Hacktivismo to Release Steganography Tool

Anonymonkey writes: "According to this story at , a group called Hacktivismo will release a steganographic tool called Camera/Shy at H2K2 this year. Apparently, it will make it easy for persecuted political groups to hide messages in images. The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty."

It's not the first wheel.

[AftanGustur]

Will it do anything differently than the rock-solid and famous OutGuess" ?

Re:It's not the first wheel.

[AftanGustur]

Sorry, the link should have been www.outguess.org

Traffic analysis

[AgTiger]

Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

That can be enough to tip off the wrong someone.

Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...

Oh wait, that sounds a lot like a mixmaster remailer.

And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.

Re:Traffic analysis

[Jeremi]

Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E. That can be enough to tip off the wrong someone.

I would think you wouldn't send any data directly to B at all... you'd merely set up an account on eBay and start selling some junk... but in the pictures of the junk, you hide your steganographied secret messages. Your buddies pose as eBay buyers, and occasionally read your page (along with many others, for cameoflage)... but when they read your page, they "Save Image As..." and extract the secret messages.

For them to reply back to you, the same process is done in reverse. It would take a pretty sharp government to catch on to this, I think....

Re:Traffic analysis

[PacoTaco]

You could always go out of band, like this for example.

Re:Traffic analysis

[AftanGustur]

Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

Absolutely true !

And sometimes human rights activists get arrested because they spoke to the wrong person.
You are talking about mistakes here. If you embed messages in images you don't want to bring attention to those images by sending them off in a email. Instead you make them a part of some normaly looking webpage and let everyone download it. That is what is so cool about steganography, nobody will know about the secret message, and even if they know they can't find it unless they know the secret.

Re:Traffic analysis

[user+no.+590291]

Or use Usenet.

Re:Traffic analysis

[mpe]

Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E

In which case Alice, Bob, Chris, Denise and Edward don't communicate directly at all. Instead they use some method to broadcast their steganography disguised messages in a way that will be seen by lots of people.

Re:Hm...

[Smitedogg]

It's easier, I'm sure, to make and distribute a program that terrorists could possibly use in some manner to attack us if you say 'It's for the persecuted political groups' instead. Has a catchy "For the children" ring to it". Plus it's good PR, of course.

Dumb, DUMB idea

[splorf]

Steganography is a lot harder than it sounds. It's easy to hide a message in an image file and have the image still look normal on the screen to a casual observer. It's a hell of a lot harder to keep an opponent from detecting the message by analyzing the file knowing how your program works.

I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed. By careful, I mean don't even mess with embedding messages in jpg images. It might be reasonably safe to embed them in audio or video streams at very low bit rates, like one bit per several seconds of 44 khz 16 bit PCM audio or mini-DV video. And even that would take sophisticated encoding to keep detection difficult.

Reference: Security Engineering by Ross Anderson, reviewed on Slashdot a few months ago.

Re:Dumb, DUMB idea

[raytracer]

No, it isn't a dumb idea. It is a very very good idea, and one that carries few risks that aren't risks inherent whenever any citizen works outside the limits their government prescribes for them.

It isn't hard for to come up with conventional cryptography that is robust against normal attacks. The technology is well understood and can be engineered to be robust against virtually any conventional cryptographic attack. Similarly, steganography is fairly well understood. Even if the government could detect that images or audio files were being used as a covert channel, they would be unable to break the underlying encryption. It would be vastly easier for them to just imprison and torture people into revealing their activities than to assume a technological attack.

Individuals in these countries are exercising a form of civil disobedience, and it is important that they continue to do so. If oppressive governments are forced to spend all their efforts to detect and eliminate perceived threats, it divides their power and makes it more difficult to hide their clandestine misdeeds.

Re:Dumb, DUMB idea

[splorf]

Even if the government could detect that images or audio files were being used as a covert channel, they would be unable to break the underlying encryption. It would be vastly easier for them to just imprison and torture people into revealing their activities than to assume a technological attack.

That's the point. In order to imprison and torture people you have to know who to imprison and torture (unless you do it to everyone). You torture people if they do things that attract your suspicion. So the idea of steganography is to avoid attracting suspicion. If the opponent figures out you're using it, you are toast.

Cryptography is broken if the attacker can read a message, but steganography is broken if the attacker can detect the message. The consequences of either type of break are just as bad. So using detectable steganography is as bad as using weak cryptography.

There are lots of strong cryptography programs like PGP out there, and well-informed users also know that there's a lot of cryptographic snake oil and understand what snake oil is. But many of the same people think they can blatantly mess around with GIF color tables (etc.) and not get noticed. They are wrong and they are asking for trouble. I haven't seen a steganography program yet whose use in messages isn't pretty easy to detect if you know how the program works. Steganography programs are almost all snake oil. I'd want to see very convincing evidence that the Hacktivision program isn't snake oil before letting anyone trust their life to it.

