×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Evidence of Steganography in Real Criminal Cases

Zonk posted more than 6 years ago | from the not-just-a-numb3rs-plot dept.

Security 231

ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

231 comments

"Security Expert" (3, Insightful)

somersault (912633) | more than 6 years ago | (#21054253)

Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.

Re:"Security Expert" (0)

Anonymous Coward | more than 6 years ago | (#21054285)

You clearly understood what he meant. Enough with the pedantry.

Re:"Security Expert" (2, Informative)

Sobieski (1032500) | more than 6 years ago | (#21054307)

Well, he might work at a company developing a new top secret Universal Serial Bus interface that someone else is willing to pay for.

From the article (2, Informative)

johndiii (229824) | more than 6 years ago | (#21054463)

But Bruce Schneier, CTO of BT Counterpane, disagrees. He says steganography doesn't make sense as an insider threat. It's much easier to just suck the data off onto a USB thumb drive and walk out of the building.
That seems to make a little more sense. They still don't quote Schneier directly, but his general conclusion seems valid. The purpose of steganography is to provide a clandestine channel, in part to avoid traffic analysis. If the data embedded through steganography is also encrypted, it would be very hard to detect. That's why this study is significant. I'll wait until it's farther along than its "early phases" before I draw any substantive conclusions, though.

Re:"Security Expert" (1, Funny)

Anonymous Coward | more than 6 years ago | (#21054577)

Same guys who call bluetooth headsets "bluetooths"?

Re:"Security Expert" (5, Funny)

stranger_to_himself (1132241) | more than 6 years ago | (#21054617)

Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.

Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

Re:"Security Expert" (1)

jimktrains (838227) | more than 6 years ago | (#21054721)

Mine's called Jane*, but that's besides the point. I also hate it when people call things a "USB."

*After my love: Jane Eyre

Re:"Security Expert" (1)

SCHecklerX (229973) | more than 6 years ago | (#21054975)

Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.


You forgot jump drive, key disk, and thumb drive.

IBM had one of the first (actually made by Kanga?). 8 whole meg!

Re:"Security Expert" (1)

mdd4696 (1017728) | more than 6 years ago | (#21055249)

I smell a Slashdot Poll... is it flash-, jump-, pen-, thumb-, USB-, or memory-? Is it a drive, disk, key or stick?

I think "flash drive" is the most descriptive and appropriate answer. Jump-, pen- and thumb- are names that companies came up with to differentiate their brand. USB- and memory- are too generic. It's not a disk or key, and "flash stick" just sounds weird.

Re:"Security Expert" (4, Funny)

Paradise Pete (33184) | more than 6 years ago | (#21055371)

People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

In a Spanish-speaking office I was trying to guess at the name and called it a palito, which literally means "little stick." It took about two minutes for the laughter to die down, and then I learned that palito is slang for dick.

Re:"Security Expert" (0)

Anonymous Coward | more than 6 years ago | (#21055523)

I've heard "geek stick" too

They leave with the bus (0)

Anonymous Coward | more than 6 years ago | (#21054665)

Why wouldn't the criminals just go for a ride with the universal serial bus?

Re:"Security Expert" (0)

Anonymous Coward | more than 6 years ago | (#21054959)

Ooh, you dared to criticize Bruce Schneier? Bad security karma!

If I were you, I would disconnect myself from the Internet for a month.

It's not unlocking anything (1)

scarboni888 (1122993) | more than 6 years ago | (#21054993)

Well USB "key" is one term I'd like to see discontinued for USB devices that function only as a storage medium. In this case it isn't a "key" to anything, it's a storage device. Drive is okay - shows up with a drive letter or as a /dev/sdb? but key? No - it's not unlocking anything, folks. Therefore it is not a key.

Re:It's not unlocking anything (1)

plague3106 (71849) | more than 6 years ago | (#21055553)

It not called key because it unlocks something, its called key because it goes on your key chain.

Re:It's not unlocking anything (1)

mrsteveman1 (1010381) | more than 6 years ago | (#21055759)

In the past i have kept encryption keys like GPG and LUKS keys on my little USB drive, i specifically bought a tiny one for that purpose.

Same with BitLocker, anyone without a TPM has to use a USB drive to store the key.

In fact, there are USB token devices which could accurately be called a key, in the same way a smart card is a key.

Re:"Security Expert" (5, Funny)

GregNorc (801858) | more than 6 years ago | (#21055061)

You are doubting Bruce Schneier? There are a few things you should know before you question his credentials... When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it. Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity. Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

Re:"Security Expert" (1)

alan_dershowitz (586542) | more than 6 years ago | (#21055685)

Someone on my staff sent me an Internet about that just the other day. I can't really tell you what it said because it hasn't gotten here yet.

Old news though (3, Interesting)

eneville (745111) | more than 6 years ago | (#21054265)

This was advertised in the film "the core" when the 'hacker kid' sends a message to a pilot within some other data... Great. It's also in use CONSTANTLY by conspiracy theorists, how many people have received that stupid email about the number 911 and the wingdings font... *yawn*.

Steganography is also in use by some media producers, I've heard cases where demo tracks have included some randomness that is later detectable to find the source of whoever leaked the track (each person on the initial review got a different copy of the randomness).

Re:Old news though (2, Interesting)

sqrt(2) (786011) | more than 6 years ago | (#21054325)

That's a well known tactic for discovering the source of leaks of sensitive information; been in use long before computers. Hell it probably predates movable type! It didn't have a specific name until Clancy wrote Patriot Games. Google, "canary trap".

