Slashdot Mirror
A Linux-Based "Breath Test" For Porn On PCs
Gwaihir the Windlord writes "A university in Western Australia has started beta testing a tool that's described as 'a random breath test' to scan computers for illicit images. According to this article it's a clean bootable Linux environment. Since it doesn't write to the hard drive, the evidence is acceptable in court, at least in Australia. They're also working on versions to search for financial documents in fraud squad cases, or to search for terrorist keywords. Other than skimming off the dumb ones, does anyone really expect this to make a difference?" The article offers no details on what means the software uses to identify suspicious files.
It looks for files like "guyongirlonsheep37.jpg"
Test your net with Netalyzr
Quick! Whats the RGB color value for "pink" ?
Don't blame me, I voted for Kodos
Now everybody in Australia is guilty until proven innocent!
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Helix can do most of the "breath test" functionality referred to, and is a great forensic Linux distro. Helix is also considered a viable method in which to capture data that is consistent with the chain of custody that is required for evidence to be presented to a Judge. Check it out... http://www.e-fense.com/helix/Download.html
... would be to get a hash value for individual files, and compare that to known hash values for known infringing files. And there are already tools that do this.
Computer forensics is hard, expensive, and time-consuming. I would guess this is just a tool for cops to save cash in criminal investigations compared to hiring an expert, or at least to triage which systems need to be investigated by an expert.
Also, if your friends are IT staff and your online watercooler is slashdot.org, you may think everyone but the "dumb ones" knows how to encrypt a drive. But the reality is that the vast majority of criminals have never heard of Truecrypt.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
as breast test... would've been more appropriate, too.
The article offers no details on what means the software uses to identify suspicious files.
I highly suspect that the police don't want people to know the details of how sophisticated their technology is because they don't want to embarrass themselves. Keeping an aura of mystery and FUD around themselves and their techniques is also a form of psych-ops; it's the chrome facade of a lemon.
Might want to avoid the US and the UK as well.
IANAL, but the summary (at least) gives no indication that the forensic tool is going to be the last word. It's a bootable distro, so presumably the system has already been confiscated by whatever organization cares most about the potential crime. The forensic examiner(s) responsible for looking for data with the evil bit set boot to this CD and see if it flags anything. Then they examine anything that's flagged, and prep it for court.
Doing a thorough exam of an average drive can be time consuming, even if the user is kind enough to leave all their documents handily in the "My Documents" folder. Trying to examine several machines in a timely fashion would benefit greatly from a tool like this. If the disk flags something, and it's really illegitimate, the data just needs to get cataloged. Think of it as helping go for "low hanging fruit" that can be used to convict someone, without being as resource intensive as a full manual scan. I'm guessing that if the disk doesn't turn up anything, there will still be a long manual process involved to see if there's something there.
"It is a miracle that curiosity survives formal education." -Albert Einstein
Last time I checked, porn was not illegal.
For kiddie porn you want to scan for small swaths.
<cheesysoundtrack>
*WEEW*
"License and registration please...are you drunk ma'm?"
"No Ociffer, I swear to Drunk I'm not god"
"Step out of the car please. I'm giving you a breathalyzer test. I need you to blow on this"
"Wait...wut...come on I just want to go home"
"Well if you don't want to do the breathalyzer I can give you a balance and mental aptitude test..."
"Come on just cut me a break, I live just down the road, outside of these dark woods on this lonely country road"
"Well OK, but if you want me to skip the breathalyzer, I need you to blow on _this_"
</horribleacting>
</cheesysoundtrack>
"When information is power, privacy is freedom" - Jah-Wren Ryel
A local forensics expert says the same thing of his practice. In fact, last time I heard him speak about it, he said he'd never encountered encryption in a case he handled.
There's some sample bias going on there, because he refuses to handle some cases, and child pornography is one of the things he won't touch.
BitLocker may make encryption more mainstream.
Sadly, this seems to be a part of a trend. Part of travel now means that you need to be subjected to complete search and inspection to make sure you haven't done anything wrong.
