Slashdot Mirror
First Steganographic Image Found In The Wild
Niels Provos writes: "After months of searching for steganographic content on eBay and
elsewhere -- downloading millions of images, we were finally able to
find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less
than a second to compute the secret key necessary to extract the
hidden message. Two commands at the prompt, and we found the hidden
message to be an image of B-52 scrapyard. Right off Terraserver."
What about the Evil Bert picture? We didn't seem to have the flood of Anthrax here in the U.S. until after that poster came out.
Hidden message?
Hidden like a fox!
It was shown on ABC news during a discussion of, guess what, steganography. The key was "abc". The person who created it said that it had a message hidden in it. An image "in the wild" would be one that was found at images. that wasn't known beforehand to have steganographic content.
Best Slashdot Co
It says "host cannot be reached, click OK to continue"
:)
yay. It only took me 10s w/Netscape to find the message
...now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!
Skivvy Niner? Email me!
HEY! Look left just ONE MORE TIME!
images.
Best Slashdot Co
This wasn't on EBay. This was a published demonstration of how steganography works.
But if you look at the Slashdot image: http://images.slashdot.org/title.gif you'll see cmdrtaco and cowboyneal with pasty white bodies on the well tanned French Riviera.
The linked page says that the steg. image found "in the wild" was intentionally done as a demo of steganography and publicized on TV.
Someone please take this article out. It's an embarassment.
That it was the planted image from ABC. This is not what I would call a real detection of "in the wild" Show me an image that wasn't part of a media company stunt, or other reporter activity on the very technology of stenaography. Any of the supposed bin-laden images? How about a simple script-kiddie or cracker/thief communication?
In the wild denotes actual use by thrid parties.. A virus in the wild means it's out there looking to do damage and infect, This image is the equilivant of a hello world program on a how to program website.
It's not in the wild, It's an example placed by ABC news.
Do not look at laser with remaining good eye.
"of course we needed to visit all these pr0n sites! that's where 70% of all the images on the web are!"
- This isn't the sig you're looking for. Move along, move along..
...a sure fire way to crash your webserver.
What I would like to see is a truly wild image culled from the net. Unfortunately, it probably would be kiddie porn.....
Still, the test is interesting.
Now wait for Terraserver to e-mail you about your violation of the DMCA.
Heh heh heh.
Do you like German cars?
Good stego should be undetectable -- first off, the hidden message should be encrypted, and therefore nearly indistinguishable from any other set of random numbers. Also, the message needs to be several orders of magnitude smaller than the carrier image -- if you want to hide a 1K message, you ideally want a ~1M image to put it in. Isolating 1K of signal out of 1M of noise would be very computationally difficult.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.
Clear now?
sPh
but I'm kinda bothered by this sort of thing, not in the way some might think. I don't have any problem at all with the research being conducted (actually I support it, good stuff!), but I hate that gobs of bandwidth are wasted by this sort of thing.
I mean, how much bandwidth is taken from companies with large numbes of images on their sites (EBay for example) as a results of stuff like this? It's not exactly something you can say adheres to purely ethical use of their bandwidth.
There's got be lots of projects out there attempting this stuff, especially given recent press coverage on the topic. Who's picking up the tab for the network usage?
Perhaps a permission-based scheme would be better, or better yet a volunteer-supported test server pool dedicated to hosting images. That way, people could test out steganography techniques by posting their images to the pool for the community at large to take a crack at. Thoughts? Flames? Oranges?
No doubt a fair proportion of them contain spook words too.
Unless of course they have a warrant, or the US government implements some more 1984 laws.
Just type "steganography" to Google or Altavista.
Two of my aunts mentioned the coverage on ABC. They thought that the demonstration images shown had actually been found and related to the terrorist strikes. I didn't actually see the broadcast, but the two ladies involved aren't stupid. It must have been pretty misleading coverage to give them that impression.
Did anyone actually see the story when it was broadcast and can comment on it?
PHEM - party like it's 1997-2003!
Eventually they get told that yes, there is a steganographic image on ABC, and they look at it, and guess what? They prove that it is a steganographic image and they can really desteg it. Quel surprise!
Of course, this particular image was very simply constructed as an example for a mass entertainment news channel intended for a general, non-specialist, audience. It was not constructed by someone concerned about secrecy or desperate to conceal a secret message. On the contrary it was constructed using handy, freely available steganographic image tools, not special purpose custom written ones.
Great!
This doesn't prove that there aren't staganographic images on eBay which their software can't detect. It doesn't prove there aren't steganographic images on alt.sex.binaries.fluffy-bunnies. It doesn't prove there aren't steganographic images on your favourite pr0n site.
It doesn't even prove that some spook agency somewhere can't detect all these steganographic messages, desteg them, and read the payload. All it proves is that these two academics can only detect a steganographic image it they're told where it is and what it is, and even then only if it's produced with a small range of well known, freely available tools.
Incidentally, there is a steganographic payload in this post. Care to scan all Slashdot posts for steganographic payload? All Usenet? No, thought not.