Re:Dumb, DUMB idea

[|<amikaze]

A combination of secure cryptography and steganography is ideal. Cryptographic data should be inheritantly random, and thus, when "they" try to analyze your image to see if there is hidden content, all they will get is random gibberish.

Re:Dumb, DUMB idea

[Rogerborg]

• I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed.

I suspect that it'll actually be repressive regimes that do that, not Hacktivismo. Incidentally, where can we find the steganography tools that you've made publically available?

This is misleading.

[purpledinoz]

Apparently, it will make it easy for persecuted political groups to hide messages in images.

Why just 'persecuted political groups'? (which I hope isn't another name for a terrorist organization). The article says that it is easy to use. Which means that you and I can communicate with each other securely, with no one eavesdropping. It's neither a good or bad thing, it's a tool. This tool can be used for good and bad.

I really think that this post was implying that terrorists will take advantage of this tool. Drop this terrorism crap. Terrorists use many other mundane things to cause damage, why not make a big deal about those items too.

Re:This is misleading.

[SirSlud]

Personally, I dont think he was talking about Terrorism. You people gotta get your mind off that shit. Life does not revolve around terrorists.

Re:This is misleading.

[snake_dad]

Life does not revolve around terrorists.

Indeed. It tends to end around them.

Re:This is misleading.

[AftanGustur]

Why just 'persecuted political groups'? (which I hope isn't another name for a terrorist organization).

Sigh, you are American, right ?
*Everybody* is either a a terorrist or supporting terrorism !!!!!! Get this into your head !!! It only depends on from which side you are looking.

Do you think that Afghans who lost their relatives to American cluster bombing think you are not supporting terrorism if you supported the Afghan war ???

Re:This is misleading.

[TWR]

Sigh, you are Idiot, right? Terrorism has nothing to do with what "side" you are on. That's the typical moral relativist crap that people use to avoid making moral judgements that might mean they'd have to commit to taking a side.

Let me repeat this for the billionth time:

TERRORISTS INTENTIONALLY ATTACK CIVILIAN TARGETS TO ADVANCE A POLITICAL AGENDA.

Americans weren't targeting civilians on purpose in Afghanistan. If they were, a few nukes would have solved any problem with bin Laden real quick, and the collateral damage wouldn't have mattered. But since it DOES matter, the US has been doing things the hard way.

Notice that the US apologized for attacking a wedding by accident (the funny thing is that no one can find the graves for the 40 people supposedly killed in the attack. A two day search turned up only 5 graves), even though the people were firing weapons (and possibly an anti-aircraft gun) in the air in the middle of a war zone. See, that's because the US is the good guys and regrets killing innocents. I don't remember the al Qaeda apology for killing 3,000 Americans with those airliners. Do you?

-jon

Re:This is misleading.

[TWR]

Blah, blah, blah.

The US doesn't target hospitals in war. Saddam and Slobo, however, liked to put military instalations in civilian locations. That's a violation of the Geneva conventions, but brainwashed idjits like you don't want to call them on it. To you, the US is the root of all evil.

The US could easily kill virtually the entire population of the Arab world in about a half-hour. Why doesn't it, if it's as evil as you think?

Terrorism only equals war to a coward. And civilians are killed at a lower rate in modern war.

-jon

Re:This is misleading.

[TWR]

Look, you're a rabid, lying troll. Give a single support for any of the wild claims you have made.

If you are incapable of telling the difference between thugs and defending yourself from thugs, then I pity you. You've probably been ruined by some teacher or professor and you're too weak-minded to think for yourself and realize their foolishness.

-jon

Re:This is misleading.

[AftanGustur]

Look, you're a rabid, lying troll. Give a single support for any of the wild claims you have made.

Tsk, tsk .. ;-)
Let's scroll back 1 post .. It looks like *you* were the one who was making the claims, and I was calling you on them ..

On the topic that everybody is a terrorist, depending from which side you are looking You wrote:
TERRORISTS INTENTIONALLY ATTACK CIVILIAN TARGETS TO ADVANCE A POLITICAL AGENDA
And I replied (and asked for some examples):
Yes, ? And are you claiming that there is *ANY* army on this planet that doesn't attack civilian targets in times of war ?? Please, name one !!

Take the american army operations in Yugoslavi for example. And watch the Americans do it again in Iraq, any time now. But since it looks like you didn't understand my argument, I'l rephrase it: "If all of group (G) does X, you can't claim that doing X makes you a T without applying the definition to all of G)."

You also made the (unsupported) claim:
Americans weren't targeting civilians on purpose in Afghanistan
And I replied:
This is a almost meaningless statement. They surely "targeted" and their "targets" were purely "civilians" and they surely had a good "purpose" for dropping them bombs.. What are you trying to claim ?

If you are incapable of telling the difference between thugs and defending yourself from thugs, then I pity you.

And where does this fit into the discussion ?? For Al-Qaida the Americans are the 'thugs', right ? I realy, realy don't understand what you are trying to explain.

