Slashdot Mirror

← Back to Stories (view on slashdot.org)

To Avoid Detection, Terrorists Made Messages Seem Like Spam

Posted by Soulskill on from the hello-sir-madam dept.

HughPickens.com writes: It's common knowledge the NSA collects plenty of data on suspected terrorists as well as ordinary citizens, but the agency also has algorithms in place to filter out information that doesn't need to be collected or stored for further analysis, such as spam emails. Now Alice Truong reports that during operations in Afghanistan after 9/11, the U.S. was able to analyze laptops formerly owned by Taliban members. According to NSA officer Michael Wertheimer, they discovered an email written in English found on the computers contained a purposely spammy subject line: "CONSOLIDATE YOUR DEBT."

According to Wertheimer, the email was sent to and from nondescript addresses that were later confirmed to belong to combatants. "It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed "spam" filters (PDF)." From a surveillance perspective, Wertheimer writes that this highlights the importance of filtering algorithms. Implementing them makes parsing huge amounts of data easier, but it also presents opportunities for someone with a secret to figure out what type of information is being tossed out and exploit the loophole.

27 of 110 comments (clear)

  1. Solution! by MightyMartian · · Score: 4, Funny

    Applying the Cameron Solution, all we need to do is ban spam... or email. I confess I'm not quite clear.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:Solution! by Anonymous Coward · · Score: 2, Funny

      Well, if Parliament insists I guess that's it for spam

      It will be tied up in the House of Lords though, I mean the lower classes must still have a need for potted meat?

  2. Or the alternative by Anonymous Coward · · Score: 5, Funny

    Prince of Nigeria is really funding terror cells to cure his erectile disfunction.

  3. I wonder, how much REAL spam these guys received by mi · · Score: 4, Interesting

    If "Consolidate Your Debt" was a special subject for them, I wonder, how many proposals of that kind the assholes had to sift through to find messages from real comrades.

    --
    In Soviet Washington the swamp drains you.
  4. NSA Spam Filter by Hobadee · · Score: 3, Funny

    So does this mean the NSA will now filter my spam for me? Hooray!

    --
    ...Had this been an actual emergency, we would have fled in terror, and you would not have been informed.
    1. Re:NSA Spam Filter by ColdWetDog · · Score: 4, Funny

      If everybody hadn't got all of their panties in a bunch, they would have filtered your spam, backed up your hard drive, kept permanent records of your phone calls, your tax returns and every text you've ever made.

      All for free (well, not exactly free but at least 'No Extra Cost').

      I swear, Americans are just so jumpy these days. No good deed goes unpunished.

      --
      Faster! Faster! Faster would be better!
  5. Re:I wonder, how much REAL spam these guys receive by mythosaz · · Score: 5, Funny

    More interestingly, I wonder how many perfectly good terrorist emails I've deleted from my spam folder.

  6. Drone Strikes Against Spammers ? by Crashmarik · · Score: 4, Funny

    Sure we will get some actual spammers in with that, but better safe than sorry.

    1. Re:Drone Strikes Against Spammers ? by KiloByte · · Score: 4, Interesting

      Every spam message that goes past the filters takes several seconds out of someone's life -- and not just the "gross" part that includes sleep, commutes, bathing, etc but of the actual productive part of the day (around 1/3 of it). Averaging batch reading of mail at the start of a day vs full context switch, let's take 5s per piece of spam. Let's assume a 95% spam filter effectiveness rate. Now the hardest part -- how big a spam campaign run is? Let's assume 100M delivery attempts (I'm doing a Fermi estimate -- or rather, pure rectal extraction -- on this number).

      This means, a single spammer who did just 10 spam campaign runs effectively murdered a person -- in a death of thousand cuts.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  7. You think it's bad there by fustakrakich · · Score: 3, Insightful

    Watch the Home Shopping Network. All their plans are on display. Look for the hidden pictures in those artsy plates they sell. They're actually maps and blueprints.

    And Hair Club for Men is a sleeper cell.

    "I've fallen! And I can't get up!" is a call to arms.

    They're everywhere. Am I not right?

