and maybe use some even more clever techniques for info obfscuration. As for the 'semaphore' theory I consider that likely...lots of info will be sent out-of-band (ie, verbally) and Stego'd info will perhaps be triggers or possibly meeting coordinates. Maybe an account number every now and then (VERY easy to hide using Arabic letter-numerals). -TD I imagine this as something much like a virus scanner. Look for known stego programs, and also for signatures of known stegp programs. Really good programs might be impossible to find without doing, say, a password search. But it's worth noting that AQ has to do key management just like the rest of us, and that's hard when you are communicating with a lot of different people. If your stego is password-protected, some terrorist's laptop is going to have a post-it note on the screen with the password. ... -TD --John Kelsey
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
On Thu, 9 Dec 2004, R.W. (Bob) Erickson wrote: Perhaps LEA confuse themselves thinking al-q is inciting a cultural revolution? In all seriousness, there is some of that fear within the LE community. I'm sure it's about the same as when the weathermen were running around the pentagon's bathrooms (i.e., a very small subset of only the dumbest LEAs belive it), but that is certainly in the background noise. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
Steve Thompson wrote: --- R.A. Hettinga [EMAIL PROTECTED] wrote: Lions and Tigers and Steganography, Nell... For those of you without a program, here is the new, official, Horsemen of the Infocalypse Scorecard: At 3:14 PM -0400 10/3/04, R. A. Hettinga wrote: Horseman Color Character Nickname 1 TerrorismRedShadow Blinky 2 NarcoticsPink Speedy Pinky 3 Money Laundering Aqua Bashful Inky 4 Paedophilia Yellow Pokey Clyde Cheers, RAH --- http://cnews.canoe.ca/CNEWS/Canada/2004/12/08/pf-773871.html December 8, 2004 RCMP suspect al-Qaida messages By JIM BRONSKILL snort The RCMP couldn't find a hidden terrorist message even if someone shoved half of it up the ass of Commissioner Giuliano Zaccardelli, and the other half up the ass of Deputy Commissioner Paul Gauvin, and then sent them a map with clear directions written on it leading directly to the location of both assholes. No, I don't like them at all. Regards, Steve __ Post your free ad now! http://personals.yahoo.ca You tell them, Steve Insanity is a great cover for an insurectionist!
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
J.A. Terranson wrote: (4) I have yet to meet a full dozen people who share my belief that while stego *may* be in use, if it is, that use is for one way messages of semaphore-class messages only. I really do not understand why this view is poopoo'd by all sides, so I must be pretty dense? For semaphores and codewords, stego isn't needed. Simply agree on a signal - if a post appears in alt.anonymous.messages with the subject To JAT, the intended recipient has got all the info he needs. Stego is needed only when the message is too complex to have a codeword. Even without software, 'numbers station' type transmissions can be sent anonymously through the net.
Re: Blinky Rides Again: RCMP suspect al-Qaida messages
--- R.W. (Bob) Erickson [EMAIL PROTECTED] wrote: Steve Thompson wrote: [assholes] You tell them, Steve I believe I just did. Insanity is a great cover for an insurectionist! I suppose it could be, although I am give to belive that residents of the White Room Hotel may only carry out insurection in the program room, and even then only while under direct adult supervision. I have been told that this makes the task somewhat more difficult, what with the sometimes necessity of colouring outside the lines on the page (so to speak). Regards, Steve __ Post your free ad now! http://personals.yahoo.ca
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
From: J.A. Terranson [EMAIL PROTECTED] Sent: Dec 9, 2004 1:19 PM To: Tyler Durden [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages . As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored. But the real thing they needed to know was there can be hidden information in files that look innocent and what they need to do to find that hidden information. I expect the answer to that will involve either shipping it off to some expert at the FBI (who will have to do some serious flow control, or he'll be receiving copies of all the video games on every small-time drug dealer's computer), or running some tools to look for the hidden data. It's not like you're going to expect a random detective to learn how to cryptanalyze stego schemes, anymore than you're going to expect him to learn how to check for DNA matches in a lab. He'll need to have some notion of how the technology works, and some rules of thumb for how to handle the evidence to keep from tainting it, and that's about it. J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF --John From jeff Sat Dec 11 15:47:34 2004 Return-Path: [EMAIL PROTECTED] Delivery-Date: Sat Dec 11 07:47:34 2004 Return-path: [EMAIL PROTECTED] Envelope-to: archive@jab.org Delivery-date: Sat, 11 Dec 2004 07:47:34 -0800 Received: from exprod5mx95.postini.com ([64.18.0.83] helo=psmtp.com) by toko.jab.org with smtp (Exim 3.36 #1 (Debian)) id 1Cd9T4-0007Tv-00 for archive@jab.org; Sat, 11 