Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Steganographic Image Found In The Wild

Posted by timothy on from the monkeying-with-images dept.

Niels Provos writes: "After months of searching for steganographic content on eBay and elsewhere -- downloading millions of images, we were finally able to find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less than a second to compute the secret key necessary to extract the hidden message. Two commands at the prompt, and we found the hidden message to be an image of B-52 scrapyard. Right off Terraserver."

24 of 306 comments (clear)

  1. Yeah, except for... by Anonymous Coward · · Score: 5, Informative

    What about the Evil Bert picture? We didn't seem to have the flood of Anthrax here in the U.S. until after that poster came out.

    Hidden message?

    Hidden like a fox!

    1. Re:Yeah, except for... by Gallowglass · · Score: 4, Insightful
      "Certain phrases, for example, in bin Laden's statements quite possible are intended to send an additional pre-defined meaning."

      My only exception to stwilwebm's comment above is the phrase "quite possibly". IMNSHO, "not bloody likely" is the correct adverbial phrase.

      Let's all stop and think about this for a meaning. I wish to send an important secret message to my evil henchmen on another continent. Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them?

      Apparently not, if we are to believe the Security Experts who don't want us to hear Bin-Laden. Apparently the best way to send secret messages, is to tape yourself and hope that the corporate minions of the Great Satan will transmit your message, complete, clear (no poorly translated voice-overs, if you please) and in a timely fashion.

      Am I the only one who thinks that if Bin-Laden really is that stupid, that we have little to worry about?

    2. Re:Yeah, except for... by kilgore_47 · · Score: 5, Insightful

      According to this, bin Laden is indeed using verbal codes to communicate with his people. What better way to get the message out than a public statement?

      I'm still bitter it's not getting played on US tv stations; how can a video taped statement from public enemy number one not be "newsworthy"? They say it "might contain a message". Well one message I heard was "infidels out". Is that the message they don't want us to hear? That his main demand is for us to stop occupying his 'homeland' and whatnot?

      Sure, there might be a hidden message too. But people waiting to get the hidden message will undoubtedly obtain it from some foriegn news source that DOES deem it "newsworthy".

      Censorship will only hide the message from joe sixpack & friends, and I think thats exactly the goal.

      --
      ___
      The way to see by faith is to shut the eye of reason. --Ben Franklin
    3. Re:Yeah, except for... by srvivn21 · · Score: 4, Flamebait
      Let me clarify my stance. I don't condone the killing of innocents. I don't even really know what the definition of an innocent is. Hell, I don't condone killing at all. The best embodiment of my feelings can be found in this living article.

      Here are some of the things that make me embarrassed to be a U.S. citizen:

      Killing hundreds of thousands of innocent unsuspecting people, both through our actions, and our inaction.

      Claiming to be the "land of the free and home of the brave" but supporting dictatorships, and refusing cease producing land mines.

      Patting ourselves on the back and proclaiming what a great nation we are, while letting much of the world suffer without electricity, reliable sources of food, clean water to drink, etc. (No, I'm not a socialist, but I do believe in giving a fair opportunity for success.)

      My personal favorite. Supporting Osama and his "freedom fighters" in their fight against the communists of the (former) Soviet Union, and then dropping funding when we no longer gain anything from it. Not that this was a isolated or singular event. This is a recurring activity. Do you have any concept of the government (or living conditions) in Kuwait right now? To forstall any questions, I don't. That's the point. Our interests were served, so we feel no obligation to pay any more attention.

      In the end, the root of all violence is violence. I wish no ill will on you, or the terrorists. I hope that they are in a place where they can reflect upon the actions they commited, and see the pain and suffering that it caused. I don't wish them to feel shame, just that they might grow, and if faced with the same choice again, make a more peaceful one. As for myself, I live with the daily struggle of not flipping the bird to those motorists that feel no remorse in cutting me off. We all have to start somewhere.

  2. Not exactly "in the wild" by wiredog · · Score: 5, Informative

    It was shown on ABC news during a discussion of, guess what, steganography. The key was "abc". The person who created it said that it had a message hidden in it. An image "in the wild" would be one that was found at images. that wasn't known beforehand to have steganographic content.

    --

    Best Slashdot Co
  3. I found the message! by garcia · · Score: 5, Funny

    It says "host cannot be reached, click OK to continue"

    yay. It only took me 10s w/Netscape to find the message :)

  4. Oh great... by RedOregon · · Score: 4, Funny

    ...now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!

    --
    Skivvy Niner? Email me!
    HEY! Look left just ONE MORE TIME!
    1. Re:Oh great... by ackthpt · · Score: 5, Funny
      now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!

      Now I'm beginning to see how evil and subversive those Find the Hidden Picture's were in Highlights Magazine I read as a child! See what diabolical effect it's had on my effort to draw a picture of a simple emoticon!

      cccccccccccccccccccc
      cccccc/ccccccccEcccc
      ccccc/ccc====ccAcJcc
      cccc|ccccccccccTcOcc
      cccc|cccc====ccccEcc
      ccccc\cccccccccAc'cc
      cccccc\ccccccccTcScc
      cccccccccccccccccccc

      The horror, the horror!

