Terrorists use Internet to hide crime in plain view

By Kathy Helms-Hughes

STAR STAFF

   The Internet is a wonderful tool. One click of a button allows you to zap messages around the world, no matter whether you're sitting at a computer in Elizabethton or the darkest cave in Afghanistan.
   But the advancement of technology also has a down side that makes law enforcement officials long for the days of the trusty old Underwood -- days when "virtual" was an adjective and the phrase "cyber terrorists" had not yet been coined.
   District Attorney General Joe Crumley, First Judicial District, recently returned from a seminar entitled "Cyber Sleuth I," sponsored by the Department of Justice and the National District Attorneys Association and held at the National Advocacy Academy in Columbia, S.C.
   The seminar was an enlightening experience, according to Crumley, focusing on many types of computer- and Internet-related crimes. One aspect the district attorney found particularly interesting is called "steganography," a method by which secret messages are hidden in plain view.
   According to Crumley, Osama bin Laden has been tied to a pornographic Web site which utilized steganography to allow al-Qaida terrorists to send messages back and forth.
   "You could download a photograph and then if you had the encryption code, you could turn that from a photograph into a message. That's one of the ways they were communicating with each other," Crumley said. "In the case of Afghanistan, they were finding quite a bit in the way of computer technology."
   But the message does not necessarily have to be contained in a photograph. "It can be within an image, a sound, a text, or spreadsheet," Crumley said.
   Another interesting section on Internet crime was presented by the chief investigator of America On Line, which has 32 million subscribers.
   "In a single day they will have 68.9 million sessions and more than 250 million e-mails, which is more than all phone calls in the United States," Crumley said. "There are 300 million e-mails retrieved per day, and 750 million instant messages."
   They also have only three investigators to handle on-line crimes.
   "Their compliance unit gets 1,000 subpoenas per month and 50 to 75 search warrants," he said. "A lot of what's involved is going to be theft-related fraud as well as 'kiddy porn' -- child pornography."
   One session was taught by a former New York City detective who is now working in Internet security.
   "He went into a chat room and set up a profile as though it was a 13-year-old girl," Crumley said. "The officer was extremely professional. He did not do anything that was the least bit leading. And you would not believe the number of guys that were coming on to him. There was one guy that was 48 years old -- very graphic. Some of them had screen names that would just make the hair on your neck stand up."
   A computer technique which has gained popularity on pornography sites is called "morphing," Crumley said. "They can take a photograph and they can change the face ... and put it on a regular porn picture."
   In one instance, the head of a 7- or 8-year-old child was superimposed on the body of a fully developed teen-ager. In order to satisfy compulsive, need-driven behavior to fantasize about children and to have a souvenir of their sexual activities, those who frequent the pornography sites "will do anything to try to get more pictures of children in sexual situations," Crumley said.
   "And the Internet has given them a tremendous ability to contact with each other and share. It used to be they had to trust it through the mail, whereas now, you've got the World Wide Web that you can use."
   Morphing also is used to offer photographs of celebrities on pornography sites, according to Crumley. "Then they can say, 'I've got naked pictures of Brittany Spears,' or whoever the current person is that's really popular."
   There are 10,000 Web sites operated by pedophiles and 20,000 Web sites used to exploit children, he said.
   Savvy computer users probably are familiar with the term "Trojan horse," which has galloped far from the gates of ancient Troy to subvert computer hard drives. A seemingly useful computer program, the Trojan horse contains concealed instructions which, when activated, perform an illicit or malicious action.
   "If you download it inadvertently through an e-mail or a Web site, it will actually take everything on your computer and send it out to other people," according to Crumley. "They said it could get to the point where somebody could send something to you and then they can control when your CD drawer pops open or get it to where you can't shut off your monitor."
   Some computer viruses may be contained in e-mail attachments. Not only will they corrupt your hard drive, he said, "but if you have people that you normally communicate with on the Internet through e-mail, it will send a message to all of them as well, so they all get the virus."
   It is not uncommon for friends to send greeting cards back and forth on the Internet. But those, too, can contain a Trojan horse, Crumley said. "So you're watching a rather humorous thing of Hillary Clinton getting bopped in the head, and while you're doing that, all of the stuff on your hard drive is going out to other people on the Internet."
   There are virus protection programs available to guard against such events, he said. "Plus, you can use what's called a 'firewall' to help protect because a lot of Web sites will be able to track where you go and then they build a profile on you. From a business standpoint, they may just see that you go to different kinds of shopping networks or video-type things, and then they can use that for telemarketing. It's amazing the number of people that will sell your e-mail address."
   Not only is the Internet used for terrorism and pornography, it also can be used for gambling and narcotics trafficking. "An awful lot of people these days are adopting computer technology for their criminal enterprises," Crumley said.
   The legality of Internet gambling in Tennessee is a gray area "because the actual gambling is probably being done in some place like Vegas," Crumley said. From a prosecution standpoint, this raises the question of jurisdiction: Where did the crime occur and where does it have to be prosecuted?
   "I would probably try to treat it like a telephone call, and that can be either where the call is initiated or received," Crumley said. In the case of fraudulently using credit card numbers, catching the perpetrator could be difficult.
   "A smart person is only going to use the number for a short period of time and then go on to the next one. It's when they continue to use it that they're more likely to get caught," he said.
   America On Line records have been subpoenaed for murders, suicides, narcotics, terrorism, organized crime, sex crimes, fraud and theft. However, AOL can't keep record of everything, Crumley said.
   "If you go online and stay online for an hour, they're not going to be able to say every site that you address. They're going to be able to say how long you were on and what you received," he said, but they won't be able to say specifically which Web sites you visited.
   "That becomes a bit more detailed and that's when you start having to deal with search warrants. But lets say you got an e-mail at a certain time: They could go on there and find the records to show that you were online during that timeframe -- but you still have to show who did it."
   Crumley said he feels sure that Internet crime will prompt new legislation in Tennessee. Some changes already have been made.
   "It used to be that everything that was on your hard drive or your storage medium, whether it was a CD or a floppy disc, was one crime. Now, every image is a separate crime," he said.
   One case the district attorney's office is prosecuting locally involved downloading child pornography at a public library, according to Crumley.