Slashdot Mirror


Hidden Messages in Spam

randomwalker writes "There was an extremely interesting presentation at the Blackhat Windows Security Conference in January by Dr Curtis Kret entitled Nobody's Anonymous. In his presentation he showed how information about spammers can be determined. In addition he showed that some spam is being used as a covert communication channel. This presentation demonstrates how to apply data forensics to spam in order to identify the sender of specific spam messages. Some senders can be identified by name, while others can be distinguished by attributes such as preferences, nationality, religion, and even left-handedness. Four spam categories are provided that classify spam by function, including List Makers, Scams, and Covert Communication channels. The examples provided include full-disclosure case studies: a phishing gang that targets bank customers with malware and impersonations, and an IRC group that uses spam as a covert communication channel."

4 of 232 comments (clear)

  1. Covert Messages by dolo666 · · Score: 5, Interesting

    I remember studying Thomas Pynchon in school, and upon hearing how his military records and university records were lost, I often wondered if his books were some kind of method of covert messaging, due to the code-like writing style he has, and the ominous history he has. Using spam as a method of communication is useful in the sense that it can be hard to tell who the real message is going to; making it impossible to identify the two points of connection, and therefore limiting accountability and obscuring who is doing the talking; so if Pynchon's books are like this... it would also be impossible to tell who the books were intended to (and therefore the US Mil could contact spies who could be in a tight spot, or informants who may be in a tight spot). The books could also contain a bunch of different messages using different cryptographies, in plain sight, to communicate with multiple agents. This is likely incorrect and way off the tin-foil-hat scale of reason, but the thought did occur to me when I read The Crying of Lot 49, and even more so when I read Mason and Dixon.

    1. Re:Covert Messages by sysjkb · · Score: 5, Interesting
      I often wondered if his books were some kind of method of covert messaging...

      Around 1920 Edgar Wallace used this scheme in one of his thrillers about "The Four Just Men". One of the group has been captured, and given the high profile of his crimes, he is being held in solitary. In order to pass along the rescue plan to their imprisoned colleague, his compatriots write a travel book that contains the scheme encoded and arrange for it to be reviewed in enough major newspapers that the prisoner can legitimately request a copy.

      Yours truly,
      Jeffrey Boulier

  2. Not Surprising by Steve+B · · Score: 4, Interesting
    Wrapping hidden messages in spam is an obvious method of defeating traffic analysis (the gathering and use of information about who is talking to whom, without necessarily being able to read the content of the messages). I would be very surpised if terrorist organizations haven't been doing this ever since spam became voluminous enough to serve as an adequate noise background.

    Really, the Feds ought to be hauling in spammers (for violations of all sorts of existing laws pertaining to fraud, computer cracking, etc) and anal-probing them for customer records, instead of wasting time on nonsense.

    --
    /. If the government wants us to respect the law, it should set a better example.
  3. Steganography by Alioth · · Score: 4, Interesting

    If you think of it, hiding messages in spam would make quite good steganography. Since pretty much most spam comes with a sizeable chunk of 'hashbusters' (random words on the bottom, random characters in the subject), you could hide your message quite easily in the hashbuster.

    In regular email, just the fact a PGP encrypted message was sent by Alice to Bob would tip the authorities off that Alice and Bob were at least communicating; if they are both criminals for instance, just seeing the activity between Alice and Bob might be enough to alert the authorities to watch the pair a bit more closely because something's about to go down - even if they can't actually discover the message content.

    However, if Alice and Bob are both spammers, and use the Windows worm du jour as their open spam relay, and each spam a few million email addresses, it's much harder to see that Alice and Bob are in fact conversing let alone find the actual message.