I'm old enough to remember when discussions on Slashdot were well informed.
Recently, I have been frustrated by 1) not really doing something (other than donating) related to the recent events, and 2) the government's accusations that technology is actively utilized for terrorism without providing an example.
Considering the importance of this project and the number of images provided on the web, would it be possible for this project, or maybe another, to go to a distributed computing model (@home) ?
"There ought to be limits to freedom"
I am sorry to see the above post modded down as "troll". The poster makes some very good points. Here's eBay's own 'acceptable use policy' excerpt that covers this:
Access and Interference.
Our web site contains robot exclusion headers and you agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not use any device, software or routine to bypass our robot exclusion headers, or to interfere or attempt to interfere with the proper working of the eBay site or any auction being conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to eBay by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of eBay or the appropriate third party.
I think that this very clearly shows that eBay does take a dim view of these things and that such abuses of their network are prohibited. Whether it would stand up in a court of law is another matter, but trying to predict the court system in the U.S. is about as easy as winning at roulette.
Is it some sort of MTV-esque "Look at how bad I am, I like Thompson!' thing?
Perhaps partially. I admire and respect Thompson because gonzo journalism was, at its onset, a new and refreshing change from more traditional reporting styles. It was a partially successful experiment, and worthy of trying.
But perhaps more importantly I admire anyone who is able to flagrantly flout society's conventions and morality and be successful doing so. Since the mainstream media continues to hound upon the virtues of leading a pure and chaste life, it is refreshing to have someone show that extreme debauchery does not necessarily lead to a life of tragedy, if you are smart about it. I don't consider him a "drug crazy retard", but a journalist who has pursued (and abandoned) some interesting styles and who is a better-than-average writer.
What have you read by him?
How much computing power does this type of decryption/investigation take? How much would it take to examine the large (ie > 1M) pictures? If it takes a non-trivial amount of computing power, it sounds like an excellent candidate for a seti-at-home or similar project: "Help us fight terrorism: download this program and help us crack images"...
I looked at that picture for hours and I couldn't see those B-52s
I just kept staring at it and staring at it....
This
Just one little thing that seems to be easily forgotten...
The purpose of steganography is information hiding . An information hiding method that reveals more than random noise to an observer is broken. The only thing that can be deducted from a properly encoded steganographic message is the presence of (seemingly) random noise modulated on top of an information carrier. Claim: Encryption is a requirement in order to properly implement information hiding, otherwise one simply ends up with two images/message on top of each other.
There is no way anybody that is serious about information hiding (and we all know who that could be...) will resort to simply mixing two picture sources using [choose your favourite modulation scheme here].
This is also why it is so easy to detect and remove a known watermark from documents. (And certain unknown ones as well, as demonstrated by Felten & Co)
So, while scanning the net can be useful for detecting broken applications of steganography, it will hardly reveal interesting information. (note: "Application" here refers to "method" or "usage" and not necessarily to the software performing the modulation.)
-- Fortes Fortuna Adjuvat --
the reason they 'cracked' the key was obviously because it wasn't really encrypted.
Any real stego you wanted to hide would also be encrypted. Strongly. So all you would find is noise.
You can use spread spectrum techniques, you dont have to use the LSB. If an image has any uncorrelated noise at all you can always make sure the signal strength of your encrypted message is below the level of that noise ... and if the encryption algorithm can produce a sequence indistuingishable from noise if you dont know the key ...
Many are beginning to discredit the detection of steganographic images in the wild without learning the actual methods of detection!
While it is very easy to change an algorithm by byte offset, this is NOT the method of detection being used.
The method of detection exploits the characteristics of the JPEG compression algorithm to detect non-naturally occuring deviations in the image file. An example of this would be the gamma balance which is averaged over a certain number of pixels. In order to "hide" a change to a single bit, another bit would need to be inversely modified such that the balance of the image remains within or close to natural balance.
I just find it very strange that somebody tries to make us believe that Steganographic content is limited to pictures and will be found on eBay. _IF_ you really want to hide something you might want to embedd a message at a certain time (time synching is not a problem) into an ever changing stream of data (like a webcam or an Internet radio station). The content has to be spread out over a certain amount of time. Maybe only chunks of a message per hour. This is not exactly emergency communication, orders, information, etc. can be received over several hours if needed. Now you spread the content over a pre-defined sequence and maybe start with a "wakeup" message to indicate that a new block of cipher information is about to come. This would be impossible to detect, because you have nothing to compare against (like a picture of a busy street is never the same). So I personally think that this "we scan on eBay and the pictures are evil" is something to put people at ease, but is not really helping a lot. Other than people will be forced into more stealthier methods ...
I've been putting images with steganographic goodies in them up on message boards and other public webby places for months, in hopes that someone would trip over them.
Been making it as obvious as possible, only to discover that the "I thought it was obvious" password was too tough for the U Mich guys to break with their dictionary attack.
Just me jammin', trying to stir up trouble in the name of liberty and other outmoded concepts.
