The Code and Decoding Lab

1. Answer the questions, decode the message, and complete the lab. (The NOVA website may help.)
2. Read the article below.

What is your opinion of steganography?

STEGANOGRAPHY

02:00 AM Feb. 07, 2001 PT

WASHINGTON-- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet.

So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement. USA Today reported on Tuesday that bin Laden and others "are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other websites, U.S. and foreign officials say."

The technique, known as steganography, is the practice of embedding secret messages in other messages -- in a way that prevents an observer from learning that anything unusual is taking place. Encryption, by contrast, relies on ciphers or codes to scramble a message. The practice of steganography has a distinguished history: The Greek historian Herodotus describes how one of his cunning countrymen sent a secret message warning of an invasion by scrawling it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank. Both Axis and Allied spies during World War II used such measures as invisible inks -- using milk, fruit juice or urine which darken when heated, or tiny punctures above key characters in a document that form a message when combined.

Modern steganographers have far-more-powerful tools. Software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files, that are sent to a recipient. The software usually works by storing information in the least significant bits of a digitized file -- those bits can be changed without in ways that aren't dramatic enough for a human eye or ear to detect. One review, of a graphical image of Shakespeare before and after a message was inserted, showed JPEG files that appeared to have no substantial differences. Steghide embeds a message in .bmp, .wav and .au files, and MP3Stego does it for MP3 files. One program, called snow, hides a message by adding extra whitespace at the end of each line of a text file or e-mail message.

Perhaps the strangest example of steganography is a program called Spam Mimic, based on a set of rules, called a mimic engine, by Disappearing Cryptography author Peter Wayner. It encodes your message into -- no kidding -- what looks just like your typical, quickly deleted spam message. Some administration critics think the FBI and CIA are using potential terrorist attacks as an attempt to justify expensive new proposals such as the National Homeland Security Agency -- or further restrictions on encryption and steganography programs. The Clinton administration substantially relaxed -- but did not remove -- regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins. One thing's for certain: All of a sudden, the debate in Washington seems to be heading back to where it was in 1998, before the liberalization.

"I think it's baloney," says Wayne Madsen, a former NSA analyst and author. "They come out with this stuff. I think it's all contrived -- it's perception management."

Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use. "We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices." He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult."

But Freeh never complained about steganography -- at least when the committee met in open session. Some of the more hawkish senators seemed to agree with the FBI director, a former field agent. "I think the terrorist attacks against United States citizens really heighten your concern that commercial encryption products will be misused for terrorist purposes," said Sen. Dianne Feinstein (D-Calif).Sen. Jon Kyl (R-Ariz) added he was concerned about "the sophistication of the terrorists, the amount of money they have available (and) their use of technology like encryption."

In March 2000, Freeh said much the same thing to a Senate Judiciary subcommittee headed by Kyl. He echoed CIA Director George Tenet's earlier remarks, saying: "Hizbollah, HAMAS, the Abu Nidal organization and Bin Laden's al Qa'ida organization are using computerized files, e-mail and encryption to support their operations."

by Declan McCullagh