Re:Old news though (2, Informative)

Anonymous Coward | more than 6 years ago | (#21054709)

To be clear, neither of the examples you gave are steganography, but are a simple cypher and watermarking, respectively.

The best implementation (5, Funny)

Chapter80 (926879) | more than 6 years ago | (#21055035)

There are about 800 programs that do steganography. The best implementation that I have seen so far works like this:

First the program takes the target JPG (which you want to be very large), and treats it as random noise. Simply a field of random zeros and ones. Then, within that vast field, the program selects a pattern or frequency to place variations in the noise pattern.

The variations in the noise pattern act as a beacon - sort of a signal that the payload is coming. Common variations include mathematical pulses at predictable intervals - say something that would easily be recognizable by a 5th-grader, like say a pattern of prime numbers.

Then it layers in a second layer, nested within the main signal. Some bits are bits to tell how to interpret the other bits. Use a gray scale with standard interpolation. Rotate the second layer 90 degrees. Make sure there's a string break every 60 characters, and add an auxiliary sideband channel. Make sure that the second layer is zoomed in sufficiently, and using a less popular protocol language, so that upon first glance it's not easily recognizable.

Here's the magical part: It then adds in a third layer. Sort of like in ancient times when parchment was in short supply people would write over old writing... it was called a palimpsest. Here you can catalog over 10,000 "frames" of data, which can communicate any message that you want.

Further details on this method can be found here. [imsdb.com]

looks like something doesn't work properly (4, Informative)

petes_PoV (912422) | more than 6 years ago | (#21054345)

The whole point of steganography is to embed undetectable data in a file. If some people now claim to have found evidence of it, then the original users can't have a very effective steganographic process.

Maybe this really means that the software available for this type of use just doesn't work very well?

Re:looks like something doesn't work properly (4, Informative)

mu22le (766735) | more than 6 years ago | (#21054439)

The article is just saying that they found steganographic software on some criminal's pc.

FYI you can detect the presence of steganographed information by statistical means (http://en.wikipedia.org/wiki/Steganalysis).

Re:looks like something doesn't work properly (1)

petes_PoV (912422) | more than 6 years ago | (#21054767)

they found steganographic software ...

And this is part of the problem with the process. It's no good hiding data in an undetectable way if you leave behind indicators that there's data hidden. It's a bit like breaking into a house, and leaving no trace of where/how you did it - then leaving your lockpicks by the side door.

If you're going to have steganographic software, it must not be recognisable as such.

Re:looks like something doesn't work properly (1)

Cairnarvon (901868) | more than 6 years ago | (#21054853)

If you're going to have steganographic software, it must not be recognisable as such.
That's a bizarre statement. It's not like they were advertising the fact that they had such software.

Re:looks like something doesn't work properly (1)

Waffle Iron (339739) | more than 6 years ago | (#21055107)

If you're going to have steganographic software, it must not be recognisable as such.

Maybe they should do something clever like encode the software to look like random noise and then hide it by mixing it into a JPEG image.

Re:looks like something doesn't work properly (1)

perlchild (582235) | more than 6 years ago | (#21055453)

Or again, they could have gotten the software on a usbkey

Denying access to the software used to hide it would also work.

Debunking steganography (4, Interesting)

DrYak (748999) | more than 6 years ago | (#21054525)

In fact people like Guillermito [guillermito2.net] has regularly showed that a lot point'n'click stegano softs are just completely useless. They either don't work at all (fail to transport data) or store the data in nearly not hidden at all way (payload stored as-is past the end of the file, or zero-padded and used for the least significant bit of the file without any encryption).

Specially if the marketing blurb mentions "military grade" (translation : triple AES is used to store the password. The reader software inputs a password from the user and if it matches the hash... the soft proceeds extracting the otherwise clear, non crypted and un-obfuscated payload).

So while it *is* possible to design actually working steganography, if a would-be pedo-terrorist-criminal tries to google for stenographic software, he'll most likely land on useless software.

Re:Debunking steganography (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21055463)

Why don't you learn to speak english, you dumb asshole.

Re:looks like something doesn't work properly (1)

Palpitations (1092597) | more than 6 years ago | (#21054985)

Let's say you have access to a video file that people won't think twice about. Some random video you host, along with hundreds or thousands of others. People who know what to look for keep the first version of that video as the reference, and you make very subtle changes to it every once in a while. Let's say every frame of that video contains 1 character worth of text. That wouldn't be noticeable to the casual observer - far from it. At 30 FPS, a 5 minute video comes out to 9,000 characters. As long as you know how to extract the information, and you have the original reference version, that should be trivial. I'm all for steganography, encryption, and obfuscation... But it's important to realize that some of the most cunning uses here are truly security through obscurity.

Uh (0)

Anonymous Coward | more than 6 years ago | (#21054351)

What is a free point-and-click free tool?

How do you take a USB? People are actually ripping the USB controller out of their machine and taking it with them? What's the point? There isn't any data in the USB.

Re:Uh (1)

Woek (161635) | more than 6 years ago | (#21054361)

:-D reminds me of the raid of a file-sharer's home (or something like it), where the police took all the monitors and left the computers behind.

Re:Uh (1)

Draped Crusader (1174049) | more than 6 years ago | (#21055489)

They probably took those to use some van Eck phreaking [wikipedia.org] techniques on it.

Re:Uh (1)

fosterNutrition (953798) | more than 6 years ago | (#21055781)

Maybe this is a "whoosh..." moment, but I'm fairly certain that the monitors need to be, you know, on and connected to the computer and displaying the interesting things. The more I type the more I suspect that was the point of tour post, and that I'm a humourless bastard.

