TEAMFLY Team-Fly ® solutions@syngress.com Over the last few years, Syngress has published many best-selling and critically acclaimed books, including Tom Shinder’s Configuring ISA Server 2000, Brian Caswell and Jay Beale’s Snort 2.0 Intrusion Detection, and Angela Orebaugh and Gilbert Ramirez’s Ethereal Packet Sniffing. One of the reasons for the success of these books has been our unique solutions@syngress.com program. Through this site, we’ve been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only solutions@syngress.com program. Once you have registered, you will enjoy several benefits, including: ■ Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format. They have been selected by our editors from other best-selling Syngress books as providing topic coverage that is directly related to the coverage in this book. ■ A comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page, pro- viding you with the concise, easy to access data you need to perform your job. ■ A “From the Author” Forum that allows the authors of this book to post timely updates links to related sites, or addi- tional topic coverage that may have been requested by readers. Just visit us at www.syngress.com/solutions and follow the simple registration process. You will need to have this book with you when you register. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there is anything else we can do to make your job easier. Register for Free Membership to 314_HTN_FM.qxd 12/7/04 4:18 PM Page i 314_HTN_FM.qxd 12/7/04 4:18 PM Page ii Russ Rogers Matthew G. Devost Technical Editor Hacking a Terror Network THE SILENT THREAT OF COVERT CHANNELS 314_HTN_FM.qxd 12/7/04 4:18 PM Page iii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or produc- tion (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofing®” are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 HJIRTCV764 002 PO9873D5FG 003 829KM8NJH2 004 GHC432N966 005 CVPLQ6WQ23 006 VBP965T5T5 007 HJJJ863WD3E 008 2987GVTWMK 009 629MP5SDJT 010 IMWQ295T6T PUBLISHED BY Syngress Publishing, Inc. 800 Hingham Street Rockland, MA 02370 Hacking a Terror Network: The Silent Threat of Covert Channels Copyright © 2005 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be repro- duced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-98-9 Publisher: Andrew Williams Page Layout and Art: Patricia Lupien Acquisitions Editor: Gary Byrne Copy Editor: Adrienne Rebello Technical Editor: Matthew G. Devost Cover Designer: Michael Kavish Distributed by O’Reilly Media, Inc. in the United States and Canada. For information on rights and translations, contact Matt Pedersen, Director of Sales and Rights, at Syngress Publishing; email matt@syngress.com or fax to 781-681-3585. 314_HTN_FM.qxd 12/7/04 4:18 PM Page iv Acknowledgments v Syngress would like to acknowledge the following people for their kindness and support in making this book possible. Syngress books are now distributed in the United States and Canada by O’Reilly Media, Inc.The enthusiasm and work ethic at O’Reilly are incredible, and we would like to thank everyone there for their time and efforts to bring Syngress books to market:Tim O’Reilly, Laura Baldwin, Mark Brokering, Mike Leonard, Donna Selenko, Bonnie Sheehan, Cindy Davis, Grant Kikkert, Opol Matsutaro, Steve Hazelwood, Mark Wilson, Rick Brown, Leslie Becker, Jill Lothrop,Tim Hinton, Kyle Hart, Sara Winge, C. J. Rayhill, Peter Pardo, Leslie Crandell, Valerie Dow, Regina Aggio, Pascal Honscher, Preston Paull, Susan Thompson, Bruce Stewart, Laura Schmier, Sue Willing, Mark Jacobsen, Betsy Waliszewski, Dawn Mann, Kathryn Barrett, John Chodacki, Rob Bullington, and Aileen Berg. The incredibly hard-working team at Elsevier Science, including Jonathan Bunkell, Ian Seager, Duncan Enright, David Burton, Rosanna Ramacciotti, Robert Fairbrother, Miguel Sanchez, Klaus Beran, Emma Wyatt, Rosie Moss, Chris Hossack, Mark Hunt, and Krista Leppiko, for making certain that our vision remains worldwide in scope. David Buckland, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, Pang Ai Hua, and Joseph Chan of STP Distributors for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. David Scott, Tricia Wilden, Marilla Burgess, Annette Scott, Andrew Swaffer, Stephen O’Donoghue, Bec Lowe, and Mark Langley of Woodslane for dis- tributing our books throughout Australia, New Zealand, Papua New Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands. Winston Lim of Global Publishing for his help and support with distribution of Syngress books in the Philippines. 