WASHINGTON— Hidden messages sent through cyberspace have assisted terrorists groups in covering their tracks by keeping their communications secret.
This method of passing sensitive communications through concealed means is known as steganography, and has been employed since the ancient Greeks. These hidden messages can only be seen by the sender and intended recipient, making it difficult for outsiders to trace.
But today, notorious terrorist groups such as Hamas, Hezbollah and Al Qaeda have used steganography by concealing messages in maps, photographs, in chat rooms or on pornographic websites. And with the rapid expansion of the Internet, these secret messages have become more difficult to find.
“Quite an alarming number of images appear to have steganography in them,” said Chet Hosmer, who is an expert in cyber encryption and founder of WetStone Technologies.
Hosmer said he has found traces of steganography on sites like eBay, but declined to reveal other sites in order to avoid tipping off terrorists.
The use of steganography breaks no law and is a process often used to protect one’s privacy and anonymity.
But when in the hands of terrorists, scrambling embedded secret messages across the vast landscape of the Internet makes it difficult for law enforcement agencies to identify underlying threats.
Osama Bin Laden and his allies were using steganography to carry out the 9/11 attacks, according to U.S. and foreign officials.
“Finding files tainted by steganography is like looking for a piece of straw in a haystack—forget the needle,” said Neil Johnson, president of Johnson & Johnson Technology Consultants. The Internet has more than 3 billion websites, making it nearly impossible to detect subtle changes in image bits per pixels or data files. A slight change in bits or files can capture a hidden message, which can only be decoded through certain steganography software and programs.
However, there are more than 140 steganography programs available for encoding messages, such as Spam Mimic, S-Tools and Mozaiq, which are freely accessible and easy to use.
And few programs have been designed to decode these encrypted messages. In 1998 the Air Force commissioned WetStone Technologies to develop software capable of detecting secret messages in computer files and electronic transmissions, but the software is limited by the continuous evolution of new technologies, Hosmer said.
The Patriot Act signed into law by President George W. Bush in 2001 included provisions to diminish the threat of encrypted messaging on the Internet. But experts say surveying every crook and cranny of the Internet is a daunting task.
“Crypto is—and, for decades, has been—a huge problem—but legal,” said Dr. Gary Kessler, associate professor who specializes in cyber security at Embry-Riddle Aeronautical University in Florida.
“I know of nothing that the U.S. government is doing—or, speaking practically, could do to prevent the circulation of Cryptographic tools,” Kessler said.
In 2011 the U.S. Department of Defense declared cyberspace a new domain of warfare. Until at least fiscal year 2016, each military department will contribute teams of fully trained cyber personnel to assist in defusing threats across the web, Eric Rosenbach, the deputy assistant secretary of defense for cyber policy, said in a press release.
Since 9/11 much has been done to thwart the use of steganography by terrorists, but because the Internet continues to grow these encrypted messages can easily slip through the cracks.