These must be freshman researchers (4, Informative)

tkrotchko (124118) | more than 6 years ago | (#21054375)

Kids,

To those versed in statistics or the scientific method, find the flaw in this statement (as taken from the article):

"with the little data we have so far, we are finding that there's a strong correlation between criminal activity and at least the installation of steganography programs on those [confiscated] computers"

With the little data I have so far, I think the researchers are pulling our leg.

Re:These must be freshman researchers (0, Troll)

Rocketship Underpant (804162) | more than 6 years ago | (#21054469)

Not to mention this quote:

"some security experts such as Bruce Schneier have dismissed steganography as too ... conspicuous."

Since being inconspicuous is the very definition of steganography, something tells me Mr. Schneier doesn't have a firm handle on the concept, and if there were many properly-executed uses of steganography in the wild, he wouldn't have noticed them.

Re:These must be freshman researchers (3, Funny)

halftrack (454203) | more than 6 years ago | (#21054623)

You do know that to most Slashdotters, Bruce Schneider is the Chuck Norris of cryptography and security?

Re:These must be freshman researchers (4, Informative)

Obyron (615547) | more than 6 years ago | (#21054901)

Since being inconspicuous is the very definition of steganography, something tells me Mr. Schneier doesn't have a firm handle on the concept

Considering that Bruce Schneier has been around the block for a loooong time and has written several good books on cryptography and computer security, including the seminal "Applied Cryptography" (which needs a new edition! Hint hint if you're out there, Bruce!), I think it's far more likely that you have no idea who Bruce Schneier is. I'm sure that by "conspicuous" he's referring to the fact that steganography can be detected through statistical analysis, and the fact that most steganography software is crap.

Being inconspicuous isn't the definition of steganography any more than being secure is the definition of cryptography (Ceasar Ciphers, ROT-13, DES). They're both just important traits that make their respective -graphies more effective. Bruce's statement is referring to the sad state of pretty much all of the steganographic software out there right now, because it's pretty much all the security equivalent to sticking your super secret files in a hidden directory and hoping the secret police just overlook it.

Re:These must be freshman researchers (0)

Anonymous Coward | more than 6 years ago | (#21055257)

Considering that Bruce Schneier has been around the block for a loooong time and has written several good books on cryptography and computer security, including the seminal "Applied Cryptography" (which needs a new edition! Hint hint if you're out there, Bruce!), I think it's far more likely that you have no idea who Bruce Schneier is.

http://en.wikipedia.org/wiki/Appeal_to_authority [wikipedia.org]

Re:These must be freshman researchers (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21054529)

From TFA:

"with the little data we have so far, we are finding that there's a strong correlation between criminal activity and at least the installation of steganography programs on those [confiscated] computers"


Agreed on your comment on the above statement. My problem is that the article author's statement will be used as justification for search warrants. Some bullet-head cop who's barely mastered the idea of opposable thumbs will quote it like gospel and use it as justification to grab IP numbers of downloaders, etc.. As someone that makes a living off of security I'm tired of seeing my tools being judged "guilty until proven otherwise". I few years ago a highway cop tossed my car hard because he found a copy of Schneier's "Applied Cryptography", saw the cover and didn't like the statement "The book the NSA wanted never to be published". He threatened to take it and make me come down to his station to get it back. BTW, this cop was clearly "not the sharpest tool in the shed" even among his own peers.


I really see in ten years owning any non-backdoor crypto tools et al being illegal. America is dying under the thumb of the police and soon to arrive police state.

Re:These must be freshman researchers (2, Informative)

NormalVisual (565491) | more than 6 years ago | (#21055825)

America is dying under the thumb of the police and soon to arrive police state.

Yes it is, in large part because the citizens allow it to. Why did you let the cop "toss your car"? He had no basis for a legal search, so either he searched without your permission, or asked if he could and you said "yes". If he searched without your permission you should have followed up in court. If you told him it was okay to search, then you have nothing to bitch about and aren't any better than the rest of the sheep that are letting the government get away with murder. Either way, there was action you could have taken as a citizen, and chose not to.

Re:These must be freshman researchers (1)

maxume (22995) | more than 6 years ago | (#21054795)

It depends a great deal on if you assume he is describing the data or if he is describing the relationship between stenography and criminal activity. It could be a perfectly reasonable thing to say about the data, but we can only speculate.

just as planned (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21054387)

There is a question I see time and time again from furries. "Why do you hate us so much?". They point out all the other shit that gets posted on the internet and they can't understand why, of all the shitting dicknipples, dead cats and tubgirls, they're the most hated thing on the internet. Well, I'm here to tell you What you have is a fetish. That's all, a fetish. Just like people who want to be pissed on or people who love feet.But you couldn't just have a normal festish, oh no. You had to make it a "lifestyle". You had to build your entire life around your retarded fetish. Then you took it a step further - you wanted to be able to show off your fetish lifestyle, rub it in everyones faces then you expected them to smile. You want to fuck animals and you expected people to be proud? Then you whine like nothing else when people tell you how retarded it all is, cry "fursecution" you're some oppressed fucking minority. You know what foot-lovers do? They keep it to their fucking selves. There's MILLIONS of them
and they're quiet about it, stay in their own little communities to talk about it and don't grind it in everyone elses face. They KNOW what they like is weird, they fucking deal with it like normal people.

THAT is why we hate you. You've got a retarded fetish and you insist on cramming it down everyone elses throat then DEMANDING that they treat you nicely when you just said you want to fuck a man-dog. You act like you've got some grand right not to have the piss taken out of you no matter how stupid what you're doing is. When a community tells you it doesn't want you there you don't realise it's not YOUR community and not your business. You try and FORCE them to tolerate you, you stay no matter how many people hate you and just shove your shit in their faces harder. How could anyone NOT hate you?

