Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Tool Hides Data In Plain Sight On HDDs

CmdrTaco posted more than 3 years ago | from the just-don't-defrag dept.

Security 136

Trailrunner7 writes "A group of researchers has developed a new application that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present. The new steganography system relies on the old principle of hiding valuables in plain sight. Developed by a group of academic researchers in the US and Pakistan, the system can be used to embed secret data in existing structures on a given HDD by taking advantage of the way file systems are designed and implemented. The software does this by breaking a file to be hidden into a number of fragments and placing the individual pieces in clusters scattered around the hard drive."

cancel ×

136 comments

Steganography? (-1)

0100010001010011 (652467) | more than 3 years ago | (#35930562)

Congratulations, you're reinvented the wheel.

Re:Steganography? (1)

Jeremiah Cornelius (137) | more than 3 years ago | (#35930676)

US and Pakistan.

Together. CIA and ISI?

Here's your backdoor Trojan from hell.

Re:Steganography? (1)

creat3d (1489345) | more than 3 years ago | (#35932502)

My thoughts exactly... both are abominations by themselves, but have them "cooperate" on a project and the result can be quite disastrous. I'm sure the biggest terrorist attack of our century rings a bell...

As long as the Mossad is not involved (0, Flamebait)

Dainsanefh (2009638) | more than 3 years ago | (#35932922)

I am fine. Fuck the Zionist Occupied Government. Google is their puppet. Founded by Jews and Controlled by Jews.

Re:As long as the Mossad is not involved (1)

Jeremiah Cornelius (137) | more than 3 years ago | (#35933048)

Do you think there is an "intelligence" organisation in the world, that is no co-opted and part of the secret government operations?

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35930686)

Congratulations, you've failed to read the first two sentences of the article summary! :P

Re:Steganography? (1)

alostpacket (1972110) | more than 3 years ago | (#35930846)

But how many words per minute can it type?

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35931138)

None. Counting typing speed is haram.

Re:Steganography? (-1)

Anonymous Coward | more than 3 years ago | (#35931232)

hahaha you're an asshole
fuck muslims

fuck religious people in general

Re:Steganography? (2)

digitig (1056110) | more than 3 years ago | (#35932402)

fuck religious people in general

Can I start with the cute ones, please?

Re:Steganography? (1)

CharlyFoxtrot (1607527) | more than 3 years ago | (#35932580)

Start with the girls of the IDF [damncoolpictures.com] and work your way through the middle east from there.

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35932022)

Not very many, but it's amazing to watch it using that spiky tail at all...

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35932206)

stenography is the word you are looking for?

Re:Steganography? (1)

Abstrackt (609015) | more than 3 years ago | (#35931122)

Based on TFA, and even TFS, it would be more accurate to say they've found a novel way to use the wheel.

Re:Steganography? (4, Insightful)

pclminion (145572) | more than 3 years ago | (#35931256)

What sort of thought process leads to a stupid comment like this? Somebody creates a new plastic: "Congratulations, you've reinvented polymerization!" Somebody makes a better and faster computer chip: "Congratulations, you've reinvented computing!"

Everything is built on something else. For most of us, that's obvious. I guess not for some. For you, new ideas must leap fully formed from a different universe accompanied by a huge explosion in order to be interesting, I guess.

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35931658)

... wtf, all they did was reverse the process of defragmentation. THAT'S BEEN DONE ALREADY, FOR ONE THING. calling it steganography is stupid... the file system will have to take all these scattered clusters into account in order to avoid over writing them. this is only 'hiding' the data if you have a drive plate with no file system intact and have to scrub it for the data. nobody is ever in that situation. your drive at home will have the file system intact, and there will be headers linking all these 'scattered' segments together. puh fucking LEASE. it was worse than reinventing the wheel, it doesn't even sound good. 'wheel' sounds good!

Re:Steganography? (0)

Anonymous Coward | more than 3 years ago | (#35931718)

Because there is no "invention" here. Chopping up data into pieces and scattering them around a drive has been a known technique for nearly 30 years. There is no invention involved for "finding other cracks for the pieces to fit into".