This includes fingerprinting, gathering of biometrics, and having all of your personal stuff exhaustively searched to ensure you have no porn, terrorist material, copyrighted material you can't prove you bought, or anything critical of the government of the country you're entering.
If you have probable cause that I'm smuggling something, maybe. But, in the case you point out where we scan everyone so they can prove themselves innocent ... well, modern society is pretty much hosed in that case. However, that seems to be where we're going lately.
Cheers
Lost at C:>. Found at C.
Sounds dubious to me. In most jurisdictions I'm aware of, you are not allowed to connect hard drive to a machine physically capable of writing to it if you want anything retrieved from it to be admissible in court, and you need a chain of custody showing this. Software write protection is not good enough, you need to physically disconnect the write pins from the cable (no idea how they do this from SATA - probably something which intercepts write commands and blocks them and goes through an expensive approval process to ensure that it works).
I am TheRaven on Soylent News
'Human skin tones' is a pretty wide range though. Even just restricting it to 'white' people gives you a big range of colours if you consider the various shades of tan / sunburn - anything from deep red to pale white through dull brown. If you want to find naked black- or yellow-skinned people then it's an even bigger range. If something is blue or green you could probably guess it's not naked skin (unless the person is bruised, or wearing body paint), but without factoring in shape as well it's pretty difficult to tell if something is human coloured or not.
Actually, human skin is pretty much all the same hue, it just has different saturation levels. If you convert each image to HSV from RGB, you can just look at the hue component and people all pretty much look the same. This is common in computer vision techniques for identifying skin.
-Taylor
Worldwide Military budgets: $2100 billion. Worldwide Space Exploration budgets: $38 billion. Really, world? Really?
Once upon a time, a company did this, and sold their product to another corporation so that they could monitor employees' email. If I recall correctly, it ended in tears when somebody got sent baby pictures.
The minute you change the contents of that hard drive, you open the door to claims of tampering with evidence. "Your honor, the kiddy porn only showed up after the police 'inspected' it. They planted all of it." That's what 'chain of custody' means. Police have procedures to follow to ensure that evidence can't be tampered with.
Good meatspace analogies would be OJ Simpson's DNA showing up on evidence only after he gave a blood sample. More hypothetically, say the cops take your backpack as evidence. What happens to it? Well, it sits in a police warehouse storage facility somewhere, possibly for months. If any cop has access to that backpack on demand for this whole time, then there is effectively have no way to prevent someone from stuffing the bag full of drugs. No accountability. So for meatspace evidence, there are very strict rules that say you have to keep track of every person who has access to that piece of evidence. There can be no exceptions.
The equivalent in the computer forensics world is that you have to guarantee you didn't alter the original equipment's hard disk. Proper forensic analysis involves making a *copy* bit-for-bit and then analyzing this copy. The new thing here is a bootable CD that presumably has been rigorously tested and certified (by who, I couldn't say) that it literally cannot modify the hard disk.
It's the year of Linux on the Desktop! And to think of what the reaction would be if this ran on Windows.
#include
#include
int main()
{
printf("Searching for stuff the user isn't supposed to have...\n");
sleep(30);
printf("Illegal material found! Seize computer and arrest owner!\n");
return 0;
}
Comment removed based on user account deletion
Anyone serious enough can hide the data. As usual we all get hassled and only the stupid get caught.
1) install a game with huge data files
- Example World of Warcraft
2) make a dummy side directory off the game install
3) drop in a huge binary file with the same extension as the game data or patch
4) mount dummy file as encrypted file system
5) delete mount line before crossing the border
"No idea what that file is. Looks like part of the game to me."
No way they can have a database of all possible good binary files to ignore.
Well technically, I think we've all been IN one at least once in our lives, females included. However I suspect that's not the point you were going for.
Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
The difference between the USA and Australia - first, England rounded up all of it's religious fanatics, and sent them to the American colonies, then they rounded up all of these criminals, and send those to the Australian colonies....
In those grand traditions I propose the following test...
