How the terror trail went unseen

Scientists and politicians row over whether it was planned using hi-tech or lo-tech

Investigations into how the terror attackers managed to evade detection are producing the unusual situation that statements from the FBI have become more trustworthy than those in the press. In two successive briefings, senior FBI officials have stated that the agency has as yet found no evidence that the hijackers who attacked America used electronic encryption methods to communicate on the internet. But this has not prevented politicians and journalists repeating lurid rumours that the coded orders for the attack were secretly hidden inside pornographic web images, or from making claiming that the hijacks could have been prevented if only western governments had been given the power to prevent internet users from using secret codes. The latest evidence from the FBI suggests that the hijackers easily hid under the noses of the American government, not by using advanced technology but by being as American as apple pie.

Although many e-mail messages sent to and from key members of the hijack team have been found and are being studied, none of them, according to the FBI, used encryption. Nor did they use steganography, a technique which allows an encrypted file to be hidden inside a larger file, such as a .jpeg or .gif image, or an .mp3 music file.

Steganography, hides a coded message inside picture or music files by making numerous small changes to data. The changes are invisible to ordinary viewers or listeners, but can be read by special software.

Allegations that Osama bin Laden's terror group was using steganography resurfaced at the end last week, after a French investigator claimed that arrested terrorist suspect Kamel Daoudi had been found in possession of a so-called "codebook", written in Arabic.

Former French Defence Ministry official Alexis Debat told US television last Thursday that the book was "a major breakthrough in the investigation". Although French and American experts have claimed that the discovery of the "codebook" could be as important as the breaking of codes in the second world war, no details of its contents have been published. Oddly, the discovery of the codebook was never mentioned the previous week, when British police arrested Daoudi in Leicester, England, and searched his premises. He was then deported to France.

The first claim that bin Laden's followers were operating a communications network based on encrypted messages concealed inside pornographic pictures was made by the newspaper USA Today. Their 6 February 2001 report luridly alleged that his group had relayed the "encrypted blueprints of the next terrorist attack against the United States", including maps of targets, inside "X-rated pictures on several pornographic web sites" (see USA Today).

Last month's attacks have provided the first, tragic, test of who was right about the net, encryption and terrorism. The answers, so far as they are known, were given late in September by the FBI at a Washington briefing. FBI assistant director Ron Dick, head of the US National Infrastructure Protection Centre, told reporters that the hijackers had used the net, and "used it well".

FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack. Records had been obtained from internet service providers and from public libraries. The messages, in both English and Arabic, were sent within the US and internationally. They had been sent from personal computers or from public sites such as libraries. They used a variety of ISPs, including accounts on Hotmail.

According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read. None of them contained plans for the New York attack hidden inside porn pictures.

The allegation that any terrorist communications were hidden inside internet porn has, so far, proven unsupported. A few days before the attack, a team from the University of Michigan reported they had searched for images that might contain such messages, using a network of computers to look for the "signature" of steganography. According to researchers at the Centre for Information Technology Integration, they "analysed two million images but have not been able to find a single hidden message".

Despite the forthright position taken by the FBI, some US newspapers have continued to report technological myths in circulation before the attack. Two weeks ago, the Washington Post claimed that the inventor of the widely used PGP (Pretty Good Privacy) encryption system, Phil Zimmermann, had been "crying every day... overwhelmed with feelings of guilt". Although the FBI had already said they had found no evidence of these terrorists using encryption, Post readers were told that Zimmermann "has trouble dealing with the reality that his software was likely used for evil".

In a public statement in response, Zimmermann accused the Post of serious misrepresentation in publishing things he never said. "Read my lips," he said, "I have no regrets about developing PGP." His grief had been for the victims, not for culpability about his invention.

Other US newspapers have also reported that bin Laden has access to satellites more powerful than the NSA's, and uses a communications company controlled by a relative to overcome US monitoring. Neither the satellites nor the company exist.

In Britain, Foreign secretary Jack Straw provoked a storm of protest from scientists and computer security specialists by claiming on the BBC that the media and civil liberties campaigners had paved the way for the terror attacks on America.

Mr Straw had told the BBC's Today programme that the BBC had been a "mouthpiece piece for .... non-governmental organisations" who he claimed had forced him and the government to back down on plans to prohibit internet users from using secret codes, known as cryptography. The interviewer rejected the charge.

"We knew that terrorists were going to use this", Mr Straw claimed. The people who had opposed his 1998 plan to provide automatic government access to all private internet communications would now be regretting their "two dimensional view", he prophesied.

But scientists who have promoted the use of secret codes on the net to protect privacy and make business safe say that Straw is completely wrong. It's an "effort to divert attention from what will increasingly be seen as a massive failure ... of the intelligence services", said former British Ministry of Defence electronic security chief Dr Brian Gladman. "The terrorist use of encrypted internet communications was not a significant factor."

