German Authorities Find Al Qaeda Plans Disguised In Porn

According to CNN, which credits Hamburg-based newspaper Die Zeit, German investigators have uncovered a trove of more than 100 Al Qaeda documents recovered from a "digital storage device" (and memory cards) which were found hidden in the underpants of Austrian citizen Maqsood Lodin, who had recently traveled to Pakistan. The documents "included an inside track on some of the terror group's most audacious plots and a road map for future operations." Among these future plots: "[S]eizing cruise ships and carrying out attacks in Europe similar to the gun attacks by Pakistani militants that paralyzed the Indian city of Mumbai in November 2008." The documents were reportedly neither in plain view nor simply encrypted, but instead steganographically embedded in a pornographic video.

What is it with terrorists?

[Lucas123]

They seem to love stuffing things down their pants, from bombs to porno-packed digital storage. This eventually will not turn out well for the propagation of their cause.

Re:What is it with terrorists?

[g0bshiTe]

I see this opening a door for governments to now ban porn as it supports terrorism.

Watch a gangbang, you're a terrorist.

All I know is I want a t-shirt now that says "Money Shots Support Terrorism!"

Stego

[girlintraining]

Of course, a terrorist group wouldn't use one of the most widely-distributed types of video to conceal information in plain sight, knowing that communication with the actual target would be concealed by the tens, if not hundreds, of thousands of others downloading it.

Absent the decryption key and/or software, I can't see a solid basis for destroying this guy's life. Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents.

Re:Stego

[Culture20]

one of the many good reasons to actually pay for stuff is that there is an accountable retailer.

Yeah, like Sony.

Re:Stego

[IamTheRealMike]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him. Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member. He tried to hide the incriminating files. Probably more that isn't in the story.

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces. If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication. I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now. No need for "training in Pakistan" for those guys.

Re:Stego

[localman57]

Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents

I'm frankly surprised the child-porn sickos haven't been doing this for some time. Imagine a virus that installs a torrent client or other peer-to-peer style network on the computers it infests, then starts distributing porn from PC to PC. It would add a lot of plausible denyability to the fact that you had the stuff on your PC, if the virus was also there.

Re:Stego

[artor3]

So it just so happens that two videos on this guy's drive both contained Al Qaeda files? And he was smuggling them in his underpants because... he thinks porn is illegal? And it's just a coincidence that he was recently in Pakistan? And another coincidence that he was traveling with a man suspected of setting up the German branch of the Taliban?

Come on, I know that 90% of anti-terrorism security is just theatre, and so we're conditioned to dismiss any successes it claims, but be rational.

And anyway, there's an easy way to check -- go on the various torrent sites and download all the distinct copies of "Kick Ass" and "Sexy Tanja" you can find. Are any of them exact matches for the files this guy was transporting? If no, he's guilty. If yes, we gain valuable information on how Al Qaeda is communicating, and some lucky federal agent gets the job to download porn all day.

Re:Stego

[cdrudge]

Absent the decryption key and/or software, I can't see a solid basis for destroying this guy's life. Of course, that won't stop them. New terrorist strategy: Make everyone a terrorist by distributing encoded terrorist documents.

If you or I were caught with the video, then claiming that we knew nothing about any hidden content is plausible. But neither of us are suspected terrorists, had ties to suspected terrorist organizations, have traveled to regions of Pakistan known for terrorist training camps, or were found with multiple memory cards hidden in our underwear...that just happened to have a porn video with a lot of hidden content very pertinent to terrorist organizations.

