Slashdot Mirror
First Steganographic Image Found In The Wild
Niels Provos writes: "After months of searching for steganographic content on eBay and
elsewhere -- downloading millions of images, we were finally able to
find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less
than a second to compute the secret key necessary to extract the
hidden message. Two commands at the prompt, and we found the hidden
message to be an image of B-52 scrapyard. Right off Terraserver."
If I told you that one of the images on my website had stegagnographic content, would that count as "in the wild"?
-russ
Don't piss off The Angry Economist
What about images attached to emails? I can see it now:
new abc worm scans users hard drive for images with secret messages, sends email to FBI
"Get them before they get....
Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.
Clear now?
sPh
I do not know anything about steganography but I think that there is no general method to find a message hidden in a picture. If the length of the message is small enough compared to the length of the picture and the picture has some random noise in it (like every photography has). A typical GIF contains tens of thousands pixels. Assume that I want to hide a short message (50 chars 5.5 bits per char ie 275 bits in total) it means that I must add a single bit of noise to one of 40 bites of data. How can anyone find that? And what if I add the noise myself? I mean somethig like one-time pad cipher.
Exactly, a 1st year C programming student could re-write a cheezt stego program to hide that 1 to 2 K message at a Certian byte offset or at a repeating offset.
/dev/random. If you saturate the detectors then you can slide what you want through un-noticed.
Stego detection software makes me laugh, it will only detect morons and idiots, and if you really worry about detection increast the Signal to noise ratio. stego EVERY image you come across with the contents of
I dont care what they develop for detection or interception, anyone with 1/2 a brain can get past them without effort. The difference between a madman and a genius is that a genius won't use his/her knowlege to kill people for sport (or any other reason) The madman looks for any excuse to use his/her knowlege to kill maim or destroy.
Do not look at laser with remaining good eye.
Two of my aunts mentioned the coverage on ABC. They thought that the demonstration images shown had actually been found and related to the terrorist strikes. I didn't actually see the broadcast, but the two ladies involved aren't stupid. It must have been pretty misleading coverage to give them that impression.
Did anyone actually see the story when it was broadcast and can comment on it?
PHEM - party like it's 1997-2003!
Recently, I have been frustrated by 1) not really doing something (other than donating) related to the recent events, and 2) the government's accusations that technology is actively utilized for terrorism without providing an example.
Considering the importance of this project and the number of images provided on the web, would it be possible for this project, or maybe another, to go to a distributed computing model (@home) ?
"There ought to be limits to freedom"
How much computing power does this type of decryption/investigation take? How much would it take to examine the large (ie > 1M) pictures? If it takes a non-trivial amount of computing power, it sounds like an excellent candidate for a seti-at-home or similar project: "Help us fight terrorism: download this program and help us crack images"...
Given the publicity that the first stego search got, I wouldn't be surprised if you ran the test again that it would find thousands of stego messages out there.
[admittedly OT, but the poster should be corrected, lest people think him silly in the future]
You use the phrase "salted the earth", which means the opposite of what you seem to think it means.
Think about it -- did the Romans salt the earth around the ruins of their long-time enemy Carthage to make things grow?
Perhaps you were looking for some phrase containing "seeded" or "sowed," which would more accurately suggest fertility.
Just one little thing that seems to be easily forgotten...
The purpose of steganography is information hiding . An information hiding method that reveals more than random noise to an observer is broken. The only thing that can be deducted from a properly encoded steganographic message is the presence of (seemingly) random noise modulated on top of an information carrier. Claim: Encryption is a requirement in order to properly implement information hiding, otherwise one simply ends up with two images/message on top of each other.
There is no way anybody that is serious about information hiding (and we all know who that could be...) will resort to simply mixing two picture sources using [choose your favourite modulation scheme here].
This is also why it is so easy to detect and remove a known watermark from documents. (And certain unknown ones as well, as demonstrated by Felten & Co)
So, while scanning the net can be useful for detecting broken applications of steganography, it will hardly reveal interesting information. (note: "Application" here refers to "method" or "usage" and not necessarily to the software performing the modulation.)
-- Fortes Fortuna Adjuvat --
Code phrases hidden (and sometimes, not so hidden) in public broadcasts have a long history. Recall BBC's nightly broadcasts during WW-II, which frequently concluded with a long list of apparently nonsense phrases. Most of them were, in fact, nonsense, but some were "trigger phrases" aimed at groups like the Resistance to coordinate actions. The nonsense phrases were thrown in so that the Germans couldn't do traffic analysis.
If the secret message is just "the target is X, the date is Y" where X and Y are a relatively small list of predefined targets and dates, you don't need a whole lot of code phrases -- or even signs, given a video tape (consider signals between catcher and pitcher in baseball, for example) -- to convey which X and Y you mean.
Farfetched? Not really. But even if it is, why take the slightest chance on spreading the enemy's message for him?
And to answer your questions: Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them? The answer is NO, not if you are being actively sought out and such communications might fall into the wrong hands, betray your location and/or not get delivered.
-- Alastair
Actually, it's highly likely. Winston Churchill did it during WWII with his radio announcements. They contained a predefined trigger to coordinate the release of toops during certain battle arrangements.
Let's all stop and think about this for a meaning. I wish to send an important secret message to my evil henchmen on another continent. Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them?
All of these are immediately noticeable if you are under surveillance. It's best to use something that is "not quite what it seems" as a method of communication.
hope that the corporate minions of the Great Satan will transmit your message, complete, clear (no poorly translated voice-overs, if you please) and in a timely fashion.
Actually, a voice over won't matter. If they use the same basic imagery when translated to English, the message would still be clear. It has been noted that Bin Laden frequently uses interesting combinations of imagery in his words during the few public releases he has. As far as timely release? Come on. Our news hounds are constantly striving to be the first to release such things. I would say that Osama could absolutely count on it being delivered almost immediately.
The most clever way to plan during a "war" is to act with utter simplicity.
GreyPoopon
--
Why is it I can write insightful comments but can't come up with a clever signature?
I've been putting images with steganographic goodies in them up on message boards and other public webby places for months, in hopes that someone would trip over them.
Been making it as obvious as possible, only to discover that the "I thought it was obvious" password was too tough for the U Mich guys to break with their dictionary attack.
Just me jammin', trying to stir up trouble in the name of liberty and other outmoded concepts.
Especially if the justification is not what he actually said, but the secret hidden message that that must not be heard!
It's the end of the world as we know it, and I feel fine.
Forget looking for the cause of his actions. Let's just label him a "mad man", and state that his goal is "the end of the free world".
No, they've given us the reason. We're a "beacon of freedom"!
(and if you can swallow that, I've got a lollypop in my pants for you to try next.)
Overall, I enjoy being a U.S. citizen, but I am completely embarrassed, and even mortified by some of the actions that we (as a country) condone, and those that we perpetrate.
(My feelings exactly.)
___
The way to see by faith is to shut the eye of reason. --Ben Franklin
Why hide just in one image? Why not in multiple images? Why just in images? Why not in .mp3, for example? Why don't they use hardly audible noises in an audio file that could be decoded into a message? And, why don't they build their own independent network?
Here is a message right off the back of my 3com shirt which got at a trade show 3 years ago:
http://doom.net/pics/3com-shirt.jpg
-v