So go ahead, furry. Take a look in the mirror and then tell me I'm wrong. Or grow some self-respect and keep your fucking fetish private like everyone else.

Re:just as planned (0)

Anonymous Coward | more than 6 years ago | (#21054589)

Amen, brother. In this part of the world there is a minority that behaves pretty much exactly the way the furries do... the Fenno-Swedes. You know, the 5,5% of Finnish citizens who speak Swedish as their mother tongue and believe it's some sort of God's gift to all humanity, or at least the rest of their countrymen.

Your description of furries fits them spot on. They've chosen a lifestyle of pretending they're some holier than thou remnant of the sacred Swedish kingdom of the middle ages that represents all that is good and civilized about the country, and damn you if you don't agree with them. Their minority group represents an identity that needs to be protected at all costs... and guess what? Everyone else gets to protect them by becoming them, because obviously their identity doesn't matter!! And after all, they're just giving you the GIFT of getting to be Swedish! Great, huh? You'd probably love it if some furry insisted that you SHARE their fetish in order just to prove you're open-minded!

They want to take your kids early on so they can brainwash them into believing they're Swedes too (this would raise a hell of a protest if it was tried on Åland which has the constitutional right to be racist towards Finns, but of course the same rules do not apply -- only they are "special"), and then they want all kinds of totally ludicrous language requirements everywhere so that they have the right to be "served in Swedish" where-ever they go -- even outside their little reservations along the coastline. If you dare point out that this smacks of manipulation, you hate the minority and are a nazi.

Think of it -- furries putting your kids into furry-school in order to advance tolerance and understanding, and then educating in the fetish all the way through school, requiring a furriness test before they can graduate university, and then making them get all jiffy with a furry whenever one walks up to you and wants to share the gift of the wonderful, mind-expanding fetish!

The sad part is that this is not even a complete troll, it's all factual... :)

Re:just as planned (1)

Dogtanian (588974) | more than 6 years ago | (#21054681)

At first glance, the above post may appear to be totally offtopic. However, it's not, because careful analysis has shown that it contains the following steganographically-hidden message:-

"I want the world to know this, but I can't bring myself to say it out loud. I am a total loser whose only thrills are lame attempts to troll Slashdot. And... I am a repressed furry. There, I said it, but no-one will ever know!"
Thank you for your honesty, Mister AC.

Van Eck Phreaking (0, Offtopic)

dhavleak (912889) | more than 6 years ago | (#21054389)

http://en.wikipedia.org/wiki/Van_Eck_phreaking [wikipedia.org]

Came across this in Cryptonomicon. It blew my mind. If people can do shit like this Steganography doesn't actually sound that hard.

Re:Van Eck Phreaking (1)

Mantaar (1139339) | more than 6 years ago | (#21054473)

Technically, van Eck Phreaking has nothing to do with Steganography. And besides some NSA-paranoia and various SciFi shows, as well as Window's PGP's "don't-show-me-what-I-type"-feature I know of no impact of van Eck on the media/digital world.

Steganography is something completely different and reminds me of my old Boy-Scout days... when we used to devise "Secret Codes" so secret you couldn't find out it was a message at all. Steganography would have been fun to play with back then.

I doubt it happens on a large scale (4, Informative)

starseeker (141897) | more than 6 years ago | (#21054391)

Installation of steganography tools != using those tools in practice. If someone is looking to conceal data, they may be grabbing anything out there that stands a remote chance of being helpful. Sort of like how in the early days students would have all kinds of music players and point-to-point file exchange programs, looking for ones that would do what they wanted or had what they wanted.

James Wingate, director of the steganography analysis & research center at Backbone Security, and a vice president there, says the use of steganography is on the rise, and it could be used for things like transporting malware.

"Some would call me 'Chicken Little,' but I fervently and passionately believe criminal activity is being conducted with steganography... We do know it's being used to conceal child pornography," Wingate says. "

When someone "fervently and passionately" believes something, particularly something related to a day-to-day project where one's institution stands a good chance of increased funding if what you believe is true, that's a good indication that you need to look hard for real, reproducible evidence that will stand up to rigorous peer review. Nor should concealing those types of images be surprising - unfortunately there seem to be a large number of sickos out there with this stuff, and probably every data-concealing program ever written has been used to conceal it (or try to). More to the point, is it in WIDE use?

I agree that a USB stick is a much more plausible attach vector for a company insider (no "hey what was that huge surge of email traffic with images?" signatures for IT to poke their noses into, just for starters.) If someone wants to hide data on their machine, I would think any of the various harddrive encryption techniques would both be simpler and much more effective.

I remember looking around at steganography tools some years back for other purposes (watermarking images people were considering contributing to a collectibles website) and my conclusion was that the most practical use of the techniques was to store information one WANTED to be found - another way to put metadata into an image so you could later figure out additional information about it (say, for a baseball card certified by a company you could add the certification information using steganography to ensure later availability of the information even without the website context, unless the image was compressed or otherwise distorted. It didn't and doesn't strike me as anything that can be used for anything uniquely evil or even uniquely practical (real image metadata is most likely a better place for useful info, and hiding information in it is an iffy proposition at best.

