Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam Communications Encryption

To Avoid Detection, Terrorists Made Messages Seem Like Spam 110

HughPickens.com writes: It's common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn't need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."

According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.
This discussion has been archived. No new comments can be posted.

To Avoid Detection, Terrorists Made Messages Seem Like Spam

Comments Filter:
  • Solution! (Score:5, Funny)

    by MightyMartian ( 840721 ) on Friday January 16, 2015 @05:29PM (#48834881) Journal

    Applying the Cameron Solution [theguardian.com], all we need to do is ban spam... or email. I confess I'm not quite clear.

    • Has someone explained to Cameron what encryption is and why can't be blocked? I mean it can be blocked, it's just block everything...
      • Comment removed based on user account deletion
      • I've read that the US is trying. Their advisors recognise the importance of encryption and are trying to keep their political ally Cameron from making a fool of himself. While he wants to ban encryption, the US favors a more conventional regulatory approach of allowing encryption but making sure someone (ie, any company with any US presence) has both the capability and the legal requirement to decryption reception of a warrant. Or presumably a flimsy super-secret tell-noone blanket order requesting all thei

        • The problem is that you can't give the capability to decrypt by law... it's open source software, so no backdoors, and if you don't have the key you can't decipher. Unless they ban linux, force everybody to use a backdoored OS and they make open source illegal. Much simpler just backdoor the HW, the processor. There's no opensource processor out there
          • That applies if you're talking about software packages for individual use. I don't think that is where the legal concerns are addressed - how many people actually use gnupg? The legal concern is directed at services. Facebook, skype, whatsapp and so fourth. In these cases there is a service provider which, unless they actively take measures otherwise, has the capability to access communications. All that is required is a legal framework to compel them to hand over whatever the government requests (Either by

            • But let's be serious, how can smart people think that any serious terrorist would use gmail or facebook to discuss an attack? If Cameron/Obama "security plan" is to control cloud services then one of the two, they are very naive or they have an hidden agenda that has nothing to do with controlling terrorism...
          • by dgatwood ( 11270 )

            The problem is that you can't give the capability to decrypt by law... it's open source software, so no backdoors, and if you don't have the key you can't decipher.

            Nothing is stopping them from requiring that all software encrypt a copy of the session key (or whatever) with a second public key (which the government can decrypt with their private key). OSS can do that just as easily as closed-source software. Sure, it would be obvious to anyone looking at the code, but the law wouldn't exactly be a secret,

            • And given the way things works in this world some bad guys in the government will begin to sell keys in the black market to some rogue state or organization with deep pockets... You may force a backdoor but you will never be sure being the only one using it :-)
              • by dgatwood ( 11270 )

                To be fair, I never said it was a good idea. :-) In fact, it's a terrible idea, and the issue you mention is just the tip of the iceberg. If you give in to one world government by providing a back door, then all the others will come to you expecting the same treatment.

                So you decide that you need to hold those keys in escrow, and use them to decrypt only specific messages upon a court order. After all, you really shouldn't be providing those keys to nearly two-hundred different governments, for the reason

        • The US wants to do EXACTLY what Cameron announced. They just don't want anybody to know about it.

        • Even that's a stupid idea. A one-time pad is trivial to construct, can be used without any special software, and can not be cracked unless you manage to steal the key. If all you need to communicate is something short (e.g. time and location of target) then you can just post the encrypted thing in the middle of some random spam on a site like Slashdot that doesn't delete spam posts, just hides them.

          Then there are techniques like linguistic steganography, that hide messages in things like misplaced apostr

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Well, if Parliament insists I guess that's it for spam

      It will be tied up in the House of Lords though, I mean the lower classes must still have a need for potted meat?

    • Solution for spammers: they should try to format their mail as terrorist threats.
  • I do the opposite (Score:1, Interesting)

    by amightywind ( 691887 )

    I use spook-mode in Emacs to greet the voyeurs at NSA all the time.

    Kh-11 SSL FBI cypherpunk Attorney General HAMASMOIS Roswell Power Syria Food Poisoning cryptanalysis North Korea Verisign halcon Nuclear facility

  • by Anonymous Coward on Friday January 16, 2015 @05:34PM (#48834917)

    Prince of Nigeria is really funding terror cells to cure his erectile disfunction.

    • Well, considering that terrorist like boko haram are kidnapping girls and selling them as slaves, you might be correct more than you know.

  • If "Consolidate Your Debt" was a special subject for them, I wonder, how many proposals of that kind the assholes had to sift through to find messages from real comrades.

  • by Hobadee ( 787558 ) on Friday January 16, 2015 @05:39PM (#48834977) Homepage Journal

    So does this mean the NSA will now filter my spam for me? Hooray!

  • by Crashmarik ( 635988 ) on Friday January 16, 2015 @05:46PM (#48835031)

    Sure we will get some actual spammers in with that, but better safe than sorry.

    • Well, some people have been saying spammers are terrorist for a long time. Turns out they might be after all.

