Site Presented By
Monday, Nov 9, 2009
Are al-Qaida terrorists hiding their secrets in eBay photographs?
Jul 17, 2002 | If you were a terrorist schooled in fundamentalist Islam, mass violence, digital cryptography and, not least, the pack-rat ethos peculiar to eBay, in which corner of that vast auction site might you hide your plans for America's end?
Would you favor the popular items, stuffing nuclear secrets into one of the nearly 4,000 Pez-related listings? Or would you go for something more obscure -- the date and time of al-Qaida's next operation concealed in a $3 glossy press photo from the old television sitcom "My Two Dads"? Or, displaying your flair for irony, would you conduct your terrorist business right under the kitsch-loving noses of the Americans who hate you most, those who would buy a "Boy Peeing on Osama" pickup-truck decal?
Silly as they seem, U.S. intelligence agents consider these questions key to their victory in the war on terrorism, according to unnamed sources who have been quoted in media reports over the past year. Since before Sept. 11, a series of articles have quoted experts suggesting that al-Qaida may be especially Internet-savvy and could be mounting a full-scale "cyberwar" against the United States.
While much of it comes off as alarmist speculation, one hard-to-prove fact has slowly gained a patina of credibility: that terrorists are hiding coded messages in the image files on eBay and other sites that allow public posting. These images would appear normal to most eBay shoppers, but they are actually brimming with guile. A terrorist who knew their true purpose could download the files, decode them with his secret password and perhaps find out where to strike next.
Jack Kelley, a veteran foreign correspondent for USA Today, has been at the forefront of these reports. In February 2001, Kelley reported that hidden "in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies."
His report prompted a flurry of follow-up stories in other publications, including one Wired News story in which a security expert said that his company, WetStone Technologies, had found several hidden messages on eBay and Amazon. After Sept. 11, dozens of newspapers, including the New York Times and the Washington Post, cited WetStone in reports that eBay may be crawling with terrorists. These accounts were almost universally dismissed by Internet-rights types, who said that they wouldn't believe the stories until they saw proof that "steganography" -- the practice of digitally hiding messages in media files -- is indeed on the rise.
On July 10, USA Today prompted renewed interest in the steganography debate by adding some meat to the eBay story. "Lately, al-Qaida operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com," reported Jack Kelley. "The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaida is planning another attack." Kelley added that eBay did not return his calls for comment.
The USA Today article has raised plenty of eyebrows -- eBay for example, has no record of being contacted by Kelley, and stresses that no federal agency has alerted it to any potential problems. There also appears to be little, if any, publicly available hard evidence of the use of steganography in files on the auction site.
The frightful genius of steganography, though, is that, by design, you don't know when it's being used. Independent researchers have devised numerous methods to search for signs of its proliferation on the Web, and some have reported that they've found nothing, and there's consequently no reason to be afraid. But when you think about these studies, the results become about as comforting as homeland security advisor Tom Ridge's color-coded alert system. After all, if you search for hidden messages on the Web and find nothing, what should you conclude -- that there are no messages, or that the terrorists are too sophisticated, and your tools don't work?
The answer to this question turns out to be a highly personal one, a matter of individual psychology and interest rather than a reasoned decision based on collective safety and the immutable laws of math. Ask security types, or people who make software to aid security types, and they say that steganography is a grave threat to our safety. Defenders of steganography, and its cousin cryptography, take the opposite view. These are people who become easily exercised over the prospect of the government monitoring the Web, and they say that if researchers haven't found secret messages, the messages are likely not there. But amid this politicking, one important question tends to get left by the wayside: if steganography is, or eventually becomes, the preferred tool of terrorists, can we ever thwart it? According to many experts, the answer is probably no.