In addition, steganography and similar technologies are very poor choice for hiding data, because detecting the hidden data can be easily automated.

Re:Steganography? (1)

EdIII (1114411) | more than 3 years ago | (#35931886)

I can certainly see how his comment could come off as sarcastic and acerbic.

However, he does have a point. There is nothing new about the approach. They even claim new, but from reading the article, this is not new.

I see no reason to make a comparison between new and old stenographic methods. At most splitting the chunks against multiple files is a different implementation of the exact same idea. Nothing Earth shattering, and I can see a couple of issues already.

If it is split across multiple files and not encrypted, then technically the safety of your data is only as safe as how limited the ability of an attacker is to perform analysis and reconstruction. There are companies out there that make tens of thousands of dollars doing just that.

If my file is split across 349 files what happens when file# 235 is modified or deleted? Do they have a system wide monitoring process? Redundant processes similar to RAID to accept small degradations like that? Just how inefficient is the process then? Like RAID 5 do you need to lose an additional 20% of total storage space on a 4 drive implementation?

I can kind of see the "Congratulations" statement here. It is stenographic, just not radically different than other methods, and ostensibly with some serious caveats.

I think I will stick with TrueCrypt for now which actually encrypts my data is reliant upon a simple and hard to defeat denial mechanism. That being, "But I gave you the password. You can see the files".

Re:Steganography? (1)

geminidomino (614729) | more than 3 years ago | (#35932208)

Except this doesn't seem "better" since it's just one fsck away from obliterating everything.

Re:Steganography? (2)

houghi (78078) | more than 3 years ago | (#35933030)

Look at copyright and patenting lawsuits and you will realize that he is not alone. We used to stand on the shoulders of giants. Nowadays these giants ask so much rent you can't stand on their shoulders.
Even if standing on their shoulders would mean you could drag them out of the pit, they rather get money then be saved.

scandisk will just remove this (0)

Anonymous Coward | more than 3 years ago | (#35930572)

scandisk will just remove this

Re:scandisk will just remove this (1)

X0563511 (793323) | more than 3 years ago | (#35930870)

Unfortunately it won't remove your comment.

Scandisk hasn't been used since.... February 2000.

Snark aside, yea, this does sound "dangerous" - it might hide it in plain sight, but it also fixes it in a very fragile state.

This may stop them from seeing the data (-1, Troll)

countertrolling (1585477) | more than 3 years ago | (#35930576)

It won't stop them from raiding your house, or taking your machine from you at the airport, and just keeping it. Waddya gonna do about it? Eh? A bunch of nothing, that;'s what...

Defrag and die (-1)

Keruo (771880) | more than 3 years ago | (#35930620)

They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty. Sounds like a disaster to me, all you need to do is to use the disk, just defrag it and your hidden data is gone.

Re:Defrag and die (2)

megla (859600) | more than 3 years ago | (#35930650)

They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty. Sounds like a disaster to me, all you need to do is to use the disk, just defrag it and your hidden data is gone.

Yeah that was my thought too. Although you could consider defrag to be a secure destruct mechanism... ;)

Re:Defrag and die (2)

ColdWetDog (752185) | more than 3 years ago | (#35930812)

Yeah that was my thought too. Although you could consider defrag to be a secure destruct mechanism... ;)

That's the beauty of this sort of thing. Not for storing your routine Porn^HDocuments, but for really sensitive stuff that can be destroyed quickly and 'innocently'.

"Well, sir, the computer was running a bit slow, so I defragged it yesterday. Is that a problem?"

Re:Defrag and die (1)

mikejuk (1801200) | more than 3 years ago | (#35931068)

And Windows 7 does a defrag automatically! See : http://www.i-programmer.info/news/149-security/2352-hiding-data-in-disk-fragmentation.html [i-programmer.info] for some of the problems.

Re:Defrag and die (1)

ThatMegathronDude (1189203) | more than 3 years ago | (#35931864)

Just write to /dev/null and save yourself the trouble.