Remember, just because non-government researchers can't cover all 800+ programs doesn't mean someone like the NSA with large funding and budgets couldn't throw resources at it until they had all of them covered. Somebody will probably use it, but someone will use virtually every possible technique to do something at least once in the vastness of the Internet so that's not a very interesting statement. The interesting question is will a lot of people use it, and I just can't see it being worth the trouble.

get over it (5, Insightful)

m2943 (1140797) | more than 6 years ago | (#21054395)

First, legislatures pass bullshit laws about cryptography despite warnings that they are going to be ineffective because of steganography. Now, they claim that the sky is falling because people are using it.

Right now, police can still detect the steganography tools, but those will start to be hidden as well. Encrypted, hidden data can be added to MP3s, MPEG4s, PDFs, scans, executables, random leftover noise on the disk. It can be hidden on microSD cards, printed on paper, and hidden on DVDs.

There is no way governments or companies can stop covert communications of data. Get over it and stop making laws that are unenforceable but give police and governments ever more tools to abuse their powers.

Re:get over it (4, Interesting)

Kjella (173770) | more than 6 years ago | (#21055277)

Encrypted, hidden data can be added to MP3s, MPEG4s,
Actually, the more compressed the less likely you can embed anything useful. Trying to embed information would either lead to inefficient compression, which can be detected or to unnatural noise which can also be detected. Also you can't have an unembedded and an embedded version around, so adding stenography to that episode of Heroes you send would be really stupid and trivially found with a diff. Most good formats like bmp, wav etc. would raise eyebrows since they're so uncommon. I think your favorite non-suspicious option today would be getting a digicam with a raw option, then use the least significant color bit. It's near noise anyway since very few cameras can actually detect 10/12 bits/channel, there's no reference to go by and it's perfectly reasonable to share photos that way. Do an AES pass on the data so you're writing psuedo-random data, and I imagine it'd be rather hard to detect.

Re:get over it (2, Interesting)

DavidTC (10147) | more than 6 years ago | (#21055863)

Encrypted, hidden data can be added to MP3s, MPEG4s, PDFs, scans, executables, random leftover noise on the disk. It can be hidden on microSD cards, printed on paper, and hidden on DVDs.

See, right there I'm with Bruce. Why would you put steganography tools on microSD cards?

Why not put the data encrypted on the card, and then hide the card? Doesn't that seem to make a lot more sense?

I mean, those things can hold a lot now, a good deal more than you could reasonable hide via steganography.

If you're smart, you'll just up and install the encryption tools like Truecrypt, but have a porn partition or even a tiny file with credit card and personal information, a 'legitimate' use for the program.

And, yes, I know people are talking about hidden communication channels, for, for example, spies, not storage, but, frankly, that's idiotic.

Any large data is going to be transfered in person via encrypted flash drives. A flash drive is a lot easier to dead-drop than a DVD-R. They have ones thin enough that they can fit inside library books or pass as change, and ones sturdy enough that they can stay outside for a week in mud. Anyone who thinks the 'secret plans' are traveling via the internet is confused. (Well, not at the start of the trip. Once they end up at the embassy or whatever the data obviously can be openly strong-encrypted and openly transfered however the hell they want.)

And any tiny data can be communicated via public signals. Which, incidentally, is a kind of steganography. Spies already have all that worked out. For example, if you ever wear the red tie with the brown suit it means your cover is blown and you need immediate pickup, stuff like that.

I don't doubt technology plays a role in this, but I doubt 'encryption' or 'steganography' does, as tools like that are, as you pointed out, dangerous. I suspect it's more stuff like 'If anyone ever anonymously replies to a slashdot post of yours using this specific subject, check dead-drop #3 that evening'. Call it 'manual steganography', where you go around looking for clues that everyone else can see but no one else knows what to look for.

Summary of Article (4, Funny)

Chapter80 (926879) | more than 6 years ago | (#21054397)

Research Shows Image-Based Threat on the Rise
New Purdue University research shows steganography, long considered a minor threat, may be on the rise
OCTOBER 18, 2007 | 6:00 PM

By Kelly Jackson Higgins Senior Editor, Dark Reading

Until recently, steganography, the stealth technique of hiding text or images within image files, has mostly been considered too complex -- and conspicuous -- to be much of a threat. But some forensics experts now worry that the bad guys are starting to use the tactic more frequently, especially in child pornography and identity theft trafficking.

There are an estimated 800 or so steganography tools available online, many of them free and with user-friendly graphical user interfaces and point-and-click features. This broad availability making steganography more accessible and easier to use for hiding and moving stolen or illicit payloads, experts say.

Security experts to date have mostly dismissed steganography as a mainstream threat, relegating it to the domain of spooks and the feds. Their skepticism has been well-founded: The few studies that have searched for images hiding steganographic messages have come up empty-handed.

Re:Summary of Article (0)

Anonymous Coward | more than 6 years ago | (#21054433)

\(_o)/ lololo

Translation (0)

Anonymous Coward | more than 6 years ago | (#21054635)

The Coward is laughing out loud out loud out, after a plate of egg and bacon.

"A" for effort (0)

Anonymous Coward | more than 6 years ago | (#21054447)

"D-" for results. Clearly you have too much time on your hands.

no one said criminals were bright (1)

bombastinator (812664) | more than 6 years ago | (#21054417)

Just because it is an inefficient and poor method does not mean it will not be used.

Criminals are know for their poor work ethic. Why do a bunch of skull drudgery and research, when they can just grab the first thing that comes along.

Another reason it might be attractive is it's over complication itself. One of the main reasons frequently given for people to become real spies is pure excitement. They want to do "spy stuff". Someone like that is going to go not for the best method, but for the most high tech, convoluted, spy movie type stuff they can get ahold of. There was a famous American double agent years ago with just this issue. He began demanding weird and unnecessary communication equipment from them just so he could have it. the adrenaline rush of dangerous behavior frequently leads to even more. Grander crimes, more complicated plans. Increased risk.