In a press briefing at FBI headquarters in Washington two weeks ago, bureau assistant director Ron Dick told reporters that hundred of e-mails from the hijackers had been found and were being examined. But the conspirators had not used encryption or concealment methods. The FBI said that their e-mails could be openly read.

Evidence from questioning terrorists and monitoring their messages reveal that they did use word to make their discussions sound inocuous to eavesdroppers. Osama bin Laden was referred to as the director". An Arabic word for babyfood meant "bomb". The recently publicised "codebook" probably contained no more than a list of clandestine phrases to use when sending messages.

The real clue as to how the terrorists escaped detection by the world's mightiest electronic surveillance system emerged last year in Manchester, when a house suspected of being used by bin Laden sympathisers was searched. The police and the FBI found a manual in Arabic, entitled "Military Studies in the Jihad Against the Tyrants".

It was a how-to-do-it guide to murder and mayhem. It told bin Laden's suicide squads how to "act, pretend and mask" themselves while operating inside enemy territory in Europe and the United States.

The hijackers, many of whom lived in the United States for years, obeyed. They shaved their beards and wore western clothes. They hid their Korans. Some joined gyms and chatted about sports to neighbours. They took flying lessons and even military courses at US academies. Some brought their families to stay, warning them to flee at the last possible moment before the carnage began.

They ate western food, and some even drank. No doubt they shopped at Walmart, and watched the Simpsons on TV. The Manchester terror manual even warned them "don't break parking regulations".

The same FBI investigation, aimed at finding who bombed America's embassy in Kenya in 1998, also brought to light major evidence of a terrorist communications network operating through Britain and Germany.

Between 1996 and 1998, when the embassy was bombed, the FBI found that Osama bin Laden and his staff had spent nearly 40 hours making satellite phone calls from the mountains of Afghanistan. The calls, which can be sent and received from a special phone the size of a laptop computer, were relayed via a commercial satellite to sympathisers in the west.

Even now, as US forces move in for the kill, bin Laden's satellite phone has not been cut off. But calls to the terrorist leader are going unanswered. His international phone number - 00873 682505331 - was disclosed during a trial, held in New York earlier this year. Caller to his once-active satellite link now hear only a recorded messages saying he is "not logged on".

According to US prosecutors, the phone most frequently called by satellite was a mobile phone located in London. This single phone was used by " bin Laden and the other co-conspirators to carry out their conspiracy to murder U.S. nationals", US Attorney Kenneth Karas told the jury.

"[It] gives you a window into how it is that Al Qaeda [the name of bin Laden's international network] operates," he added. Calls were so frequent were so frequent that the phone, rented from 1-2-1, was dubbed the "Jihad phone".

But, like all the other European phones and lines mentioned in the New York trial, the "Jihad phone" didn't use encryption to prevent the communications from being intercepted by the police or security agencies. It couldn't. Yet investigators and surveillance centres apparently knew nothing of what was going on at the time, and were unable to piece together the links being run by the terror group.

Throughout the period, US intelligence did track bin Laden's satphone. They heard him talking to the Taliban about heroin exports, and even monitored him chatting to his mother. Tracking data based on the position of his phone was used in 1998, when President Clinton authorised the launch of cruise missiles intended to kill him. But he wasn't logged on, and survived. And he never logged on again.

Although politicians have rushed to blame new technology, intelligence experts say that the real problem has been getting agents inside the terror groups. They say that the CIA has been inexcusably lazy by failing to recruit and run agents who were willing to risk dirt, disease and death by joining the terror teams at their training camps. But without the information from such sources on who and what to look for, America's vast global arsenal of satellites and listening centres, like the giant satellite spy base at Menwith Hill near Harrogate, England, and Bad Aibling, Bavaria, were blind and deaf.

British foreign secretary Jack Straw's suggestion that the inventors and promoters of computer security now regret what they have done also appears misleading. One of the most famous of these experts is Dr Whitfield Diffie from California, who jointly helped invent the system now used as the foundation of internet business. Speaking at a security conference in Ireland last week, he said "the internet is so valuable as a communication mechanism that people and corporations cannot afford not to use it ... it's only cryptography [secret codes] that makes it safe."

The evidence so far is that, when communicating, the terrorists used simple open codes to conceal who and what they were talking about. This low-tech method works. Unless given leads about who to watch, even the vast "Echelon" network run by NSA and GCHQ cannot separate such messages from innocuous traffic. The problem, says Dr Gladman, is that "the volume of communications is killing them [the spy agencies]. They just can't keep up. It's not about encryption."

"Events have vindicated our position", adds Ian Miller, a computer security specialist and one of the experts whom Mr Straw has accused of being "naïve". The attacks, he said, worked because they had "none of the hallmarks of clandestine activity the intelligence agencies normally look for. They did nothing suspicious - until they did something abominable". (Duncan Campbell)