Re:Defrag and die (1)

Random2 (1412773) | more than 3 years ago | (#35930886)

Yes, but it would require the user to know to actually defrag the hard drive.

Also, that's even better than you might think, makes obliterating the data even easier if you suspect it'll be found, or as a way to ensure it's destroyed. As long as you're not writing to the volatile part of the HD, you'll be fine for normal operation.

Re:Defrag and die (0)

Anonymous Coward | more than 3 years ago | (#35930938)

Or require a FS that fragments

Re:Defrag and die (1)

PPH (736903) | more than 3 years ago | (#35931056)

Correct me if I'm wrong (I often am about Windows) but aren't there several types of sectors reserved for system uses and not touched by defrag? I know I've seen the defrag graphic when fixing some friends borked up PC and seen something like this.

All that would have to be done is to mark the hidden data as system sectors not to be messed with by defrag. Of course, knowing this, it would make a search for said data much easier.

Re:Defrag and die (0)

Anonymous Coward | more than 3 years ago | (#35931602)

You are wrong.

The system sectors are actual files. Files are marked as DO NOT MOVE because of various things that happens with these files. Empty space cannot be marked as unmoveable.

Re:Defrag and die (3, Informative)

pclminion (145572) | more than 3 years ago | (#35931280)

They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty. Sounds like a disaster to me, all you need to do is to use the disk, just defrag it and your hidden data is gone.

This is called fragility, and depending on context, is a desired feature.

Re:Defrag and don't read the article (3, Informative)

b4dc0d3r (1268512) | more than 3 years ago | (#35931318)

Know how I know you did not read the article? This method is rearranging existing data so the FAT itself holds the data. This is not including the data at the end of a cluster, or putting it in empty clusters.

If you want to encode a 0, put the first block at an even numbered sector. If you want to encode a 1, put it at an odd numbered sector. There are other ways to do it, but that's just one example.

There is no data on the drive itself to analyze, it's all in the fragmentation of the FAT.

Re:Defrag and don't read the article (1)

MikeURL (890801) | more than 3 years ago | (#35931420)

Even without reading the article one would assume that they would not be so incredibly stupid as to design a system that would be rendered useless after the first defrag or overwrite.

Re:Defrag and die (5, Informative)

Morgaine (4316) | more than 3 years ago | (#35931842)

They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty.

No they do not. You just totally invented that.

I know this is Slashdot and not reading TFA is a rite of passage, but at least don't try to "inform" when you have no idea about something.

None of the secret data is written to disk at all. As the researchers explain clearly (they're quoted in TFA), the data is encoded in the pattern of cluster allocations used for storing the non-hidden files already present on the drive. They even describe the RLE-based algorithm used for cluster-chain encoding. The size of existing files remains the same, the amount of disk space used and unused in the filestore remains the same, and the contents of all the files remain the same after this process.

So your explanation couldn't be more wrong. And the moderators who gave you a +5 Informative failed to understand the method as well.

Re:Defrag and die (1)

FrootLoops (1817694) | more than 3 years ago | (#35932526)

It seems like TFA's author might have made the same mistake, or their wording is extremely poor. They say

The software does this by breaking a file to be hidden into a number of fragments and placing the individual pieces in clusters scattered around the hard drive. [...] The method that Khan and his colleagues developed avoids this problem by hiding small pieces of a sensitive file various random places on a hard drive. [...] as the sensitive files are not actually hidden but rather dispersed in pieces.

The file is broken into bits and placed in the arrangement of clusters--these bits are not literally written to the hard drive.

They're hiding in the block-lists, not empty space (1)

davecb (6526) | more than 3 years ago | (#35932492)

They reorder full blocks to encode data in the orderings within the list of blocks for a given file. That's why they "do not require storage of any additional information on the filesystem" and why "a capacity of up to 24 bits/cluster can be achieved on a half-empty disk".
If they wrote to additional blocks they (1) would be adding additional data to the filesystem, (2) would have no limit to the data that could be hidden and (3) would lose it as soon as one started writing additional information to the disk and used the empty blocks.

