AUTHOR:
TerrorismCentral Editorial Staff
TITLE:
TerrorismCentral Newsletter - December 19, 2004
SOURCE:
TerrorismCentral, December 19, 2004
TEXT:
News Highlights this week include concerns over Canada's border security, Australia's maritime security, and the latest failure of the US missile defense program. The Feature Article continues last week's theme of cyber security with a look at "Steganography: a case study in dual use".
1. World
2. Africa
3. Americas
4. Asia Pacific
5. Europe
6. Middle East
7. South Asia
8. Cyberterrorism and Information Warfare
9. Finance
10 Human Rights
11. Law and Legal Issues
12. Transportation
13. Weapons of Mass Destruction
14. Recently Published
FEATURE ARTICLE:
Steganography: a case study in dual use
NEWS HIGHLIGHTS OF THE WEEK
As year-end celebrations begin and people look forward to a new year, terrorist alert levels around the world have been raised, with explicit warnings, particularly from Australia and Southeast Asia, that a new wave of attacks can be expected in 2005.
A new worldwide disaster alert system has been launched. It includes information, forecasts and alerts on drought, floods, tropical storms, locusts, El Nino, earthquakes, volcanic activity and other events to help provide early warnings, better planning and preparedness.
The timing is good, coming as it does with a report that 2004 was a terrible year for catastrophic loss. More than 21,000 people were killed and overall economic losses reached some $105 billion worldwide. It is one of the most expensive years for property insurers, facing claims of some $42 billion. Swiss Re's preliminary report says that 300 natural disasters were registered last year, including hurricanes Ivan, Charley, Frances and Jean, typhoon Tokage/Caba and earthquakes.
Climate change/global warming is a contributing factor to the increase in natural disasters. The UN climate change conference held last week, ended with a compromise agreement for holding future discussions. http://unfccc.int/2860.php At the opening of the conference, the World Bank published its annual "Environment Matters" report, emphasizing the need for sustainable development and the threats environmental degradation and climate change present.
http://worldbank.org/sustainabledevelopment
China no longer needs food aid and instead has agreed to join UN efforts to tackle world hunger.
Burundi's constitutional referendum has been delayed for a third time because the voter list is not ready. A new data is not yet set.
Central African Republic elections have been postponed to February 13 only a week after setting January 30 as the date, to correct organizational problems.
In Democratic Republic of Congo, fighting continues to break out in what seems to be a significant escalation by Rwanda. Thousands of civilians are fleeing, as are some aid workers as serious border fighting worsens.
Ivory Coast's interim parliament has passed a series of laws in an effort to move forward on the peace accord that has been deadlocked long enough to threaten renewed civil war.
In Sudan, weapons have been pouring in and attacks by government-backed militias against Darfur civilians have escalated. The government missed an African Union deadline to end hostilities but after urgent international talks has agreed to instruct troops to fire only after they have been fired upon but there will be no withdrawal.
Swaziland's absolute monarch King Mswati III purchased a $500,000 Daimler-Chrysler Mayback 62. Pro-democracy organizations have called for smart sanctions against the royal family.
Canada's Standing Committee on National Security and Defence has issued the "Canadian Security Guide Book". It is particularly critical of border security and cites lack of investment, including recent force budget cuts of about a third.
http://www.parl.gc.ca/38/1/parlbus/commbus/senate/com-e/defe-e/rep-e/rep03nov04-e.htm
Colombia's Block Calima of the United Self Defence Forces of Colombia (AUC) have surrendered their weapons. The 550 paramilitaries will now enter a reintegration program.
In Haiti, UN peacekeepers have undertaken a large operation to control the most violent areas in the capital, Port-au-Prince, including acting against rebels occupying former President Aristide's residence.
The US Government Accountability Office (GAO) reports "Further Action Needed to Promote Successful Use of Special DHS Acquisition Authority". GAO found that the Department of Homeland Security is not fully leveraging its special exemptions from typical regulations such as intellectual property rights to acquire key technologies for WMD and other anti-terrorism technology acquisitions.
http://www.gao.gov/cgi-bin/getrpt?GAO-05-136
Australia has roiled the region with its declaration of a 1,000 -mile maritime security zone (called the Maritime Identification Zone). Regional governments say that the proposal, that requires ships to provide information about their route and cargo and additional details if they are within 200 nautical miles and allows Australia to board as necessary, infringes on their territorial waters, violates freedom of navigation, and violates international law. This zone, aimed at preventing terrorist attacks, would stretch five times as far as Australia's territorial waters.