      --

      A feeling of having made the same mistake before: Deja Foobar
  5. Super Troll by Outland+Traveller · · Score: 4, Redundant

    The linked page says that the steg. image found "in the wild" was intentionally done as a demo of steganography and publicized on TV.

    Someone please take this article out. It's an embarassment.

  6. No suprise by Lumpy · · Score: 5, Insightful

    That it was the planted image from ABC. This is not what I would call a real detection of "in the wild" Show me an image that wasn't part of a media company stunt, or other reporter activity on the very technology of stenaography. Any of the supposed bin-laden images? How about a simple script-kiddie or cracker/thief communication?

    In the wild denotes actual use by thrid parties.. A virus in the wild means it's out there looking to do damage and infect, This image is the equilivant of a hello world program on a how to program website.

    It's not in the wild, It's an example placed by ABC news.

    --
    Do not look at laser with remaining good eye.
  7. Not a very good algorithm / implementation by Tassach · · Score: 5, Insightful
    If it only took "a couple of seconds" to find the secret key, it couldn't be very good. There's a big difference between "hide a message in the low bits of an image" grade stego and cryptographically secure stego. If you "encrypt" a message by XORing it with 0xDEADBEEF, don't be suprised when your super-secret encryption is broken.


    Good stego should be undetectable -- first off, the hidden message should be encrypted, and therefore nearly indistinguishable from any other set of random numbers. Also, the message needs to be several orders of magnitude smaller than the carrier image -- if you want to hide a 1K message, you ideally want a ~1M image to put it in. Isolating 1K of signal out of 1M of noise would be very computationally difficult.

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
    1. Re:Not a very good algorithm / implementation by Lumpy · · Score: 5, Interesting

      Exactly, a 1st year C programming student could re-write a cheezt stego program to hide that 1 to 2 K message at a Certian byte offset or at a repeating offset.

      Stego detection software makes me laugh, it will only detect morons and idiots, and if you really worry about detection increast the Signal to noise ratio. stego EVERY image you come across with the contents of /dev/random. If you saturate the detectors then you can slide what you want through un-noticed.

      I dont care what they develop for detection or interception, anyone with 1/2 a brain can get past them without effort. The difference between a madman and a genius is that a genius won't use his/her knowlege to kill people for sport (or any other reason) The madman looks for any excuse to use his/her knowlege to kill maim or destroy.

      --
      Do not look at laser with remaining good eye.
    2. Re:Not a very good algorithm / implementation by cs668 · · Score: 5, Informative

      That is the problem. Sometimes stego can be detected because it is more random than the surrounding data.

      If you have an image and you store the encrypted message in the low order bits of the image then they will look too random when compared to typical images.

  8. Re:at the risk of sounding stupid. by sphealey · · Score: 5, Interesting
    what exactly is the purpose of this. After perusing the site i'm not exactly sure what the purpose of this is. at first i thought it was related to terrorist hiding information in images on the internet. can someone shed some light of this situation.
    Based on my pre-9/11 reading, bin Laden's bunch pass messages via the spoken word, face-to-face, using messengers who are personally known to them and who usually have some sort of family tie.

    Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.

    Clear now?

    sPh

  9. Matter of opinion of course, by trilucid · · Score: 5, Insightful


    but I'm kinda bothered by this sort of thing, not in the way some might think. I don't have any problem at all with the research being conducted (actually I support it, good stuff!), but I hate that gobs of bandwidth are wasted by this sort of thing.

    I mean, how much bandwidth is taken from companies with large numbes of images on their sites (EBay for example) as a results of stuff like this? It's not exactly something you can say adheres to purely ethical use of their bandwidth.

    There's got be lots of projects out there attempting this stuff, especially given recent press coverage on the topic. Who's picking up the tab for the network usage?

    Perhaps a permission-based scheme would be better, or better yet a volunteer-supported test server pool dedicated to hosting images. That way, people could test out steganography techniques by posting their images to the pool for the community at large to take a crack at. Thoughts? Flames? Oranges?

  10. Publicity from first search salted the earth by DrXym · · Score: 4, Insightful
    Given the publicity that the first stego search got, I wouldn't be surprised if you ran the test again that it would find thousands of stego messages out there.


    No doubt a fair proportion of them contain spook words too.

  11. DMCA by Spankophile · · Score: 5, Funny
    For you 'merkins out there, as long as you own the copyright on the information you "hide" in pictures, wouldn't it be illegal for people to circumvent the protection you used to hide it (i.e. steganography etc)..


    Unless of course they have a warrant, or the US government implements some more 1984 laws.

  12. And this proves what, precisely? by Simon+Brooke · · Score: 5, Insightful
    They search for steganographic images on eBay and have found none. Quel surprise.

    Eventually they get told that yes, there is a steganographic image on ABC, and they look at it, and guess what? They prove that it is a steganographic image and they can really desteg it. Quel surprise!

    Of course, this particular image was very simply constructed as an example for a mass entertainment news channel intended for a general, non-specialist, audience. It was not constructed by someone concerned about secrecy or desperate to conceal a secret message. On the contrary it was constructed using handy, freely available steganographic image tools, not special purpose custom written ones.