See instead the abstract from Science Direct:
http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-51BBKRS-1&_user=10&_coverDate=01%2F31%2F2011&_rdoc=1&_fmt=high&_orig=gateway&_origin=gateway&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=ee913861b3d05b46b905bd4d52ca9380&searchtype=a [sciencedirect.com]

Re:Defrag and die (0)

Anonymous Coward | more than 3 years ago | (#35932560)

Defrag? What is defrag? Oh, I know. You use one of those "archeological relic from the past" operating systems that don't have self-cleaning file systems. The patent expired on this stuff more than 20 years ago. IBM developed and implemented it in 1968. It was hot stuff back then. Defrag, oh, and vote for Hubert Humphrey, don't vote for that Nixon! I see political scandal in his future! Perhaps next time you could describe problems with file systems whos' design is newer than 40 years old? Is your 160kB 5 1/4" floppy disk ok? Have you ever gotten a punched card misplaced in your card deck? You sure find out in less than an hour when you get the printout from the teletypewriter! Oh, and defrag!

Re:Defrag and die (0)

Anonymous Coward | more than 3 years ago | (#35932752)

I have an SSD, you insensitive clod!

Sounds familiar (0)

xs650 (741277) | more than 3 years ago | (#35930646)

"The software does this by breaking a file to be hidden into a number of fragments and placing the individual pieces in clusters scattered around the hard drive."

NTFS has been doing that for years.

Re:Sounds familiar (5, Funny)

Anonymous Coward | more than 3 years ago | (#35930832)

yeah, but unlike NTFS, this is supposed to allow you to read that data in the future

My first thought... (0)

Anonymous Coward | more than 3 years ago | (#35930652)

When I read the headline, I immediately thought of putting sticky-notes on HDDs.

20 MB in 160 GB ?! (1)

lomedhi (801451) | more than 3 years ago | (#35930654)

The authors estimate that it would be feasible to hide about 20 MB of data on a typical 160 GB HDD.

Wow, isn't that useful.

Re:20 MB in 160 GB ?! (4, Insightful)

axx (1000412) | more than 3 years ago | (#35930820)

I thought the same thing at first, but in all fairness 20 MB of critical data can go a long way.

Hiding stuff doesn't have to mean hiding video. A .pdf file can be all you want to hide in some cases, and you might want to do so without attracting attention with cryptography.

Let's just say this could have its uses.

Especially since I don't know of another steganography FS that is being maintained ? (RubberhoseFS was a nice idea)

Re:20 MB in 160 GB ?! (1)

lomedhi (801451) | more than 3 years ago | (#35930930)

Yes, I suppose you're right; there are definitely use cases in that range. And most hard drives are a lot bigger than that these days anyway.

Re:20 MB in 160 GB ?! (1)

BuckaBooBob (635108) | more than 3 years ago | (#35931174)

There are a million ways to do this... You can hide data in photo's.. Videos... MP3's... just about any innocent file can have a hidden payload in it if you know what to look for.. The big key is that you just can't have a hunt/find/decrypt executable on that pc..

Re:20 MB in 160 GB ?! (0)

Anonymous Coward | more than 3 years ago | (#35932312)

http://iq.org/~proff/rubberhose.org/

Written by Julian Assange, [...]

Is that the Julian Assange?

Re:20 MB in 160 GB ?! (3, Informative)

MasterPatricko (1414887) | more than 3 years ago | (#35932762)

Yes. He did actually have a productive life as a white-hat hacker (he was one of the first famous Australian hackers; he was arrested and given a slap on the wrist at age 20 for breaking into telecommunications networks) and FOSS developer before becoming a media celebrity.

Assange has actually contributed many small interesting projects; IIRC he wrote nntpcache & surfraw, as well as rubberhose ...

Re:20 MB in 160 GB ?! (2)

bytethese (1372715) | more than 3 years ago | (#35930864)

Yes because text files and VGA/SVGA/XGA quality images are large files sizes...

Re:20 MB in 160 GB ?! (3, Interesting)

MightyYar (622222) | more than 3 years ago | (#35930906)

Wow, isn't that useful.