You've probably been ruined by some teacher or professor and you're too weak-minded to think for yourself and realize their foolishness

I regularly look over my belives and 'truths', so I welcome any logical arguments that you mights have, but so far you have just whined and tried (without success) to attack everything else except my statements.

Re:This is misleading.

[TWR]

The American army (really, the American Air Force) didn't attack civilian targets in Serbia that weren't part of the war effort. Taking out communication and transportation is a common tactic, because those are DUAL-PURPOSE. Food supplies and office buildings weren't targeted. When bombs went astray, the US actually APOLOGIZED, as it did in Afghanistan. I'm sure you didn't notice from within your spasms of anti-American hate.

And it is a war crime to place military facilities in civilian locations. That's what Iraq does, and that's what the Taliban did. Heck, the Taliban was abusing Red Cross facilities, stealing supplies and storing weapons there. They also stored weapons in Mosques. What great men you defend.

Al-Qaeda is, quite simply, insane. They want to establish a world-wide Islamic caliphate, presumably with bin Laden as the Caliph. They are mad that Saudi Arabia asked US troops to defend it against Iraq. They are mad that the British and French carved up the Ottoman Empire. They are mad that Ferdinand and Isabella defeated the Moors in Spain in freaking 1492. All of these complaints have NOTHING to do with the US. But the US is the target, because it's the lynchpin of the modern world.

So, if you're ready to worship bin Laden, you keep rooting for al Qaeda. I'm hoping those fucks are exterminated soon. Let's call it a difference of opinion.

-jon

Re:This is misleading.

[AftanGustur]

The American army (really, the American Air Force) didn't attack civilian targets in Serbia that weren't part of the war effort.

Of course, by definition, everything that is blown up, is a part of the "war effort". It wouldn't be blown up otherwise. You have a talent of making silly definitions.

The US, went after almost anything that could be defined as even remotely political, and boombed it. That included all and every property that was owned by Slobodan's supporters. That's how war works.

And it is a war crime to place military facilities in civilian locations.

I often think about why the American governament offices are found in the same buildings as nurseries etc ... (remember the Oklahoma bombing ?)

Al-Qaeda is, quite simply, insane. They want to establish a world-wide Islamic caliphate, presumably with bin Laden as the Caliph.

You shouldn't belive everything that the US propaganda-machine spits out. Bin Laden and supporters want to make Islamic states more fundamental, and they don't want the western world to be in their way. They have no interest in making your country Islamic.

They are mad that Saudi Arabia asked US troops to defend it against Iraq.

True. Well, they are mad because the US did it.

They are mad that the British and French carved up the Ottoman Empire.

True.

All of these complaints have NOTHING to do with the US. But the US is the target, because it's the lynchpin of the modern world

Well, you forgot:

They are mad because of the thousands of islamic people killed by the American army in Iraq.

They are mad because of the sufferings of the Iraqian people by US imposed sanctions.

They are mad because of endless unilateral US support for Israel.

They are mad because of how Israel was created by the US (and UK).

They are mad because of how the US protects the governments in Saudi and Kuwait against it's own people, and prevents those countries from changing.

They are mad because of how the US has financed wars (Iran/Iraq for example).

So, if you're ready to worship bin Laden, you keep rooting for al Qaeda. I'm hoping those fucks are exterminated soon. Let's call it a difference of opinion.

And then what ?? Do you cincerely belive that if you could press a button and kill all of AlQaida today, that America's problems would go away ??

The 9/11 attack was a *revenge* attack, not *first blod* as certain people would like you to belive. (and indeed many Americans belive so)

And no, I am not worshipping Bin Laden, just because I see his point doe not mean that I agree with him on how to correct the problems.

Re:This is misleading.

[TWR]

Ah, good. Now that I know you're a loony, this makes it much easier.

Anyone who equates putting anti-aircraft guns on the roofs of apartment buildings and chemical weapon factories in hospitals with putting nurseries in a building that manages Social Security paperwork is a loony.

Anyone who can ignore the hundreds of thousands killed in the inter-Muslim wars (Iran/Iraq, Iraq/Kuwait, Lebanon, Syria against its own population) and be mad that the US drove Iraqis out of Kuwait under a UN mandate with Arab countries as allies is a loony.

Anyone who think that the US is responsible for "suffering" from sanctions is a loony. Why aren't the Kurds suffering in their autonomous regions, given that they're under the same sanctions? Where is Saddam getting the money to give to the families of Palestinian Islamikazies? Maybe, just maybe, Saddam is starving his own people on purpose, and idiots like you are too stupid to figure this out.

The US' "unilateral support" argument is a canard. There was a great article on the history of US-Israeli relations in the Economist (a magazine noted for its anti-Israel bias). A hate-monger like you won't bother to read it, but anyone else can find it at: http://www.dean.usma.edu/socs/ir/ss307/readings/ne gotiations%20exercise/the%20unblessed%20peacemaker .htm

The US and UK didn't create Israel. This is more loony speak. The UN did. Sorry to burst your crazy bubble,but I'm sure facts just bounce off of it.