Cambodia has banned the sale of videos depicting Iraqi hostage executions.
Indonesia has stepped up security after several specific terror warnings. Police seized nine bombs found on a bus and are investigating the 15 passengers.
In the Philippines security has been stepped up following the December 12 General Santos bomb that killed 13 and injured 70.
Thailand's human rights commission inquiry into the death of 85 Muslim protestors has concluded they were not killed deliberately, but the report has not yet been made public.
Vanuatu reversed its decision to establish diplomatic ties with Taipei rather than Beijing and has agreed to Australian demands to implement anti-corruption measures.
Bosnia's international governor, Paddy Ashdown, has dismissed nine Bosnian Serb officials accused of aiding war crimes fugitives.
Greece credits security training for the Olympics for the peaceful resolution of an 18-hour siege in which two Albanians hijacked a bus and threatened to blow it up.
Romania declared opposition leader Traian Basescu the new president in a close-fought election flawed by administrative problems.
Russia's Interfax news agency quotes the Emergency Situations Minister as saying that the number of victims of terrorist attacks in Russia rose 150 percent in 2004.
Spain and Britain have agreed for the first time to give Gibraltar an equal say in discussions over the future of the territory.
Ukrainian opposition leader Yushchenko was poisoned with TCDD, the most harmful known dioxin and a component of Agent Orange, according to analysis conducted in Amsterdam.
The British government has been told to repeal anti-terrorism laws following a ruling by the law lords that indefinite detention of foreign suspects without charge or trial breached their human rights and that "Indefinite imprisonment on grounds not disclosed is the stuff of nightmares". The government is reviewing its options. http://www.publications.parliament.uk/pa/ld200405/ldjudgmt/jd041216/a&others.pdf
The Bloody Sunday inquiry into the 1972 incident will reconvene to hear evidence from "Witness X".
Egypt and Israel signed a free trade agreement with the US.
In response to last Sunday's attack by Palestinians against an Israeli outpost near Rafah in the Gaza Strip, killing five soldiers, Israeli Defense Forces launched a series of operations in Gaza, where violence escalated during the week. The most serious incident was the entry into Khan Younis refugee camp in which at least 11 Palestinians were killed and 30 wounded.
The one-year anniversary of Saddam Hussein's capture was marked with further suicide bombings. Rather than being a turning point in favor of the US, the insurgency has widened and security deteriorates, while indications of sectarian violence grow stronger. In the largest attacks of the week, car bombs today in Najaf and Karbala killed more than 60. The UN Secretary General's latest report calls for international commitment to support Iraq ahead of elections, including security for election staff. http://www.un.org/Docs/journal/asp/ws.asp?m=S/2004/959 An audit of the transfer of the Oil-for-Food program to the Development Fund for Iraq (DFI) reports the transfer was "properly and transparently accounted for" and identifies inadequate controls at Iraqi ministries including issues with sole-source contracts awarded by DFI. http://www.iamb.info/ Meanwhile, the interim government has announced the beginning of trials of leading officials under Saddam Hussein's rule, although the legal systems to support these procedures have not yet been put in place.
In Lebanon, Syria withdrew troops from three positions. Lebanese opponents of Syria formed a joint group to unite their efforts, including working for new election laws.
Saudi Arabia was the target of the latest communication from Osama bin Laden, who called for a peaceful revolution against Saudi Arabia while calling for attacks against oil supplies and taking the opportunity to kill Americans in Iraq.
Syria has blamed Israel for a car bomb that exploded in the diplomatic quarter, injuring two people in an apparent assassination attempt against a Hamas member.
Afghanistan has succeeded in disarming all units in the entire region of Mazar-e Sharif, including nearly 29,000 military personnel, of whom the vast majority is entering reintegration programs. The Food and Agricultural Organization will help restart sugar production in an effort to substitute the sugar industry for the opium trade and stop annual sugar imports of 300,000 tons.