I believe in innocent before proven guilty and all that...but this guy was in serious trouble long before the contents of the hidden information was actually discovered. His life wasn't destroyed by the discovery, it already was. This just is another significant piece of evidence that chips away at it just being circumstantial evidence and piles on the beyond reasonable doubt (or whatever a German equivalent would be)

Re:Stego

[tverbeek]

This isn't some random dude who got nabbed because something incriminating got planted on his laptop, "in plain sight" to be found by random no-thought-required screening. He was concealing it because he knew it would get him in trouble with security agents if found, and it was found because he and his companion "...were on a watch list, and when they handed over documents at a European border crossing, their names registered with counterterrorism agencies. ...Ocak is also charged with helping to form a group called the German Taliban Mujahedeen, and is alleged to have made a video for the group threatening attacks in Germany.... Prosecutors believe the pair met at a terrorist training camp in Pakistan's tribal territories and were sent back to Europe to recruit a network of suicide bombers." (from TFA)

While your clever strategy is certainly possible, and can be effective at disrupting the kind of security theater that the TSA performs, that's not what's happening here. This is an example of good old-fashioned investigative, targeted counter-espionage working.

Re:Stego

I'm frankly surprised the child-porn sickos haven't been doing this for some time

You clearly over-estimate the size of the global child porn conspiracy. You and everyone else. But let's just keep using it as an excuse to destroy our rights.

Re:Stego

[girlintraining]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him.

Correct. Most juries make their decisions based on emotional reasoning, rather than on the law. That's why so many people are in prison in this country compared to others, and also why so many innocent people are released from prison every year based on new evidence.

Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member.

And this is why juries so often convict innocent people: Suspicion equivocates to guilt for many people.

He tried to hide the incriminating files.

Pornography is prohibited in Pakistan, even when viewing it in the privacy of your own home. It's legal in Austria, the country he was from. So upon arriving in Austria from Pakistan, is it really that unusual?

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces

Irony, defined: Saying that counter-terrorism apparatus is way too big, while unintentionally demonstrating exactly why it is too big.

If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication.

The use of steganography is not exactly widespread; And despite the simplicity of the concept, most everyday people in this country couldn't tell you what it is, nor provide any examples of it. This is likely broadly true of the general population worldwide. So your argument here is invalid: The very use of steganographic techniques indicates an above-average level of technical proficiency.

I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now.

If you never try, you'll never succeed. Defeatism is not an attribute I want in any person, group, or organization who's charter is to save my ass from a suicide bomber. I sincerely hope you feel similar.

No need for "training in Pakistan" for those guys.

They train all over the world, and yet very few of them succeed in their attacks. If I were rooting for the other team, I would conclude that the training is inadequate. However, I am not, so I am thankful their training sucks. Keep getting an 'F' in "Death to America 101" guys.

Re:Stego

[girlintraining]

Was the idea that he would feel compelled to hide this simply because of the porn itself?

Pornography is illegal in Pakistan. It is legal in Austria. He was arriving in Austria from Pakistan when they found the flash drive in his pants. Do the math.

Re:Stego

[tverbeek]

A fundie Muslim just might hide porn in his pants, not wanting his colleagues to know he's got it. It's at least more plausible than hiding it in MS Word documents or vacation snapshots, which would make no sense whatsoever to conceal. I'd guess that stego-encoding the info was a one-last-line-of-defense tactic, so that even if the files were discovered and the operative caught, or if he dropped the storage device somewhere, at least there'd be a chance that officials wouldn't find the plans. Kind of like OBL having a gun to carry around the house in Abbottabad, it wasn't really a lynchpin of their defense strategy, but it couldn't hurt and it just might help, so they'd be stupid not to try it.

Re:Stego

[blinkin247]

That's simple enough; here, come to my for-pay site that is miraculously everyone's most recommended source!

What you don't know is that you are helping me bankroll my criminal enterprise.

Lesson: just because you pay a person doesn't make them reputable.

Re:Stego

[artor3]

He wasn't in Pakistan, nor coming from there, when he was found with the porn. Read the fine article before spouting off like you know what you're talking about.

As for your dismissals of his travel to Pakistan and his traveling companion, I suggest you look up Bayesian inference. Some coincidences happen. But as evidence piles up, it becomes less and less likely to all be one big coincidence. The odds of this guy having two video files, both containing hidden terrorist documents, hidden in his underwear, shortly after a trip to Pakistan, while rebelling with a suspected terrorist are remote to say the least.