    Great!

    This doesn't prove that there aren't staganographic images on eBay which their software can't detect. It doesn't prove there aren't steganographic images on alt.sex.binaries.fluffy-bunnies. It doesn't prove there aren't steganographic images on your favourite pr0n site.

    It doesn't even prove that some spook agency somewhere can't detect all these steganographic messages, desteg them, and read the payload. All it proves is that these two academics can only detect a steganographic image it they're told where it is and what it is, and even then only if it's produced with a small range of well known, freely available tools.

    Incidentally, there is a steganographic payload in this post. Care to scan all Slashdot posts for steganographic payload? All Usenet? No, thought not.

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
  13. Wow! That is amazing by ellem · · Score: 4, Funny

    I looked at that picture for hours and I couldn't see those B-52s

    I just kept staring at it and staring at it....

    --
    This .sig is fake but accurate.
  14. Re:MOD PARENT UP! by ethereal · · Score: 4, Funny

    But, eBay did grant permission for the download. Somebody's client said "GET http://www.ebay.com/image/something", and eBay said "OK, here it is, catch!". If they didn't want to spend the bandwidth to send it to you, they shouldn't have done so. At no point did eBay not have a choice.

    You may think I'm being needlessly literal here (and in a sense I am), but really this points out the fact that HTTP isn't a suitable protocol to use if you want to shape and/or limit your traffic in certain non-basic ways like eBay does. Not that I'm in favor of traffic limitations, though - anyone who can type a /. comment in less than 20 seconds will agree with me there :)

    --

    Your right to not believe: Americans United for Separation of Church and

  15. Dont use naive implementations by Anonymous Coward · · Score: 5, Informative

    You can use spread spectrum techniques, you dont have to use the LSB. If an image has any uncorrelated noise at all you can always make sure the signal strength of your encrypted message is below the level of that noise ... and if the encryption algorithm can produce a sequence indistuingishable from noise if you dont know the key ...

  16. Steganographic content in Pictures vs. Streams by friday2k · · Score: 5, Insightful

    I just find it very strange that somebody tries to make us believe that Steganographic content is limited to pictures and will be found on eBay. _IF_ you really want to hide something you might want to embedd a message at a certain time (time synching is not a problem) into an ever changing stream of data (like a webcam or an Internet radio station). The content has to be spread out over a certain amount of time. Maybe only chunks of a message per hour. This is not exactly emergency communication, orders, information, etc. can be received over several hours if needed. Now you spread the content over a pre-defined sequence and maybe start with a "wakeup" message to indicate that a new block of cipher information is about to come. This would be impossible to detect, because you have nothing to compare against (like a picture of a busy street is never the same). So I personally think that this "we scan on eBay and the pictures are evil" is something to put people at ease, but is not really helping a lot. Other than people will be forced into more stealthier methods ...

  17. Re:MOD PARENT UP! by fmaxwell · · Score: 4, Insightful

    But, eBay did grant permission for the download. Somebody's client said "GET http://www.ebay.com/image/something", and eBay said "OK, here it is, catch!". If they didn't want to spend the bandwidth to send it to you, they shouldn't have done so. At no point did eBay not have a choice.

    What the agreement said was "prior expressed written permission", which the people conducting the study probably did not have.

    Granting an HTTP request does not constitute "permisssion" to use the service for whatever purpose you want. By analogy, the fact that Yahoo's FTP server accepts porn you upload does not mean that they have given you permission to post porn on your web page. If you send out 100,000 get-rich-quick e-mails, you cannot assume that you have "permission" from your ISP to do so because their SMTP server accepted them. The key point is intended use -- which eBay does not know. That's why they have an AUP.

  18. Re:MOD PARENT UP! by fmaxwell · · Score: 4, Insightful

    Granting an HTTP request constitutes permission for you to download the file you asked for.

    No, it does not. It does not represent a decision by the computer's owner as to whether you had a right to request the file and whether they should supply it to you. If I walked up to your computer and started deleting files, would the fact that your computer deleted the files mean that I had your permission to do so? That's what you are arguing: That the computer has power of attorney for its owner.

    If you enter a restaurant with self-serve soda dispensers, do you have "permission" to steal soda just because the automated machine will dole it out at the push of a button? Do you have "permission" to take all of the straws just because the dispenser will give them to you (Your honor, I had McDonalds' permission to take 2,372 straws because their machine gave me a straw each time I pushed the button...)?

    If Yahoo posts porn for you on their web site, then they didn't even have to give you permission since they already went ahead and did it.

    No one at Yahoo is posting the porn. They are not manually moves the files from the FTP server to the web site. It's an automatic process and does not mean that you have their permission to upload porn. A computer responding to a file transfer request is not equivalent to the company giving you permission to transfer the file.

    Just figure out the technology to lock your property down like you want, rather than relying on a crowd of mostly-anonymous, undisciplinable Internet users to follow your rules.

    Now you are arguing about the practicality of enforcing a policy rather than the legalities. The most effective way to get people to follow your rules is to identify someone who violated them, sue them for civil damages, and make an example of them.