314_HTN_FM.qxd 12/7/04 4:18 PM Page v vi Author Russ Rogers (CISSP, CISM, IAM, IEM) is a Co-Founder, Chief Executive Officer, and Principal Security Consultant for Security Horizon, Inc., a Colorado-based professional security services and training provider and veteran-owned small business. Russ is a key contributor to Security Horizon’s technology efforts and leads the technical security practice and the services business development efforts. Russ is a United States Air Force Veteran and has served in military and contract support for the National Security Agency and the Defense Information Systems Agency. He served as a Certified Arabic Linguist during his time in the military and is also the editor-in-chief of The Security Journal and occasional staff member for the Black Hat Briefings. Russ holds an associate’s degree in applied communications technology from the Community College of the Air Force, a bachelor’s degree from the University of Maryland in computer information systems, and a master’s degree from the University of Maryland in computer systems management. Russ is a member of the Information System Security Association (ISSA) and the Information System Audit and Control Association (ISACA). He also serves as the Professor of Network Security at the University of Advancing Technology (uat.edu) in Tempe, AZ. Russ is the author of Hacking a Terror Network:The Silent Threat of Covert Channels (Syngress Publishing, ISBN: 1-928994-98-9). He has con- tributed to many Syngress books, including Stealing the Network: How to Own a Continent (ISBN: 1-931836-05-1), Security Assessment: Case Studies for Implementing the NSA IAM (ISBN 1-932266-96-8), WarDriving, Drive, Detect, Defend: A Guide to Wireless Security (ISBN: 1-931836-03-5), and SSCP Study Guide and DVD Training System (ISBN: 1-931846-80-9). 314_HTN_FM.qxd 12/7/04 4:18 PM Page vi vii Matthew G. Devost is President and CEO of the Terrorism Research Center, Inc., overseeing all research, analysis, assessment, and training programs. In addition to his duties as President, Matthew also provides strategic consulting services to select interna- tional governments and corporations on issues of counter-terrorism, information warfare and security, critical infrastructure protection, and homeland security. He cofounded and serves as Executive Director of Technical Defense, Inc., a highly specialized information security consultancy as well as holds an Adjunct Professor position at Georgetown University. Previously, Matthew was the Director of Operations for Professional Services at Counterpane Internet Security as well as Security Design International, Inc., where he led a team of technical information security consultants providing vul- nerability assessments and information security consulting services to international corporations and governments. In addition, he worked as the Director of Intelligence Analysis for iDefense, a Senior INFOSEC Engineer at SAIC, and as a U.S. Customs Inspector. Matthew has appeared on numerous national and international television programs, as well as dozens of other domestic and interna- tional radio and television programs as an expert on terrorism and information warfare and has lectured or published for the National Defense University; the United States Intelligence and Law Enforcement Communities; the Swedish, Australian, Japanese, and New Zealand governments; Georgetown University; American University; George Washington University; and a number of popular press books and magazines, academic journals, and more than 100 international conferences. He is co-author of (Syngress, ISBN: 1- 931836-11-6). Technical Editor 314_HTN_FM.qxd 12/7/04 4:18 PM Page vii viii He serves on the Defense Science Board Task Force on Critical Homeland Infrastructure Protection. Matthew serves as a Senior Adviser to the Airline Pilots Association National Security Committee, sits on the Board of Directors as a Founding Member of the Cyber Conflict Studies Association, and is an adjunct member of the Los Angeles Terrorism Early Warning Group. He holds a B.A. degree from St. Michael’s College and a Master of Arts Degree in Political Science from the University of Vermont. Michele Fincher (IAM, IEM) is a Security Consultant and trainer for Security Horizon, Inc., a professional security services and training provider and veteran-owned small business. Prior to joining Security Horizon, Michele worked for a research and software development firm and assisted in the development and instruction of its Steganography Investigator Training Course. Michele is a United States Air Force veteran. She served as a Communications Electronics officer and finished her career as an Assistant Professor at the United States Air Force Academy. Michele holds a Bachelor of Science from the United States Air Force Academy and a Master of Science from Auburn University. CD Creator 314_HTN_FM.qxd 12/7/04 4:18 PM Page viii 314_HTN_FM.qxd 12/7/04 4:18 PM Page ix [...]