To Avoid Detection, Terrorists Made Messages Seem Like Spam

HughPickens.com writes: It's common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn't need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."

According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.

I do the opposite

[amightywind]

I use spook-mode in Emacs to greet the voyeurs at NSA all the time.

Kh-11 SSL FBI cypherpunk Attorney General HAMASMOIS Roswell Power Syria Food Poisoning cryptanalysis North Korea Verisign halcon Nuclear facility

I wonder, how much REAL spam these guys received

[mi]

If "Consolidate Your Debt" was a special subject for them, I wonder, how many proposals of that kind the assholes had to sift through to find messages from real comrades.

I actually warned the FBI...

.......of something similar back in 2002. There were a lot of messages on UseNet that had been attributed to being either spammers or some college testing out an AI. I noticed that the messages all had the same subject but with an added "suffix" at the end and that the messages were all the same in the beginning but at the end of them they had what appeared as a word salad. I dropped a hint to the FBI that it looked like the "suffix" was giving the order in which to reassemble the message and that the word salad at the end was likely some form of steganography that contained the actual message. Two days later those messages stopped appearing on UseNet and were never seen again. Was it a terrorist? I don't know but they were made aware of it at that point at least. I would have contacted the NSA but I didn't want to deal with them on any level.

Re:Drone Strikes Against Spammers ?

[KiloByte]

Every spam message that goes past the filters takes several seconds out of someone's life -- and not just the "gross" part that includes sleep, commutes, bathing, etc but of the actual productive part of the day (around 1/3 of it). Averaging batch reading of mail at the start of a day vs full context switch, let's take 5s per piece of spam. Let's assume a 95% spam filter effectiveness rate. Now the hardest part -- how big a spam campaign run is? Let's assume 100M delivery attempts (I'm doing a Fermi estimate -- or rather, pure rectal extraction -- on this number).

This means, a single spammer who did just 10 spam campaign runs effectively murdered a person -- in a death of thousand cuts.

Use hufman coding to disguise messages

[complete+loony]

Train a compression algo using a spam corpus to build a dictionary. Compress and encrypt your message. Then use the spam dictionary to *decompress* it. Hey presto, your message looks exactly like a randomly generated spam message.