First Steganographic Image Found In The Wild

Niels Provos writes: "After months of searching for steganographic content on eBay and elsewhere -- downloading millions of images, we were finally able to find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less than a second to compute the secret key necessary to extract the hidden message. Two commands at the prompt, and we found the hidden message to be an image of B-52 scrapyard. Right off Terraserver."

Re:Not exactly "in the wild"

[Quizme2000]

What about images attached to emails? I can see it now:
new abc worm scans users hard drive for images with secret messages, sends email to FBI

Re:at the risk of sounding stupid.

[sphealey]

what exactly is the purpose of this. After perusing the site i'm not exactly sure what the purpose of this is. at first i thought it was related to terrorist hiding information in images on the internet. can someone shed some light of this situation.

Based on my pre-9/11 reading, bin Laden's bunch pass messages via the spoken word, face-to-face, using messengers who are personally known to them and who usually have some sort of family tie.

Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.

Clear now?

sPh

Re:Not a very good algorithm / implementation

[Lumpy]

Exactly, a 1st year C programming student could re-write a cheezt stego program to hide that 1 to 2 K message at a Certian byte offset or at a repeating offset.

Stego detection software makes me laugh, it will only detect morons and idiots, and if you really worry about detection increast the Signal to noise ratio. stego EVERY image you come across with the contents of /dev/random. If you saturate the detectors then you can slide what you want through un-noticed.

I dont care what they develop for detection or interception, anyone with 1/2 a brain can get past them without effort. The difference between a madman and a genius is that a genius won't use his/her knowlege to kill people for sport (or any other reason) The madman looks for any excuse to use his/her knowlege to kill maim or destroy.

Distributed Computing Project?

[idonotexist]

Recently, I have been frustrated by 1) not really doing something (other than donating) related to the recent events, and 2) the government's accusations that technology is actively utilized for terrorism without providing an example.

Considering the importance of this project and the number of images provided on the web, would it be possible for this project, or maybe another, to go to a distributed computing model (@home) ?

Computing power

How much computing power does this type of decryption/investigation take? How much would it take to examine the large (ie > 1M) pictures? If it takes a non-trivial amount of computing power, it sounds like an excellent candidate for a seti-at-home or similar project: "Help us fight terrorism: download this program and help us crack images"...

Re:Yeah, except for...

[AJWM]

Code phrases hidden (and sometimes, not so hidden) in public broadcasts have a long history. Recall BBC's nightly broadcasts during WW-II, which frequently concluded with a long list of apparently nonsense phrases. Most of them were, in fact, nonsense, but some were "trigger phrases" aimed at groups like the Resistance to coordinate actions. The nonsense phrases were thrown in so that the Germans couldn't do traffic analysis.

If the secret message is just "the target is X, the date is Y" where X and Y are a relatively small list of predefined targets and dates, you don't need a whole lot of code phrases -- or even signs, given a video tape (consider signals between catcher and pitcher in baseball, for example) -- to convey which X and Y you mean.

Farfetched? Not really. But even if it is, why take the slightest chance on spreading the enemy's message for him?

And to answer your questions: Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them? The answer is NO, not if you are being actively sought out and such communications might fall into the wrong hands, betray your location and/or not get delivered.

Re:Yeah, except for...

[GreyPoopon]

My only exception to stwilwebm's comment above is the phrase "quite possibly". IMNSHO, "not bloody likely" is the correct adverbial phrase.

Actually, it's highly likely. Winston Churchill did it during WWII with his radio announcements. They contained a predefined trigger to coordinate the release of toops during certain battle arrangements.

Let's all stop and think about this for a meaning. I wish to send an important secret message to my evil henchmen on another continent. Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them?

All of these are immediately noticeable if you are under surveillance. It's best to use something that is "not quite what it seems" as a method of communication.

hope that the corporate minions of the Great Satan will transmit your message, complete, clear (no poorly translated voice-overs, if you please) and in a timely fashion.

Actually, a voice over won't matter. If they use the same basic imagery when translated to English, the message would still be clear. It has been noted that Bin Laden frequently uses interesting combinations of imagery in his words during the few public releases he has. As far as timely release? Come on. Our news hounds are constantly striving to be the first to release such things. I would say that Osama could absolutely count on it being delivered almost immediately.

The most clever way to plan during a "war" is to act with utter simplicity.