      • by pjt33 ( 739471 )

        People have been talking about using spam for steganography for a long time too. spammimic.com predates 9/11, and I'm not even sure it's the earliest example.

      • by KiloByte ( 825081 ) on Friday January 16, 2015 @07:52PM (#48835947)

        Every spam message that goes past the filters takes several seconds out of someone's life -- and not just the "gross" part that includes sleep, commutes, bathing, etc but of the actual productive part of the day (around 1/3 of it). Averaging batch reading of mail at the start of a day vs full context switch, let's take 5s per piece of spam. Let's assume a 95% spam filter effectiveness rate. Now the hardest part -- how big a spam campaign run is? Let's assume 100M delivery attempts (I'm doing a Fermi estimate -- or rather, pure rectal extraction -- on this number).

        This means, a single spammer who did just 10 spam campaign runs effectively murdered a person -- in a death of thousand cuts.

  • According to Slashdot, Betty White is a terrorist?
  • by fustakrakich ( 1673220 ) on Friday January 16, 2015 @05:58PM (#48835101) Journal

    Watch the Home Shopping Network. All their plans are on display. Look for the hidden pictures in those artsy plates they sell. They're actually maps and blueprints.

    And Hair Club for Men is a sleeper cell.

    "I've fallen! And I can't get up!" is a call to arms.

    They're everywhere. Am I not right?

    • by mysidia ( 191772 )

      "I've fallen! And I can't get up!" is a call to arms.

      I think you've misinterpreted that one... it's clearly a "Help Wanted" posting quietly reaching out to fellow villains for some technical assistance.

  • by Anonymous Coward on Friday January 16, 2015 @05:58PM (#48835107)

    .......of something similar back in 2002. There were a lot of messages on UseNet that had been attributed to being either spammers or some college testing out an AI. I noticed that the messages all had the same subject but with an added "suffix" at the end and that the messages were all the same in the beginning but at the end of them they had what appeared as a word salad. I dropped a hint to the FBI that it looked like the "suffix" was giving the order in which to reassemble the message and that the word salad at the end was likely some form of steganography that contained the actual message. Two days later those messages stopped appearing on UseNet and were never seen again. Was it a terrorist? I don't know but they were made aware of it at that point at least. I would have contacted the NSA but I didn't want to deal with them on any level.

    • by Carnildo ( 712617 ) on Friday January 16, 2015 @07:20PM (#48835755) Homepage Journal

      You alerted them to actual spam.

      The purpose of the suffix was to evade simple subject-line spam filters, while the "word salad" was an effort to evade word-classifier spam filters by drowning out the "spam-like" words with "non-spam" words, or to poison the classifiers and render them useless by loading up the "spam" wordlists with words that usually appear in non-spam messages.

  • by mbone ( 558574 ) on Friday January 16, 2015 @06:02PM (#48835147)

    Since they always let the terrorist stuff through, so as not to tip their hand, when will the spammers start disguising their messages as jihadist cal to arms?

    • by davidwr ( 791652 )

      Since they always let the terrorist stuff through, so as not to tip their hand, when will the spammers start disguising their messages as jihadist cal to arms?

      To: undisclosed-recipients
      Subject: MALE PLEASURE!!!!!!
      Date: 17 January 2014 02:20:05 +0000

      Increase your pleasure NOW AND FOREVER! Click here [nsa.gov] to join the Holy Crusade and very soon you'll be spending eternity with your very own harem of 72 virgins for all eterinity!

  • Spam Mimic (Score:4, Informative)

    by Rick Richardson ( 87058 ) on Friday January 16, 2015 @06:03PM (#48835153) Homepage
    http://www.spammimic.com/

    • Interesting, and looks like it's been around a while based on whois (2000). Wouldn't be surprised if the evildoers were dumb enough to use that exact site. Also wouldn't be surprised if the 3-letter agencies have been watching the plaintext entries for many years.

  • Finally, something good can come out of the "war on terror" and it can be a good use of the NSA's resources -- they can track down and eliminate spammers to prevent terrorist attacks.

  • by account_deleted ( 4530225 ) on Friday January 16, 2015 @06:27PM (#48835343)
    Comment removed based on user account deletion
    • Because now they have found the link between sender and receiver. With email if you get one person, you can then start looking for other connections that person made and see where that leads you.

      What are you talking about? It's spam. The terrorist sends it to a million random addresses; one of which is the other terrorist who knows how to interpret it.

    • I would simply embed a hidden subtitle into a shoddy movie like Showgirls and put it up for torrents..
      Sending instructions while optimally infuriating the viewer: win-win.
  • If you can think of as many distinct sexual activities as there are symbols in your wrinting system, make a table and encode your secret messages as porn movies. (Spies will probably watch them, but probably also forget that they're supposed to be looking for messages.)

    • by PPH ( 736903 )

      Abdul. According to this message, we are to attack on both coasts plus invade up the Mississippi River simultaneously!

