I have stopped replying to any e-mail from NRI friends in the
Middle East!
I choose my words in e-mails carefully, to avoid any word that
contains the three dreaded letters – Bin. I don't even call a recycle bin a
recycle bin any more!
Why? Because I am scared of the Internet surveillance that may
have already begun! I avoid many other words, which may be included in the list
of words being searched in the Internet traffic passing through an ISP's
servers.
Secrecy – No more
Many government officials in USA are actively lobbying for
increased Internet surveillance as a method of restricting terrorist activity.
Numerous reports appeared in the media, describing the ways the terrorists use
the Internet to help organize themselves and plan their attacks with military
precision. A Senator called for "a global prohibition on encryption
products without backdoors for government surveillance." This, he claimed,
would enable the government to decode any message sent across the Internet.
FBI approached many large ISPs, including AOL and Earthlink and
served them with orders to search for possible communications that may have
aided in the attacks. As if the terrorists were dumb enough to send e-mails to
each other with the schedule of their synchronized attacks spread out in an
Excel Sheet. There are so many encryption tools available today that such a
possibility looks very remote.
Is surveillance realistic?
Internet surveillance attempts by the governments may face huge
problems in both implementation and effectiveness. Many encryption techniques
– those that are nearly impossible to decipher – are available on the
Internet. From ready-to-run software to source code and simple algorithms that
describe the general concepts.
And even if the governments get hold of keys to all the
encryption techniques, just look at the volume of data that has to be scanned
for this task.
Moreover, the terrorists who can patiently spend over two years
learning to become ace pilots of commercial airliners, can always develop their
own encryption techniques or get them developed through outsourcing. Money is
not a problem for them. One report in the Time magazine said they spent almost
$200,000 on the WTC attacks. Osama bin Laden's net worth is estimated to be
hundreds of millions of dollars.
The major question is how such a large-scale, coordinated attack
could have been accomplished without security officials being tipped off through
cyber or communications intelligence. They probably used non-digital means of
communications.
It seems quite unlikely that they would have carried out such a
big operation using e-mails, which could have been monitored anyway. Experts
believe that the terrorists do lot of communications through messengers and
non-digital methods.
Deceiving the watch dogs
Availability of steganography – the technique of embedding or
hiding a message inside a seemingly innocent digital file – is something that
can easily escape surveillance. Several programs on the Internet, many of which
are shareware or freeware, make it easy to embed one file in another. They use
files, such as a JPEG photo or an MP3 file.
The resulting file is indistinguishable to the human eye or ear.
A secret communication may appear as innocent as two friends sharing a song over
the Internet, or even a porn site offering a photograph for download which runs
into several MB size. How is anyone expected to search for a hidden message in a
single picture out of the hundreds of thousands of pictures floating on the Net?
The practice of steganography has a distinguished history. The
Greek historian Herodotus describes how one of his cunning countrymen sent a
secret message warning of an invasion by scrawling it on the wood with a wax
tablet. To casual observers, the tablet appeared blank. Spies during World War
II used such tools as invisible inks – which darken when heated – or tiny
punctures above key characters in a document that form a message when combined.
Tools available
One simple example of a steganographic tool available on the
Internet is OutGuess. And - you guessed it right! - It's available on a site
called www.outguess.org as expected. See the brief description of this tool for
yourself, it says, "OutGuess is a universal steganographic tool that allows
the insertion of hidden information into the redundant bits of data sources. The
nature of the data source is irrelevant to the core of OutGuess. The program
relies on data specific handlers that will extract redundant bits and write them
back after modification. In this version the PNM and JPEG image formats are
supported."
Software tools like White Noise Storm and S-Tools allow a sender
to embed messages in digitized information, typically audio, video or still
image files, that are sent to a recipient. The software usually works by storing
information in the least significant bits of a digitized file – those bits can
be changed in ways that aren't drastic enough to detect.
Steghide embeds a message in BMP, WAV and AU files, and MP3Stego
does it for MP3 files. One program, called Snow, hides a message by adding extra
whitespace at the end of each line of a text file or e-mail message.
During the WTC crisis, USA Today reported that bin Laden and
others "are hiding maps and photographs of terrorist targets and posting
instructions for terrorist activities on sports chat rooms, pornographic
bulletin boards and other web sites." There is no way to confirm such
reports, but even if it were true, it's a huge task to search through the entire
Internet traffic for hidden messages and decipher them. And, even if you do it
and detect such a message, it may be too late for taking an effective action for
a bureaucracy with so many rules to follow before they can make their next move.
The demand for surveillance of the Internet traffic is like
looking for a needle in a haystack that is as big as our planet. And in the end,
an important question will always need to be answered – how trustworthy are
the governments and officials who will participate in this effort of Net
surveillance? The demands are as crazy as a demand for a ban on the Internet
itself!