German Authorities Find Al Qaeda Plans Disguised In Porn

According to CNN, which credits Hamburg-based newspaper Die Zeit, German investigators have uncovered a trove of more than 100 Al Qaeda documents recovered from a "digital storage device" (and memory cards) which were found hidden in the underpants of Austrian citizen Maqsood Lodin, who had recently traveled to Pakistan. The documents "included an inside track on some of the terror group's most audacious plots and a road map for future operations." Among these future plots: "[S]eizing cruise ships and carrying out attacks in Europe similar to the gun attacks by Pakistani militants that paralyzed the Indian city of Mumbai in November 2008." The documents were reportedly neither in plain view nor simply encrypted, but instead steganographically embedded in a pornographic video.

Stego

[girlintraining]

Of course, a terrorist group wouldn't use one of the most widely-distributed types of video to conceal information in plain sight, knowing that communication with the actual target would be concealed by the tens, if not hundreds, of thousands of others downloading it.

Absent the decryption key and/or software, I can't see a solid basis for destroying this guy's life. Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents.

Re:Stego

[Culture20]

one of the many good reasons to actually pay for stuff is that there is an accountable retailer.

Yeah, like Sony.

Re:Stego

[IamTheRealMike]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him. Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member. He tried to hide the incriminating files. Probably more that isn't in the story.

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces. If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication. I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now. No need for "training in Pakistan" for those guys.

Re:Stego

[localman57]

Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents

I'm frankly surprised the child-porn sickos haven't been doing this for some time. Imagine a virus that installs a torrent client or other peer-to-peer style network on the computers it infests, then starts distributing porn from PC to PC. It would add a lot of plausible denyability to the fact that you had the stuff on your PC, if the virus was also there.

Re:Stego

[cdrudge]

Absent the decryption key and/or software, I can't see a solid basis for destroying this guy's life. Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents.

If you or I were caught with the video, then claiming that we knew nothing about any hidden content is plausible. But neither of us are suspected terrorists, had ties to suspected terrorist organizations, have traveled to regions of Pakistan known for terrorist training camps, or were found with multiple memory cards hidden in our underwear...that just happened to have a porn video with a lot of hidden content very pertinent to terrorist organizations.

I believe in innocent before proven guilty and all that...but this guy was in serious trouble long before the contents of the hidden information was actually discovered. His life wasn't destroyed by the discovery, it already was. This just is another significant piece of evidence that chips away at it just being circumstantial evidence and piles on the beyond reasonable doubt (or whatever a German equivalent would be)

Re:Stego

[tverbeek]

This isn't some random dude who got nabbed because something incriminating got planted on his laptop, "in plain sight" to be found by random no-thought-required screening. He was concealing it because he knew it would get him in trouble with security agents if found, and it was found because he and his companion "...were on a watch list, and when they handed over documents at a European border crossing, their names registered with counterterrorism agencies. ...Ocak is also charged with helping to form a group called the German Taliban Mujahedeen, and is alleged to have made a video for the group threatening attacks in Germany.... Prosecutors believe the pair met at a terrorist training camp in Pakistan's tribal territories and were sent back to Europe to recruit a network of suicide bombers." (from TFA)

While your clever strategy is certainly possible, and can be effective at disrupting the kind of security theater that the TSA performs, that's not what's happening here. This is an example of good old-fashioned investigative, targeted counter-espionage working.

Re:Stego

[girlintraining]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him.

Correct. Most juries make their decisions based on emotional reasoning, rather than on the law. That's why so many people are in prison in this country compared to others, and also why so many innocent people are released from prison every year based on new evidence.

Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member.

And this is why juries so often convict innocent people: Suspicion equivocates to guilt for many people.

He tried to hide the incriminating files.

Pornography is prohibited in Pakistan, even when viewing it in the privacy of your own home. It's legal in Austria, the country he was from. So upon arriving in Austria from Pakistan, is it really that unusual?

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces

Irony, defined: Saying that counter-terrorism apparatus is way too big, while unintentionally demonstrating exactly why it is too big.

If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication.

The use of steganography is not exactly widespread; And despite the simplicity of the concept, most everyday people in this country couldn't tell you what it is, nor provide any examples of it. This is likely broadly true of the general population worldwide. So your argument here is invalid: The very use of steganographic techniques indicates an above-average level of technical proficiency.

I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now.

If you never try, you'll never succeed. Defeatism is not an attribute I want in any person, group, or organization who's charter is to save my ass from a suicide bomber. I sincerely hope you feel similar.

No need for "training in Pakistan" for those guys.

They train all over the world, and yet very few of them succeed in their attacks. If I were rooting for the other team, I would conclude that the training is inadequate. However, I am not, so I am thankful their training sucks. Keep getting an 'F' in "Death to America 101" guys.

Re:Stego

[blinkin247]

That's simple enough; here, come to my for-pay site that is miraculously everyone's most recommended source!

What you don't know is that you are helping me bankroll my criminal enterprise.

Lesson: just because you pay a person doesn't make them reputable.

Re:Stego

[Opportunist]

Jury? What jury?

Hint: Not every legal system depends on the whims and emotional instability of 12 idiots. Some think it's more sensible to get verdicts from people who know the law.