It rather depends on what is in that 20MB. How many diplomatic cables would fit into 20MB? Or 200MB, since 2TB drives are commodities now.

Re:20 MB in 160 GB ?! (4, Informative)

lomedhi (801451) | more than 3 years ago | (#35931002)

Of course; valid point taken. Knee-jerk reaction on my part.

Re:20 MB in 160 GB ?! (4, Funny)

Dishevel (1105119) | more than 3 years ago | (#35931578)

Wow.
You took criticism constructively and then admitted you were wrong and moved on with your life?
You do not belong here. Move along. :)

Re:20 MB in 160 GB ?! (1)

lomedhi (801451) | more than 3 years ago | (#35931628)

Those MetaFilter people must be starting to rub off on me ....

Re:20 MB in 160 GB ?! (1)

Random2 (1412773) | more than 3 years ago | (#35930912)

What type of text files do you write that take up 20 MB?

Re:20 MB in 160 GB ?! (1)

Abstrackt (609015) | more than 3 years ago | (#35931148)

What type of text files do you write that take up 20 MB?

Directory listing of his porn stash.

Re:20 MB in 160 GB ?! (1, Funny)

Dunbal (464142) | more than 3 years ago | (#35931306)

I think "Hello World" in Microsoft Word should do it, no?

bollocks (2)

Hazel Bergeron (2015538) | more than 3 years ago | (#35930702)

Just because you're encoding the information in the fragmentation patterns of the underlying filesystem it doesn't mean you're not engaging in encryption. The encryption is the key input to the algorithm to identify how to turn that apparently random pattern back into plaintext - otherwise we'd be able to say, "OK, let's check he's not using this method," without any secrets.

tl;dr Steganography is useless without encryption.

Re:bollocks (2)

X0563511 (793323) | more than 3 years ago | (#35930922)

The point of Steganography is not to make it hard to find the information. It's point is to avoid even being looked for. That's what the whole "hide in plain sight" bit means, you know.

Re:bollocks (2)

Hazel Bergeron (2015538) | more than 3 years ago | (#35931158)

That reasoning has always been specious. It's trivial to compile a list of published steganographic methods and engineer some check for them. The method must involve some form of key and encryption to make the check unlikely to succeed.

Re:bollocks (1)

vlm (69642) | more than 3 years ago | (#35931330)

That reasoning has always been specious. It's trivial to compile a list of published steganographic methods and engineer some check for them. The method must involve some form of key and encryption to make the check unlikely to succeed.

The way the check might fail is by finding random weirdness. Right off the top of my head, a graph of file length vs frags is probably going to be distorted by this storage mechanism... Also a graph of filesystem age or filesystem size vs frag level is probably going to show this mechanism as an outlier.

Since fragmentation is not random, hiding anything using it is going to be very tricky... Plenty of room for honest error and/or snake oil and/or back doors.

Re:bollocks (1)

mlts (1038732) | more than 3 years ago | (#35933084)

Encryption is done beforehand for three reasons:

1: The hidden data is essentially static, with no discernible patterns.

2: If the stegoed data is located, it cannot be used as plain text.

3: Plausible deniability. If a stego detector finds random numbers, that is one thing, versus plaintext as another.

Don't forget -- a lot of encrypted files have a pattern to them, such as PGP, ZIP, etc. One will need to find a utility that does to files what TrueCrypt does to partitions and has a complete unreadable structure. This is harder than it sounds, because almost all file encryption programs have some type of header in their encrypted output.

Re:bollocks (0)

Anonymous Coward | more than 3 years ago | (#35931964)

Sorta how you just called that guy an a**hole without using the word. Classic example.

Re:bollocks (0)

Anonymous Coward | more than 3 years ago | (#35932172)

Anything is useless without encryption, using that argument.

Everything is encoded somehow, keyword, encoded, because that is what this is.
A file format doesn't need to be deliberately encrypted, just encoded in such a way that it optimizes space usage.
If that means it is unreadable to human eyes, then so be it. But that just makes it compression rather than encryption.

