Hacktivismo to Release Steganography Tool

Anonymonkey writes: "According to this story at , a group called Hacktivismo will release a steganographic tool called Camera/Shy at H2K2 this year. Apparently, it will make it easy for persecuted political groups to hide messages in images. The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty."

Traffic analysis

[AgTiger]

Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

That can be enough to tip off the wrong someone.

Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...

Oh wait, that sounds a lot like a mixmaster remailer.

And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.

Dumb, DUMB idea

[splorf]

Steganography is a lot harder than it sounds. It's easy to hide a message in an image file and have the image still look normal on the screen to a casual observer. It's a hell of a lot harder to keep an opponent from detecting the message by analyzing the file knowing how your program works.

I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed. By careful, I mean don't even mess with embedding messages in jpg images. It might be reasonably safe to embed them in audio or video streams at very low bit rates, like one bit per several seconds of 44 khz 16 bit PCM audio or mini-DV video. And even that would take sophisticated encoding to keep detection difficult.

Reference: Security Engineering by Ross Anderson, reviewed on Slashdot a few months ago.

You're absolutely right!

[brooks_talley]

You're absolutely right. I find it dispicable that people would release programs that terrorists could possibly use, with the weak excuse that there might be other legitimate uses! I mean, if we got rid of Steganography, PGP, Linux, MS Word, AutoCAD, MS Project, Bablefish, Oracle, OpenOffice, Squid, Rogue Spear, Mathmatica, Apache, Cu-Seeme, and KSH... why, the world would surely be a safer place!

Cheers
-b

Re:You're absolutely right!

There's a fairly comprehensive list here.

In summary:

• Silencing Political Dissent

  Section 802 of the USA PATRIOT Act creates a federal crime of "domestic terrorism" that broadly extends to "acts dangerous to human life that are a violation of the criminal laws" if they "appear to be intended...to influence the policy of a government by intimidation or coercion," and if they "occur primarily within the territorial jurisdiction of the United States."

  Read: Politicial protestors who block traffic are terrorists.

• Enhanced Surveillance Powers

  By and large, Congress granted the Administration its longstanding wish list of enhanced surveillance tools, coupled with the ability to use these tools with only minimal judicial and Congressional oversight. In its rush to pass an anti-terrorism bill, Congress failed to exact in exchange a showing that these highly intrusive new tools are actually needed to combat terrorism and that the Administration can be trusted not to abuse them.

  Read: Now we can spy on our citizens with minimal accountability.

• Sneak and Peek Searches

  Section 213 of the Act authorizes federal agents to conduct "sneak and peek searches," or covert searches of a person's home or office that are conducted without notifying the person of the execution [within a "reasonable period", ie 90 days] of the search warrant until after the search has been completed.

  Read: Oh, by the way, we searched your apartment a few months ago while you and your family were at work/school. We were just checking to see if you were terrorists, but you werent! Just thought you would wanted to know. By the way those tapes of you and your wife were very kinky.

• Access to Records in International Investigations

  Under Section 215, the Director of the FBI or a designee as low in rank as an Assistant Special Agent in Charge may apply for a court order requiring the production of "any tangible things (including books, records, papers, documents, and other items)" upon his written statement that these items are being sought for an investigation "to protect against international terrorism or clandestine intelligence activities."

  Read: Sorry we had to take all of your computer equipment; we just wanted to see if you were a terrorist. After scanning everything, we've decided that you're not. But don't worry... you'll get all of it back after all the red tape clears, in about 12-18 months.

• Tracking Internet Usage

  Under Section 216 of the Act, courts are required to order the installation of a pen register and a trap and trace device31 to track both telephone and Internet "dialing, routing, addressing and signaling information"32 anywhere within the United States when a government attorney has certified that the information to be obtained is "relevant to an ongoing criminal investigation."

  Read: Oh, we found out that one of your neighbors is smoking pot, so we had to spy on everyone in the apartment complex for a few years to make sure nobody else was working in connection with this "terrorist".

• Allowing Law Enforcement Agencies to Evade the Fourth Amendment's Probable Cause Requirement

  Perhaps the most radical provision of the USA PATRIOT Act is Section 218, which amends FISA's wiretap and physical search provisions. Under FISA, court orders permitting the executive to conduct surreptitious foreign intelligence wiretaps and physical searches may be obtained without the showing of probable cause required for wiretaps and physical searches in criminal investigations.

  Read: We don't need the 4th amendment anymore.

• Sharing of Sensitive Criminal and Foreign Intelligence Information

  While some additional sharing of information between agencies is undoubtedly appropriate given the nature of the terrorist threats we face, the Act fails to protect us from the dangers posed to our political freedoms and our privacy when sensitive personal information is widely shared without court supervision.

  Read: Political dissidents (now called "benign domestic terrorists" by the media) have no rights to privacy.

• Stripping Immigrants of Constitutional Protections

  The USA PATRIOT Act deprives immigrants of their due process and First Amendment rights through two mechanisms that operate in tandem. First, Section 411 vastly expands the class of immigrants who are subject to removal on terrorism grounds through its broad definitions of the terms "terrorist activity," "engage in terrorist activity," and "terrorist organization." Second, Section 412 vastly expands the authority of the Attorney General to place immigrants he suspects are engaged in terrorist activities in detention while their removal proceedings are pending.

  Read: If you've ever even send medical supplies or a care package to an innocent citizen in a middle eastern country while islamic extremists were in power, you and your family will be immediately jailed without explanation upon trying to immigrate to the USA.

So basically, if you don't particularly want the rights given to you by the First and Fourth Amendments to the Constitution, then the Patriot Act is a Good Thing(TM)(R)(C)