Re:no one said criminals were bright (0)

Anonymous Coward | more than 6 years ago | (#21054569)

Hi, my name is Bruno: and I'm a gadget-holic,

Just because you think it doesn't make sense.... (1)

teslar (706653) | more than 6 years ago | (#21054481)

... doesn't mean everyone else agrees. From a security expert, I find this a very strange attitude - surely one should always consider the worst case scenario and never dismiss any technique or approach as "something the bad guys won't use, because it's too cumbersome/difficult/whatever." If nothing else, that technique then has an immediate appeal to the bad guys because it is one you were not expecting.

'It doesn't make sense that someone selling out the company can't just leave with a USB.'
Oh, I think that makes a lot of sense. Imagine the scenario:
"Oh, hi Peter, sorry to bother you, but we have a suspicion that someone from the inside might be leaking sensitive information to our competitors. Do you mind if we have a quick look at your USB stick?"

Would you rather be caught with:
a) All the company's secrets
b) Pictures of your daughter

And yeah, you could be encrypting all that information, but even an encrypted file would be more suspicious than a picture of your cute daughter.

Re:Just because you think it doesn't make sense... (0)

Anonymous Coward | more than 6 years ago | (#21054543)

Drone: There was nothing; just some pics of his 11 year old daughter playing at the pool.
Boss: Damn. But...Peter doesn't have any kids...

and now THINK for a second. (2, Insightful)

SmallFurryCreature (593017) | more than 6 years ago | (#21054565)

How big is that picture of your daughter? I seen a real world example of it. A 4mb image, that somehow only seemed to result in a small photo of about a 100x100 pixels. Yeah, that ain't suspicious AT ALL. Doesn't set of any alarm bells. Nope.

That is the entire problem with the idea, how do you get enough information inside and still not raise suspicion. It is different for coded messages, keep the code small and it can easily fit but to leak information, you need to start including megabytes of documents in image files that are typically less then a 100kb or do you think nobody will find it odd if you keep a 10megapixel uncompressed image of your daughter on your stick?

Remember, if it is a small amount of data you can get it out easily, memorize it. But if you are talking industrial espionage you are talking blueprint, documents, databases.

The researcher claimed that he found traces of the programs in question. TRACES. Meaning they were removed. Now think about this, why does someone remove software. Because they want to hide it OR because they tried it and found it useless?

Sure, there are uses, but as said, only for situations where the data is small enough to logically fit inside. Child porn image nesting in a harmless image seems about the most logical use, you could easily create a site that serves "harmless" wallpapers but are really childporn. Except one tiny problem, how do you distribute it? Open access, bit risky getting the highly illegal content out there, who knows who might be bored and start snooping. Limited access? Then who are you hiding from?

The problem with the child porn idea is that it ain't going to fool anybody for long. Contrary to popular believe the police ain't stupid, if they suspect childporn and find nothing but a large collection of regular images that ALL seem to be just a bit too large, then just maybe, they are going to investigate further.

As for use in distribution, encryption is far easier, if I know you then I can just send the file encrypted and nobody will be the wiser. If I don't know you and post it blindly on a public site, how are you going to know how to get the content out?

I know that the idea is that one of the elements of hiding is NOT to increase the filesize, but unless I am missing something, if you want to hide 1mb of data, you are going to need at least 1mb of other data to do the hiding in. For a nice database dump, that is a LOT of pictures of your daughter.

Re:Just because you think it doesn't make sense... (0)

Anonymous Coward | more than 6 years ago | (#21054587)

"Oh, hi Peter, sorry to bother you, but we have a suspicion that someone from the inside might be leaking sensitive information to our competitors. Do you mind if we have a quick look at your USB stick?"

"I don't have a USB stick"

Now what?

Re:Just because you think it doesn't make sense... (3, Funny)

Dunbal (464142) | more than 6 years ago | (#21054965)

Now what?
(slammed against the wall)

"Bro don't tase me, don't tase me! Br-clickclickclickclickclick"

Welcome to the NEW America.

Re:Just because you think it doesn't make sense... (1)

jshackney (99735) | more than 6 years ago | (#21054773)

I think it's silly. Stego is well known for not being very effective at truly obfuscating the fact that there's hidden data in a photo. Open the file in a hex editor and it's blatantly obvious there's data in the photo. Anyone with a modicum of knowledge could detect the presence of data, uh, with the possible exception of your local border security [wired.com] (sorry, oblig.). I'm suspicious about the study. If you wanted to hide data in a file, why would you then post that image to the web for all to see? Why not just email it to one or two ... million people all spam-like and make sure at least one goes to your target? Most people will delete your spam without even suspecting anything. Then there are the few that would be curious. So, well, not a great idea either. I just don't think stego is what it could be, or what criminals expect it should be.

___
Bruce Schneier can divide by zero [geekz.co.uk]

Re:Just because you think it doesn't make sense... (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21055005)

Open the file in a hex editor and it's blatantly obvious there's data in the photo.

Please look at these images [sourceforge.net] and tell me exactly what in the hex dump makes it "blatantly obvious" that one is stegged.

Re:Just because you think it doesn't make sense... (1)

Dunbal (464142) | more than 6 years ago | (#21054949)

"something the bad guys won't use, because it's too cumbersome/difficult/whatever."

      That's the **AA version of "security"...

And yeah, you could be encrypting all that information, but even an encrypted file would be more suspicious than a picture of your cute daughter.

      Except for the fact that the little 320 x 240 pic is 512MB...

