How the NSA is monitoring you by Robert Vamosi
June 28, 2001 4:50 AM PT

COMMENTARY--Echelon, if you don't already know, is the National Security Agency's (NSA) electronic surveillance system, designed to monitor telephone calls, faxes, and e-mails worldwide. The system looks for words or phrases that could be used by terrorist organizations to plot their next attack. The trouble is, most world-class criminals and terrorists aren't sending incriminating plain-text e-mails. They're using other methods to communicate, such as steganography (hiding files within a file).

The idea that the United States government is eavesdropping on our lives should be distressing to everyone, but few Americans even know about it or are as riled up about it as our European neighbors. Recently, ministers in the European community argued for the use of strong 128-bit encryption for even basic e-mail.

Unfortunately, the use of strong encryption can cause problems for systemwide antivirus products. For more information on Echelon, the American Civil Liberties Union, along with several other free speech organizations, has created an informative Web site, Echelonwatch.org.

Instead of rooting through my e-mails, I think the NSA should be researching how to detect messages hidden within other messages. Steganography is one popular method, where a message (either text or image) can be hidden within other files containing text, images, or even sound, without a perceptible change in the original file's quality.

The concept predates modern computing. Greek soldiers tattooed maps on their heads, and then grew their hair out; after arriving behind enemy lines, they delivered the message by shaving their heads. Romans obscured messages by applying layers of wax onto the tablets on which they were written, then melted the wax to read the message. Microdots, used during World War II, is yet another example. During the recent U.S. Embassy bombing case, several documents came to light that suggest Osama bin Laden and his associates have been using steganography to hide terrorist plans inside pornography and MP3 files that are freely distributed over the Internet.

Unfortunately, identifying whether or not a file contains hidden data requires no less than a careful comparison of the compromised file to the original--which is not always possible. The human eye can't always detect photographic loss because most steganography programs use subtle algorithmic transformations of the color palette table (that's why black and white photos work the best). And, even if you did suspect that a secret message may be hidden inside one of your files, often you need to know which software program was used, and then figure out the password to unlock the file (if encrypted, which it probably is).

At last summer's Black Hat Security Briefings, I spoke with some computer forensic experts who admitted that steganography is all but impossible to detect. One expert I spoke with had been in law enforcement before switching to computer forensics and still uses the tried-and-true interrogation methods gleaned from his years in law enforcement. Often, he said, after building a sound case against an individual, that person will crack during interrogation and share secrets and even passwords. That's how the government learned of bin Laden's antics.

Recently, someone on BugTraq suggested that defaced Web sites might contain hidden stegnographic messages. Indeed, even corporate logos on HTML-enriched e-mail could be rife with secret information. But until someone figures out a way to parse the code of every GIF, BMP, JPG, or MP3 file, we're left with idle speculation. In the meantime, I wish the NSA would find something better to do than read all of our e-mail.

Related Hyperlinks
http://members.tripod.com/steganography/stego/software.html
http://www.blackhat.com/

Credits
By Robert Vamosi
AnchorDesk