Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacktivismo to Release Steganography Tool

Posted by ryuzaki0 on from the say-cheese-in-pig-latin dept.

Anonymonkey writes: "According to this story at , a group called Hacktivismo will release a steganographic tool called Camera/Shy at H2K2 this year. Apparently, it will make it easy for persecuted political groups to hide messages in images. The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty."

3 of 201 comments (clear)

  1. Traffic analysis by AgTiger · · Score: 5, Insightful

    Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

    That can be enough to tip off the wrong someone.

    Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...

    Oh wait, that sounds a lot like a mixmaster remailer.

    And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.

  2. Dumb, DUMB idea by splorf · · Score: 5, Insightful
    Steganography is a lot harder than it sounds. It's easy to hide a message in an image file and have the image still look normal on the screen to a casual observer. It's a hell of a lot harder to keep an opponent from detecting the message by analyzing the file knowing how your program works.

    I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed. By careful, I mean don't even mess with embedding messages in jpg images. It might be reasonably safe to embed them in audio or video streams at very low bit rates, like one bit per several seconds of 44 khz 16 bit PCM audio or mini-DV video. And even that would take sophisticated encoding to keep detection difficult.

    Reference: Security Engineering by Ross Anderson, reviewed on Slashdot a few months ago.

  3. You're absolutely right! by brooks_talley · · Score: 5, Insightful

    You're absolutely right. I find it dispicable that people would release programs that terrorists could possibly use, with the weak excuse that there might be other legitimate uses! I mean, if we got rid of Steganography, PGP, Linux, MS Word, AutoCAD, MS Project, Bablefish, Oracle, OpenOffice, Squid, Rogue Spear, Mathmatica, Apache, Cu-Seeme, and KSH... why, the world would surely be a safer place!

    Cheers
    -b