Are terrorists using hidden messages?

Probably not. But western leaders, commercial opportunists, and incautious journalists, want us to believe what we cannot see.

Der folgende Beitrag ist vor 2021 erschienen. Unsere Redaktion hat seither ein neues Leitbild und redaktionelle Standards. Weitere Informationen finden Sie hier.

The media and some western governments have repeatedly suggested that the Al Qaeda network is organising terror using hidden messages sent through the media and on the internet. But the hidden message about Osama Bin Laden's operations is - there is no hidden message.

As the world's press confronts the problem of getting independent information out of Afghanistan, a combination of commercial opportunists, incautious journalists, and western leaders have been making and repeating claims that Osama bin Laden and his terrorist supporters have been sending coded messages through the internet and other media. US national security adviser Condoleezza Rice and British prime ministerial spokesman Alastair Campbell have been joined by internet security software salesmen and intelligence pundits in issuing highly-publicised warnings that these communications systems might be being used to order the next terrorist attack.

What the claims have in common is that none of the companies, commentators or government spokespeople have been able to point to any messages containing secret terrorism instructions, whether in a bin Laden video or, as some reports have claimed, in pictures displayed on internet porn sites.

The most improbable allegation about hidden messages on the internet was published 10 days ago by the Pentagon itself. On October 18th, the Pentagon's daily newsletter Early Bird carried an article warning that Al Qaeda was planning a "major biological attack". "Early Bird is circulated to decision makers in the White House as well as to tens of thousands of military staff every morning [ebird.dtic.mil/Oct2001/s20011018expertwarns.htm (this site can only officially be accessed by individuals who have, or claim to have had, an official US military position).]

The new warning was based on an analysis and information from a "former National Security Agency instructor and experimental nuclear physicist", Dr Robert Koontz. The article said that Dr Koontz had "discovered evidence on the Internet that Osama bin Laden was planning a major biological warfare campaign, using more than one form of germ agent. According to Koontz, the Al Qaeda leader was using "coded" illustrations to signal and direct additional sleeper agents purportedly already armed with biological weapons."

The article referred readers to a web site where Dr Koontz has assembled his analysis about the planned new attacks. The former NSA instructor claims that a series of paintings on an Arab artist's web site conceals vital clues revealing plans for both the hijack and bioterror attacks on the United States.

The entire basis for his claims that "coded images show plans for massive germ attack on US killing millions", as circulated to Pentagon and White House staff, hinges on a web site of an aging Lebanese diva, Nouhad Haddad - known to her fans as Fayrouz. The site displays letters from fans, one of whom has the same name as that used by a hijacker. Another person who also wrote in as a fan was Muzaffar Wandawi, an Iraqi artist living in Amsterdam. On the basis that they were both fans of Fayrouz, Dr Koontz's analysis interprets Wandawi's pictures, which mix apocalyptic imagery with still life, as containing specific code for biowar attacks on America. He offers no other evidence.

Dr Koontz did not explain how the fact that two Arabs, one of whom might have had the same name as a hijacker, were fans of the same singer proved that they were part of bin Laden's terror network. Yet Early Bird's editors expressed no scepticism about his claims.

If his analysis were to be correct, then the artist Wandaawi must have been blessed with extraordinary foresight. His pictures which supposedly contain secret orders to attack America were painted in 1987 and 1988. At that time, the US and bin Laden were allies.

Dr Koontz also warned America to be alert against al Qaeda agents deploying biological weapons from backpacks with a pole sticking out of the top. "This methodology will be employed in the Apocalypse Biological Attack that is planned for the United States", he announced in a follow up report, warning citizens to "be wary of young, Middle Eastern men wearing backpacks".

There have also been recurrent fears that the internet might have been used for steganographic communications - where a secret message is digitally hidden in a larger document, such as a picture or a music file. These claims were first raised in February this year, when the newspaper USA Today announced that "hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies". (see also How the terror trail went unseen)

"It sounds farfetched", the paper did concede, while claiming that "U.S. officials and experts say it's the latest method of communication being used by Osama bin Laden".

