Evidence of Steganography in Real Criminal Cases 231
ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"
Summary of Article (Score:5, Funny)
New Purdue University research shows steganography, long considered a minor threat, may be on the rise
OCTOBER 18, 2007 | 6:00 PM
By Kelly Jackson Higgins Senior Editor, Dark Reading
Until recently, steganography, the stealth technique of hiding text or images within image files, has mostly been considered too complex -- and conspicuous -- to be much of a threat. But some forensics experts now worry that the bad guys are starting to use the tactic more frequently, especially in child pornography and identity theft trafficking.
There are an estimated 800 or so steganography tools available online, many of them free and with user-friendly graphical user interfaces and point-and-click features. This broad availability making steganography more accessible and easier to use for hiding and moving stolen or illicit payloads, experts say.
Security experts to date have mostly dismissed steganography as a mainstream threat, relegating it to the domain of spooks and the feds. Their skepticism has been well-founded: The few studies that have searched for images hiding steganographic messages have come up empty-handed.
This is just the first stage ... (Score:5, Funny)
Re:"Security Expert" (Score:1, Funny)
Re:"Security Expert" (Score:5, Funny)
Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.
Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.
Re:These must be freshman researchers (Score:4, Funny)
Re:"Security Expert" (Score:4, Funny)
Re:Just because you think it doesn't make sense... (Score:4, Funny)
(slammed against the wall)
"Bro don't tase me, don't tase me! Br-clickclickclickclickclick"
Welcome to the NEW America.
The best implementation (Score:5, Funny)
First the program takes the target JPG (which you want to be very large), and treats it as random noise. Simply a field of random zeros and ones. Then, within that vast field, the program selects a pattern or frequency to place variations in the noise pattern.
The variations in the noise pattern act as a beacon - sort of a signal that the payload is coming. Common variations include mathematical pulses at predictable intervals - say something that would easily be recognizable by a 5th-grader, like say a pattern of prime numbers.
Then it layers in a second layer, nested within the main signal. Some bits are bits to tell how to interpret the other bits. Use a gray scale with standard interpolation. Rotate the second layer 90 degrees. Make sure there's a string break every 60 characters, and add an auxiliary sideband channel. Make sure that the second layer is zoomed in sufficiently, and using a less popular protocol language, so that upon first glance it's not easily recognizable.
Here's the magical part: It then adds in a third layer. Sort of like in ancient times when parchment was in short supply people would write over old writing... it was called a palimpsest. Here you can catalog over 10,000 "frames" of data, which can communicate any message that you want.
Further details on this method can be found here. [imsdb.com]
Re:"Security Expert" (Score:5, Funny)
Re:"Security Expert" (Score:4, Funny)
In a Spanish-speaking office I was trying to guess at the name and called it a palito, which literally means "little stick." It took about two minutes for the laughter to die down, and then I learned that palito is slang for dick.
Re:"Security Expert" (Score:2, Funny)
Re:"Security Expert" (Score:5, Funny)
Re:"Security Expert" (Score:3, Funny)
Re:"Security Expert" (Score:3, Funny)
Sony. Well, sort of.
Re:It's not unlocking anything (Score:2, Funny)
Re:Is Schneier being naive? (Score:2, Funny)