    --
    “He’s not deformed, he’s just drunk!”
  8. I actually warned the FBI... by Anonymous Coward · · Score: 3, Interesting

    .......of something similar back in 2002. There were a lot of messages on UseNet that had been attributed to being either spammers or some college testing out an AI. I noticed that the messages all had the same subject but with an added "suffix" at the end and that the messages were all the same in the beginning but at the end of them they had what appeared as a word salad. I dropped a hint to the FBI that it looked like the "suffix" was giving the order in which to reassemble the message and that the word salad at the end was likely some form of steganography that contained the actual message. Two days later those messages stopped appearing on UseNet and were never seen again. Was it a terrorist? I don't know but they were made aware of it at that point at least. I would have contacted the NSA but I didn't want to deal with them on any level.

    1. Re:I actually warned the FBI... by Carnildo · · Score: 3, Informative

      You alerted them to actual spam.

      The purpose of the suffix was to evade simple subject-line spam filters, while the "word salad" was an effort to evade word-classifier spam filters by drowning out the "spam-like" words with "non-spam" words, or to poison the classifiers and render them useless by loading up the "spam" wordlists with words that usually appear in non-spam messages.

      --
      "They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
  9. Comment removed by account_deleted · · Score: 2

    Comment removed based on user account deletion

  10. & Vice Versa ? by mbone · · Score: 2

    Since they always let the terrorist stuff through, so as not to tip their hand, when will the spammers start disguising their messages as jihadist cal to arms?

  11. Spam Mimic by Rick+Richardson · · Score: 3, Informative

    http://www.spammimic.com/

  12. There is a better way by houghi · · Score: 2

    What I would do is send it via Usenet. Because now they have found the link between sender and receiver. With email if you get one person, you can then start looking for other connections that person made and see where that leads you. This because there is a direct link. Even if they have no idea what it means when you sedn "Grandmother is not feeling well."

    With Usenet there is no direct link.
    I can send anything from Belgium to my providers Usenet feed and anybody anywhere can pick it up. When I send it I can use images, or just alt.test or whatever group. It can even be something on topic for that group. A reply can be in a completely unrelated group.

    To be sure: this ONLY solves the direct link between people. Once they have both sides, it will be identical as if you were sending mail directly.

    Now even if they would be able to see who reads alt.test (and all the other groups) it would mean that they would have to monitor everybody. Oh, wait. They do. [waves] "Hi mom!"

    --
    Don't fight for your country, if your country does not fight for you.
    1. Re:There is a better way by mrchaotica · · Score: 2

      Because now they have found the link between sender and receiver. With email if you get one person, you can then start looking for other connections that person made and see where that leads you.

      What are you talking about? It's spam. The terrorist sends it to a million random addresses; one of which is the other terrorist who knows how to interpret it.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  13. Re:I do the opposite by ColdWetDog · · Score: 3, Funny

    You're supposed to say "Allah Akbar". Your keywords flag you as a paranoid schizophrenic or Slashdot aficionado. Either one mostly harmless to the Three Letter Agencies.

    --
    Faster! Faster! Faster would be better!
  14. this is actually an old technique by david_bonn · · Score: 2

    During WWII the 'beeb sent messages to the resistance in occupied Europe. (examples at http://www.struthof.fr/en/test... ... damn that is an insanely long url...). If I remember my history "innocuous" announcements in newspapers were used to send covert messages by all sides in the Revolutionary and Napoleonic wars.

    Heck, if you controlled your own botnet (reasonable to do and a minor profit center for terrorists) you could put "random" text at the ends of your spams to confuse bayesian spam filters and piggyback coded messages in the random text as well.

    Chaffing your messages this way has the bonus of making traffic analysis useless if you are sending your message to literally millions of people.

  15. Re:Stupid by aix+tom · · Score: 3, Informative

    Of course, never in History, not even in WW1 and 2 has any spy agency tried do collect ALL information that was there. Like every letter sent, every phone call made, every conversation made in public, etc... like spy organisations these days seem to try.

    Former East Germany came closest in the last century I guess. Then again, they probably had 20% of the population working at least part-time as undercover agents to spy on the rest.