... area around the Kaaba It was called the Hajj, Arabic for pilgrimage .The pilgrims counted in the hundreds of thousands and encircled the Kaaba, praying and worshiping Allah .The sacred Kaaba was a cube-shaped sanctuary, believed by Muslims to have been first built by Abraham and his son, Ishmael .The purpose of the Hajj was to not only follow the words The Mind of Terror • Chapter 1 of the Prophet but also... nightstand and grasped the glass of water sitting under the lamp .The water cooled the heated insides of his body and felt good against the warm skin of his hand Salah Though born with a different name, he had chosen Salah because of the famous Salah Al-Din, known for establishing the Abbasid dynasty In 1169, Salah Aldin was a respected Sunni Muslim who fought bravely against the Crusaders to free Jerusalem... prayer, and rose to lay out his prayer mat facing the window He had chosen this apartment deliberately because it faced the northeast, toward Mecca and toward the Kaaba He could still recall when he first stepped past the gates of the Grand Mosque and saw the Kaaba It had been years since he had made the pilgrimage to Mecca as a child, but still he could feel the holy power there, surrounding the area... handicap so much as a small obstacle and it meant nothing to him or his father, but to others, it could be cause to abandon faith in the plan I was born as I am because Allah wants me this way, he thought I will have faith and succeed in His work His fingers flew across the keys effortlessly as he typed an e-mail to the others Salah was as familiar with the keyboard of a computer as he was his own face... loud At exactly 5:36 A. M., the voice on the radio was replaced by the melodic call to prayer, a voice calling to Muslims across the city to bow down to Allah and pray.This was the adhan .The times at which the adhan is called here in North America are calculated by the Islamic Society of North America (ISNA) and used by devout Muslims in most of North America “Forgive me, Allah, for my transgressions and... question.There is no fear in their hearts Be strong and do not accept their lies as truth.”Those were practically his final words—he died of natural causes shortly after Salah arrived at school.There was never a chance to say goodbye, but Salah silently wondered if that was an opportunity that he really wanted; his father had been dead for two years and yet his memories still haunted Salah He was a child that... taken a gut-wrenching leap of faith and told the other young man vague details of what he was considering The Mind of Terror • Chapter 1 IRC Hostmask Salah straightened in his chair Now that he thought back on that incident, it seemed almost suicidal, but sometimes you had to take risks in life to make progress He had read a quote a few years back that said, A boat in the harbor is safe, but that’s... attack.We know that bin Laden himself used satellite phones for communication and drafted e-mail messages to coordinate activities with remote cells or to handle administrative matters within Al Qaeda.We know that terrorists have demonstrated an ability to adapt, and it is safe to assume that their communication capabilities will also adapt, enabling them to communicate more securely In Hacking a Terror. .. It offered the perfect opportunity for their revenge to be exacted, and it offered stealth and safety First of all, Americans still mistakenly believed they controlled the Internet, when in fact, they had become an increasingly less important presence.Their overconfidence and arrogance could be used against them What the Americans saw as the boundary of the Internet was actually a deep shadow that hid... through a veil of obscurity, like Osama Bin Laden Salah respected the ability of Osama to lead so many and still remain so anonymous He would do the same as Osama, only he would do it via the Internet Pine afforded a very simple form of this protection Using the internal configuration options within Pine, Salah had the ability to make his email appear to be from almost anywhere and from almost anyone Of . fruition as a child follows the path of the father’s hatred for America and vows to avenge a brother .The American dream is in danger and can be saved only through the diligence and imagina- tion of. Security at the University of Advancing Technology (uat.edu) in Tempe, AZ. Russ is the author of Hacking a Terror Network: The Silent Threat of Covert Channels (Syngress Publishing, ISBN: 1-9 2899 4-9 8-9 ) finished her career as an Assistant Professor at the United States Air Force Academy. Michele holds a Bachelor of Science from the United States Air Force Academy and a Master of Science from Auburn