Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hidden Messages in Spam

Posted by michael on from the enlarge-your-inbox-now dept.

randomwalker writes "There was an extremely interesting presentation at the Blackhat Windows Security Conference in January by Dr Curtis Kret entitled Nobody's Anonymous. In his presentation he showed how information about spammers can be determined. In addition he showed that some spam is being used as a covert communication channel. This presentation demonstrates how to apply data forensics to spam in order to identify the sender of specific spam messages. Some senders can be identified by name, while others can be distinguished by attributes such as preferences, nationality, religion, and even left-handedness. Four spam categories are provided that classify spam by function, including List Makers, Scams, and Covert Communication channels. The examples provided include full-disclosure case studies: a phishing gang that targets bank customers with malware and impersonations, and an IRC group that uses spam as a covert communication channel."

7 of 232 comments (clear)

  1. Secret messages in spam by Anonymous Coward · · Score: 5, Informative

    Of course, there is spammimic which lets you encode a secret message in spam.

  2. Steganography... by Lord+of+Ironhand · · Score: 5, Informative
    ... is the technique of hiding certain information in other information. As opposed to encryption, which just makes the information unreadable without the correct key. Steganography & cryptography make a very nice combination since the random-like nature of encrypted data makes it easier to hide.

    A google search for "steganography" yields a lot of useful documents on this.

  3. Mirror by arvindn · · Score: 5, Informative

    *Sigh* I don't know what the editors are thinking when they post direct links to pdf files. Slashdotted instantly. Luckily, throwing the filename at google turned up a mirror.

  4. rent '3 days of the condor' by dhenry · · Score: 3, Informative

    For your hidden-code-in-popular-fiction pleasure...

    Robert Redford discovers a double-secret CIA plot after analyzing book plots for the CIA.

    P.S. - DO NOT look for the book in used bookstores, it sucks. The movie smooths out some of the macho BS in the book and adds some depth.

    -- "Me post off-topic one day"

  5. Working URL for the Paper by DaneelGiskard · · Score: 4, Informative

    Server's down, here is another one ;-)

    bh-win-04-kret.pdf

  6. Re:I already miss spam... by hacker · · Score: 5, Informative
    (b) more money is spent on Viagra and plastic surgery than research into Alzheimers, so when we're old and clunky, the women will have superb breasts, the men iron-hard equipment, but no-one will remember what it's all for.

    Actually, Viagra (sildenafil citrate) was originally an arrhythmia treatment (i.e. heart medicine, to help people with strokes and frequent heart attacks). ALL of the money that went into the research of (what is now called) Viagra was there to support a drug for cardiac patients.

    Only when some of the clinical trials had less-than-optimal results as a cardiac treatment, and an additional "side effect" of erectile sustainment, was it recast as an erectile dysfunctant treatment. They weren't going to pour the millions they spent on researching the cardiac drug, down the drain, so they recast it as Viagra, and that is what you know today.

    I know this, because I used to work with the group responsible for doing the purity/potency testing of this specific compound within $PHARMA.

    Also, contrary to popular belief, Viagra does not produce erections . It increases blood flow (hence the original cardiac target). The increased bloodflow helps you sustain an existing erection longer than you normally could. It does not give you an erection.

  7. Re:Why is this suprising. by sartin · · Score: 4, Informative
    perhaps i'm missing something here, but if someone wanted to send someone else an extremely covert message, why wouldn't they just encrypt it?

    Traffic analysis. Since not all intercepted messages can be decrypted in a timely fashion, one way intelligence is gathered is by looking at the communication patterns independent of the content. Knowing that bad person A sent unknown person B some set of messages (and even moreso noting that they were strongly encrypted) yields a strong suspicion that person B is part of the same bad collective as person A. By sending many messages all over that are noise, the real communication is lost in the noise. Not just the data in the communication, but the data about the communication.