Slashdot Mirror

← Back to Stories (view on slashdot.org)

Study Finds Low Use Of Steganography On Internet

Posted by timothy on from the maybe-it's-just-not-on-ebay dept.

schnippy writes: "New Scientist reports on new study from the University of Michigan that argues that steganography (the science of obfuscating communications) is not in wide use, or at least not on the 2 million images they scanned on eBay. Earlier this year, USA Today reported that Bin Laden was using steganography to disguise his communications. Full study is available here. Wonder how long before someone sets up a distributed computing client to help search for Bin Laden's secret communications? :p" Niels Provos' research was mentioned in Slashback not long ago, and this article is based on the same research.

6 of 291 comments (clear)

  1. How do they know? by andy@petdance.com · · Score: 5, Insightful
    How can they know that the 2E+09 images on eBay don't contain hidden messages? They might not have detected them, but that doesn't mean they're not there. Perhaps these damn terrorists (gasp!) made their own software!

    And who says that you have to post images to send a message? Maybe posting a baseball card for sale means that a cell is to attack on the day that the auction closes. A Sammy Sosa card means we fly into the Sears Tower; a Thurman Munson card means the WTC. The starting bid is the price is the time at which it's to happen.

    The whole point of steganography is that the outside world doesn't even know what your encoding system is, much less be able to decipher it.

  2. e-Bay? by gus+goose · · Score: 5, Insightful

    Apart from the fact that by default, good steganography should be undetectable, it appears that e-bay is a poor site to use. By default, the user posting a sale has to exist in some manner, unless a new identity is created for each item to be sold - which makes sense, but the bottom line is that it is a pain to keep creating e-bay accounts, and making up e-mail addresses.

    Something on the newsgroups would be a much better place to look. the alt.binaries.pictures.* areas. Almost total anonymity.

    If I were to want to communicate this way, I would avoid e-bay.

    gus

    --
    .. if only.
  3. Re:is it just me, or... by Erasmus+Darwin · · Score: 5, Insightful
    "With so many other more effective and simple methods of encryption (read: PGP), why would anyone go to all the trouble?"

    You're comparing apples and oranges. Steganography isn't encryption -- it's concealment. If I send a PGP-encrypted message, regardless of whether or not they can break it, every eavesdropper knows that I just sent a PGP-encrypted message. If I use stenography to hide a message, an eavesdropper might miss the message, but would be able to decode it if it's discovered. If I use both, it's a win-win situation.

  4. Re:Isn't that the point? by 4of12 · · Score: 4, Insightful

    There hasn't been much need for steganography so far.

    But if encryption is outlawed, then steganography will enjoy considerable growth as people find that the only way to secure their data is to hide the fact that they are doing so.

    With regards to Bin Laden, I continue to maintain that his use of high tech is overstated. (But making such statements is probably a great way to get government funding for fun stuff, make it look like "we're doing something", etc.)

    Low-tech means of infrequent verbal communications, not in Western language and frequently not conducted over electronic means, are more than sufficient to hide covert activities.

    Yeah, I can just see ObL and his gang firing up the diesel generators in their rural Afghan camp, setting up their satellite cell phones to upload and download complicated set of instructions that have been steganographically encoded. Give me a break. There are easier ways for him to communicate that are far less risky.

    --
    "Provided by the management for your protection."
  5. another warped news story by trb · · Score: 4, Insightful
    The paper describes a system for gathering and analyzing steganography data. The researchers are smart enough to know that their methods don't find all methods of hiding text, but their framework can be used to apply whatever analytical tools you like to the images it collects.


    The point isn't "there is no steganography on the web." The point is "here is a system to look for steganography."


    In typical mass media fashion, both New Scientist and Slashdot go for the flashy story rather than the more interesting point of the research.

  6. ebay not the place to look by Captain_Frisk · · Score: 4, Insightful

    Why would you put the images on ebay? There are plenty of forums that aren't as public, and don't require as much information to register, and best of all, don't cost money.

    There is absolutely no relationship between there being no stenographic images on Ebay, and the use of stenography by Bin Laden or other terrorist groups.

    Seriously, think about where you would put your images? I would say porno boards would be the best place, possibly newsgroups. Tons of people look at porn, so the traffic wouldn't seem strange, and theres so much out there, you wouldn't even know where to look if you were looking for said stenographic images.

    As for distributed clients... I'd love to see a distributed client that started searching all the pr0n sites out there, checking them for secret messages. Could you see that popping up as your screen saver?

    Its just not going to happen.

    Captain_Frisk