One thing I don't get (3, Insightful)

Gnostic Ronin (980129) | more than 6 years ago | (#21054487)

One thing I really don't get about steganography is why hiding a message *in* a picture is preferable to sending the picture as a message.

For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal -- say the image shows Osama wearing a silver watch for "It's go time", and a gold watch for "wait out the Americans". No one can detect a "hidden message" because there is none.

You could do the same for other things even if you don't use USB (which would probably be easiest in a workplace). How about plain old pencil and paper? Just write down the information, put it in a device called an "envelope", write down the physical address of the guy you're sending it to, and drop it off in the post office. It's virtually untraceable, and would work even if the IT guys turn off the USB ports.

Re:One thing I don't get (1)

cyclop (780354) | more than 6 years ago | (#21054571)

For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal -- say the image shows Osama wearing a silver watch for "It's go time", and a gold watch for "wait out the Americans". No one can detect a "hidden message" because there is none.

(1)This works only on messages you already have acknowledged with the receiver. Good for "attack now", but bad for "The new address of the target is X,Y,Z..."

(2)If you repeaditly use the same image(s) to send the same message, the code is plainly cracked.

As for the envelope, I guess you're joking.

Re:One thing I don't get (1)

sqrt(2) (786011) | more than 6 years ago | (#21054575)

Good for relying information that is a binary state, or at most a few degrees of complexity, but how did they get the information on what signal matches to what command? That had to be transmitted somehow too. What if they needed to change the signal because the codes were compromised?

Re:One thing I don't get (2, Insightful)

caluml (551744) | more than 6 years ago | (#21054753)

why couldn't the message be given via a pre-arranged signal
It's the same problem as OTPs. If you can get the "pre-arranged signal" secretly to and from the participants, then why not just use that same method to get the message out too?

Re:One thing I don't get (2, Insightful)

Dunbal (464142) | more than 6 years ago | (#21054923)

If you can get the "pre-arranged signal" secretly to and from the participants, then why not just use that same method to get the message out too?

      Because perhaps the "pre-arranged signal" was given in a face to face meeting, which will only happen once so as not to arouse suspicion.

Re:One thing I don't get (1)

Dunbal (464142) | more than 6 years ago | (#21054875)

For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal

      Ideally you would want to use both of these methods.

      Even sending an encrypted message saying "we attack X location tomorrow at 3am, bring teams 2 and 3" jeapordizes the whole thing if somehow someone manages to decrypt your message. But if they decrypt the message and say "oh look, a picture of Osama - wtf?".

      You're right in that prearranged signals are a great way to hide messages. The Brits used to do it with the French resistance on the darned public radio frequencies, right under the Germans' noses. You can even get more sophisticated by using combinations of messages, or having the same message mean different things depending on the time. The biggest problem there is if your "codebook" is leaked to your enemy. But I guess that's the problem with any security - it won't work if you give the key to your enemy.

Re:One thing I don't get (1)

igb (28052) | more than 6 years ago | (#21055087)

``The Brits used to do it with the French resistance on the darned public radio frequencies, right under the Germans' noses. ''

It worked well, and had some interesting advantages. One benefit was it provided a means for a resistance worker to partially confirm that someone claiming to speak for British intelligence really was: the latter said ``give me a sentence, any sentence, and I'll arrange to have it broadcast by the BBC''. It didn't work as well as it should because SOE were very careless and/or stupid about paying attention to duress markers in cipher traffic, but that undermined a lot of their work.

But the Germans helped by being pretty dense. Under interrogation, a resistance worker actually told the Germans of the meaning of ``Les sanglots longs des violons de l'automne'' (invasion within 48 hours) and ``Bercent mon coeur d'une langueur monotone'' for one group in Orleans. But for reasonable and unreasonable reasons, it was ignored. But then, that's the story of German counter-intelligence all over.

Re:One thing I don't get (1)

DerekLyons (302214) | more than 6 years ago | (#21055595)

One thing I really don't get about steganography is why hiding a message *in* a picture is preferable to sending the picture as a message.

Because hiding a message in a picture can be done on-the-fly, which is much harder with picture as message. Also, because a code (like picture as message) is fairly limited in the number, type, and complexity of messages that can be sent. (And assembling the dictionary is a fair bit of work, keeping it secure even moreso.) OTOH a message hidden in the picture can be anything. Text, audio, video, another picture...
 
I could go on, but the Reader's Digest version is that message-in-picture is far more flexible and versatile than picture-as-message.

Re:One thing I don't get (1)

perlchild (582235) | more than 6 years ago | (#21055773)

the amount of data...
Ideally, sending a message should be long enough it's something too big to be memorized

Same thing with an envelope, if you're in the context of industrial espionage, like the Schneier comment earlier, you'd want to send code or cad drawings, as in something too complicated for somone to memorize, and difficult to impossible for someone to replicate independantly. Stego is used in that context to prevent email logging from proving who sent it... at least, that's the theory.

As for virtually untraceable envelope, again, sending one page is no problem, anyone who sees you mailing 2000 pages of source code to someone might get a bit suspicious though.en

Hah, back in the seventies... (1)

Mantaar (1139339) | more than 6 years ago | (#21054495)

... Zep already started it. Stairway to Heaven, backwards. That funny 'reverse' knob on the tape deck sure was fun to play with!

This is just the first stage ... (4, Funny)

Thrip (994947) | more than 6 years ago | (#21054537)

Once they've planted the idea in the public's head that child pornographers hide kiddie porn in innocent images, then they can start embedding child porn in all sorts of things, so that when they feel like arresting you, there's a good chance there will be child porn on your computer and your ISP will have server logs of you downloading it. Or maybe I'm just being paranoid.

