Over the weekend, news reports and blog posts about mathematician Michael Wertheimer, started to cause quite a stir. Wertheimer, who published a paper recently in the Notices of the American Mathematical Society, is said to have commented that terrorists are using spam to communicate.
Is this true, or nothing but hype? It's a bit of both actually, and here's why.
First the hype; which has been observed on Facebook, Twitter, and at least one news article. Quartz (qz.com), an Internet-based publication from New York, wrote about Wertheimer's comments briefly under the headline, "To avoid detection, terrorists purposely sent emails with spammy subject lines."
While that headline is technically factual, it isn't exactly true. Werheimer was speaking about a single email that was captured during a raid shortly after the 9/11 attacks.
In fact, in his entire paper, this reference is only a single paragraph.
"I am reminded of an event shortly after the 9/11 attacks that may help to impress the importance of getting filtering and selection 'right.' Soon after allied operations launched in Afghanistan we came into possession of laptops left behind by retreating Taliban combatants. In one case we were able to retrieve an email listing in the customary to/ from/subject/date format.
There was only one English language email listed. The 'to' and 'from' addresses were nondescript (later confirmed to be combatants) and the subject line read: CONSOLIDATE YOUR DEBT. It is surely the case that the sender and receiver attempted to avoid allied collection of this operational message by triggering presumed 'spam' filters. Indeed, this is exactly how intelligence and counterintelligence work: an escalating series of moves to discover and avoid discovery of information."
Criminals, terrorists, or anyone that's up to no good, will do whatever they can to avoid detection. So on one hand, the notion that either would use spam to hide communications isn't that much of a stretch. However, the idea that it happens on a regular basis is a bit of a stretch.
Again, Wertheimer was speaking about a single incident and a single email. But even if bad actors were using spam to communicate, they're not communicating with the general public, and unless you're in on the scheme, you'll never decipher the communications.
To you, the super secret communication will look exactly like what it's supposed to - spam. Odds are, you'll delete it.
So despite what you might hear this week, terrorists are not trying to communicate with you or include you into their plots. There is one known case of terrorists using spam to avoid detection, but that only proves the rat race between criminals and those charged with their capture is alive and well.