Protecting the Saudis and the Kuwaitis is now grounds for killing office workers in New York. The view into your loony world is amazing.

And why is a loony like you mad at the US for the war between Iran and Iraq? Didn't the USSR, France, England, and a host of other countries supply weapons to both sides? More crazy excuses from a hate monger.

America's problems with terrorists aren't limited to Al Qeada. They're caused by a backwards, hate-filled culture that doesn't want to own up to its own faults and would rather blame everything on the magic bogeymen of Jews and America. There was a fascinating report put together by Arab intellectuals this week that pointed out that Spain translates more books in a year than the entire Arab world has translated in the last 1,000 years. 65 million Arabs out of 280 million are illiterate. There isn't a single Arab democracy. This is a damaged society that wants to pull the rest of the world down to its level rather than improve itself. When Arabs start trying to fix their own problems, America's problem with terrorism will subside.

Now go off to your cave, beat a woman, and blame Jews for your miserable lot in life.

-jon

Re:This is misleading.

[AftanGustur]

Ah, good. Now that I know you're a loony, this makes it much easier.

? makes what easier ?? I sincerely hope that you haven't been losing sleep or felt depressed because of our little discussion here ?

Anyone who .. bla bla bla .. is a loony

Anyone who .. bla bla bla .. is a loony

Anyone who think that the US is responsible for "suffering" from sanctions is a loony.

Please. I see you are becoming desperate .. but I will still try to discute with you..
Iraq's neighbours, and Iraq's history of war with them, do not allow Iraq to just turn it's army into boyscouts. Iraq, just like Iran and the USA *needs* an army to protect it's interests. You can't realisticly expect them to stop running their army and stop buying and developing weapons.
It's not Disneyland out there.

So when the US imposed sanctions just allow Iraq to sell enough oil to feed it's population, the population will starve. That's reality. Expecting anything else is just beliving in spiritual pipedreams.

I'd realy like to read the article you gave the link to but I can't seem to get it to work. Could you please either repost it or send it to "agust @ BioDef. org" ? Thanks. We could also take the discussion to email if you feel like continuing it.

The US and UK didn't create Israel. This is more loony speak. The UN did. Sorry to burst your crazy bubble,but I'm sure facts just bounce off of it.

You should take some anger-management classes, it might help you.
UN, had just been founded and was a great too for those who won WWII to implement their ideas about the world in the name of "everybody". Saying that "UN did it" is like saying "the computer did it". It's just a tool. And at the time it were the UK and USA who called the shots.
And don't forget that the land where Israel is now, was a political part of UK at the time.

Protecting the Saudis and the Kuwaitis is now grounds for killing office workers in New York.

Welcome to reality. Well, it wasn't exactly that the US was protecting "the Saudis" and "the Kuwaitis", but more *which* Saudis and Kuwaitis they were protecting (the families who control) If only the US would realise what effects their war efforts are having in far-away countries.

The view into your loony world is amazing.

Unless you are some kind of a spirit or ghost, it's your world also. No wait a minute.. You actually think that I agree with those terrorist attacks ??????? What on earth gave you that idea ?? I'm explaning *why* things did happen. And although I can see the other side of the coin, I don't agree with all of it. And I absolutely don't agree with killing civilians, although I can understand *why* they are the targets.

And why is a loony like you mad at the US for the war between Iran and Iraq? Didn't the USSR, France, England, and a host of other countries supply weapons to both sides? More crazy excuses from a hate monger.

Ahh, yes clearly you think that by showing you a different view I was agreeing with that view. Ahh no. I am simply showing that the US is not doing the right things to let this particular problem go away. The deep hate against the USA.

And although I hold no such deep hate I can see why the US are doing things like they do. (Economical interests) But I don't agree with what they are doing.
Back to your "arguments", your arguments aren't even arguments. You can't justify a bad deed by saying "everybody does it". That is exactly what is putting many American companies into hot accounting-water right now. (and propably some people in jail).

There isn't a single Arab democracy. This is a damaged society that wants to pull the rest of the world down to its level rather than improve itself. When Arabs start trying to fix their own problems, America's problem with terrorism will subside.

You are starting to see the light here. As well as some US officials are starting to see the light. The US could have changed the above problems you mention, a long time ago instead of supporting sheiks and oil barons. All in the name of cheap oil. And it's paying off real cool, now that the arab population is all up in arms against America, but the oil countries are to afraid to use the oil as a political negotiation tool against America. Because, after all, it is America who has hept them in power. (and likely will keep them in power)

It is in America's best interest to keep the arab countries up in arms against each other and to keep the dictators in power (at least until they start turning agains America).

And that is the thing that has to change, I think that if anything positive can come out of the 11th sept attacks, it will be changing what is in USA's best interests !

Please post the URL again, I'm always interested in reading well reasoned articles.

-RE

Hiding Essays and Exams in Prono

[RebelTycoon]

To keep essays from being harvested and parsed into massive validation databases.

Sites such as the Internet Paper Mill and Term Papers will start to have to list EssayWritingChicks.com

Now we should be able to hide from these guys.
Plagiarism.com
Plagiarism.org
Wordcheck
Integriguard
Eve

Practical utility of steganography?

[vkg]

Certainly a nice toy, yeah, much like any other stego app.

But, what's the practical application? Surely traffic analysis makes stuff like this pretty lame for routine use? Yes, you can hide one message, or a few, but how do you have a conversation using this kind of technology and not stick out for emailing huge JPEGs back and forth?

What do you do? Have a competition to photoshop images? Run a porn site?

I'm just not convinced this is the way to go for real applications.

Meanwhile back at MI5 research park . . . . . . .

[Aliks]

Bond Good afternoon Q, what have you got for me today?

Q Ok pay attention Bond there have been some developments in secret codes since you last came through. I'd like to tell you about our latest wheeze for getting messages back to HQ by e-mailing pictures of Anna Kournikova.

Bond You mean the tennis player named after an Internet virus?

Q The very same. What you need to do is put your message into a very small dot, a micro dot in fact . .

Bond And stick the dot onto a Kournikova photo?

Q Exactly.

Bond Why Kournikova? apart from the obvious?

Q Well that's the devilish part. You see noone will suspect that the picture is anything other than a virus so it will be blocked and deleted.

Bond While all your team will have the perfect excuse to examine Kourno pictures in extreme detail. Now that is devilish cunning. Who invented this stuff?

Q Ah well they used to call themselves the Cult of the Dead Cow but its really a SMERSH front

Bond I see . . . . . .

Re:Hm...

[SirSlud]

Um, they are persecuted political groups. But so are other groups that shouldn't be persecuted.

Technology, ANY technology, helps your enemies as effectively as it helps your friends. Get over it.

You're absolutely right!

[brooks_talley]

You're absolutely right. I find it dispicable that people would release programs that terrorists could possibly use, with the weak excuse that there might be other legitimate uses! I mean, if we got rid of Steganography, PGP, Linux, MS Word, AutoCAD, MS Project, Bablefish, Oracle, OpenOffice, Squid, Rogue Spear, Mathmatica, Apache, Cu-Seeme, and KSH... why, the world would surely be a safer place!

Cheers
-b

Re:You're absolutely right!

[teslatug]

There should be some limits though, by analogy:

I mean, if we got rid of nuclear weapons, long range missiles, tanks, rifles, pistols, knives, spoons, tooth-picks, napkins... why, the world would surely be a safer place!

Just an exageration meant to show that your argument does not necessarily hold. You can get rid of some things for the greater good, without infringing on regular people's rights. You don't always have to go by precedent, you can judge actions on their own merit.

Re:You're absolutely right!

There's a fairly comprehensive list here.

In summary:

• Silencing Political Dissent

  Section 802 of the USA PATRIOT Act creates a federal crime of "domestic terrorism" that broadly extends to "acts dangerous to human life that are a violation of the criminal laws" if they "appear to be intended...to influence the policy of a government by intimidation or coercion," and if they "occur primarily within the territorial jurisdiction of the United States."

  Read: Politicial protestors who block traffic are terrorists.

• Enhanced Surveillance Powers

  By and large, Congress granted the Administration its longstanding wish list of enhanced surveillance tools, coupled with the ability to use these tools with only minimal judicial and Congressional oversight. In its rush to pass an anti-terrorism bill, Congress failed to exact in exchange a showing that these highly intrusive new tools are actually needed to combat terrorism and that the Administration can be trusted not to abuse them.

  Read: Now we can spy on our citizens with minimal accountability.

• Sneak and Peek Searches

  Section 213 of the Act authorizes federal agents to conduct "sneak and peek searches," or covert searches of a person's home or office that are conducted without notifying the person of the execution [within a "reasonable period", ie 90 days] of the search warrant until after the search has been completed.

  Read: Oh, by the way, we searched your apartment a few months ago while you and your family were at work/school. We were just checking to see if you were terrorists, but you werent! Just thought you would wanted to know. By the way those tapes of you and your wife were very kinky.

• Access to Records in International Investigations

  Under Section 215, the Director of the FBI or a designee as low in rank as an Assistant Special Agent in Charge may apply for a court order requiring the production of "any tangible things (including books, records, papers, documents, and other items)" upon his written statement that these items are being sought for an investigation "to protect against international terrorism or clandestine intelligence activities."

  Read: Sorry we had to take all of your computer equipment; we just wanted to see if you were a terrorist. After scanning everything, we've decided that you're not. But don't worry... you'll get all of it back after all the red tape clears, in about 12-18 months.

• Tracking Internet Usage

  Under Section 216 of the Act, courts are required to order the installation of a pen register and a trap and trace device31 to track both telephone and Internet "dialing, routing, addressing and signaling information"32 anywhere within the United States when a government attorney has certified that the information to be obtained is "relevant to an ongoing criminal investigation."

  Read: Oh, we found out that one of your neighbors is smoking pot, so we had to spy on everyone in the apartment complex for a few years to make sure nobody else was working in connection with this "terrorist".

• Allowing Law Enforcement Agencies to Evade the Fourth Amendment's Probable Cause Requirement

  Perhaps the most radical provision of the USA PATRIOT Act is Section 218, which amends FISA's wiretap and physical search provisions. Under FISA, court orders permitting the executive to conduct surreptitious foreign intelligence wiretaps and physical searches may be obtained without the showing of probable cause required for wiretaps and physical searches in criminal investigations.

  Read: We don't need the 4th amendment anymore.

• Sharing of Sensitive Criminal and Foreign Intelligence Information

  While some additional sharing of information between agencies is undoubtedly appropriate given the nature of the terrorist threats we face, the Act fails to protect us from the dangers posed to our political freedoms and our privacy when sensitive personal information is widely shared without court supervision.

  Read: Political dissidents (now called "benign domestic terrorists" by the media) have no rights to privacy.

• Stripping Immigrants of Constitutional Protections

  The USA PATRIOT Act deprives immigrants of their due process and First Amendment rights through two mechanisms that operate in tandem. First, Section 411 vastly expands the class of immigrants who are subject to removal on terrorism grounds through its broad definitions of the terms "terrorist activity," "engage in terrorist activity," and "terrorist organization." Second, Section 412 vastly expands the authority of the Attorney General to place immigrants he suspects are engaged in terrorist activities in detention while their removal proceedings are pending.

  Read: If you've ever even send medical supplies or a care package to an innocent citizen in a middle eastern country while islamic extremists were in power, you and your family will be immediately jailed without explanation upon trying to immigrate to the USA.

So basically, if you don't particularly want the rights given to you by the First and Fourth Amendments to the Constitution, then the Patriot Act is a Good Thing(TM)(R)(C)

Re:You're absolutely right!

[brooks_talley]

Sure -- just like "you can take away bombs, guns, knives, box cutters, nail clippers, and toothpicks... and air travel would be so much safer" is a flawed analogy. Oh, wait, terrorist types have shown a shocking disregard for the principle of using obviously dangerous tools.

Sure, some things are more dangerous or prone to dangerous use than others, but fact is, if someone's really looking to do evil shit, they will find a way to use a spoon if they have to. If "outlawing any implement that could possibly be used for evil" is the philosophy, you have to outlaw everything from nuclear bombs to napkins. Pure and simple.

That was my point, and I'll stick by it.

Cheers
-b

Re:You're absolutely right!

[TWR]

Read: Politicial protestors who block traffic are terrorists.

No, but running them down with my car shouldn't be a crime.

Seriously, blocking ambulances or emergency vehicles are "acts dangerous to human life that are a violation of the criminal laws". Do so, and I hope you get a nice long jail term.

Section 213 of the Act authorizes federal agents to conduct "sneak and peek searches," or covert searches of a person's home or office that are conducted without notifying the person of the execution [within a "reasonable period", ie 90 days] of the search warrant until after the search has been completed.

Right. Because if you TOLD criminals you were going to search their places ahead of time, they'd do NOTHING to remove evidence.

I'm not going to bother with the rest of your paranoia, because it mostly comes down to "Republicans are evil incarnate, and can't be trusted like those oppressive regimes that I love."

-jon

Don't use this with E-mail

[DeadVulcan]

Some people are talking about traffic analysis, but it seems to me that the best way to use this would be to post images on the web (ideally, with no HTML files linking to them).

In each message, you'd give a URL to the location of your next transmission. Maybe also a date and time period when it will be available.

And, if you used public web access points like internet cafes to transmit and receive your images, your activity would probably be pretty darned hidden.

Just a thought off the top of my head.

Re:Don't use this with E-mail

[ImaLamer]

You are on the right track but showing up at kinkos to do this will likely get your face on tape.

To truly be anonymous... find a good open proxy, post it to the web and update your message in your logo pic etc.

Slashdot could be transmitting information to someone with their masthead daily... I say use fortune to give users a cool msg and viola.

Re:Hey jackass...

[PacoTaco]

Did you bother to read more than just the title? :)

From the article:

Hacktivismo says Camera/Shy will also use encryption, suggesting keys will be needed to reveal secret information in full.

Re:Shit! This is serious, actually...

[SirSlud]

> Imagination, Creativity, Free Will.

If you were capable of using any of those things, you'd probably be talking about other things, rather than using the easiest, most spineless rhetoric americans have been priviledged to in years.

Wait and find out what has happened, like people capable of using their brains do.

Falon Gong...

[User+956]

What do they mean by persecuted anyway? One could argue that the Taliban/Al Qaeda are persecuted political groups...

That's correct, but it could also work for groups like the Falun Gong. The Falun Gong is a religous movement that has suffered much oppression in China.

Re:Palestinian, Taliban, Pakistan, Libyan

[SirSlud]

Aawww, your brainless rage is cute. Its almost worth me offering 100$ to somebody to go out, find you, lock you up so I can put you in a cage and parade you around my neighbourhood on a leash.

I promise to say lots of nice things about islam so you get to spew your rhetoric all the time like I know you wanna. (Otherwise, when this all dies down, youll be bored from not getting to be so hateful and racist, a concern I know you have.) :)

Re:Hm...

[quantaman]

Any political group who has a lot of enemies be it in China, Russia, Afghanistan, or the US. This is simply encryption, sure a form of encryption better prepared against public scrutiny but encryption none the less. It comes down as always to the fundamental question of whether you want to make available these tools to individuals who have legitimate uses with the understanding that they can also be used against you.

LSB Steganographic Techniques = Easy Detection

[DigitalDaedalus]

According to their press release they use "LSB steganographic techniques".
In the stego world this is roughly equivalent to using ROT13. If you try and hide any sizeable amount it's a joke to detect. There are many better methods- F5, SSIS, etc...

Re:LSB Steganographic Techniques = Easy Detection

[Rogerborg]

• In the stego world this is roughly equivalent to using ROT13

Damn. Oh well, I guess I'll just use the tool you released. Where can I get it?

speaking in secret is not freedom of speech

[Dr.+Awktagon]

Freedom of speech is being able to go in the center of a public square and say whatever you want. It's being able to put your ideas on the front page of a newspaper or pamphlet and distribute it without fear of persecution.

That being said, this may be a useful tool for some people, but I doubt it will be undetectable. Steganography is a tough problem. And encryption won't help you if the stego is detected, because the police will just put you in jail until you give them the key, since you must have something to hide when you use encryption...

Weapon of Choice

[mike_lynn]

In reading about the software mentioned, I was more impressed with Peek-a-Booty than Camera/Shy. The ability to make use of 'https' connections to not only get access to prohibited/filtered materials but encrypt them as well (with standards currently accepted as 'unsnoopable' by the business community) makes Peek-a-Booty the posterchild for the Right to Learn and Know. I hope it adds in Freedom of Speech by allowing POST/cgi interaction along those connections.

But that doesn't mean I hate Camera/Shy. It's all about giving people more options to talk to each other. If someone's country has decided to filter what you know, restrict what you say and jail you for just thinking different, I'll give praise to any software, hardware, wetware, lotek or notek method for getting people talking to each other, even if it's just a ROT13 plugin for Eudora.

Now that I think about it.

[ImaLamer]

With this tech there is many ways to hide your message.

Of course e-mail is out. But using a web site and splitting up your message throughout the images would be great.

Maybe as the images are layed out on the screen, the top one being part one, middle part two and so on.

A whole site can be used to hide anything from Decss to "anarchy" text files or plans to blow up shit.

Still, my favorite was the earlier suggested posting pr0n to newsgroups. See, before you "diss" this type of product get creative. The users will, the NSA will....

LSBs are okay, but text rules

[westfirst]

Hiding information in the least significant bits of images is okay if you keep the bit rate low. If it gets too high, the statistical profiles of the image changes and that can set off detectors.

I currently like the list of disco songs tool because it doens't have the same statistical problems.

Re:Your logic... (No, _your_ logic)

[SirSlud]

The whole point is, islam is not a tumour, it is the living body, and the individuals who commit these acts are the tumors. Fine, remove them, charge them, whatever. The point is, dont throw away the body to spite the tumour, a view you seem to endorse.

Also on The Register

[xmedar]

here

Fav quote -

"If there were no state-sponsored censorship of the Internet, if Cisco et al weren't crack hoes for hire, if there were no democracy activists screaming for help -- hell, we could be off having fun instead of working long hours after our day jobs," Hacktivismo member and occasional Reg contributor Oxblood Ruffin told us

Every coin has two sides...

[Dr.+Cody]

The Falun Gong is a religous movement that has suffered much oppression in China.

Of course, one could also argue that Falun Gong is a doomsday cult which preachs racism. I assume that PRC's government believes that, aside from the implications of competing with a powerful organization full of people with martyr complexes, their actions are little different from Germany's treatment of the Church of $cientology and the United States' treatment of Branch Davidians, for example.

1000 words

[krath]

Thought we already knew that a picture tells a 1000 words...

Peek-a-Booty

[jafuser]

I'm figuring that not only will this kind of software allow people to get around censorship, but wouldn't it also create a P2P-style anonymizer? This would pretty much make logging of user activity useless for criminal investigations. Would the "host" of a benevolent node on this network be liable for illegal activity that was routed through hir machine?

peek-a-booty != CdC

[Max+von+H.]

From their site:

The cDc and Peek-A-Booty
A commonly-perpetuated misconception about this project is that it is run by CULT OF THE DEAD COW (cDc). This is a myth that has been propagating since the projects inception. The Peekabooty project has its own open- source group, entirely separate from the cDc.

I'm at a loss here...

Why Bother?