And BTW, of course my "90%" of security is theater stat was made up on the spot. I never tried to pass it off as a real number. Nor did I say anything that even remotely suggested we try to find the IPs of people sharing these files. Pro tip: if you need to invent straw men to argue against, don't even bother posting.

Re:Stego

[serviscope_minor]

A lot of things in life don't make sense. It doesn't mean they are any less true. One possible explanation is that he had an addiction to pornographic materials. It's quite common.

Anyway, it seems like they brute forced the password and found a cache of REALLY suspicious documents. That's harder to explain away.

Re:Stego

[KDR_11k]

The German authorities found the docs, Germany doesn't have jury trials.

Re:Stego

[Opportunist]

Oh fucking great. Cue the RIAA shill with the "downloading is helping terrorism" spiel.

Re:Stego

[Opportunist]

Jury? What jury?

Hint: Not every legal system depends on the whims and emotional instability of 12 idiots. Some think it's more sensible to get verdicts from people who know the law.

Re:Stego

[tverbeek]

Yes, it is grounds for suspicion, which is where your this-guy-is-an-innocent-victim line of "reasoning" first goes off track. He was already a suspect, and the notion that security agents somehow encoded and implanted credible-looking information into the porn in his underwear is more than a little fanciful. A court that has been presented with the actual evidence will determine whether there is reasonable doubt of his guilt; you simply don't have adequate information to make that judgment (although that apparently hasn't stopped you from acquitting him in your mind).

Re:Stego

[mcgrew]

Most juries make their decisions based on emotional reasoning, rather than on the law. That's why so many people are in prison in this country compared to others, and also why so many innocent people are released from prison every year based on new evidence.

Actually, no. We have "three strikes" laws, other countries don't. We actively target drug users and pretty much ignore the dealers, other countries have either legalized these drugs or only incarcerate dealers.

Then there's corruption at the police and prosecutor levels. Illinois got rid of the death penalty when it was found that half the men there were innocent, and in almost all cases evidence helpful to the defendant had been destroyed or covered up, or evidence against the defendant was manufactured.

Re:Stego

[infinitelink]

Dear Opportunist, America has juries with the intent to frustrate the government from always having its way, period: because of juries, the executive (who purports to act in the name of the law), legislative (who makes the laws), and judicial (who rules on the laws) can all be nullified and hindered by ordinary people: even if not particularly practicing "nullification" per se, they can at least hang trials over and over if something is questionable. So long as one analytical and logical reasoner is in the jury, and something about a trial is dubious, the motion against an accused fails: that is, at least, if that person gives a damn about being honest and upright. Far from being insensible and stupid, it's a feature: get over it. Note that it's not just the government, but the accused as well, that can appeal to the emotions of a jury.

Re:Stego

[gorzek]

The 9/11 plot wasn't designed to maximize casualties but for maximum psychological impact--that's why they went for the spectacular image of jumbo jets flying into skyscrapers. How many people can still easily recall the images of that day? That was the whole point. The number of people killed was a bonus for AQ, it just wasn't the point of the attack.

Re:Stego

[rrohbeck]

Well if you call every scantily-clad or even naked picture of someone under 18 "child porn" the world is full of it.

Re:Stego

[gmhowell]

The German authorities found the docs, Germany doesn't have jury trials.

Just a train ride and a quick shower at the end?

Honestly...

[hubang]

I'm shocked that this didn't come out 10 years ago. Scary terrorists might be hiding secret communications in internet porn. It's alarming, and racy. All you need for a good news story.

Re:Honestly...

[SilentStaid]

I've yet to ever have any security actually boot my computer, let alone fire up my still installed but physically disconnected spare HD still in the laptop. I imagine they were being a bit more thorough with this guy - but I'd love to be able to test their methods. I'd be willing to bet I could sneak the library of congress by.

So now we know

[Sulphur]

Why Bin Laden was watching porn.

Re:So now we know

[The+Mighty+Buzzard]

Look, I don't know about terrorists but just the porn pretty well describes quite a lot of my plans.

Post video please

I really would like to see this video, so I can become familiar with their steganographic techniques.
You know, for science.