Turn the laptop on, tie a large weight to it. If it floats, it's a witch! Burn it! If it sinks it's innocent. Pity it didn't survive.
These posts express my own personal views, not those of my employer
Your post contains invalid markup: you can't interleave tags like that.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I was a C-Section baby, you insensitive clod!
One of the environments I worked in had a sniffer that grabbed all the images (and associated session information) it could see on the wire for that organization (or at least a subset - there was a LOT of traffic involved). It would then process those images and generate a "skin folder" of suspect imagery. We could then sift through that skin folder looking for illicit browsing, etc.
Yeah - it caught porn. But it also contained a lot of imagery of furniture, mars landscapes, deserts (it really liked the time pictures of camel spiders in Sandland were the hot topic of emails) and other such not-skin-oriented imagery.
Most women might, men don't need a thousand names for one colour. It's pink. It's not red, blue, yellow, orange, purple, green, black, or white, so it must be pink.
False negatives are something which gets less press but can still be funny.
Girl I worked with was being driven home by her boyfriend. They get stopped at a checkpoint. He's cold sober but she's had enough alcohol to knock out a bull elephant.
The officer taps on the window, window rolls down "could you blow on this please", "no problem", DING green light.
At this point my very drunk workmate leans across her boyfriend "CAN I HAVE A GO!TEHEHEHE! You don't have to change the mouthpiece!". The police officer rolls her eyes but lets the mad drunk passenger blow into it as there were no other cars waiting.
You guessed it.
*DING green light*
Que some odd looks from the officer and a great deal of lost faith in the technology.
Do daemons dream of electric sleep()?
I'm not familiar with the term "Breath Test". In this case in particular, wouldn't a "Breast Test" be more useful? Unless of course they're specifically excluding necrophilia from their search criteria...
Take it to the limit, everybody to the limit, come on, everybody fhqwhgads.
Actually, no. This method does not work - which is what I said at the time. Because this misinformation is apparently still around, I decided to run a test.
I took a large file (1600x1200 px) and then applied a basic red-eye reducing algorithm to various spots on the image. The result: visually, exactly the same image.
Then I turned to my trusty Apple Preview. I resized each photo to 9% of its original size (144x108 pixels), and the proceeded to turn the color saturation down to 0 (black and white). I then saved each file in a compressionless TIFF format. Lastly, I computed the md5 hash for each file.
Result?
MD5 (smlimg3.tiff) = d300d23ce0ca2d6dcc7188665b1e2ada
MD5 (smlimg4.tiff) = a1cf7d59f9bf4ccceb6651c5f08750dd
Let me say this once more, in case anyone else who blindly accepts anything they read on the internet has heard this: THIS TECHNIQUE DOES NOT WORK. To compare two SIMILAR images, one needs to use an image comparison algorithm - of which there are many. Hashing ONLY works on two images which are EXACTLY the same.
If you doubt the test or the results, I would be glad to email you all of my test pictures so you can see them and calculate their md5s for yourself.
3 words. British prison colony
The big question is -- can this program tell the difference between a porn photo and a photo of Fidel Castro eating a banana?
You just solved the CAPTCHA problem.
It seemed like the sort of thing that would work in theory, but I can see why it doesn't. Even changing a few pixels in the corner (I made a 10x10 white square) gave drastically different MD5s.
I'm a moron for blindly accepting a +5 post as fact, please mod down my original post.
Obligatory Soundbite Catchphrase
Well, that and Orlando, FL.
...oh, and your mom.
(Sorry, had to)
3 words. British Penal Colony There, fixed that for you
Don't anthropomorphize computers. They *hate* that.
I don't get it. How's this software gonna tell if I was looking at porn by checking my breath?
it seems fairly widely accepted and that people who regularly view pornography are more likely to be involved in sex-related crimes than people who don't (or that sex-offenders are more likely to have porn than non-sex-offenders, whichever way you want to spin it).