  16. Re:porncoding by PPH · · Score: 2

    Abdul. According to this message, we are to attack on both coasts plus invade up the Mississippi River simultaneously!

    --
    Have gnu, will travel.
  17. There is a technical cryptographic term for this by slashdot_commentator · · Score: 3, Informative

    Its called steganography.

    --
    There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
  18. Re:I wonder, how much REAL spam these guys receive by rtb61 · · Score: 5, Funny

    More poignantly, does than mean we should be treating mass spammers like terrorist, oh my, I am torn between annoyance and justice, arghhh.

    --
    Chaos - everything, everywhere, everywhen
  19. Dr. Wertheimer was just cited on Slashdot by Required+Snark · · Score: 2
    Wertheimer is the Directer of Research a the NSA. He was quoted on Slashdot two days ago apologizing in the Notes of the American Mathematical Society. The issue was a possible trap door in a set of encryption standard parameters submitted by the NSA. This was noticed by some researchers at Microsoft, and when it was brought up in the standards committee NSA just ignored the criticism.

    This made some member of the AMS very unhappy. Here is what angry mathematicians sound like:

    “AMS Should Sever Ties with the NSA” (Letter to the Editor), by Alexander Beilinson (December 2013); “Dear NSA: Long-Term Security Depends on Freedom”, by Stefan Forcey (January 2014); “The NSA Backdoor to NIST”, by Thomas C. Hales (February 2014); “The NSA: A Betrayal of Trust”, by Keith Devlin (June/July 2014); “The Mathematical Community and the National Security Agency”, by Andrew Odlyzko (June/July 2014); “NSA and the Snowden Issues”, by Richard George (August 2014); “The Danger of Success”, by William Binney (Sep tember 2014);

    If you read his statement, it is content free. As a admission of wrongdoing, it's completely worthless.

    "With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable"

    This is more of an apology for getting caught then anything else.

    So when Dr. Wertheimer pontificates about filtering email and national security, you should not be very impressed. His agenda assumes the end of constitutional protections for privacy. He is not an honest man doing an honest job for an honest employer.

    --
    Why is Snark Required?
  20. Use hufman coding to disguise messages by complete+loony · · Score: 5, Interesting

    Train a compression algo using a spam corpus to build a dictionary. Compress and encrypt your message. Then use the spam dictionary to *decompress* it. Hey presto, your message looks exactly like a randomly generated spam message.

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  21. Re:Stupid by AHuxley · · Score: 2

    Re " Like every letter sent" was under consideration from some types of communications.
    Project SHAMROCK https://en.wikipedia.org/wiki/...
    "started in August 1945 that involved the accumulation of all telegraphic data entering into or exiting from the United States. The Armed Forces Security Agency (AFSA) and its successor NSA were given direct access to daily microfilm copies of all incoming, outgoing, and transiting telegrams via the Western Union and its associates RCA and ITT."
    Just the early days of collect it all.
    The UK had Defence of the Realm Act 1914 (DORA) https://en.wikipedia.org/wiki/... to help with letters.

    --
    Domestic spying is now "Benign Information Gathering"
  22. Overreach of Surveillance reduces chances ... by garry_g · · Score: 2

    Given the fact that France has had one of the most extensive data retension programs since 2006 and were still unable to prevent the terrorist attack should give a clue to politicians and police ...
    I believe the contrary is true: By relying on being able to prevent attacks through data retention (which by definition will create floods of data hard or impossible to interpret) and expecting to catch anybody before the fact, police have obviously reduced their work on surveillance of suspects as well as regular police work ... All three terrorists (much like the 9/11 ones) were on watch lists and known, yet they were able to buy guns and plan this whole ordeal. Good job, politicians! Fund the police instead of keeping tabs on all of your country's inhabitants and cutting in to their private lifes ...
    Even if you had 100% surveillance of ALL the people, including the contents of ALL the communication, any person just slightly intelligent and versed in computers will be able to hide their communication from the state. Also, who ever called for checking every single letter mailed through the postal service? Or listening in to every person-to-person talk? Just because technology makes listening in on people possibly doesn't mean it should be done, or would be helpful to prevent crimes ...