A QR code isn't encryption. It is compression designed to take advantage of a wide range of cameras as efficiently as possible.
It means it is unreadable to humans. (unless they have memorised the QR algo.)
There are also versions that use color ranges rather than B/W to enable significantly higher storage.
But these are simply compression methods.

Although, in saying all that, the act of hiding information in chunks all over a hard drive is deliberately trying to hide stuff, which is a form of encryption.

I think we need to come up with a word that describes the middle-ground of encryption and compression. Encression? Compryction?
Disregard, I'm in a bit of a weird mood due to pain killers.

illegal (0)

Anonymous Coward | more than 3 years ago | (#35930788)

Steganography will probably become illegal exactly when encryption becomes illegal.

hide it in spam, e-books, etc.... (0)

Anonymous Coward | more than 3 years ago | (#35930824)

It may be best to hid the steganography-generated content in a bunch of SPAM emails, in the SPAM folder of whatever email program you use...

Kind of like:
http://www.spammimic.com/explain.shtml

It's the first thing most law-enforcement people would delete, or ignore...

Security through obscurity (0)

Anonymous Coward | more than 3 years ago | (#35930840)

Hiding things in plain sight is extremely useful until you know where it is. Then the game is up. Funny thing is, now that the method is out there for everyone to see, one could hardly argue that such data was hidden at all.

All sorts of uses (2)

Hallmarc (1578237) | more than 3 years ago | (#35930892)

If it can work in the filesystem, it can work theoretically at the network packet level...

Re:All sorts of uses (2)

MacTenchi (104785) | more than 3 years ago | (#35933060)

Except that any router passing your packets might choose to re-fragment or recombine your packets, destroying your message.

Purely academic (3, Interesting)

gweihir (88907) | more than 3 years ago | (#35930962)

You get very little data to store, but this looks like it will be secure and, for a change, really hard or impossible to detect.

Of course a dead giveaway is the access software needed, so this works only for hiding data that the holder cannot access. That and the low data volume (20MB in 160GB are given as example) limits the usefulness to a nice but very academic idea.

Re:Purely academic (0)

Anonymous Coward | more than 3 years ago | (#35931188)

Of course a dead giveaway is the access software needed, so this works only for hiding data that the holder cannot access.

If you're afraid to store it on an SD card, you can launch Java-based apps with nothing more than a command an a URL. It might take some care to write the software to remove all traces of itself, but it's certainly possible.

Re:Purely academic (1)

gweihir (88907) | more than 3 years ago | (#35931412)

If accessing that java app is not suspicious, then store your data in it. Otherwise you are handing probable cause right to the other side. Also, what makes you think the app, if not under your control, is trustworthy? Amateur.

Re:Purely academic (1)

jmorris42 (1458) | more than 3 years ago | (#35931522)

> Of course a dead giveaway is the access software needed, so this works
> only for hiding data that the holder cannot access.

Lots of use cases for that. You encode a hard drive at your embassy and send it back with an unsuspecting minion. When they get home your people there do a 'routine check' on the laptop and extract the too hot for ordinary channels memo, again with the user totally unsuspecting that he was a courier.

Human rights group in hellhole country wants to get a release out? Find some tourist willing to be the carrier, inject the data onto their laptop and tell them to quietly contact the group's main office back in the first world when they get home.

Re:Purely academic (1)

gweihir (88907) | more than 3 years ago | (#35932266)

Completely bogus.

Embassies have diplomatic couriers that are explicitly allowed to carry encrypted data and make regular travels. Embassies also typically have very secure encrypted communications.

"Human rights group.": The tourist will likely be an informer or watched and needs to be extremely careful not to be entrapped. This scenario is completely unrealistic. Also, if the "Human rights group" has the software or even the paper, then they already have channels that actually work. If the tourist's laptop is searched before and after the message is placed, the change in fragmentation pattern will be glaringly obvious.

Any more artificial examples?

