Security Through Obscurity - Spam Mimic

ragnar! writes "Ingenious. Not just strewing spam-speak between the words of your message, actually does some kind of character/word -> phrase conversion. Interesting concept - check out Spam Mimic." I tested it out - looks pretty darn cool.

Wonderful

[rcp]

Can everybody please post examples for how their short message was ballooned into wordy spam? I just got a new mouse with a scroll wheel and I'd like to try it out.

Oh, you've done that already. Thanks.

To: webmaster@spammimic.com

[Stavr0]

Hello friend,

We have an amazing opportunity waiting for you. Because your server has been slashdotted,
we have a special offer just for you at FBNHOSTING.COM. FlyByNite hosting guarantees
uninterrupted web hosting with no possibility of DOS/DDOS/SlashDotting attacks.

Act now! This offer is time limited. Already, your precious users are turning away and surfing
on to your competitor.

W.E. Zell, manager
FBNHOSTING
---

Used real spam in the decoder

[Stavr0]

I copy-pasted a spam from my inbox into this thingy and it decoded to this:

I am a scam artist trying to defraud you of your hard-earned money.
---

kills spam

[Rader]

What I would like to see is that this DID cause a problem for the government snooper/sniffers BUT, to fix the problem they instead made spam illegal.

THAT would be cool. I'd almost overlook the whole big brother thing if they did that :)

Rader

Re:No Secret Messages So Far

[British]

You just came up with an amazing idea. Disguise your emails as Jon Katz rants. That way, nobody would WANT to read your intercepted email.

good start, but need more.

[mjh]

The problem that I see with this is that it's too easy to intercept in an automated fashion. It doesn't take any secret or anything to be able to determine whether or not the data is there. You simply decode it and you get the hidden message. In fact, if you give it something that isn't an encoded message, it will tell you that it can't decode it. This makes it trivially easy for the carnivore's (et al) to automatically detect this type of obfuscation. They simply have to add a step to their spam filtering code to try deobfuscating before deleting.

The real value would be if this thing would take any garbage and translate it into something - of about equivalant length garbage. Thus it could be coupled with an encryption format that looked like garbage, to effectively obfuscate your communication.

PGP/GPG does not do a good job as the encryption format. It's got these nice, easy to read, headers that show you that it's a GPG encrypted message. What you need is something that will take in what looks for all the world like garbage and spit out the clear text if you got the right key.

This is a great first step, tho.

MAKE BIG $$$ IN YOUR SPARE TIME!!!

[Golias]

Since most real spam originates from some ".backwater" national domain, and spoofs the recipient's ID into the From: field, it seems to me that the fake spam would be fairly easy to spot.

If it looks like spam, but comes from a major ISP, and is delivered to only one person, it is a fairly good guess that it is really a coded message.

The only way to avoid your message being parsed out from somebody who is really looking for it would be to actually spam a few thousand people though the usual spam channels... which means we can all expect lots more messages advertizing pyramid schemes and satelite TV systems in the near future, just so Bin Laden can chat with his pen-pals.

That's just swell.

Get Your Own Source Code Here

[peterwayner]

As usual, I want to let everyone know that the source code for the mimic functions is available if you just ask. Send me some email. You can get it in C, Pascal or Java flavor. Each of these versions reads the same generic grammar file. So you can create your own grammar for encoding messages. I've written one that uses the voice over to a baseball game. The folks at SpamMimic wrote their own using Spam as an inspiration. I would love to see some more. Incidentally, writing and modifying the grammars is one way to "key" the output. Only someone with the right grammar can decode a message. Another way is to use a number of mechanisms to scramble the grammar for each message. These are all explained in Disappearing Cryptography . Please write with questions and comments. -Peter p3@wayner.org

Even easier

[cryptochrome]

The spies could just as easily closely watch the spammimic site and intercept all incoming messages and outgoing encodes. The ip can be traced to the sender, and the outgoing encodes could be cross-refererenced against intercepted emails to figure out who the sendee. The website isn't even secure. Since people have to go through this website, that's the weak point in the whole scheme.

A believable stand-alone spammimic encrypter, coupled with a PGP-type encryption scheme, would be the most effective. A PGP encrypted message looks like gibberish (making it easily detected), but could then be SMed into fake spam. If a spy intercepted the message and de-SMed it he would be left with unintelligible encrypted gibberish. More importantly, if a spy tried to de-SM a real spam he would also get unintelligible gibberish. Thus he would have to somehow figure out whether a message was an SMed encryption or not, and even if successful he couldn't decode it.

Therefore spammimic needs to make their encodes indistinguishable from real spam email to prevent detection. The decoding algorithm should also produce an output for any input (no error messages), and the output for real spams should be indistinguishable from PGPed messages (both look like gibberish, but only one can be decrypted, and only if you have the proper key). The SMed messages also need to be able to accomodate longer messages, and you should be able to use the encrypter on your own machine for privacy.

Of course, smart spies know most people don't send each other spam, so they could still pick people out that way. There ought to be a "Long-inane-rambling" or "shallow political discussion" mimic ^_^

cryptochrome