India and Pakistan agreed initial nuclear safeguards to help prevent possible conflict. The peace talks have helped boost trade between the two countries - it nearly tripled during the April - July period.
National Socialist Council of Nagaland leaders Osaac Cjoso Swu and Thuingaleng Muivah returned home to the Indian state of Nagaland after three years of exile and a meeting last week with Indian Prime Minister Singh who promised a settlement.
In Kashmir, representatives from both Indian and Pakistani controlled parts met together for the first time, agreeing to pursue a nonviolent solution.
Nepal's Maoist rebels increased attacks in the past week. Clashes on Wednesday killed at least 265; on Thursday another 22, and ten today. Most of the victims were connected with security forces.
Pakistan's President Pervez Musharraf confirmed he will stay on as both president and head of the army to help maintain the initiatives in the campaigns over Islamic militants and a settlement in Kashmir. Pakistan has announced a five million rupee bounty for the arrest of Abdullah Mehsud, a former Guantanamo Bay detainee connected with kidnapping two Chinese engineers.
In Sri Lanka, Buddhist radicals are suspected in last weekend's concert when a grenade attack killed two and injured 18. Muslims have warned of a potential backlash amid rising tensions.
8. Cyberterrorism and Information Warfare
A security warning over chip and pin cards being used to capture data and forge cards was issued by security expert Ross Anderson, although a financial services spokesman says this would be difficult to do and unlikely to happen.
http://www.cl.cam.ac.uk/users/rja14/ http://www.chipandpin.co.uk/
Imam Sumadra's autobiography contains instructions for hacking US computers and committing credit card fraud.
http://www.washingtonpost.com/wp-dyn/articles/A62095-2004Dec13.html (registration)
The US Federal Deposit Insurance Corporation (FDIC) issued a study on account hijacking, used for identity theft, in advance of formulating guidance next year.
lnweb18.worldbank.org/
Iran has frozen bank accounts under the control of former Afghan warlord Gulbuddin Hekmatyar of the Hezb-e-Islami group that has been connected with Taleban and al-Qaeda militants.
The US Treasury designated Khadafi Abubakar Janjalani (Janjalani) for acting on behalf of the Abu Sayyaf Group (ASG), named as a Foreign Terrorist Organization (FTO).
http://www.treas.gov/press/releases/js2157.htm
Treasury also designated individuals accused of obstructing the Dayton Peace Accords in Bosnia by protecting indicted war criminals.
http://www.treas.gov/press/releases/reports/document22.pdf
The Financial Crimes Enforcement Network issued new guidance on suspicious activity reporting related to OFAC matches.
http://www.fincen.gov/sarguidanceofac.pdf
Brazil's "Banestado" report spent two years investigating more than 1.5 million financial transactions between 1996 and 2002. They found numerous irregularities and now more 90 people face possible money laundering charges, including government and bank officials.
The Assets Recovery Agency in Northern Ireland has frozen about GBP 300,000 in assets of two businessmen suspected of smuggling millions of pounds worth of alcohol.
http://www.assetsrecovery.gov.uk/downloads/PR_Keenan.pdf
Chile's congress has passed a law making victims of torture under General Pinochet's military rule will be entitled to compensation in the form of a pension.
The US Treasury's Office of Foreign Assets Control (OFAC) issued a new rule clarifying publishing activities with people in Cuba, Iran and Sudan where embargoes are in place. The new rule issues a general license that permits most ordinary publishing activities but with restrictions on interaction with the sanctioned governments.
Press release
http://www.treas.gov/press/releases/js2152.htm
The Organization for Security and Cooperation in Europe published "The Media Freedom Internet Cookbook" to help governments and users preserve the freedom of the internet while still dealing with undesirable content like hate speech. http://www.osce.org/news/show_news.php?ut=2&id=4611
Mohamed Bensakhria and Slimane Khalfaoui were sentenced in French court to 10 years prison for their role in the failed Strasbourg market Christmas bomb plan. Their associate Mohamed Yacine Aknouche was sentenced to eight years and Rabah Kadri to six. Kadri is held in detention in the UK and the French court banned him from entering France. Six others convicted of providing logistical support were given lesser terms.
French territory.
Niall Connolly, Martin McCauley and James Monaghan of Northern Ireland had been acquitted of charges of training rebels in Colombia, but the acquittal was overturned on appeal and they were sentenced to 17 years prison. The three men had been released on bail and have now disappeared and are the subject of international arrest warrants.
