Cat & Mouse in Cyberspace
Interesting news on the infowar front, in two parts. First, Declan McCullagh has stumbled onto a previously-undisclosed FBI Net-monitoring program that's "broader and potentially more intrusive than the FBI's [infamous] Carnivore surveillance system."
Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords...
Call it the vacuum-cleaner approach. It's employed when police have obtained a court order and an Internet service provider can't "isolate the particular person or IP address" because of technical constraints, says Paul Ohm, a former trial attorney at the Justice Department's Computer Crime and Intellectual Property Section...
That kind of full-pipe surveillance can record all Internet traffic, including Web browsing--or, optionally, only certain subsets such as all e-mail messages flowing through the network. Interception typically takes place inside an Internet provider's network at the junction point of a router or network switch.
Top data-miners and social network analysts have questioned whether this kind of broad-brush surveillance works at all. And while we're all getting caught in the FBI's electronic dragnet, the real bad guys are getting smarter about hiding their tracks. The Middle East Media Research Institute notes:
The Global Islamic Media Front [recently] announced the imminent release of new computer software called "Mujahideen Secrets.. [allegedly] the first Islamic computer program for secure exchange [of information] on the Internet," and it provides users with "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."
The package "is comparable to any number of commercial products available here in the United States," says ZDNet blogger Mitch Ratcliffe. "The difference is an Islamist skin, which seems more a gimmick to inspire confidence in the software than a guarantee it will be effective."
But "'Mujahedin Secrets' is the latest example of the growing technical competence of online supporters of al-Qaida and other Islamic terror networks, but encryption capabilities are not new in the world of cyber-jihadis," IntelCenter's Ben Venzke tells UPI.
"This is consistent with the ongoing efforts of jihadist sympathizers online... Encryption is used by some (Islamic terrorists)" and some al-Qaida manuals have addressed the question.
He said encryption is "a standard part of the operational security practiced (online) by those (Islamic terrorists) who take the time to use it.