Re:Post video please

[Big+Hairy+Ian]

This needs to be reproduced in the lab, as well.

Are we saying there's bestiality involved

In that case count me out :)

Re:Post video please

[Bongo]

Don't forget to also examine the pork sausages and bacon.

Anything else un-Islamic they could be carrying? A copy of "Feminism is for Everybody"? A CND flag? A kilt?

Dumb

[IamTheRealMike]

Steganographically hide sensitive information in an innocuous looking video, and then hide it in your underpants thus guaranteeing it will arouse suspicion on discovery. How stupid are these guys??

The real question:

[ericloewe]

How did they come to the idea of checking the guy's porn for hidden documents?

Were they interested in the porn but found (by accident) the not-very-well-hidden documents?
Were they tipped?
Did they randomly analyse the contents?

None of these sound likely...

Re:The real question:

[O('_')O_Bush]

When terrorists that follow sharia law are trading and carrying sharia contraband and an obvious vector for stego, it isn't difficult to make the next mental step.

Re:Dual Purposes

[bugs2squash]

Sounds like they bared more than just witness.

Not very good crypto or stego

[serviscope_minor]

Without knowledge of the algorithm and key, with any even remotely good stego and crypto it sould be impossible to prove that anything is hidden, since good crypto looks like perfetly random data.

Even if the authorities strongly suspect that there is stego'd data, and they know the algorithm, the best they can do is extract a list of random bits corresponding to what they believe to be hidden.

If the setgo algorithm is sound, then there is no way of proving that the data source isn't just a bit noisy.

Then, there should be no way of decrypting the data, or even proving it is non-random.

Unless they used a very weak password, and the authorities new enough about the organisation to have a limited pool of crypto and stego algorithms to try.

Either that or they inferred the most likely one time pad, based on the presence of a beard and arabic sounding name on the suspect.

Re:Not very good crypto or stego

[v1]

Steno doesn't require encryption. It prevents the information from getting into the hands of the opposition to begin with. They are probably under the assumption that trying to encrypt something (A) is a waste of time if they are likely to have the resources to break it and (B) will attract attention.

Analysis of randomness is quite an advanced science. It's not nearly as difficult as you might imagine to spot an anomaly in random data. Few things in life are truly random, and if you are familiar enough with the kind of randomness in something, you will have a very good statistical chance of noticing it.

As for the steno itself, there's a double-edged sword there. The same as encryption, only a fool designs his own. Without a really deep understanding of encryption it's easy to make a subtle mistake in you design that introduces a significant weakness. So on that hand we have to assume they are using something at least somewhat commonly available. But that's where the other edge gets you... it becomes MUCH easier to spot steno'd data when you are checking for a list of specific methods of steno. The analysis tool will scan the data against dozens or hundreds of common tools, and draw a nice graph with the line mostly hanging around the 2% point at the bottom, except for one eyesore of a spike for one of the tests. Then they take off the gloves and get to work.

Just tossing out a very basic example, lets say they are steno'ing encrypted data into a big tiff by overwriting the LSB on teach byte. Visually you won't notice this because the difference is too small Mathematically the data you're storing is more-or-less flat random. BUT the data you replaced ISN'T. The LSB in an image is far from noise, and will have areas that are related by their relative position in the image. This will stick out like a sore thumb when you run a little analysis on the bits in the image. It'll be too random. And at this point your steno is busted, and it comes down to breaking the encryption. The lesson there is pretty basic - encrypted data will stick out about as well as data in the clear. All you're doing at that point is buying a little time. And intel agencies are both persistent and patient. You're better off investing more time in better steno.

To throw in an analogy, look at smuggling. If a truck is being searched at the border and the smugglers did a good job distracting from the small hide where the goods are, they get past the checkpoint with zero problem. It doesn't matter if the goods are in a safe in the hole or just tossed in a grocery sac, being in a safe didn't help. On the other hand, if the guards notice the missing volume, you're done. It doesn't matter how well you've concealed the opening, it doesn't matter how sturdy the latch, it doesn't matter if the goods are in a safe. You've been found out, and you're done. They will tear the truck apart until they get into the hole, and bust open the safe. The same principles are at work with steno.