Re:Stego

[infinitelink]

Dear Opportunist, America has juries with the intent to frustrate the government from always having its way, period: because of juries, the executive (who purports to act in the name of the law), legislative (who makes the laws), and judicial (who rules on the laws) can all be nullified and hindered by ordinary people: even if not particularly practicing "nullification" per se, they can at least hang trials over and over if something is questionable. So long as one analytical and logical reasoner is in the jury, and something about a trial is dubious, the motion against an accused fails: that is, at least, if that person gives a damn about being honest and upright. Far from being insensible and stupid, it's a feature: get over it. Note that it's not just the government, but the accused as well, that can appeal to the emotions of a jury.

Re:Stego

[gmhowell]

The German authorities found the docs, Germany doesn't have jury trials.

Just a train ride and a quick shower at the end?

Dumb

[IamTheRealMike]

Steganographically hide sensitive information in an innocuous looking video, and then hide it in your underpants thus guaranteeing it will arouse suspicion on discovery. How stupid are these guys??

Re:Homerolled crypto

[O('_')O_Bush]

11 years later, some are calling them stupid, but given the state of the United States, their plans seemes to have worked perfectly. Homogenizing religious people as stupid or ignorant seems like a pretty dangerous thing to do.

Suspicion extreme

[ehiris]

Importing porn to Germany from Pakistan is about the most suspicious thing anyone can do.

Re:Not very good crypto or stego

[v1]

Steno doesn't require encryption. It prevents the information from getting into the hands of the opposition to begin with. They are probably under the assumption that trying to encrypt something (A) is a waste of time if they are likely to have the resources to break it and (B) will attract attention.

Analysis of randomness is quite an advanced science. It's not nearly as difficult as you might imagine to spot an anomaly in random data. Few things in life are truly random, and if you are familiar enough with the kind of randomness in something, you will have a very good statistical chance of noticing it.

As for the steno itself, there's a double-edged sword there. The same as encryption, only a fool designs his own. Without a really deep understanding of encryption it's easy to make a subtle mistake in you design that introduces a significant weakness. So on that hand we have to assume they are using something at least somewhat commonly available. But that's where the other edge gets you... it becomes MUCH easier to spot steno'd data when you are checking for a list of specific methods of steno. The analysis tool will scan the data against dozens or hundreds of common tools, and draw a nice graph with the line mostly hanging around the 2% point at the bottom, except for one eyesore of a spike for one of the tests. Then they take off the gloves and get to work.

Just tossing out a very basic example, lets say they are steno'ing encrypted data into a big tiff by overwriting the LSB on teach byte. Visually you won't notice this because the difference is too small Mathematically the data you're storing is more-or-less flat random. BUT the data you replaced ISN'T. The LSB in an image is far from noise, and will have areas that are related by their relative position in the image. This will stick out like a sore thumb when you run a little analysis on the bits in the image. It'll be too random. And at this point your steno is busted, and it comes down to breaking the encryption. The lesson there is pretty basic - encrypted data will stick out about as well as data in the clear. All you're doing at that point is buying a little time. And intel agencies are both persistent and patient. You're better off investing more time in better steno.

To throw in an analogy, look at smuggling. If a truck is being searched at the border and the smugglers did a good job distracting from the small hide where the goods are, they get past the checkpoint with zero problem. It doesn't matter if the goods are in a safe in the hole or just tossed in a grocery sac, being in a safe didn't help. On the other hand, if the guards notice the missing volume, you're done. It doesn't matter how well you've concealed the opening, it doesn't matter how sturdy the latch, it doesn't matter if the goods are in a safe. You've been found out, and you're done. They will tear the truck apart until they get into the hole, and bust open the safe. The same principles are at work with steno.

Re:Steganography is suspicious on its own

[serviscope_minor]

It's all about layers.

Hiding data in your underpants is very suspicious.

Keeping a steganography program along with the data is very suspicious.

Having a big stash of porn if you're a fundementalist is a little bit suspicious.

All those are independent.

The fact it was in his underwear is definitely relevant, since the whole point of steganography is to hide. Every time you do something suspicious to make people look harder, you defeat the purpose of the steganography.

If it was a memory card in his backpack, in his camera, which matched his camera, had consistent dates and had a bunch of touristy videos on it and nothing else, they might wehh lave not looked any further.

Of course they might have done.

But if most of the files were chaff and had embedded random data (to make the noise levels match) and one had encryped data, even with a moderately good password, they might well have wasted a ton of time on the wrong files and given up.

The fact he had it hidden in his pants pretty much guaranteed that they looked until they found something.

Of course if he'd done all that and had a really good password, they would have been SOL, either way. They would have probably been very suspicious, but unable to prove anything either way.

Why did they even announce this in to media?

[elucido]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him. Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member. He tried to hide the incriminating files. Probably more that isn't in the story.

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces. If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication. I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now. No need for "training in Pakistan" for those guys.

If this guy really is a terrorist and they really did recover these encoded files they wouldn't be announcing it in the news as that is irresponsible and stupid.

So why is it being announced? It should be classified.

Re:They're just hypocrites

[Alan+R+Light]

It's a mistake to presume that Al Qaeda is staffed by religious fanatics. They are generally opposed to their own governments as much as ours, and attacked the U.S. because the U.S. was supporting tyrannical and corrupt governments in their region. Hopefully the Arab Spring has changed this somewhat.

Like most religious wars, religion in this case is just used as justification. The conflict has other causes.