Anti-Forensic Techniques Used By Jihadist Web Sites
Hello Everybody !
Hope you all are doing good and are in the best of your health..
I guess many of you might be excited after reading the subject of this post. Yes ! Today I’m going to discuss the various anti-forensic methods used by Jihadis to conceal their presence over the Internet.
The Internet, as we all know is a very wast field of information sharing and communication. And there are various ways by which one can be in contact with other person across the globe and this happens almost instantly. This saves time, money and effort that would otherwise be very high ! These all are the advantages of Internet.
However, as with all innovations, this technology has its own disadvantages too… And today I’m going to bring one such dark side of Internet in light.
The use of the Internet and Web-based software applications by extremist groups is a growing phenomenon that has attracted the attention of university researchers as well as intelligence agencies in the Middle East, Europe, and the Americas. In a recent study authored by researchers from the University of Arizona, George Washington University, and the University of Massachusetts entitled “Analyzing terror campaigns on the Internet: Technical sophistication, content richness, and Web interactivity,” the authors write:
“In our comparison of terrorist/extremist Web sites to US government Web sites, we found that terrorists/extremist groups exhibited similar levels of Web knowledge as US government agencies. Moreover, terrorists/extremists had a strong emphasis on multimedia usage and their Web site employed significantly more sophisticated multimedia technologies than government Web sites … and is as effective as the US government agencies in terms of supporting communications and interaction using Web technologies.”
As international law enforcement, intelligence, and military agencies step up their efforts to monitor these Web sites (which now number in the thousands), Muslim extremists are turning to both low tech and high tech solutions to maintain their operational security.
I’ll discuss a few areas that are in use by such sites, to defend themselves against law enforcement agencies.
- Steganography
Steganography is a technique whereby messages are hidden in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message. I had discussed about this in my earlier posts also. So rather than going deep into this subject (As this would require a separate post altogether ! ), I directly jump to how it is in use by Jihadis. In the February, 2007 edition of Technical Mujahid is an article that encourages extremists to download a copy of the software program Secrets of the Mujahideen !! Secrets is an encryption software application which can hide data between the pixels of an image, and then compress the file in an attempt to defeat steganalysis. The article provides a detailed example of how 20 messages can be hidden in a 100 x 50 pixel picture. Dr. Chen, director of the Artificial Intelligence lab at the University of Arizona confirms that steganography is being used by some of the extremist Web sites that they monitor, although an analysis on its use hasn’t been done yet. - Draft Message Folder
Here is another example of an operational security action that costs nothing to use, yet can defeat the NSA’s ability to intercept e-mail messages ! Studies show that Jihadis started drafting messages in free e-mail accounts, then allowing others to log in to the accounts and read the drafts. No message ever had to be sent. This leaves even NSA’s best code breakers in a helpless position ! - Encryption
The software application that I mentioned above, Secrets, provides highest level of encryption in asymmetric encoding (with) the use of the best five algorithms in encryption science; strong symmetric encryption; private and public asymmetric 2048 bit keys; strong compression of data; use of stealthy encryption keys and algorithms; secure deletion of files, elimination of retrieval possibilities; and the ability to run it from a flash disc, i.e. the program does not have to run from a computer hard drive. The encryption training section is extremely detailed and explains all the technical implications of the program. The writers claim that the program surpasses all international symmetric encryption systems. This encryption program is an executable file that can be stored on a flash drive and used on any public computer to encrypt an e-mail message or other file. Another distinguishing feature is that, unlike other encryption programs available online, there are no public keys supplied with the software. Therefore, senders of an encrypted file must have a way to transmit the key through some other means. - IP-based Cloaking
Cloaking is a method that analyzes a visitor’s IP address and re-directs certain visitors to a bogus site, thus masking or “cloaking” the authentic one. Lance Cottrell, chief scientist at Anonymizer, described how IP-based cloaking worked during an educational seminar he delivered at FOSE (Future Of Software Engineering) 2006. Here is the official description found at Anonymizer.com’s Government Threat Center section: “When the Web server receives a page request, a script checks the IP address of the user against a list of known government IP addresses. If a match is found, the server delivers a Web page with fake information. If no match is found, the requesting user is sent to a Web page with real information.” A similar technique, IP-based blocking, simply prevents certain users from access, rather than re-directing to a different site.
Further to cloaking, it was found in a research that the criminal and terrorist organizations also increasingly are blocking all traffic from North America or from Internet Protocol addresses that point back to users who rely on the English language. Cloaking is just one means by which hostile intelligence organizations can exploit the ability of IP addresses to reveal the physical location—and frequently the organizational identity—of a user visiting a Web site.
Another method could be a case in which hackers set a number of criteria that they all shared using the Linux operating system and the Netscape browser, among other factors. When federal investigators using PCs running Windows and using Internet Explorer visited the hackers’ shared site, the hackers’ system immediately mounted a distributed denial-of-service attack against the federal system !!!
However, due to lack of proper controlling measures on what and how should be shared across Internet, the ease of sharing information with almost no cost involved, makes such terrorist organization flourish over the web. My attempt in this post was to make all of you aware that even this user-friendly technology is used against us !
While I was doing a bit of research on this, I came across a few other Internet terminologies – The Dark Internet, Dark Fiber & Deep Web !
Do keep watching this post for updates and posts on these !!!
I hope this post was worth a read. Any suggestions / feedback / comments are most welcome.
Enjoy !
Similar Posts you might be interested in:
- None Found
Cybercrime | Ne0 | September 30, 2008
That rocks!!! And typically when you have lots of terrorists attack all around the globe. They are turning hi-fi and more wi-fi day by day.:P
They use the best of encryption methods and at times even customized techniques which is much more powerful. It is after all their business requirement
Thanks w0lf ! Ur comment inspires me to digg further in this….