Given that image based steganography has been around for a while, and there are probably at least a few thousand people online experimenting with it, they should be turning up a lot of these. That doesn't even begin to factor in that criminal organizations all over the world are probably playing with the stuff, especially given recent coverage of steganography in the news.
What does this really mean? Perhaps finding well hidden messages is a hell of a lot harder than anyone expected- and it will only get harder. If criminals are using this to communicate, they may be justified in feeling safe doing so.
Of course, it is probably a bad idea to put stock in anything that comes from guys trying to grab the spotlight by reporting an image created by abc news as a steganographic image found "in the wild." If nothing else it reminds me of idiots who try to get attention reposting known securiuty vulnerabilities to BuqTraq.
The image on terraserver that abc encoded. Clarification: This was NOT a terrorist encoded picture. This was planted by ABC and found and decoded.
If a person creates there own, unknown program with new algorythims, an FBI agent will not be able to decode the hidden measage. why? because if you do not have any information about the system that created the picture, you will not know how to decode it. the only way that the FBI will be able to decode pictures would be to get the program from some one...if you are a terrorist, are you going to give them a copy of your program?
I am the Alpha and the Omega-3
OutGuess 0.2 can not be detected using these techniques.
A little cornfusing, but it sounds like they couldn't really find any hidden info IN THE WILD, so ABC creates this image for a stego program and challenges these genie-asses to decode it? Bloody difficult key there, ABC.
Excuse me but this sounds like a police dept. with a bloodhound who couldn't find squat, takes a prisoner, ties a t-bone steak around his neck, puts him in the dog house and says, "Find the criminal, boy! Good dog! Good Doggie!! See what progress we are making in the fight against terrorism?!" while the media are rolling film.
Or they want to justify continued funding for their research on images in alt.binaries.pictures.you.know.what.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
You aren't REALLY so naive as to believe they intend to use these to combat *terrorism*, are you?
These "antiterrorist" laws are nothing more than the standard antiprivacy "pro law" items that certain elements have been trying to get for years. Now they have a window of opportunity to ram them through.
If passed the average person convicted of a crime using the antiterrorist rules will be high school kids selling pot or dicking with their school's chess club web page.
They know damn well that these provisions won't really let them watch terrorists, but it will sure as hell let them watch YOU!
KFG
I wonder what would happen when some freak hides some instructions to carry out some sort of terrorist act in a pr0n image and it gets widely disseminated and shared around. Now if law enforcement found such an image on you, how would you prove you weren't the one who wrote the message?
Here is a message right off the back of my 3com shirt which got at a trade show 3 years ago:
http://doom.net/pics/3com-shirt.jpg
-v
I have the same combination on my luggage!
You see? You see? Your stupid minds! Stupid! Stupid!
Intelligent terrorists would use their own courier.
When not planning face to face, terrorists will just have to send personal couriers - or get caught.
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.
Government are using terrorism as an excuse - to scare people into supporting them in the monitoring of Internet traffic.
This is all propaganda by government - to invade our basic human right to privacy.
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
This argument is made to pressure people into acquiesce - else appear guilty of hiding something.
It does not address the real reason, why they want this information - they want a surveillance society.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you.
Incidentally, the United States Department of Commerce and the United Nations World Intellectual Property Organization know the solution to trademark and domain name problems.
You will find it on WIPO.org.uk
Nope. I'm not implying that in all cases the victims of crime are to blame. Searching for blame is not going to solve anything. Searching for (and finding a remedy to) the reason(s) for the crime is my solution. Not the easiest (just kill them all) nor the swiftest (again, just kill them all), but in my opinion (humble or not), it's the most likely to result in peace and unity.
Personally, I see the actions of Sept. 11 in a similar light to the Columbine shootings. The "outcasts" were picked on and ostricized until they snapped, and a lot of innocents died. It was a tragedy. But I don't wish ill will on either Eric Harris or Dylan Klebold. Again, I hope that they are in a place that they can reflect on the results of their actions, and realize that the choice that they made was not the best possible.
I'm sorry if you don't agree with my opinions. I'm sorry to have offended you. I'm sorry that you find my comments ignorant. I have spent a great deal of time reflecting on my own life, and the events that transpire in it. All I can say is that I will do my best not to transipre suffering on the world. So far, I don't seem to be doing such a good job.
Transmission of nonsense phrases to spies in Eastern Europe continued throughout the 1950s, under the codename The Goon Show. To this day, many of them have not been decoded and the chief steganographer is likely to carry their secret meanings to his grave.
if ebay can afford to give out $4 a signup to all the warez puppies, then they can afford to give out a few k's of bandwidth in the interest of research.
Bill Gates can afford to give me $1 million but that does not mean that I have a legal or moral right to take it from him without his permission (read "steal it").
eBay might well have chosen to participate in this bit of research. They may have felt that they had bandwidth to spare. They might have thought it was good PR. But the point is that they, and they alone, have the legal right to make that decision.
I read that, for some years, British TV had forbidden broadcasting representatives of Sinn Feinn (even MPs). The result was that dubbing actors read their interesting declarations. I don't know if they had better voices than the originals.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu