Forgot your password?
typodupeerror
Security The Internet IT Technology

Evidence of Steganography in Real Criminal Cases 231

Posted by Zonk
from the not-just-a-numb3rs-plot dept.
ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"
This discussion has been archived. No new comments can be posted.

Evidence of Steganography in Real Criminal Cases

Comments Filter:
  • "Security Expert" (Score:3, Insightful)

    by somersault (912633) on Saturday October 20, 2007 @07:16AM (#21054253) Homepage Journal
    Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.
    • Re: (Score:2, Informative)

      by Sobieski (1032500)
      Well, he might work at a company developing a new top secret Universal Serial Bus interface that someone else is willing to pay for.
    • From the article (Score:3, Informative)

      by johndiii (229824) *

      But Bruce Schneier, CTO of BT Counterpane, disagrees. He says steganography doesn't make sense as an insider threat. It's much easier to just suck the data off onto a USB thumb drive and walk out of the building.

      That seems to make a little more sense. They still don't quote Schneier directly, but his general conclusion seems valid. The purpose of steganography is to provide a clandestine channel, in part to avoid traffic analysis. If the data embedded through steganography is also encrypted, it would be very hard to detect. That's why this study is significant. I'll wait until it's farther along than its "early phases" before I draw any substantive conclusions, though.

    • by stranger_to_himself (1132241) on Saturday October 20, 2007 @08:48AM (#21054617) Journal

      Who calls USB keys "USB"s like one of my computer illiterate friends. Or is this some new kind of slang that I am not aware of.

      Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

      • Mine's called Jane*, but that's besides the point. I also hate it when people call things a "USB."

        *After my love: Jane Eyre
        • Mine's called Jane*, but that's besides the point. I also hate it when people call things a "USB."

          *After my love: Jane Eyre
          I hate to break it to you, but your Jane's got a conspicuous male bit poking out of her ... (which is fine, if you happen to like women in that Crying-Game sorta way, I guess ...)
      • Is there a common standard term for them yet? People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.


        You forgot jump drive, key disk, and thumb drive.

        IBM had one of the first (actually made by Kanga?). 8 whole meg!
        • by CastrTroy (595695)
          8 whole megs was a lot compared to a floppy drive, and it was probably a lot faster and more reliable.
        • by toddestan (632714)
          I had someone call one a "USB zip drive" which caused some confusion for me, as I thought they were talking about the USB version of some tech that died off a while back.

          Also, when I was at college, a lot of people called them "jump drives", probably because the Lexar brand was common on campus for some reason.
      • by Paradise Pete (33184) on Saturday October 20, 2007 @11:13AM (#21055371) Journal
        People I know call them variously "USB drive", "USB key", "Key drive", "Pen Drive", "Memory Stick", "USB stick", "USB..um..memory..thing", or "You know, that thing that goes in the USB slot that you keep stuff on". I personally call mine 'Steve' to avoid the confusion.

        In a Spanish-speaking office I was trying to guess at the name and called it a palito, which literally means "little stick." It took about two minutes for the laughter to die down, and then I learned that palito is slang for dick.

      • the Technology Without An Interesting Name...
      • The ResearchBuzz blog has proposed "nerdstick". I've standardized on that for my own use.
    • by GregNorc (801858) <gregnorc@NOsPAM.gmail.com> on Saturday October 20, 2007 @10:14AM (#21055061)
      You are doubting Bruce Schneier? There are a few things you should know before you question his credentials... When Bruce Schneier observes a quantum particle, it remains in the same state until he has finished observing it. Though a superhero, Bruce Schneier disdanes the use of a mask or secret identity as 'security through obscurity. Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.
      • by NormalVisual (565491) on Saturday October 20, 2007 @12:02PM (#21055729)
        You forgot to mention that Bruce Schneier also taught martial arts to Chuck Norris.
      • Funny, I always considered using cryptography itself to be security through obscurity. ;)

        Did you know that if you built a Dyson sphere around Bruce Schneier... Well, I forgot the rest, but it implies that he's made of something besides matter and occupies something besides space.

        Recently, seismologists have concluded that a series of tremors are in actuality the result of Bruce Schneier and Chuck Norris communicating through a series of cryptographic roundhouse kicks. (That one's from someone on slashdot)
    • Someone on my staff sent me an Internet about that just the other day. I can't really tell you what it said because it hasn't gotten here yet.
    • Who doesn't know that Bruce Schneier is in fact a very reputable, actual expert.
  • Old news though (Score:3, Interesting)

    by eneville (745111) on Saturday October 20, 2007 @07:20AM (#21054265) Homepage
    This was advertised in the film "the core" when the 'hacker kid' sends a message to a pilot within some other data... Great. It's also in use CONSTANTLY by conspiracy theorists, how many people have received that stupid email about the number 911 and the wingdings font... *yawn*.

    Steganography is also in use by some media producers, I've heard cases where demo tracks have included some randomness that is later detectable to find the source of whoever leaked the track (each person on the initial review got a different copy of the randomness).
    • Re: (Score:3, Interesting)

      by sqrt(2) (786011)
      That's a well known tactic for discovering the source of leaks of sensitive information; been in use long before computers. Hell it probably predates movable type! It didn't have a specific name until Clancy wrote Patriot Games. Google, "canary trap".
    • Re: (Score:2, Informative)

      by Anonymous Coward
      To be clear, neither of the examples you gave are steganography, but are a simple cypher and watermarking, respectively.
    • by Chapter80 (926879) on Saturday October 20, 2007 @10:09AM (#21055035)
      There are about 800 programs that do steganography. The best implementation that I have seen so far works like this:

      First the program takes the target JPG (which you want to be very large), and treats it as random noise. Simply a field of random zeros and ones. Then, within that vast field, the program selects a pattern or frequency to place variations in the noise pattern.

      The variations in the noise pattern act as a beacon - sort of a signal that the payload is coming. Common variations include mathematical pulses at predictable intervals - say something that would easily be recognizable by a 5th-grader, like say a pattern of prime numbers.

      Then it layers in a second layer, nested within the main signal. Some bits are bits to tell how to interpret the other bits. Use a gray scale with standard interpolation. Rotate the second layer 90 degrees. Make sure there's a string break every 60 characters, and add an auxiliary sideband channel. Make sure that the second layer is zoomed in sufficiently, and using a less popular protocol language, so that upon first glance it's not easily recognizable.

      Here's the magical part: It then adds in a third layer. Sort of like in ancient times when parchment was in short supply people would write over old writing... it was called a palimpsest. Here you can catalog over 10,000 "frames" of data, which can communicate any message that you want.

      Further details on this method can be found here. [imsdb.com]

      • by Gorobei (127755)
        That's pretty funny. It has no relationship to reality, of course. Probably worth +5 informative on slashdot, though.
      • by Chapter80 (926879)
        Ah, someone got "Mod-ulated"! "Informative", gotta love it. Some Mod needs to turn in their Geek card...

        ELLIE Mathematics is the only truly universal language, Senator. We think this may be a beacon -- an announcement to get our attention.
        DRUMLIN If it's attention you want I'd say you've got it. Just one thing: Why Vega? Everyone's looked at Vega for years with no results, and now, yesterday, they start broadcasting primes.

        ...

        LUNACHARSKY A second layer, nested within the

  • by petes_PoV (912422) on Saturday October 20, 2007 @07:38AM (#21054345)
    The whole point of steganography is to embed undetectable data in a file. If some people now claim to have found evidence of it, then the original users can't have a very effective steganographic process.

    Maybe this really means that the software available for this type of use just doesn't work very well?

    • by mu22le (766735) on Saturday October 20, 2007 @08:00AM (#21054439) Homepage Journal
      The article is just saying that they found steganographic software on some criminal's pc.

      FYI you can detect the presence of steganographed information by statistical means (http://en.wikipedia.org/wiki/Steganalysis).
      • by petes_PoV (912422)
        they found steganographic software ...

        And this is part of the problem with the process. It's no good hiding data in an undetectable way if you leave behind indicators that there's data hidden. It's a bit like breaking into a house, and leaving no trace of where/how you did it - then leaving your lockpicks by the side door.

        If you're going to have steganographic software, it must not be recognisable as such.

        • by perlchild (582235)
          Or again, they could have gotten the software on a usbkey

          Denying access to the software used to hide it would also work.
    • by DrYak (748999) on Saturday October 20, 2007 @08:28AM (#21054525) Homepage
      In fact people like Guillermito [guillermito2.net] has regularly showed that a lot point'n'click stegano softs are just completely useless. They either don't work at all (fail to transport data) or store the data in nearly not hidden at all way (payload stored as-is past the end of the file, or zero-padded and used for the least significant bit of the file without any encryption).

      Specially if the marketing blurb mentions "military grade" (translation : triple AES is used to store the password. The reader software inputs a password from the user and if it matches the hash... the soft proceeds extracting the otherwise clear, non crypted and un-obfuscated payload).

      So while it *is* possible to design actually working steganography, if a would-be pedo-terrorist-criminal tries to google for stenographic software, he'll most likely land on useless software.
  • by tkrotchko (124118) * on Saturday October 20, 2007 @07:46AM (#21054375) Homepage
    Kids,

    To those versed in statistics or the scientific method, find the flaw in this statement (as taken from the article):

    "with the little data we have so far, we are finding that there's a strong correlation between criminal activity and at least the installation of steganography programs on those [confiscated] computers"

    With the little data I have so far, I think the researchers are pulling our leg.
    • by aztektum (170569)
      "Criminals try to hide their involvement in a crime. Steganographed film @ 11!"
  • by starseeker (141897) on Saturday October 20, 2007 @07:50AM (#21054391) Homepage

    Installation of steganography tools != using those tools in practice. If someone is looking to conceal data, they may be grabbing anything out there that stands a remote chance of being helpful. Sort of like how in the early days students would have all kinds of music players and point-to-point file exchange programs, looking for ones that would do what they wanted or had what they wanted.

    James Wingate, director of the steganography analysis & research center at Backbone Security, and a vice president there, says the use of steganography is on the rise, and it could be used for things like transporting malware.

    "Some would call me 'Chicken Little,' but I fervently and passionately believe criminal activity is being conducted with steganography... We do know it's being used to conceal child pornography," Wingate says. "

    When someone "fervently and passionately" believes something, particularly something related to a day-to-day project where one's institution stands a good chance of increased funding if what you believe is true, that's a good indication that you need to look hard for real, reproducible evidence that will stand up to rigorous peer review. Nor should concealing those types of images be surprising - unfortunately there seem to be a large number of sickos out there with this stuff, and probably every data-concealing program ever written has been used to conceal it (or try to). More to the point, is it in WIDE use?

    I agree that a USB stick is a much more plausible attach vector for a company insider (no "hey what was that huge surge of email traffic with images?" signatures for IT to poke their noses into, just for starters.) If someone wants to hide data on their machine, I would think any of the various harddrive encryption techniques would both be simpler and much more effective.

    I remember looking around at steganography tools some years back for other purposes (watermarking images people were considering contributing to a collectibles website) and my conclusion was that the most practical use of the techniques was to store information one WANTED to be found - another way to put metadata into an image so you could later figure out additional information about it (say, for a baseball card certified by a company you could add the certification information using steganography to ensure later availability of the information even without the website context, unless the image was compressed or otherwise distorted. It didn't and doesn't strike me as anything that can be used for anything uniquely evil or even uniquely practical (real image metadata is most likely a better place for useful info, and hiding information in it is an iffy proposition at best.

    Remember, just because non-government researchers can't cover all 800+ programs doesn't mean someone like the NSA with large funding and budgets couldn't throw resources at it until they had all of them covered. Somebody will probably use it, but someone will use virtually every possible technique to do something at least once in the vastness of the Internet so that's not a very interesting statement. The interesting question is will a lot of people use it, and I just can't see it being worth the trouble.

  • get over it (Score:5, Insightful)

    by m2943 (1140797) on Saturday October 20, 2007 @07:51AM (#21054395)
    First, legislatures pass bullshit laws about cryptography despite warnings that they are going to be ineffective because of steganography. Now, they claim that the sky is falling because people are using it.

    Right now, police can still detect the steganography tools, but those will start to be hidden as well. Encrypted, hidden data can be added to MP3s, MPEG4s, PDFs, scans, executables, random leftover noise on the disk. It can be hidden on microSD cards, printed on paper, and hidden on DVDs.

    There is no way governments or companies can stop covert communications of data. Get over it and stop making laws that are unenforceable but give police and governments ever more tools to abuse their powers.
    • Re:get over it (Score:5, Interesting)

      by Kjella (173770) on Saturday October 20, 2007 @10:57AM (#21055277) Homepage

      Encrypted, hidden data can be added to MP3s, MPEG4s,
      Actually, the more compressed the less likely you can embed anything useful. Trying to embed information would either lead to inefficient compression, which can be detected or to unnatural noise which can also be detected. Also you can't have an unembedded and an embedded version around, so adding stenography to that episode of Heroes you send would be really stupid and trivially found with a diff. Most good formats like bmp, wav etc. would raise eyebrows since they're so uncommon. I think your favorite non-suspicious option today would be getting a digicam with a raw option, then use the least significant color bit. It's near noise anyway since very few cameras can actually detect 10/12 bits/channel, there's no reference to go by and it's perfectly reasonable to share photos that way. Do an AES pass on the data so you're writing psuedo-random data, and I imagine it'd be rather hard to detect.
      • Re: (Score:3, Informative)

        by bobdotorg (598873)
        mon. I think your favorite non-suspicious option today would be getting a digicam with a raw option, then use the least significant color bit. It's near noise anyway since very few cameras can actually detect 10/12 bits/channel, there's no reference to go by and it's perfectly reasonable to share photos that way.

        And use pics taken indoors with a low iso / long exposure setting. The noise inherent in the CMOS or CCD will probably give 4 out of 10 bits of close to uniformly random noise (or whatever biased,
    • Re: (Score:2, Interesting)

      by DavidTC (10147)

      Encrypted, hidden data can be added to MP3s, MPEG4s, PDFs, scans, executables, random leftover noise on the disk. It can be hidden on microSD cards, printed on paper, and hidden on DVDs.

      See, right there I'm with Bruce. Why would you put steganography tools on microSD cards?

      Why not put the data encrypted on the card, and then hide the card? Doesn't that seem to make a lot more sense?

      I mean, those things can hold a lot now, a good deal more than you could reasonable hide via steganography.

      If you're smar

  • by Chapter80 (926879) on Saturday October 20, 2007 @07:51AM (#21054397)
    Research Shows Image-Based Threat on the Rise
    New Purdue University research shows steganography, long considered a minor threat, may be on the rise
    OCTOBER 18, 2007 | 6:00 PM

    By Kelly Jackson Higgins Senior Editor, Dark Reading

    Until recently, steganography, the stealth technique of hiding text or images within image files, has mostly been considered too complex -- and conspicuous -- to be much of a threat. But some forensics experts now worry that the bad guys are starting to use the tactic more frequently, especially in child pornography and identity theft trafficking.

    There are an estimated 800 or so steganography tools available online, many of them free and with user-friendly graphical user interfaces and point-and-click features. This broad availability making steganography more accessible and easier to use for hiding and moving stolen or illicit payloads, experts say.

    Security experts to date have mostly dismissed steganography as a mainstream threat, relegating it to the domain of spooks and the feds. Their skepticism has been well-founded: The few studies that have searched for images hiding steganographic messages have come up empty-handed.

  • Just because it is an inefficient and poor method does not mean it will not be used.

    Criminals are know for their poor work ethic. Why do a bunch of skull drudgery and research, when they can just grab the first thing that comes along.

    Another reason it might be attractive is it's over complication itself. One of the main reasons frequently given for people to become real spies is pure excitement. They want to do "spy stuff". Someone like that is going to go not for the best method, but for the most high
  • ... doesn't mean everyone else agrees. From a security expert, I find this a very strange attitude - surely one should always consider the worst case scenario and never dismiss any technique or approach as "something the bad guys won't use, because it's too cumbersome/difficult/whatever." If nothing else, that technique then has an immediate appeal to the bad guys because it is one you were not expecting.

    'It doesn't make sense that someone selling out the company can't just leave with a USB.'

    Oh, I think tha

    • How big is that picture of your daughter? I seen a real world example of it. A 4mb image, that somehow only seemed to result in a small photo of about a 100x100 pixels. Yeah, that ain't suspicious AT ALL. Doesn't set of any alarm bells. Nope.

      That is the entire problem with the idea, how do you get enough information inside and still not raise suspicion. It is different for coded messages, keep the code small and it can easily fit but to leak information, you need to start including megabytes of documents i

    • "something the bad guys won't use, because it's too cumbersome/difficult/whatever."

            That's the **AA version of "security"...

      And yeah, you could be encrypting all that information, but even an encrypted file would be more suspicious than a picture of your cute daughter.

            Except for the fact that the little 320 x 240 pic is 512MB...
      • by AceCaseOR (594637)

        Except for the fact that the little 320 x 240 pic is 512MB...
        As a possibility, rather then attaching one file to 1 picture, instead you take one file, divide it into small, reasonably sized chunks, and embedding them in, say, your vacation photos. It's one thing if your JPEG is several megs too big, but another if multiple JPEGs are a few KBs too big.
  • by Gnostic Ronin (980129) on Saturday October 20, 2007 @08:16AM (#21054487)
    One thing I really don't get about steganography is why hiding a message *in* a picture is preferable to sending the picture as a message.

    For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal -- say the image shows Osama wearing a silver watch for "It's go time", and a gold watch for "wait out the Americans". No one can detect a "hidden message" because there is none.

    You could do the same for other things even if you don't use USB (which would probably be easiest in a workplace). How about plain old pencil and paper? Just write down the information, put it in a device called an "envelope", write down the physical address of the guy you're sending it to, and drop it off in the post office. It's virtually untraceable, and would work even if the IT guys turn off the USB ports.
    • by cyclop (780354)

      For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal -- say the image shows Osama wearing a silver watch for "It's go time", and a gold watch for "wait out the Americans". No one can detect a "hidden message" because there is none.

      (1)This works only on messages you already have acknowledged with the receiver. Good for "attack now", but bad for "The new address of the target is X,Y,Z..."

      (2)If you repeaditly use the same ima

    • by sqrt(2) (786011)
      Good for relying information that is a binary state, or at most a few degrees of complexity, but how did they get the information on what signal matches to what command? That had to be transmitted somehow too. What if they needed to change the signal because the codes were compromised?
    • Re: (Score:3, Insightful)

      by caluml (551744)

      why couldn't the message be given via a pre-arranged signal
      It's the same problem as OTPs. If you can get the "pre-arranged signal" secretly to and from the participants, then why not just use that same method to get the message out too?
      • Re: (Score:3, Insightful)

        by Dunbal (464142)
        If you can get the "pre-arranged signal" secretly to and from the participants, then why not just use that same method to get the message out too?

              Because perhaps the "pre-arranged signal" was given in a face to face meeting, which will only happen once so as not to arouse suspicion.
        • by caluml (551744)
          Damnit, you spotted the flaw in my argument. Pistols at dawn, Sir! I demand my satisfaction.
    • by Dunbal (464142)
      For example, if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal

      Ideally you would want to use both of these methods.

      Even sending an encrypted message saying "we attack X location tomorrow at 3am, bring teams 2 and 3" jeapordizes the whole thing if somehow someone manages to decrypt your message. But if they decrypt the message and say "oh look, a picture of Osama - wtf?".

      You
      • by igb (28052)
        ``The Brits used to do it with the French resistance on the darned public radio frequencies, right under the Germans' noses. ''

        It worked well, and had some interesting advantages. One benefit was it provided a means for a resistance worker to partially confirm that someone claiming to speak for British intelligence really was: the latter said ``give me a sentence, any sentence, and I'll arrange to have it broadcast by the BBC''. It didn't work as well as it should because SOE were very careless and/or s

    • One thing I really don't get about steganography is why hiding a message *in* a picture is preferable to sending the picture as a message.

      Because hiding a message in a picture can be done on-the-fly, which is much harder with picture as message. Also, because a code (like picture as message) is fairly limited in the number, type, and complexity of messages that can be sent. (And assembling the dictionary is a fair bit of work, keeping it secure even moreso.) OTOH a message hidden in the picture can be a

    • by perlchild (582235)
      the amount of data...
      Ideally, sending a message should be long enough it's something too big to be memorized

      Same thing with an envelope, if you're in the context of industrial espionage, like the Schneier comment earlier, you'd want to send code or cad drawings, as in something too complicated for somone to memorize, and difficult to impossible for someone to replicate independantly. Stego is used in that context to prevent email logging from proving who sent it... at least, that's the theory.

      As for virtu
    • by evilviper (135110)

      if "teh terrist" wanted to send a message like "attack now", why couldn't the message be given via a pre-arranged signal

      Because then it has to be prearranged, and all the vast limitations that poses... You have a very limited amount of information you can convey, all possible messages have to be decided upon before-hand, and everyone has to remember every one of them exactly. When there's important information to convey, like someone or some place's name, you have no way to do so.

      Second, if you ARE going

  • by Thrip (994947) on Saturday October 20, 2007 @08:30AM (#21054537)
    Once they've planted the idea in the public's head that child pornographers hide kiddie porn in innocent images, then they can start embedding child porn in all sorts of things, so that when they feel like arresting you, there's a good chance there will be child porn on your computer and your ISP will have server logs of you downloading it. Or maybe I'm just being paranoid.
    • by Chapter80 (926879)
      Yeah, and there's a whole group of criminals that don't have it quite figured out. Like the ones who hid the new Radiohead album inside a photo of two naked pre-teens.
  • Don't 4chan users already do this all the time by putting books inside jpgs?

    I believe the technique is you open the jpg with winrar and it ignores everything before the start of the zip file, so ignores the jpg but still reads the zip fine.

    If little kids making penis jokes can do it with so much ease I very much doubt it's "too complex" to be useful in other ways. All it takes is the knowledge and you can hide stuff in broad day light, or at least make it very difficult for people to find that zip of (lets
    • by abb3w (696381)

      Don't 4chan users already do this all the time by putting books inside jpgs?

      That's a particularly simple form of steganography, yes, but it's easily (almost trivially) detected by anyone who suspects the existence of covert messages being sent. (EG, in Cygwin's bash, "for FOO in *.gif *.jpg *.png ; do unzip -l $FOO ; done", and examine results for a quick 'n sloppy pass; a few minutes work more could give something to automatically announce "hidden" zip files and their contents.) There are more sophisti

  • by ahodgkinson (662233) on Saturday October 20, 2007 @08:52AM (#21054641) Homepage Journal
    It is unsurprising that there is positive correlation between presence of stenography software and criminals convicted of child pornography and financial fraud. Given the penalties and the police/media preoccupation with these activities, it is hardly surprising that some criminals are using stenography to cover their tracks.

    A point to note is that the criminals using stenography are probably not using it to transfer large quantities of information, but merely communicating small very private messages. This might include links to web servers, credit card numbers or meeting/payment instructions. It is unlikely to require more than a few hundred bytes of data.

    While Schneier is correct that corporate theft is best accomplished with USB drives or even your corporate laptop, the criminals using stenographic software are probably not using it for their bulk transfers of information, but rather pointers or encryption keys to information transfered by other means.

    Comparing the number of web pages against the number of child pornographers who might be hiding stenographic in online images makes Purdue's attempt to crawl the web in search for stenographic data seem futile.

    Data transfers by stenography have to be pre-arranged in advance by some other communication method, otherwise how would sender and receiver know how to encrypt/decrypt their messages? If your interest is in stopping crime, then this is the weakest link and should be the focus of your detective work.

    • The viewer or reciever doesn't need to have a constantly updated password. They just need to know, say, a half dozen file names and passwords in advance, maybe years in advance, and try them against the image. It is trivially easy to hide a hashed text file in a compressed image file and it doesn't take special software to do it. A simple HEX editor is enough. It's pretty easy to detect but it wouldn't matter if the text data is hashed with strong encryption. There is a misconception that important data mus
  • The first ste is to not let people know from whom your recieved anything or to who you are sending things.

    So how can this be done? Easy, post it on Usenet. That way there is no link between the sender and the reciever. I post it on a server in Belgium and somebody else can read it on a server anywhere in the world.

    Obviously you need to be on-topic, othewise you can draw unwated attention on yourself. So you start to look for ways to do that. Binary groups can be ideal for this. Add Stegography and gpg and y
  • We'll mop up those cowardly confederates at Antienam...

    Those Japanese are too stupid to make it through the jungle at Singapore, and certainly don't have the logistics to sustained forward fleet operations...

    It will be at least a decade before the Russians get the atomic bomb...

    The United States has a comfortable lead in rocket technology...

    A bunch of stupid arabs couldn't put together a complex terrorist attack against the USA....

    We've just about got this insurgency licked...

    And now..!

    Thiefs are too stupid
  • Schneier says steganographic images are just too obvious, anyway, which renders the technique useless. "If I'm in Burma and trying to send out human rights documentation and hide it in a picture of a giraffe," it's going to look suspicious, he says. "For it to work, you need to have a plausible cover story."

    Like, you're sending pictures of your family to relatives overseas?

    Steganography is just a new way to mix up the classic techniques of prearranged obscure and innocent signals with ciphers, and these kin
    • Re: (Score:2, Funny)

      by monkaru (927718)
      A picture of a giraffe would stand out on the internet? Even a picture of a mans gaping anus doesn't stand out on the internet. *laughs*
  • imageboards (Score:2, Interesting)

    by niteice (793961)
    On some imageboards (which shall remain anonymous), a common trick is to password-protect a RAR file and append it to a an image (cat foo.jpg bar.rar > baz.jpg). Most RAR utilities skip right over the image data and only extract the RAR file.
    • by Stavr0 (35032)

      On some imageboards (which shall remain anonymous), a common trick is to password-protect a RAR file and append it to a an image (cat foo.jpg bar.rar > baz.jpg). Most RAR utilities skip right over the image data and only extract the RAR file.
      Except that

      COPY /B mudkip.jpg + an_hero.rar lulz.jpg
      is NOT steganography. It's a sort of naive covert channel.
  • Whooptie fucking doo. My secretary uses stenography on all my dictation, I must be a fucking James Bond villain.

    *yes, I know the difference.*
  • by photomonkey (987563) on Saturday October 20, 2007 @04:03PM (#21057547)

    Yes, there are a tremendous number of stupid criminals out there, just like there are a tremendous number of stupid people out there.

    But we chronically underestimate what people are capable of. I know a bit about O-chem, and with a bit of research could probably manufacture meth fairly easily. It's really not much more complicated than setting up a moonshine still. Out of the reach of some? Sure. But the fact remains that tens of thousands of strung-out hoopleheads manage to do it every day.

    We complain about them damn young kids sailing the high seas of Internet and maliciously raiding commerce vessels trading in MP3s, and yet many judges seem baffled by even simple concepts like IP addressing and server logging.

    These steganography tools are fairly easy to use. So why, again, are we surprised that criminals can point and click?

  • Apparently what a lot of people do not realize is the common, off-the-shelf freeware stego tools insert signatures of the program used into the file itself. Thus, by examining a JPEG image with a suitable steganography detection tool it will reveal that such a program was used.

    This utterly removes the utility of steganography in one pass. If the program leaves a signature, there is no longer a reason for using it.

    And pictures are not the only thing. There is a tool that will embed data into a Windows .EX

If at first you don't succeed, you must be a programmer.

Working...