Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Internet IT Technology

Evidence of Steganography in Real Criminal Cases 231

Posted by Zonk from the not-just-a-numb3rs-plot dept.
ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"
This discussion has been archived. No new comments can be posted.

Evidence of Steganography in Real Criminal Cases More

Evidence of Steganography in Real Criminal Cases

Comments Filter:

  • Summary of Article (Score:5, Funny)

    by Chapter80 ( 926879 ) on Saturday October 20, 2007 @07:51AM (#21054397)
    Research Shows Image-Based Threat on the Rise
    New Purdue University research shows steganography, long considered a minor threat, may be on the rise
    OCTOBER 18, 2007 | 6:00 PM

    By Kelly Jackson Higgins Senior Editor, Dark Reading

    Until recently, steganography, the stealth technique of hiding text or images within image files, has mostly been considered too complex -- and conspicuous -- to be much of a threat. But some forensics experts now worry that the bad guys are starting to use the tactic more frequently, especially in child pornography and identity theft trafficking.

    There are an estimated 800 or so steganography tools available online, many of them free and with user-friendly graphical user interfaces and point-and-click features. This broad availability making steganography more accessible and easier to use for hiding and moving stolen or illicit payloads, experts say.

    Security experts to date have mostly dismissed steganography as a mainstream threat, relegating it to the domain of spooks and the feds. Their skepticism has been well-founded: The few studies that have searched for images hiding steganographic messages have come up empty-handed.

  • This is just the first stage ... (Score:5, Funny)

    by Thrip ( 994947 ) on Saturday October 20, 2007 @08:30AM (#21054537)
    Once they've planted the idea in the public's head that child pornographers hide kiddie porn in innocent images, then they can start embedding child porn in all sorts of things, so that when they feel like arresting you, there's a good chance there will be child porn on your computer and your ISP will have server logs of you downloading it. Or maybe I'm just being paranoid.

  • Re:"Security Expert" (Score:1, Funny)

    by Anonymous Coward on Saturday October 20, 2007 @08:40AM (#21054577)
    Same guys who call bluetooth headsets "bluetooths"?

  • Re:"Security Expert" (Score:5, Funny)

    by stranger_to_himself ( 1132241 ) on Saturday October 20, 2007 @08:48AM (#21054617) Journal

    Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.

    Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

  • You do know that to most Slashdotters, Bruce Schneider is the Chuck Norris of cryptography and security?

  • Re:"Security Expert" (Score:4, Funny)

    by Frnknstn ( 663642 ) on Saturday October 20, 2007 @09:38AM (#21054857)
    Who calls USB memory sticks 'USB Keys'?

  • Re:Just because you think it doesn't make sense... (Score:4, Funny)

    by Dunbal ( 464142 ) on Saturday October 20, 2007 @09:54AM (#21054965)
    Now what?
    (slammed against the wall)

    "Bro don't tase me, don't tase me! Br-clickclickclickclickclick"

    Welcome to the NEW America.

  • The best implementation (Score:5, Funny)

    by Chapter80 ( 926879 ) on Saturday October 20, 2007 @10:09AM (#21055035)
    There are about 800 programs that do steganography. The best implementation that I have seen so far works like this:

    First the program takes the target JPG (which you want to be very large), and treats it as random noise. Simply a field of random zeros and ones. Then, within that vast field, the program selects a pattern or frequency to place variations in the noise pattern.

    The variations in the noise pattern act as a beacon - sort of a signal that the payload is coming. Common variations include mathematical pulses at predictable intervals - say something that would easily be recognizable by a 5th-grader, like say a pattern of prime numbers.

    Then it layers in a second layer, nested within the main signal. Some bits are bits to tell how to interpret the other bits. Use a gray scale with standard interpolation. Rotate the second layer 90 degrees. Make sure there's a string break every 60 characters, and add an auxiliary sideband channel. Make sure that the second layer is zoomed in sufficiently, and using a less popular protocol language, so that upon first glance it's not easily recognizable.

    Here's the magical part: It then adds in a third layer. Sort of like in ancient times when parchment was in short supply people would write over old writing... it was called a palimpsest. Here you can catalog over 10,000 "frames" of data, which can communicate any message that you want.

    Further details on this method can be found here. [imsdb.com]

  • Re:"Security Expert" (Score:5, Funny)

    by GregNorc ( 801858 ) <gregnorc@@@gmail...com> on Saturday October 20, 2007 @10:14AM (#21055061)
    You are doubting Bruce Schneier? There are a few things you should know before you question his credentials... When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it. Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity. Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

  • Re:"Security Expert" (Score:4, Funny)

    by Paradise Pete ( 33184 ) on Saturday October 20, 2007 @11:13AM (#21055371) Journal
    People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

    In a Spanish-speaking office I was trying to guess at the name and called it a palito, which literally means "little stick." It took about two minutes for the laughter to die down, and then I learned that palito is slang for dick.

  • Re:"Security Expert" (Score:2, Funny)

    by Starayo ( 989319 ) on Saturday October 20, 2007 @11:40AM (#21055563) Homepage
    That's blueteeth.

  • Re:"Security Expert" (Score:5, Funny)

    by NormalVisual ( 565491 ) on Saturday October 20, 2007 @12:02PM (#21055729)
    You forgot to mention that Bruce Schneier also taught martial arts to Chuck Norris.

  • Re:"Security Expert" (Score:3, Funny)

    by kestasjk ( 933987 ) on Saturday October 20, 2007 @12:42PM (#21056011) Homepage
    Who calls a universal serial bus integrated flash data storage device a "USB memory stick"?

  • Re:"Security Expert" (Score:3, Funny)

    by dgatwood ( 11270 ) on Saturday October 20, 2007 @12:49PM (#21056065) Homepage Journal

    Sony. Well, sort of.

  • Re:It's not unlocking anything (Score:2, Funny)

    by gallwapa ( 909389 ) on Saturday October 20, 2007 @01:12PM (#21056247) Homepage
    Hey, you insensitive clod, what if we use pam_usb to unlock our machines?!

  • Re:Is Schneier being naive? (Score:2, Funny)

    by monkaru ( 927718 ) on Saturday October 20, 2007 @01:34PM (#21056387)
    A picture of a giraffe would stand out on the internet? Even a picture of a mans gaping anus doesn't stand out on the internet. *laughs*

Slashdot Top Deals

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Close