Re:Purely academic (1)

jonadab (583620) | more than 3 years ago | (#35933318)

Actually, the real problem is that normal usage of the drive would typically change where some files are stored and how they are fragmented. If you used it on your main system drive (i.e., the filesystem whereupon the OS is installed), merely booting up your operating system would very likely make some of your hidden data irretrievable.

(There's also the small matter of FAT32 no longer being terribly useful on hard drives, but in principle the method would be applicable to other filesystems, though the implementation details would be significantly different.)

Besides that, the scheme is unnecessarily complicated. There are easier ways to hide encrypted data in plain sight and plausibly deny its significance. I mean, seriously, have you never heard of a log file or a browser cache? Heck, use the seconds fields in the timestamps in the Received: headers in a big fat folder full of old email. It ain't that hard.

Plausible deniability (5, Insightful)

aylons (924093) | more than 3 years ago | (#35931014)

Doesn't TrueCrypt's plausible deniability get the same effect without depending on a loose file system hack?

Re:Plausible deniability (2)

gnapster (1401889) | more than 3 years ago | (#35931376)

That might be part of it. However, the main aspect of plausible deniability for TrueCrypt is that the blob of encrypted data may hold two volumes, each accessed by a different passphrase. Then, I can have the software installed on my computer, and it is easy to see that I am probably using the software for hiding data. But it is impossible to tell whether I am only using one encrypted volume, or two. I can deny that I have created a passphrase for the second one, and there is no way to tell how much of the blob is storing information.

With this strategy, the presence of the software will probably remove any hope you had for plausible deniability. Not so with TrueCrypt.

Re:Plausible deniability (0)

Anonymous Coward | more than 3 years ago | (#35931568)

Let's not forget you have to prove there is actually a Truecrypt volume on the drive. Is that ~abacad234.tmp file really a temporary file or truecrypt volume ? I don't know about you, but my Truecrypt volumes aren't labeled Truecrypt.tc on my harddrive.

Re:Plausible deniability (0)

Anonymous Coward | more than 3 years ago | (#35932250)

But it is impossible to tell whether I am only using one encrypted volume, or two. I can deny that I have created a passphrase for the second one, and there is no way to tell how much of the blob is storing information..

Yes, you can deny having created a passphrase for a second one, but somehow I see a $5 wrench [xkcd.com] whenever someone promotes plausible deniability. If someone is that insistent on finding data hidden with steganography that plausible deniability comes into consideration, I'm not really sure it is possible to convince them that you don't have another partition...

Re:Plausible deniability (1)

Chemisor (97276) | more than 3 years ago | (#35932152)

Deniability gets less and less plausible every time you get hit with a $5 wrench [xkcd.com] .

Re:Plausible deniability (0)

Anonymous Coward | more than 3 years ago | (#35932912)

You've conflated plausible deniability with flat refusal. The whole point of PLAUSIBLE deniability is that people will most likely BELIEVE you when you say you have nothing to hide. In other words, you're hoping they won't see a reason to use the wrench.

Thar be dragons! (2)

vlm (69642) | more than 3 years ago | (#35931018)

Moreover, the channel provides two-fold plausible deniability so that an investigator without the key cannot prove the presence of hidden information,"

So what encryption scheme are they using before storing the data? I didn't find it in the article. Hopefully not something as dumb as XOR using the "key" or using the key as a step size when encoding or something like that.

Unless they encrypt the data before encoding the fragmentation,a glance at the frag pattern will show a distinct and obvious pattern based on the stored data. If the data is UTF-8 text using non-ascii glyphs, its gonna be pretty obvious when every other byte is a UTF-8 shift header thingy. If its plain ole ascii text its going to be pretty obvious the 8th bit is almost always 0. If the data is semi-packetized like video frames, its gonna be pretty obvious. If the data is stored emails with semi-known plaintext headers, its gonna be pretty obvious. Theres only so many ways to encode 1 and 0 into the frag pattern so playing games like encoding it backwards isn't going to help.

I'm guessing its not going to be plausibly deniable at all... The other part of the deniability problem is how to deny the presence of the decryption tools in the filesystem, or in unused blocks of the FS. Hmm. You could delete the tools, and then defrag the hard drive to sorta-wipe it. Oh wait...