  • HIdden communicaTions doN't reallY take that muCh efforT tO create. Many cOuld be cReated in Relatively Overt Ways.
  • During WWII the 'beeb sent messages to the resistance in occupied Europe. (examples at http://www.struthof.fr/en/test... [struthof.fr] ... damn that is an insanely long url...). If I remember my history "innocuous" announcements in newspapers were used to send covert messages by all sides in the Revolutionary and Napoleonic wars.

    Heck, if you controlled your own botnet (reasonable to do and a minor profit center for terrorists) you could put "random" text at the ends of your spams to confuse bayesian spam filters and piggyback coded messages in the random text as well.

    Chaffing your messages this way has the bonus of making traffic analysis useless if you are sending your message to literally millions of people.

  • There are infinite ways of encoding communication or circumventing contaminated channels. So trying to regulate communication or spying on data pipes is absolutely pointless. The NSA is only good for catching idiots and careless mistakes, and is at serious risk of being manipulated by those who can fabricate evidence. That's a low bar considering their cost and their cost on human rights.
  • I followed his instructions but it did not increase the girth of my Kalashnikov girth even one tiny bit.
  • by slashdot_commentator ( 444053 ) on Friday January 16, 2015 @08:08PM (#48836055) Journal

    Its called steganography.

  • by Anonymous Coward

    Hopefully this puts spam-senders on the NSA's watch-list..

  • NSA wants to further increase its surveillance of the American people, the NSA dreams up a bullshit story about terrorists using spam to hide msgs. Just who at the NSA would advise their staff to EXCLUDE spam from it's spying machine and why is slashdot posting this bullshit story on the front page?
    --

    further reading ref [stuartwilde.com]
  • by Required Snark ( 1702878 ) on Friday January 16, 2015 @08:53PM (#48836281)
    Wertheimer is the Directer of Research a the NSA. He was quoted on Slashdot two days ago apologizing in the Notes of the American Mathematical Society [slashdot.org]. The issue was a possible trap door in a set of encryption standard parameters submitted by the NSA. This was noticed by some researchers at Microsoft, and when it was brought up in the standards committee NSA just ignored the criticism.

    This made some member of the AMS very unhappy. Here is what angry mathematicians sound like: [ams.org]

    “AMS Should Sever Ties with the NSA” (Letter to the Editor), by Alexander Beilinson (December 2013); “Dear NSA: Long-Term Security Depends on Freedom”, by Stefan Forcey (January 2014); “The NSA Backdoor to NIST”, by Thomas C. Hales (February 2014); “The NSA: A Betrayal of Trust”, by Keith Devlin (June/July 2014); “The Mathematical Community and the National Security Agency”, by Andrew Odlyzko (June/July 2014); “NSA and the Snowden Issues”, by Richard George (August 2014); “The Danger of Success”, by William Binney (Sep tember 2014);

    If you read his statement, it is content free. As a admission of wrongdoing, it's completely worthless.

    "With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable"

    This is more of an apology for getting caught then anything else.

    So when Dr. Wertheimer pontificates about filtering email and national security, you should not be very impressed. His agenda assumes the end of constitutional protections for privacy. He is not an honest man doing an honest job for an honest employer.

  • Get V1aggra strong enuf to last thru the 72 v1rgins you will s00n meat.

    • Hello, you may not know me, but my name is Mohammed bin Saeed and I am being from Sudan. I have recently come into a large amount of bombs and ammunition, but I need your help! . . .
  • by complete loony ( 663508 ) <Jeremy.Lakeman@NoSPAM.gmail.com> on Friday January 16, 2015 @09:08PM (#48836367)
    Train a compression algo using a spam corpus to build a dictionary. Compress and encrypt your message. Then use the spam dictionary to *decompress* it. Hey presto, your message looks exactly like a randomly generated spam message.
  • by garry_g ( 106621 ) on Saturday January 17, 2015 @02:07AM (#48837331)

    Given the fact that France has had one of the most extensive data retension programs since 2006 and were still unable to prevent the terrorist attack should give a clue to politicians and police ...
    I believe the contrary is true: By relying on being able to prevent attacks through data retention (which by definition will create floods of data hard or impossible to interpret) and expecting to catch anybody before the fact, police have obviously reduced their work on surveillance of suspects as well as regular police work ... All three terrorists (much like the 9/11 ones) were on watch lists and known, yet they were able to buy guns and plan this whole ordeal. Good job, politicians! Fund the police instead of keeping tabs on all of your country's inhabitants and cutting in to their private lifes ...
    Even if you had 100% surveillance of ALL the people, including the contents of ALL the communication, any person just slightly intelligent and versed in computers will be able to hide their communication from the state. Also, who ever called for checking every single letter mailed through the postal service? Or listening in to every person-to-person talk? Just because technology makes listening in on people possibly doesn't mean it should be done, or would be helpful to prevent crimes ...

  • Terrorists have been sending me messages day and night for years. I didn't know and kept deleting them.
  • Oma gehts gut!

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...