Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Steganographic Image Found In The Wild

Posted by timothy on from the monkeying-with-images dept.

Niels Provos writes: "After months of searching for steganographic content on eBay and elsewhere -- downloading millions of images, we were finally able to find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less than a second to compute the secret key necessary to extract the hidden message. Two commands at the prompt, and we found the hidden message to be an image of B-52 scrapyard. Right off Terraserver."

15 of 306 comments (clear)

  1. Yeah, except for... by Anonymous Coward · · Score: 5, Informative

    What about the Evil Bert picture? We didn't seem to have the flood of Anthrax here in the U.S. until after that poster came out.

    Hidden message?

    Hidden like a fox!

    1. Re:Yeah, except for... by kilgore_47 · · Score: 5, Insightful

      According to this, bin Laden is indeed using verbal codes to communicate with his people. What better way to get the message out than a public statement?

      I'm still bitter it's not getting played on US tv stations; how can a video taped statement from public enemy number one not be "newsworthy"? They say it "might contain a message". Well one message I heard was "infidels out". Is that the message they don't want us to hear? That his main demand is for us to stop occupying his 'homeland' and whatnot?

      Sure, there might be a hidden message too. But people waiting to get the hidden message will undoubtedly obtain it from some foriegn news source that DOES deem it "newsworthy".

      Censorship will only hide the message from joe sixpack & friends, and I think thats exactly the goal.

      --
      ___
      The way to see by faith is to shut the eye of reason. --Ben Franklin
  2. Not exactly "in the wild" by wiredog · · Score: 5, Informative

    It was shown on ABC news during a discussion of, guess what, steganography. The key was "abc". The person who created it said that it had a message hidden in it. An image "in the wild" would be one that was found at images. that wasn't known beforehand to have steganographic content.

    --

    Best Slashdot Co
  3. I found the message! by garcia · · Score: 5, Funny

    It says "host cannot be reached, click OK to continue"

    yay. It only took me 10s w/Netscape to find the message :)

  4. No suprise by Lumpy · · Score: 5, Insightful

    That it was the planted image from ABC. This is not what I would call a real detection of "in the wild" Show me an image that wasn't part of a media company stunt, or other reporter activity on the very technology of stenaography. Any of the supposed bin-laden images? How about a simple script-kiddie or cracker/thief communication?

    In the wild denotes actual use by thrid parties.. A virus in the wild means it's out there looking to do damage and infect, This image is the equilivant of a hello world program on a how to program website.

    It's not in the wild, It's an example placed by ABC news.

    --
    Do not look at laser with remaining good eye.
  5. Not a very good algorithm / implementation by Tassach · · Score: 5, Insightful
    If it only took "a couple of seconds" to find the secret key, it couldn't be very good. There's a big difference between "hide a message in the low bits of an image" grade stego and cryptographically secure stego. If you "encrypt" a message by XORing it with 0xDEADBEEF, don't be suprised when your super-secret encryption is broken.


    Good stego should be undetectable -- first off, the hidden message should be encrypted, and therefore nearly indistinguishable from any other set of random numbers. Also, the message needs to be several orders of magnitude smaller than the carrier image -- if you want to hide a 1K message, you ideally want a ~1M image to put it in. Isolating 1K of signal out of 1M of noise would be very computationally difficult.

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
    1. Re:Not a very good algorithm / implementation by Lumpy · · Score: 5, Interesting

      Exactly, a 1st year C programming student could re-write a cheezt stego program to hide that 1 to 2 K message at a Certian byte offset or at a repeating offset.

      Stego detection software makes me laugh, it will only detect morons and idiots, and if you really worry about detection increast the Signal to noise ratio. stego EVERY image you come across with the contents of /dev/random. If you saturate the detectors then you can slide what you want through un-noticed.

      I dont care what they develop for detection or interception, anyone with 1/2 a brain can get past them without effort. The difference between a madman and a genius is that a genius won't use his/her knowlege to kill people for sport (or any other reason) The madman looks for any excuse to use his/her knowlege to kill maim or destroy.

      --
      Do not look at laser with remaining good eye.
    2. Re:Not a very good algorithm / implementation by cs668 · · Score: 5, Informative

      That is the problem. Sometimes stego can be detected because it is more random than the surrounding data.

      If you have an image and you store the encrypted message in the low order bits of the image then they will look too random when compared to typical images.

  6. Re:at the risk of sounding stupid. by sphealey · · Score: 5, Interesting
    what exactly is the purpose of this. After perusing the site i'm not exactly sure what the purpose of this is. at first i thought it was related to terrorist hiding information in images on the internet. can someone shed some light of this situation.
    Based on my pre-9/11 reading, bin Laden's bunch pass messages via the spoken word, face-to-face, using messengers who are personally known to them and who usually have some sort of family tie.

    Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.

    Clear now?

    sPh

  7. Matter of opinion of course, by trilucid · · Score: 5, Insightful


    but I'm kinda bothered by this sort of thing, not in the way some might think. I don't have any problem at all with the research being conducted (actually I support it, good stuff!), but I hate that gobs of bandwidth are wasted by this sort of thing.

    I mean, how much bandwidth is taken from companies with large numbes of images on their sites (EBay for example) as a results of stuff like this? It's not exactly something you can say adheres to purely ethical use of their bandwidth.

    There's got be lots of projects out there attempting this stuff, especially given recent press coverage on the topic. Who's picking up the tab for the network usage?

    Perhaps a permission-based scheme would be better, or better yet a volunteer-supported test server pool dedicated to hosting images. That way, people could test out steganography techniques by posting their images to the pool for the community at large to take a crack at. Thoughts? Flames? Oranges?

  8. DMCA by Spankophile · · Score: 5, Funny
    For you 'merkins out there, as long as you own the copyright on the information you "hide" in pictures, wouldn't it be illegal for people to circumvent the protection you used to hide it (i.e. steganography etc)..


    Unless of course they have a warrant, or the US government implements some more 1984 laws.

  9. Re:Oh great... by ackthpt · · Score: 5, Funny
    now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!

    Now I'm beginning to see how evil and subversive those Find the Hidden Picture's were in Highlights Magazine I read as a child! See what diabolical effect it's had on my effort to draw a picture of a simple emoticon!

    cccccccccccccccccccc
    cccccc/ccccccccEcccc
    ccccc/ccc====ccAcJcc
    cccc|ccccccccccTcOcc
    cccc|cccc====ccccEcc
    ccccc\cccccccccAc'cc
    cccccc\ccccccccTcScc
    cccccccccccccccccccc

    The horror, the horror!

    --

    A feeling of having made the same mistake before: Deja Foobar
  10. And this proves what, precisely? by Simon+Brooke · · Score: 5, Insightful
    They search for steganographic images on eBay and have found none. Quel surprise.

    Eventually they get told that yes, there is a steganographic image on ABC, and they look at it, and guess what? They prove that it is a steganographic image and they can really desteg it. Quel surprise!

    Of course, this particular image was very simply constructed as an example for a mass entertainment news channel intended for a general, non-specialist, audience. It was not constructed by someone concerned about secrecy or desperate to conceal a secret message. On the contrary it was constructed using handy, freely available steganographic image tools, not special purpose custom written ones.

    Great!

    This doesn't prove that there aren't staganographic images on eBay which their software can't detect. It doesn't prove there aren't steganographic images on alt.sex.binaries.fluffy-bunnies. It doesn't prove there aren't steganographic images on your favourite pr0n site.

    It doesn't even prove that some spook agency somewhere can't detect all these steganographic messages, desteg them, and read the payload. All it proves is that these two academics can only detect a steganographic image it they're told where it is and what it is, and even then only if it's produced with a small range of well known, freely available tools.

    Incidentally, there is a steganographic payload in this post. Care to scan all Slashdot posts for steganographic payload? All Usenet? No, thought not.

    --
    I'm old enough to remember when discussions on Slashdot were well informed.
  11. Dont use naive implementations by Anonymous Coward · · Score: 5, Informative

    You can use spread spectrum techniques, you dont have to use the LSB. If an image has any uncorrelated noise at all you can always make sure the signal strength of your encrypted message is below the level of that noise ... and if the encryption algorithm can produce a sequence indistuingishable from noise if you dont know the key ...

  12. Steganographic content in Pictures vs. Streams by friday2k · · Score: 5, Insightful

    I just find it very strange that somebody tries to make us believe that Steganographic content is limited to pictures and will be found on eBay. _IF_ you really want to hide something you might want to embedd a message at a certain time (time synching is not a problem) into an ever changing stream of data (like a webcam or an Internet radio station). The content has to be spread out over a certain amount of time. Maybe only chunks of a message per hour. This is not exactly emergency communication, orders, information, etc. can be received over several hours if needed. Now you spread the content over a pre-defined sequence and maybe start with a "wakeup" message to indicate that a new block of cipher information is about to come. This would be impossible to detect, because you have nothing to compare against (like a picture of a busy street is never the same). So I personally think that this "we scan on eBay and the pictures are evil" is something to put people at ease, but is not really helping a lot. Other than people will be forced into more stealthier methods ...