Feroz Ganchi and Zubair Ismail were arrested in Pakistan on suspicion of belonging to a terrorist organization and deported to South Africa, where they are citizens, and have been detained for questioning.
Rodrigo Granda, who handled international relations for the Revolutionary Armed Forces of Colombia (FARC), has been arrested by Colombian security forces
Karim Koubriti and Ahmed Hannan had charges of belonging to a terrorist cell dropped only now to be indicted for allegedly submitting false insurance claims.
Mullah Naqibullah Toor, former security chief for Taleban leader Mullah Omar, was arrested, along with another Taleban commander, by Afghan security forces.
Australia issued a strong warning to defer travel with Indonesia over the holidays and airlines have offered refunds for travel to areas considered high risk. The Australian government warned that gifts in luggage would be confiscated if they contained prohibited objects even if wrapped for a gift.
Following a similar incident in France, it is now reported that security screeners in the US lost track of fake explosives planted in a bag.
The Center for Seafarers Rights condemned the forced detention of seafarers cooperating in a US environmental investigation that violates their human rights.
http://www.seamenschurch.org/det.htm
Dubai has become the first Middle Eastern port to agree to participate in the Container Security Initiative. http://www.cbp.gov/xp/cgov/newsroom/press_releases/12102004.xml In addition, the port of Livorno, Italy has become operational.
At the Cargo Security Summit, US Department of Homeland Security Director Tom Ridge asked for industry input into a draft national strategy on cargo security. http://www.dhs.gov/dhspublic/display?content=4222 Meanwhile, the Port Security Council of America called for adequate funding of port security, currently borne by the private sector.
http://www.aapa-ports.org/
The Australian National Audit Office reports that none of the Container Examination Facilities (CEFs) met their inspection targets. http://www.anao.gov.au/WebSite.nsf/WhatsNew/58AA87991A5E2295CA256F6A0016DEC7!OpenDocument
13. Weapons of Mass Destruction
The US anti-missile shield test failed when an interceptor missile was automatically shut down without launching. It was the first test in almost two years and its failure is another setback in a program unsuccessful since first conceived under Reagan's presidency.
Trust for America's Health released the Second Annual Bioterrorism Preparedness Study, finding poor preparedness, largely connected to poorly defined and inconsistent US bioterrorism policies.
http://healthyamericans.org/reports/bioterror04/
In a similar vein, the Chemical and Biological Arms Control Institute reports that an increase in federal funding was done without a clearly articulated national strategy.
http://www.cbaci.org/press/release9.htm
A new study published in Nature this week reports that vaccination is not the best way to deal with an anthrax attack but that since the disease is not personally transmissible detection and antibiotics would be preferable. http://www.nature.com/news/2004/041213/full/041213-8.html
Singapore will begin fining people found with Aedes mosquitoes (that carry dengue fever) breeding on their premises.
Walter R. Borneman, "1812: The War That Forged a Nation". Harper Collins
Matthew Gandy and Alimuddin Zumia, editors, "The Return of the White Plague: Global Poverty and the 'New' Tuberculosis" Verso
Richard Gid Powers, "Broken: The Troubled Past and Uncertain Future of the FBI" Free Press
T. R. Reid, "The United States of Europe: The New Superpower and the End of American Supremacy" Penguin
Mark Alan Stamaty, "Saving the Books of Iraq" Knopf (illustrated children's book)
Kathleen Taylor, "Brainwashing: The Science of Thought Control". Oxford
FEATURE ARTICLE: Steganography: a case study in dual use
Technology rarely has a single purpose but instead can be applied in many different ways. In terrorism and security this attribute is discussed in the context of solving two problems. First, is to cost justify a particular expenditure. For example, bioterrorist events are rare and unlikely. Spending billions on surveillance systems to detect a bioterrorist attack is unjustified. But surveillance systems serving public health and allowing early detection of an influenza pandemic while also being able to detect an attack is readily justified. In this example, there are both public and private benefits and an overall improvement to an important component of protecting the critical infrastructure.