Re:This is just the first stage ... (1)

Chapter80 (926879) | more than 6 years ago | (#21054907)

Yeah, and there's a whole group of criminals that don't have it quite figured out. Like the ones who hid the new Radiohead album inside a photo of two naked pre-teens.

Hmm (1)

Turn-X Alphonse (789240) | more than 6 years ago | (#21054567)

Don't 4chan users already do this all the time by putting books inside jpgs?

I believe the technique is you open the jpg with winrar and it ignores everything before the start of the zip file, so ignores the jpg but still reads the zip fine.

If little kids making penis jokes can do it with so much ease I very much doubt it's "too complex" to be useful in other ways. All it takes is the knowledge and you can hide stuff in broad day light, or at least make it very difficult for people to find that zip of (lets go with the emotional response) child porn hidden among your 500 holiday snaps to the south of France.

Re:Hmm (0)

Anonymous Coward | more than 6 years ago | (#21054609)

little kids making penis jokes
Is that so? Why don't you check it out next Thursday (Literthursday), see what kind of books these "little kids" are reading. You might be surprised.

- A

easy (if somewhat less high-tech) solution (1)

Carbon016 (1129067) | more than 6 years ago | (#21054595)

4chan has been using a similar thing for a while - it's easy to hide a zip/rar archive in a jpg as these formats ignore everything but the markers indicating the start and end of the archive. For example, hiding a e-book .pdf in a .zip, then appending it to a .jpg means that it shows up as a valid jpg with the cover or whatever in a browser, etc, but when renamed .zip it functions as a proper archive. Not exactly what's in TFA, but pretty cool nonetheless!

Stenography probably not used for bulk data xfer (2, Interesting)

ahodgkinson (662233) | more than 6 years ago | (#21054641)

It is unsurprising that there is positive correlation between presence of stenography software and criminals convicted of child pornography and financial fraud. Given the penalties and the police/media preoccupation with these activities, it is hardly surprising that some criminals are using stenography to cover their tracks.

A point to note is that the criminals using stenography are probably not using it to transfer large quantities of information, but merely communicating small very private messages. This might include links to web servers, credit card numbers or meeting/payment instructions. It is unlikely to require more than a few hundred bytes of data.

While Schneier is correct that corporate theft is best accomplished with USB drives or even your corporate laptop, the criminals using stenographic software are probably not using it for their bulk transfers of information, but rather pointers or encryption keys to information transfered by other means.

Comparing the number of web pages against the number of child pornographers who might be hiding stenographic in online images makes Purdue's attempt to crawl the web in search for stenographic data seem futile.

Data transfers by stenography have to be pre-arranged in advance by some other communication method, otherwise how would sender and receiver know how to encrypt/decrypt their messages? If your interest is in stopping crime, then this is the weakest link and should be the focus of your detective work.

This is only the second step (1)

houghi (78078) | more than 6 years ago | (#21054763)

The first ste is to not let people know from whom your recieved anything or to who you are sending things.

So how can this be done? Easy, post it on Usenet. That way there is no link between the sender and the reciever. I post it on a server in Belgium and somebody else can read it on a server anywhere in the world.

Obviously you need to be on-topic, othewise you can draw unwated attention on yourself. So you start to look for ways to do that. Binary groups can be ideal for this. Add Stegography and gpg and you have an ideal way of sending messages to anybody. Each person could be using a different group and/or gpg key.

That way everybody can see your message and perhaps even can find out you are actualy using Stegography, but they will not be able to figure out who it was for or, even if they would be able to hack the information.

e.g. if you post to news:alt.binaries.pictures.wallpaper [binaries.p....wallpaper] daily (Please not more then 50 per person per day) daily, as I do I can once in a while add extra information if I so desire as I did today.

The advantages over other ways of comunication, like email or websites, is that there is no way to make a link between people directly. This is nothing more then braodcatsing "Jaques has a grand moustage, I repeat, aques has a grand moustache."

Sure peaople would know that is was send, but they did not know what it ment or whom it was for.

History Repeats Itself... (1)

tjstork (137384) | more than 6 years ago | (#21054969)

We'll mop up those cowardly confederates at Antienam...

Those Japanese are too stupid to make it through the jungle at Singapore, and certainly don't have the logistics to sustained forward fleet operations...

It will be at least a decade before the Russians get the atomic bomb...

The United States has a comfortable lead in rocket technology...

A bunch of stupid arabs couldn't put together a complex terrorist attack against the USA....

We've just about got this insurgency licked...

And now..!

Thiefs are too stupid to use advanced technology....

PB (1)

dkd903 (1156359) | more than 6 years ago | (#21055065)

in the entire prison break series we have had enough of steganography. so isnt it enuff to prove the worth?

Is Schneier being naive? (1)

argent (18001) | more than 6 years ago | (#21055857)

Schneier says steganographic images are just too obvious, anyway, which renders the technique useless. "If I'm in Burma and trying to send out human rights documentation and hide it in a picture of a giraffe," it's going to look suspicious, he says. "For it to work, you need to have a plausible cover story."

Like, you're sending pictures of your family to relatives overseas?

Steganography is just a new way to mix up the classic techniques of prearranged obscure and innocent signals with ciphers, and these kinds of signals are well known and have a long history of being used by all kinds of people for purposes both innocent and otherwise. Paul Revere's "one if by land, two if by sea". Coded messages in classified advertisements. Kipling's raised hand. They've even been appropriated and turned into normal and expected parts of games, like signals in baseball, or bidding in contract bridge.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...