Since the horrific attacks on September 11th, no evidence of encrypted communications used by these terrorists - let alone orders from Bin Laden hidden within pornographic pictures - has been found. At the end of September, FBI assistant director Ron Dick, head of the US National Infrastructure Protection Centre, told reporters at a briefing at FBI headquarters that records of internet messages between the hijackers obtained by the agency had not involved encryption or concealment methods.

But despite this, soon after on 4 October, ABC TV's "Primetime" programme claimed that evidence of Bin Laden using internet steganography "has absolutely astounded American law enforcement and intelligence agencies."

ABC claimed that "computer software in the hands of the bin Laden terror network, [was] allowing secret plans and messages to go back and forth on the Internet undetected".

An investigation of the basis for this report, which rapidly spread round the world after being broadcast at least 5 times by ABC television, started with a New York company funded by the US Air Force. Earlier the same day, the company had started a sales campaign for its software to detect steganographic images.

ABC's televised report showed how three images and music files could be decoded to reveal pictures of a military airfield or details of flights and civilian aircraft. The first picture, where a seating plan for a Boeing 757 was shown to be hidden inside an image of the Mona Lisa, was said to be a "demonstration". But the programme did not tell viewers that all of the images they saw were demonstrations, created by the USAF contractor. Nor did ABC reveal that its broadcast had followed the issue of a press release by the company, Wetstone Technologies of Cortland, New York, the same morning as the broadcast.

In the latest US article on the subject, published by the New York Times on Monday, Mr Hosmer repeat his claim to have found thousands of steganographic images on the internet, at a rate of 0.6% "hits" among millions of images on the web.

Wetstone Technologies' press release, issued on 4 October, promoted a proprietary software security system called Stego Watch, based on a "Steganography Detection & Recovery Toolkit (S-DART)" being developed by Wetstone for the US Air Force's Information Department at Rome Air Force Base, New York.

According to Wetstone president Chet Hosmer, "our Stego Watch service and the underlying technologies represent our current best defense against the use of steganography for unlawful purposes". Mr Hosmer's interview was broadcast by ABC the same evening. Neither the New York Times nor ABC mentioned his commercial interest in selling steganography detection software. ABC did not tell its audience that he was working under contract for the US Air Force.

The audience was told that "Western intelligence officials say they have learned that instructors at Osama bin Laden's camps in remote Afghanistan train his followers in the high-tech secret-messaging technique".

Four months earlier, Mr Hosmer had told Wired, the computer magazine, that his S-Dart tool had been effectively at work for months, and that his company had found hidden messages in "obvious places like hacker and pornography sites [and] also on eBay." But none of these images were shown on ABC; nor did Mr Hosmer produce any steganographic images that embodied terrorist messages from the Al Qaeda network.

On the ABC programme, Mr Hosmer was shown entering a secret code in order to unlock a picture of a military airfield from a large graphic. The graphic in fact appears on his own company website. Independent researchers from the University of Michigan who later examined the graphic image were able to crack both Mr Hosmer's steganography code and secret password in less than a minute. The password for the secret file, they found, was the TV station name - "ABC".

Mr Hosmer had, by the time of publication, failed to reply to voicemail, fax and e-mail requests for him to be interviewed about his claims. He did not respond to earlier requests to provide the images which he claimed to have found containing steganographic messages to be provided to independent experts for analysis.

ABC's story was taken up in Britain by the Times, who elaborated that "pornographic websites were used [by bin Laden] to send messages because there are so many and that is the last place Islamic fundamentalists would visit".

According to Cambridge University security engineering expert Dr Ross Anderson, the Times had been encouraged to run the story by Britain's security service, MI5. According to Dr Anderson, the journalist who interviewed him for the British report "told me he'd had a briefing from the security service on steganography." Dr Anderson claims that he was misquoted and says "the articles should be seen as a deliberate plant by MI5".