Re:Not very good crypto or stego

[plover]

Steno doesn't require encryption.

That's correct. However, encryption is an excellent way of randomizing the data in a way that it would be immune to basic (or even advanced) statistical attacks.

Actually, encrypted data stands out in these kinds of analyses prcisely because it's too well distributed.

Steganography is often done by replacing the least significant parts of the original information with the secret message. For example, in a simple BMP bitmap, that might be the 0-bit of each byte used to describe color. But real world images don't have statistically perfect distribution of the 0-bits of color. (They also don't have LSBs with standard Unicode distributions of Arabic text, either.) Real photographic data is non random, all the way down to the 0-bits.

Several years ago, when steganography was a hotly researched topic, some guy came up with a steganographic detector called OutGuess. It performed these kinds of analysis and would identify the kinds of steganography embedded in files, or if a file was clean. It had impressive results. So I know detection is a solved problem. Decryption is still the real issue, of course. But while hiding stuff in a video may baffle the amateurs, I would bet serious coin that the pros are analyzing a lot of images on a regular basis.

Steganography is suspicious on its own

[betterunixthanunix]

So you find some pornography files in a strange place (a guy's underwear -- maybe not that strange), and the reason you think there is some hidden message is...? Oh, yeah, you also found the steganography software that was used for encoding and decoding, and then just brute forced the passphrase (RTFA). So the fact that the memory card was in the guy's underwear is actually irrelevant -- the same thing would have happened had the card been in his wallet, backback, tablet, etc.

This is the classic warden problem, applied to terrorists.

Re:Steganography is suspicious on its own

[serviscope_minor]

It's all about layers.

Hiding data in your underpants is very suspicious.

Keeping a steganography program along with the data is very suspicious.

Having a big stash of porn if you're a fundementalist is a little bit suspicious.

All those are independent.

The fact it was in his underwear is definitely relevant, since the whole point of steganography is to hide. Every time you do something suspicious to make people look harder, you defeat the purpose of the steganography.

If it was a memory card in his backpack, in his camera, which matched his camera, had consistent dates and had a bunch of touristy videos on it and nothing else, they might wehh lave not looked any further.

Of course they might have done.

But if most of the files were chaff and had embedded random data (to make the noise levels match) and one had encryped data, even with a moderately good password, they might well have wasted a ton of time on the wrong files and given up.

The fact he had it hidden in his pants pretty much guaranteed that they looked until they found something.

Of course if he'd done all that and had a really good password, they would have been SOL, either way. They would have probably been very suspicious, but unable to prove anything either way.

It's a Trap!!!!

[Tharsman]

We all know these religious zealots hate pornography! This must mean the reason they are doing this is instead to terrorize US citizens!!! How? From now on the TSA will request all pornography in your laptop or smartphone be carefully analyzed, frame by frame, before you board your flight!!! They may simply force you to trash your smartphones, laptops and tablets just like they do with your coke!

Conspiracy Theory B:
This was hoaxed by the TSA themselves so they have legal reasons to confiscate cool looking laptops, new top of the line smart phones, and expensive tablets!

Re:It's a Trap!!!!

[hoggoth]

I'll take CCTV cameras on every corner.
I'll take warrantless monitoring of my email and phones.
I'll take radiation scanners at every airport.

But they can pry my porn from my cold dead fingers.

Re:It's a Trap!!!!

[cayenne8]

I'm trying to picture what muslim pr0n actually is...or how one would even KNOW it was porm??

I mean, you have some films of muslim chicks, covered from head to toe in those burka things....and have to imagine them nekkid underneath?!?

Also, and this is purely my best guess. Not sure I'd want to see them. The men all insist on having those long scraggly beards. I have to guess under the burkas, the muslim chicks are a bit too hairy for my liking. I'm talking 70's porn type hairy, where you'd need a machete to get through it all.

That brings up another question...muslims have food restrictions right? Can they have oral sex legally in their religion?