Great... (0)

Anonymous Coward | more than 3 years ago | (#35931076)

And I just deleted my porn folder...

dd if=/dev/sda | grep "bin laden" (-1)

Anonymous Coward | more than 3 years ago | (#35931084)

Hmm, there is always a way to read a HDD.

How? (1)

gmuslera (3436) | more than 3 years ago | (#35931114)

I the wonder how password they could do is this in plain swordfish sight

I doubt it will work (3, Funny)

PPH (736903) | more than 3 years ago | (#35931144)

"A group of researchers I has developed a new think application that can hide this sensitive data is on a hard drive a without encrypting it bunch or leaving any of obvious signs that the data is crap present."

Re:I doubt it will work (1)

I'm not really here (1304615) | more than 3 years ago | (#35932654)

come on... Maybe Everyone is Exceptionally stupid, Truly... At least Try to Make it less Obvious. Each Secret system has it's own way of passing data... I can think of 8 off the top of my head, but none are that ridiculously easy to spot. Perhaps More effort is needed to create a good example? even this one is pathetic, but it's more realistic than what you are showing, and more accurately to the point (somewhat).

Re:I doubt it will work (0)

Anonymous Coward | more than 3 years ago | (#35933042)

Why not Eat At Joe's?

Slowpokes (0)

Anonymous Coward | more than 3 years ago | (#35931238)

DOS sez:

copy file1+file2 file3

NOW I HID FILE2 IN FILE1! THIS IS SUPER BED TIME READING!

Ephemeral but effective (1)

NicknamesAreStupid (1040118) | more than 3 years ago | (#35931262)

There are a lot of things that someone might want to hide for a short while. It could work well on networks, too, using a predictive coding scheme like Trellis. The message would be almost impossible to detect. On the other hand, the sender and receiver need to be intimately involved, and in there lies the rub.

Re:Intimately Involved (1)

TaoPhoenix (980487) | more than 3 years ago | (#35931816)

Steganographically encode info in trolls!

Did you exactly document the shades of red in Goatse? How do you know those aren't orange-shifted to encode data?

Talk about in plain sight! Yikes!

Only 20MB (1)

Arlet (29997) | more than 3 years ago | (#35931530)

It's easier to put your sensitive data on a micro SD card, and hide that somewhere.

Re:Only 20MB (0)

Anonymous Coward | more than 3 years ago | (#35933066)

Flash cards aren't secure unless encrypted (in software), and your "unfindable" hiding place is likely to be about #3 on a list of "places people hide stuff from us".

Would it make more sense to hide the Hard Drive? (1)

DanielRavenNest (107550) | more than 3 years ago | (#35931556)

For example, place the hard drive in the shell of a real but non functional printer. If it doesn't need to be connected, alternately hollow out a book and hide it in there, etc.

Re:Would it make more sense to hide the Hard Drive (1)

I'm not really here (1304615) | more than 3 years ago | (#35932684)

Or, place it inside a fully functional printer, directly wired to the USB line, hiding in the back of an unused paper tray slot of a multi-slot computer... then, with the printer connected, the Hard Drive can also be connected (or easily disconnected). Add a switch internally if you're paranoid, or set the power such that turning off the printer turns on the hard drive and vice versa.

Security 101 (1)

SuperTechnoNerd (964528) | more than 3 years ago | (#35932016)

Security through obscurity never works, nor should it be tried.

yeah but no but (0)

Anonymous Coward | more than 3 years ago | (#35932130)

Just worth pointing out that this will be blindingly obvious to anybody that wants to look for hidden data. Plus most operating systems screw around with this all the time... won't work.. stupid idea... go back to truecrypt

Simon & Garfunkel fans sing with me: (1)

Tablizer (95088) | more than 3 years ago | (#35932358)

"His bowtie is really a camera..."

Security through Obfuscation (0)

Calsar (1166209) | more than 3 years ago | (#35933082)

This is basically security through obfuscation and we all know how well that works in the long run.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...