Claims that Al Qaeda were issuing TV messages that could be "prompts for terrorists and sleeper cells to begin a second wave of attacks" were echoed a few days later by US national security adviser Condoleezza Rice. Ms Rice telephoned various television network executives claiming that the broadcast of messages "that could be a signal to terrorists to incite attacks". The White House nevertheless admitted that there were no "hard indications" that covert communications were in fact embedded in the videotaped messages.

In Britain, the same message was given to the media by Tony Blair's communications chief, Alastair Campbell, who demanded a meeting with TV executives to discuss Downing Street's "serious concerns" about broadcasts of Osama bin Laden's videos.

Soon after this, internet security companies were quick to add to the warnings about hidden communications. "There's no doubt about it, the Internet is a terrorist assistance tool," Jerry Freese, director of intelligence for Vigilinx told journalists a few days later. He added that terrorists were avoiding detection by using steganography: "it's a means of communications that is very difficult to intercept." He did not offer any evidence to back up his claims.

Mr Freese's view that these communications were difficult to detect was apparently not shared by a Scottish internet company called Iomart. On 10 October, the company claimed to have been called in by the US authorities and to have detected hundreds of terrorist messages sent using steganography.

In a string of uncritical press reports, Iomart's directors claimed (inaccurately) that theirs was "the only private sector company in the world that could detect "stegged" files", through a software system dubbed "Net Intelligence".

According to Stephen Whitelaw, Iomart's "chief entrepreneurial officer", the company had discovered hundreds of such files, many containing Arabic dates and names, which could be linked to the attacks. Mr Whitelaw also asserted that he had found bin Laden's technique to be "doubly sinister" because he also encrypted his messages before concealing them.

"That's exactly what Osama bin Laden is doing, day in, day out, and he's still doing it", Mr Whitelaw added.

Iomart spokesman Phil Worms claimed that the company was "approached by the authorities in the United States after the terrorist attacks to help uncover Bin Laden's communications over the internet ... It is an ongoing process. We are still helping track messages which may have links to al Qaeda".

Despite the proliferation of headlines claiming that Iomart had cracked Bin Laden's communications network, the company did not produce a single example of the coded terrorist messages they have claimed to be continuously tracking on the internet. Mr Worms and Mr Whitelaw both failed to reply to a series of voicemail, fax and e-mail requests for them to be interviewed about their claims for this report. They also ignored requests for the public internet images they claim contain hidden terror messages to be identified for analysis by independent experts.

Cynical internet commentators have suggested that the company's remarkable claims may have had as much to do with its recent financial prowess than with its contribution to the global war against terrorism. In the year up to the attack, its share value fell so far and so fast that a Scottish newspaper jibed that it should be made a member of the "90 Per Cent Investment Trust", comprising companies that had then fallen 90 per cent or more from their recent peak value. In the month before the attack, August, Iomart reported a £3 million loss, sold its largest subsidiary, and sacked 50 of its staff. In the month before making its claims, its stock value fell by a further 24%.

The only published scientific study of internet steganography, by two computer scientists from the University of Michigan, found no evidence of hidden messages in any of two and half million images. Other computer specialists have commented that some novel or unknown types of steganography might have evaded their computer tests. But if the Michigan team could not detect such images, it is unlikely that other detection tools would work.

Ironically, although there is no evidence that bin Laden or Al Qaeda has used internet steganography, the US Air Force itself is developing "techniques and algorithms" for "secure transmission and storage of intelligence data [and] covert communication" using steganography". According to USAF information, the Mission Research Corporation of Santa Barbara, California, is currently working on Pentagon contracts to develop "efficient and secure methods for hiding secret information in digital images ... encrypted and hidden inside a digital image (a carrier) by slightly modifying the carrier. The changes are imperceptible to the human eye."

The strangest aspect of this obsession with secret messages, however, is that bin Laden's core message is unconcealed. In statements and broadcasts, he tells followers to "kill Americans". This message is not in code. What's hidden about that?