Re:It's a Trap!!!!

[CharlyFoxtrot]

Don't you mean: "they can pry my porn from my wet sticky fingers" ?

Re:It's a Trap!!!!

[doesnothingwell]

Their gonna being prying something else from one hand at least.

Re:It's a Trap!!!!

[Gideon+Wells]

Well, I remember a year ago people were stating and laughing at UBL for having porn in his hideout when he was killed for being a hypocrite. Others were claiming it was just extra gossipy goodness designed and hoaxed If it wasn't destroyed, maybe it wasn't all porn after all, and should be checked. Heck, if it was left behind some of it might even be this stuff.

Re:It's a Trap!!!!

[f3rret]

I'm fairly certain muslim porn is just regular porn, we all like the naked ladies.

Re:It's a Trap!!!!

[Chrisq]

We all know these religious zealots hate pornography!

Sharia law allows them to rape non-Muslims, have sex with nine year olds, have "temporary" marriages that only last 10 minutes, be able to force their wives to have group sex with them etc. This makes porn pretty well redundant.

Re:It's a Trap!!!!

[eln]

From now on the TSA will request all pornography in your laptop or smartphone be carefully analyzed, frame by frame, before you board your flight!!!

That's it, I'm going to get a job at the TSA.

Re:It's a Trap!!!!

[maxwell+demon]

I'm fairly certain muslim porn is just regular porn, we all like the naked ladies.

I think Muslim porn has 40 of them. And all are virgins. :-)

Re:It's a Trap!!!!

[Dave+Emami]

That brings up another question...muslims have food restrictions right? Can they have oral sex legally in their religion?

I presume you're being facetious, but the topic actually came up in an article I was reading recently (in Slate, I think) about the life of women in a Bangladesh brothel and their conflict with the local clergy. The older women advise the younger women (sort of a master/padawan thing) that if they don't wish to engage in oral sex, to tell their customers that they refuse to do that because their mouths are used to recite the verses of the Koran.

Re:It's a Trap!!!!

[bartoku]

Instead of up skirt shots, it was a bunch of pictures of ankles peaking out from underneath their burkas.
No lie I saw it on the discovery channel that Arab men love when they catch a little glimpse of ankle...scandalous.

Do religious food restrictions cover licking things, because if you are actually consuming something during oral sex you might be doing it wrong?

Re:Homerolled crypto

[O('_')O_Bush]

11 years later, some are calling them stupid, but given the state of the United States, their plans seemes to have worked perfectly. Homogenizing religious people as stupid or ignorant seems like a pretty dangerous thing to do.

blonde, brunette, red-head

[Culture20]

Osama's wife: Do you always look at it encoded?

Osama: Well you have to. There's way too much information to decode the movie in realtime. You get used to it. I...I don't even see the blonde, brunette, and red-head. All I see is our nefarious plots. Hey, you uh... want a drink?

I know how this happened...

[WombleGoneBad]

Muslim kid: "Cor look at the bajungas on her..."
(Crazy fanatic dad walks in)
Crazy fanatic dad : "OH NO!!! you have been corrupted by the filthy western decadance!! "
Muslim kid : "No dad!! look im using their own flithy videos against them, by hiding cunning terrorist plans inside them!! honest!!"
Crazy fanactic dad : "Ahh good son. Well done carry on"
(Crazy fanactic dad leaves)
Muslim kid (whispers) : "sucker! heh heh "

Steganography is great for planting evidence

[Lazy+Jones]

The "suspect" will never know ... As the "authorities" have undoubtedly discovered already.

Suspicion extreme

[ehiris]

Importing porn to Germany from Pakistan is about the most suspicious thing anyone can do.

it's a simple mistake, we've all made it...

[Thud457]

One time I was smuggling pr0n into Germany steganographically hidden in some made up terrorist plans.
Unfortunately, I had way more porn than plans.

Could have been very good crypto and stego

[Sloppy]

Both the stego and the crypto could actually be excellent and still be systematically weakened by a PEBKaC or even other layers. A few ideas off the top of my head...

