When Terror Hides Online

By ADAM COHEN

Did you hear the one about Osama bin Laden hiding messages in porn websites? It sounds like one of those crazy Sept. 11 rumors, but it's actually a law-enforcement theory about how the al-Qaeda network disseminates instructions to operatives in the field.

It's no secret that bin Laden's terrorist army is Internet savvy. Hijacking ringleader Mohamed Atta made his reservations on Americanairlines.com Some of his confederates seem to have communicated through Yahoo e-mail. And cell members went online to research the chemical-dispersing powers of crop dusters.

But secret Internet messages, known as steganography, may be the most insidious way bin Laden has taken his terrorist movement online. Steganography, Greek for "hidden writing," allows messages to be slipped into innocuous picture and music files. The trick is that the insertions are so small they're impossible to detect with the naked eye, but easily retrieved through special software tools.

A terrorist mastermind could insert plans for blowing up a nuclear reactor in, say, the nose of a puppy on a pet-adoption website. Operatives in the field, told which nose to look at, could then check for their marching orders. Steganography is a fast, cheap, safe way of delivering murderous instructions. "It avoids the operational security issues that exist anytime conspirators have a physical meeting," says Matthew Devost of the Terrorism Research Center. Terrorist watchers suspect al-Qaeda may be hiding its plans on online porn sites because there are so many of them, and they're the last place fundamentalist Muslims would be expected to go.

Even for netheads, steganography is a bit obscure. But bin Laden's followers may have learned about it when it burst on the pop-culture scene in recent movies like Along Came a Spider. The FBI has been closemouthed on whether it has found any steganographic images from al-Qaeda. But a former government official in France has said that suspects who were arrested in September for an alleged plan to blow up the U.S. embassy in Paris were waiting to get their orders through an online photo.

Law enforcement is increasingly targeting terrorists' technology. After the Sept. 11 attacks, the FBI reportedly installed additional Carnivores, devices it has been using to surreptitiously read e-mail, on Internet service providers. The National Security Agency uses Echelon, a top-secret wiretapping device, to monitor e-mail, cell phones and faxes worldwide. And the antiterrorism law passed last month broadened law enforcement's powers to grab Internet communications.

Steganographic images can be detected through "steg analysis," a process of hunting for small deviations in expected patterns in a file. The hard part is knowing where to look in the vast expanse of the online world. Toughest of all to catch: so-called low-tech steganography, in which the message is conveyed overtly. A photo on a website with arms crossed could mean attack an East Coast nuclear power plant; a blue bandanna could mean West Coast bridges. "Sometimes," says Ben Venzke, a terrorism specialist at the security analyst firm IntelCenter, "the best technologies are the simplest ones."

--By Adam Cohen