The second problem is related to the abuse of technology, in which its intended use is subverted, often in highly innovative ways. Organized crime is well known for leveraging technology to gain access and information in pursuit of nefarious schemes. It has been difficult for businesses and law enforcement to stay one step ahead of emerging techniques like phishing or tax frauds. Best known of technology abuse is perhaps the case of the September 11 hijackers converting a transportation vehicle into a bomb. Understanding the possible misapplication of technology is essential to security, a point made by the investigators on the 9/11 Commission.
Steganography has many applications, ranging from protecting information to hiding malicious code within a picture, thereby offering an interesting case study in the multiple uses of technology.
The technique dates from ancient Greece where a message would be tattooed on a messenger's shaved head then grow back the hair to cover it for personal delivery. Greeks and Romans would also cover an engraved tablet with wax to make it appear unused and thereby disguise the message. The name steganography comes from the Greek for "covered writing". Other traditional techniques include the use of invisible ink and James Bond style concealment, including microdots, hollow heels, and so on.
Because it is used to hide information, steganography is related and sometimes used in conjunction with cryptography. The difference is that cryptography changes a message so that if it is found it can't be understood while steganography conceals or camouflages the message, making it appear innocent. Of course, these techniques can be combined.
In today's digital world steganography has become associated with using multimedia elements like pictures, sound, and video, to hide the object. This has been used to manage copyright, hinder illegal copying, permit anonymity, hide sensitive data, and protect privacy. For malicious purposes, spam and phishing messages have used steganography to deliver images that include code to exploit known security vulnerabilities. There are also reports of terrorist groups, particularly al Qaeda, using these techniques for operational planning and support.
Hidden copyright messages can be incorporated into the body of a work, providing a way to track usage and in case of abuse to identify and prosecute it. It can be as simple as including a Digital Object Identifier (DOI) in HTML code or as complex as copy-protection schemes. Applied to publishing, this treatment is called digital watermarking - a way to embed identification and a common component of digital rights management (DRM). More complex messages, including executable files, can also be hidden in "white space" - the digital blanks of less important data, like repeating colors, bit stream audio or the empty space following the period at the end of this sentence. This same kind of tiny variable spacing can also be used in print, where tiny spacing variables can be used to transfer a hidden message.
Using these techniques is not foolproof. First, putting information into a file can cause degradation (the "lossy" effect) and put the original item at risk. This could make the original image misleading or interfere with listeners' enjoyment of an audio soundtrack. Second, there are a variety of tools and transmission techniques that are used to solve particular problems. Using the wrong tool, mixing tools, or even a simple connection failure can disable your effort. Third, in many cases, easier and more effective alternatives already exist. For example, securing data by hiding it is less effective than using standard encryption. Finally, steganography can be detected and tools to crack the messages are available.
On its own, steganography isn't sufficient to provide security or privacy. In fact, it can be another means for criminals and terrorists to overcome existing security measures. Given its flexibility, it's a good idea to keep watch on future technical developments -- watch this space.
Additional Resources:
Frank Hartung, editor, WWW References on Multimedia Watermarking and Data Hiding Research and Technology
http://www-nt.e-technik.uni-erlangen.de/~hartung/watermarkinglinks.htmlNeil Johnson
http://www.jjtc.com/stegdoc/steg1995.htmlGary C. Kessler, "An Overview of Steganography for the Computer Forensics Examiner:
http://www.garykessler.net/library/fsc_stego.htmlDru Lavigne, "Hiding Secrets with Steganography",
http://www.onlamp.com/pub/a/bsd/2003/12/04/FreeBSD_Basics.htmlFabien Petitcolas
http://www.petitcolas.net/fabien/steganography/index.htmlPetitcolas and Katzenbeisser, editors, "Information hiding techniques for steganography and digital watermarking", Artech 1999
Niels Provos
http://www.citi.umich.edu/u/provos/Bruce Schneier, "Secrets and Lies: Digital Security in a Networked World" Wiley, 2000
http://www.schneier.com/Kristy Westphal, "Steganography Revealed", Security Focus April 9, 2004
http://www.securityfocus.com/printable/infocus/1684
HOW TO CONTACT US:
Please contact us with your questions or comments by sending email to .
We look forward to hearing from you.
Editorial Team
TerrorismCentral
All Rights Reserved. Copyright © 2004 by TerrorismCentral.