Identity Management, Threat Management

Cyberterrorism vs. Cybercommunications

by  •  • Comments Off

A story today in the NYTimes highlights the challenges of finding a terrorist "needle" in the Internet/Web "haystack." This is important for two reasons – first, it helps rebut the notion that the CIA or some other agency is monitoring everything we do, ala Echelon. And second, it properly classifies the Internet as a communication vehicle for terrorists rather than something that should be attacked and brought down completely.

Some choice quotes:

Late last month, an Internet privacy watchdog group revealed that the Central Intelligence Agency had contributed money for a counterterrorism project that promised, among other things, an automated surveillance system to monitor conversations on Internet chat rooms. (I wrote about this here).

Even after the Sept. 11 attacks, "the mass media, policy makers, and even security agencies have tended to focus on the exaggerated threat of cyberterrorism and paid insufficient attention to the more routine uses made of the Internet," Gabriel Weimann, a professor of communication at Haifa University in Israel, wrote in a report for the United States Institute of Peace this year. "Those uses are numerous and, from the terrorists’ perspective, invaluable."

But the troubling truth is that terrorists rarely have to be technically savvy to cloak their conversations. Even simple, prearranged code words can do the job when the authorities do not know whose e-mail to monitor or which Web sites to watch. (This is why 1-bit encryption can be effective – it doesn’t take much to be "generally" secure).

At one Web site, spammimic.com, a user can type in a phrase like "Meet me at Joe’s" and have that message automatically converted into a lengthy bit of prose that reads like a spam message: "Dear Decision maker; Your e-mail address has been submitted to us indicating your interest in our briefing! This is a one-time mailing there is no need to request removal if you won’t want any more," and so forth. (The only time you actually want your e-mail to look like spam. Of course, I would love to find out that we averted a terrrorist attack because the "secret message" saying the mission was a "go" got lost in a spam filter.)

These articles always make it seem like government agencies are looking in the wrong direction. I think that is a bit presumptuous. It doesn’t take much to realize that this is a daunting challenge, and I bet they are extremely aware of the problem.