Maybe the flash drive contained not only the data, but also some executable stego software (kind of like how having TrueCrypt installed, as an add-on rather than something coming in all default installs, is a way of announcing "hidden volumes very likely exist on this system").

Maybe the stego and crypto application software is excellent, but some other layer (e.g. the OS) left clues. Perhaps he occasionally updated the archive (it sounds like the movie contained multiple files), adding to it, and every time he used the stego software to write out a new file, the OS left copies of the file's previous contents sitting around in free space. (Ooh, or maybe the flash drive's own wear-levelling management: he copied the video to the drive once, then the video was updated and he copied the updated one "over" it onto the same drive -- bingo, this is my first guess as to what actually happened. I bet lots of not-necessarily-stupid people would make this mistake.) Then investigators notice two copies of the "same" video with different binary representations. Stego alert.

Maybe all the tools were perfect, but the user was an idiot. Perhaps after the guy's capture, they gave him back his flash drive and let him use a computer, and then he cooperatively typed his passphrase into the government's friendly computer, while thinking, "Muahaha, stupid infidels, now I will use this opportunity to delete my^H^H the only copy of the secret plans! I am so clever and they are so dumb!"

You can have good tools and still deploy them stupidly or use them stupidly. Or just foolishly enough, to tip your hand that you're hiding data. After that, decryption passphrase is recovered with a $10 wrench.

Re:As seen on Law & Order:SVU

[jbonomi]

*steganography. Stenography is typing court transcripts.

Why did they even announce this in to media?

[elucido]

That sort of argument is unlikely to fly in front of a jury given all the other evidence against him. Bear in mind this wasn't just a random stop-and-search, they already suspected he was an al-Qaeda member. He tried to hide the incriminating files. Probably more that isn't in the story.

Having said that, I think this sort of story just re-inforces the general impression that the counter-terrorism apparatus is way too big for the size of the threat it presently faces. If this is the way AQ move sensitive files around, they are clearly unable to recruit members with any technical sophistication. I can easily believe intelligence agencies have got a lot better over time, not to mention ruthless and focused, but it seems that if these guys can pull off a devastating attack then basically anyone can and we may as well give up now. No need for "training in Pakistan" for those guys.

If this guy really is a terrorist and they really did recover these encoded files they wouldn't be announcing it in the news as that is irresponsible and stupid.

So why is it being announced? It should be classified.

Re:As seen on Law & Order:SVU

[localman57]

And SteganStanography is the art of hiding secret messages in court transcripts.

Re:They're just hypocrites

[VoidCrow]

> They might all look like this well known virgin

Not funny, not nice.

Re:Epoxy Resin

[fotoguzzi]

"Epoxy resin!" I believe that is what Patrick McGoohan found in the test valve for the torpedo tube in Ice Station Zebra.

Re:They're just hypocrites

[Alan+R+Light]

It's a mistake to presume that Al Qaeda is staffed by religious fanatics. They are generally opposed to their own governments as much as ours, and attacked the U.S. because the U.S. was supporting tyrannical and corrupt governments in their region. Hopefully the Arab Spring has changed this somewhat.

Like most religious wars, religion in this case is just used as justification. The conflict has other causes.

Re:As seen on Law & Order:SVU

No that's the art of hiding secret messages in a South Park character...

- T

Re:As seen on Law & Order:SVU

[frisket]

That's steganology. Steganography is drawing pictures of such dinosaurs.

They don't just have to be fanatics

[Quila]

I knew some Saudi guys who were perfectly pious in their own country, but vacationed in Florida to booze it up and hit the titty bars.

I'm sure government is part of their motivation for some, but don't discount the main religious angle. We didn't support the theocracies of Taliban or Iran, yet there they are/were, providing funding and personnel to help kill us. We support Pakistan, and they don't like us because we support relative moderates who keep them from establishing the oppressive Taliban-like regime they want there.

This is jihad, war between the cultures. They consider us decadent infidels who must be stopped, especially since we support that big thorn in their side that they've been trying to destroy for over 50 years -- Israel.