This means that even if the computer is found to have pornographic content on it of people who are "of age", this still raises a red flag (and IMO rightly so). Porn is the scourge of the internet. When a person's first exposure to internet porn is typically around 10 years old - it has gone way beyond "free speech". Young minds are being forcibly indoctrinated.
Censorship is the opposite of education. If neo-darwinism were defensible, people would not need to try and censor ID.
Now you will get a ton of Ubuntu backgrounds....
At my job we use one of these, it does IDE and SATA. $350 isn't a lot of money to pay if you have to do forensics work.
http://www.digitalintelligence.com/products/ultrablock_ide-sata_ro/
It has switches for changing it into Read/Write mode, but you have to break off a piece of the case to get to them. On the Read/Write model there is no cover over the switches.
As another poster wrote, the Helix Tools are very good as well.
In fact, the whole point of hashes is that they give completely different results even with the smallest differences between files or strings. Think about it. Imagine if the hash for the word "foo" was 45Ht56B, and you knew that. If the hash for "f001" was 45Ht56C or 45Ht56B4, then you could deduce a password simply by looking at a hash.
The whole point of a hashing algorithm like MD5 is that even a single bit change should change lots of random bits in the resulting hash. If it was predictable it wouldn't be suitable for it's purpose.
Jason
Invert colour spectrum on porn images. Now all the skin is green or purple or some other decidedly un-skin colour.
Transmit images.
Re-invert colour spectrum. Skin is all skin-coloured again.
.
.
.
.
Okay, so this might not work so well if the images are from after a major S&M session ;)
~REZ~ #43301. Who'd fake being me anyway?
As you demonstrate, the MD5 technique does not work. However there are other image "hashing" techniques that do work. For example, take the first three statistical moments of the histogram of the R, G and B intensities. To compare two images take a simple L1 distance between those moments. If it's below some threshold they are the same.
Disclaimer: The above algorithm works best for detecting differences between two video streams even when those video streams are distorted by color shifts. (I have personal experience with using it on production software.) For detecting similarities of images you may have to use slightly different techniques.
The sum total of your body parts isn't a person either. In fact you're not a person at all. The only person that I can prove to exist is myself, and even that relies on the 'cognito ergo sum' axiom. The rest of you are just meat machines.
Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
It's a fair comment to say that images that are changed are going to have different hash values. But how many non tech people who download images en masse that are of interest to law enf0rcment are going to reneame them? Often, it's those that don't think about what they are doing that these tools are designed to catch; end users as such.
Tools like these I believe are for the majority of cases and the occasional big ring crackdown. It's not so that they can shut down kiddy pr0n, but to tell everyone that they are doing something about it while putting in minimal effort and thus justifying a government job. It's amazing how many people in government jobs will keep a cruisy job going if all they have to do is justify it every now and again. I see it around me every day in my job. Maximum output on paper, with minimal input in reality.
Then again I could be wrong, but I've been known to lean on my government 'shovel' from time to time aswell.
The Tao that can be named is not the Tao
it seems fairly widely accepted and that people who regularly view pornography are more likely to be involved in sex-related crimes than people who don't (or that sex-offenders are more likely to have porn than non-sex-offenders, whichever way you want to spin it).
I'll keep the citation-needed tag to myself, and go to the heart of the matter: what's the causality relation here?
Is it that viewing porn makes you commit sexual offenses? Or that something (say, an ultra high sex drive and a lack of restraint) makes you commit sexual offenses and also view porn? Or is it that something causes you to commit sexual offenses, which causes you to look at porn [because you have to escape but are not satisfied].
This means that even if the computer is found to have pornographic content on it of people who are "of age", this still raises a red flag (and IMO rightly so).
It raises a red flag indicating what?
There's an urban legend that wanking blinds you. All boys and men who weren't blind as they entered puberty knows this to be false.
Having porn is very common, I would think.
Without knowing what's causing what, and what the conditional probabilities are, seeing porn doesn't say anything at all about whether there's something worth investigating.
Some terrorists play the piano. Look, this guy has a piano. He's probably a terrorist! Stone him!