[balloonhead]

I don't see the point. If I was a terrorist and posted a USENET / slashdot / other pre-arranged forum message with "big day on Sept 11, flying into NY with a few buddies on flight XXX", there is no way that any FBI / CIA / other agency guy would know what it meant if he saw it on Sept 10, even assuming he looked at it.

There are just too many ways of sending unencrypted / unhidden messages; adding more work just seems like a big hassle for the sender and recipient - as was said after 11/9/01, the reason that messages were not intercepted was because they were low-tech / plain text / whatever. It is quicker and easier to make it innocent-sounding except to those who know already. Any agency screening emails / web pages / whatever would have a lot LESS work to do if it just had an image scanner that decided if there was any potential code, then concentrating on those. As another poster said, checking if a pic does or doesn't have steganography involved is easy (though you then have to decode it) - would it not then be easier to have an image of unencoded text which would be easily readable only if you look at it, on an obscurely titled web page? No automated searcher would be able to read it, no human would ever know where to look unless they alredy knew where it was.

With email, text messaging, instant messaging, unlimited internet forums, the internet pages themselves, snail mail, telephone, telegraph, morse, hundreds of languages, and god-knows what other methods, there are just too may ways to transmit info to plough through these and find hidden messages.

I just don't see the point.

On another note - could terrorist emails be easily intercepted if the volume of traffic was reduced significantly? i.e. if spam was banned?

Re:Why Bother?

[Goonie]

On another note - could terrorist emails be easily intercepted if the volume of traffic was reduced significantly? i.e. if spam was banned?

Given that various individuals with bugger-all resources have managed to build reasonably effective spam filters, I'd imagine that the NSA, with decades of experience in filtering wheat from chaff and with huge resources to throw at the problem, are probably very good at filtering out spam from their searches.

Unless terrorists disguise their messages as spam :)

Re:Why Bother?

[mpe]

With email, text messaging, instant messaging, unlimited internet forums, the internet pages themselves, snail mail, telephone, telegraph, morse, hundreds of languages, and god-knows what other methods, there are just too may ways to transmit info to plough through these and find hidden messages.

Which is why mass interception isn't really very effective. Unless you know where to look in the first place you simply have a large quantity of utterly useless information. Yet after September the 11th there were calls for more automated interception, even when it was revealed that security services in the US lacked people who knew Arabic.

Great Research

[Snaller]

Timothy writes:
The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty.
However if you visit the PeekABooty people:

A commonly-perpetuated misconception about this project is that it is run by CULT OF THE DEAD COW (cDc). This is a myth that has been propagating since the projects inception. The Peekabooty project has its own open-source group, entirely separate from the cDc.
Oh well ;)

Re:Great Research

[UnknownSoldier]

What, you expect /. articles to be accurate?

You're new around here, aren't you! ;-)

Beating "brute force computing power"

[Garry+Anderson]

Quote: "Honeyman says existing steganography cannot be completely undetectable and adds that the key used to hide messages in images can be revealed with brute force computing power."

Any weakness of steganographic systems can be overcome.

For example; to beat brute force computing power only requires to have the message as an image of obfuscated text. There are several ways to do this; for one - think red-green colourblind eye test charts. It can also be multi-layered - each with seperate key. This would require manual viewing at every single attempt to crack it. The man hours required are too large to estimate.

P.S. The United Nations World Intellectual Property Organization and the United States Department are hiding the simple solution to uniquely identify all registered trademarks on the Internet. The answer to this problem has been ratified by honest Lawyers. I believe UN WIPO and US DoC to be corrupt.

If you have heard of the respected Dr. Milton Mueller, you may be interested in the conclusion of his recent report, Domain Name Trademark Disputes under ICANN's UDRP. My comments and link to it on ICANN forum. His conclusion matches what I told UN WIPO and Nominet UK over a year ago.

Please visit World Intellectual Piracy Organization - Not associated with visit United Nations World Intellectual Property Organization

Re:He will!

[SirSlud]

Unfortunately, you cannot distinguish between reationalism and reactionism, which is what makes us so much better than our parents.

I hate people who kill other people. I do not hate racial groups because a few of them killed people. By this logic, I can kill you, because Timothy McVeigh is an American Amry psycho. Does he represent americans?

The Burma Solution

[No+Such+Agency]

Ok, I'm referring to the country currently known as "Myanmar", but I refuse to grant the torturing, fascist limp-dick fucks in SLORC the dignity of using their chosen name.

Basically, from what I've heard, 10% of the adult population of Burma are secret police informants, either willingly or through coercion. You can never be sure who your real friends are, and no activity involving more than one person can be secure. More importantly (to this discussion), unlicensed possession of a modem is severely punished. So, in Burma, stego, crypto, and traffic analysis are all effectively obsolete. Only "trusted" people and organizations get internet access, with the understanding that they will be watched closely. Everyone else lives in medieval isolation (except for working for PepsiCo), cut off from the rest of the world, with far fewer human rights than even the citizens of China.