Introduction and Goals

Social/Ethical Issues


Project Details

Evaluation and Conclusion



The possible use of electronic steganography by terrorist and other ill-intentioned groups is of great concern to various law-enforcement agencies and officials. The zealous seeking of steganographic content used for illegal purposes poses serious threats to the personal privacy and reputations (both personal and professional) of innocent individuals.

One chilling example that recently occurred was the fate of Muzaffar Wandawi, a self taught artist living in the Netherlands. [1][2][3] In October 2001, various news services picked up a story that a "former National Security Agency instructor" had uncovered evidence on the Internet that al-Qaeda terrorists were hiding messages of the September 11th attack within images of paintings and posters on the Internet. The paintings were the work of Mr. Wandawi. Additionally, the "expert" stated that the images proved that they were planning a widespread biological attack against the United States and that Mr. Wandawi had intimate knowledge of these attacks since he had created these paintings with hidden messages. The reports and coverage in various United States newspapers and media outlets caused the United States government to issue a warning of heightened awareness for a potential terrorist attack. Upon further investigation, however, it was shown that Mr. Wandawi had no connections to terrorist groups and that there were no hidden messages within his paintings.

However, steganography cannot be thought of as something inherently evil. The commercial uses that are being developed and the boon to personal privacy and security far outweigh any excuse that it should be controlled and actively scanned for in order to prevent terrorists (or anyone else for that matter) from using it. The effort involved in keeping track of all the ways that a message could be hidden would be astronomical and futile to say the least.

The concepts of computer security are currently in uncharted territories that are being mapped as we proceed. For computer security professionals faced with dealing with potential terrorist threats, the challenge is in understanding the threats, determining which ones are substantiated with evidence and which ones are urban legends or just plain wrong. Unfortunately, with the ever-shifting landscape these threats are changing on an almost daily basis. Urban legends that have been circulating the Internet for years, i.e. envelopes sent through the mail contain deadly biological agents, can suddenly and tragically turn into reality. Although there have yet to be a single steganographic image found on the Internet, one can easily imagine how quickly the landscape will change again if an image is found containing credible evidence of a future terrorist attack. Are terrorists using the Internet for covert communications? Unfortunately, until credible evidence is found that they are, the only answer these days is "maybe, but it's nothing new".

[ Back ] [ Next ]