Dec 2004 07:47:34 -0800 Received: from source ([205.217.113.11]) by exprod5mx95.postini.com ([64.18.4.10]) with SMTP; Sat, 11 Dec 2004 07:50:06 PST Received: from m18.lax.untd.com [64.136.30.81] by mail.bestware.biz (SMTPD32-8.01) id A78E6410100; Sat, 11 Dec 2004 09:51:42 -0600 Received: from m18.lax.untd.com (localhost [127.0.0.1]) by m18.lax.untd.com with SMTP id AABA5YFY8AKW4ZCJ for [EMAIL PROTECTED] (sender [EMAIL PROTECTED]); Sat, 11 Dec 2004 07:48:46 -0800 (PST) X-UNTD-OriginStamp: az9YdFY2ee3SNysnJfolq2KJwZepwCZSitJgWH7+UviVe4JGcGTL7Q== Received: (from [EMAIL PROTECTED]) by m18.lax.untd.com (jqueuemail) id KEK35MH9; Sat, 11 Dec 2004 07:48:33 PST To: [EMAIL PROTECTED] Date: Sat, 11 Dec 2004 08:43:34 -0700 Subject: Re: [TruthTalk] Jesus the Messiah Message-ID: [EMAIL PROTECTED] X-Mailer: Juno 5.0.33 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--__JNP_000_3805.778b.2e05 X-Juno-Line-Breaks: 7-6,7,9-61,63-71,73-78,79-32767 From: [EMAIL PROTECTED] X-ContentStamp: 15:7:4214601920 Precedence: bulk Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-pstn-levels: (S:99.9/99.9 R:95.9108 P:95.9108 M:92.8780 C:99.7951 ) X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c X-pstn-addresses: from [EMAIL PROTECTED] [294/10] X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on toko.jab.org X-Spam-Level: X-Spam-Status: No, hits=-4.5 required=4.0 tests=BAYES_00,HTML_FONTCOLOR_BLUE, HTML_MESSAGE,NO_REAL_NAME autolearn=no version=2.64 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. __JNP_000_3805.778b.2e05 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit On Sat, 11 Dec 2004 10:19:37 EST [EMAIL PROTECTED] writes: In a message dated 12/10/2004 11:31:40 PM Pacific Standard Time, [EMAIL PROTECTED] writes: John, Sorry about that. I'm very frustrated right now. It's not you... || ..Not a good time of the year for heartache. John -- Well, today has been a sad ol' lonesome day Yeah, today has been a sad ol' lonesome day I'm just sittin' here thinking With my mind a million miles away Well, they're doing the double shuffle, throwin' sand on the floor They're doing the double shuffle, they're throwin' sand on the floor When I left my long-time darlin' She was standing in the door Well, my pa he died and left me, my brother got killed in the war Well, my pa he died and left me, my brother got killed in the war My sister, she ran off and got married Never was heard of any more Samantha Brown lived in my house for about four or five months Samantha Brown lived in my house for about four or five months Don't know how it looked to other people I never slept with her even once Well, the road's washed out - weather not fit for man or beast Yeah the road's washed out - weather not fit for man or beast Funny, how the things you have the hardest time parting
RE: Blinky Rides Again: RCMP suspect al-Qaida messages
Oh, general cluelessness doesn't suprise me. What suprises me is that the writer of the original article seemed to believe that Stego was a new development. Those cops you taught...do you think they were stupid enough to assume that, because this was their first time hearing about Stego, that Al Qaeda was only starting to use it right then? (I assume the answer is 'no'...they'll be smart enough at least to recognize that this was something around for a while that they were unaware of). NSA folks, on the other hand, I would assume have a soft version of a Variola Stego suitcase...able to quickly detect the presence of pretty much any kind of stego and then perform some tests to determine what kind was used. I bet they've been aware of Al Qaeda stego for a long time...that's probably the kind of thing they are very very good at. In the end it probably comes down to Arabic, however, and that language has many built-in ways of deflecting the uninitiated. I'd bet even NSA has a hard time understanding an Arabic language message, even after they de-stego and translate it. -TD From: J.A. Terranson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages Date: Thu, 9 Dec 2004 12:19:55 -0600 (CST) On Thu, 9 Dec 2004, Tyler Durden wrote: What a fuckin' joke. You mean they're only now realizing that Al-Qaeda could use stego? Do they think they're stupid? Nah...certainly the NSA are fully prepared to handle this. I doubt it's much of a development at all to those in the know. -TD As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored. While the various alphabets have had a few years to get up to speed, the idea that they are still 99% ignorant does not surprise me in the least. //Alif -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF Civilization is in a tailspin - everything is backwards, everything is upside down- doctors destroy health, psychiatrists destroy minds, lawyers destroy justice, the major media destroy information, governments destroy freedom and religions destroy spirituality - yet it is claimed to be healthy, just, informed, free and spiritual. We live in a social system whose community, wealth, love and life is derived from alienation, poverty, self-hate and medical murder - yet we tell ourselves that it is biologically and ecologically sustainable. The Bush plan to screen whole US population for mental illness clearly indicates that mental illness starts at the top. Rev Dr Michael Ellner