Forgot your password?
typodupeerror
Encryption Security Science

Blocking Steganosonic Data In Phone Calls 185

Posted by kdawson
from the could-you-repeat-that-please dept.
psyced writes "Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."
This discussion has been archived. No new comments can be posted.

Blocking Steganosonic Data In Phone Calls

Comments Filter:
  • by dgatwood (11270) on Wednesday April 02, 2008 @03:23AM (#22938340) Journal

    That's completely pointless. All it does is create an arms race. Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever. Any amount of damage sufficient to prevent any possibility of hidden messages would result in significant audible alteration of the sound to the point of unusability....

    • by Brian Gordon (987471) on Wednesday April 02, 2008 @03:27AM (#22938356)
      Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too.. unless you knew exactly what shifting frequencies they were using or something, but that's just reversing the damage, not working through it.
      • by Jah-Wren Ryel (80510) on Wednesday April 02, 2008 @03:52AM (#22938434)

        Obviously if they modify the background noise then no amount of ECCs could recover anything from it since they're modifying all of the ECCs too
        Who says that the people with secrets will even try to encode them in the background noise?

        Maybe they will use the foreground noise -- for example, they could alter the pitch of the speaking voice to precisely fall into certain discrete frequency ranges, and then they occasionally bump a couple of samples into an 'unused' range and use those as a simple binary encoding of the secret data.

        If they use enough discrete frequency ranges, the general tone of the speaker's vioce won't be noticeably different and the occasional minor shifts in frequency for the encoded data will hardly stand out.

        That is just one example that I literally thought up in 30 seconds. I'm sure someone who was really concentrating could come up with much better ways to defeat the described countermeasures.
        • by badfish99 (826052) on Wednesday April 02, 2008 @04:10AM (#22938498)
          More likely, the people with secrets would just use some other method to communicate them.

          Given that this project is (according to TFA) partnered by the Ministry of Defence, this smells to me like someone spending a lot of money defending against a non-existent threat. What's the betting they used the magic word "terrorism" in their grant application?
          • by ZeroExistenZ (721849) on Wednesday April 02, 2008 @08:17AM (#22939288)

            this smells to me like someone spending a lot of money defending against a non-existent threat

            It's against the people itself. It's propaganda to keep the "terror" alive in memory, generating visions of terrorist so advanced we have to process and inspect all telecommunication, so you can feel safe.

            Please, have a look at this documentary: The century of the self [bbc.co.uk].

          • Re: (Score:3, Informative)

            by fizze (610734)
            Just two facts, that noone has seemed to mention here:
            a.) The project is a feasibility evaluation, and as such doesn't have to produce results.
            b.) The Austrian Ministry of Defence is supporting this project.

            This isn't even remotely like DARPA, so chill out ;-)
          • by hitmark (640295)
            or will just communicate them over a open channel.

            didnt a group use sat phones without any form of encryption for years while being bugged by the NSA?
          • by vertinox (846076)
            More likely, the people with secrets would just use some other method to communicate them.

            Most likely with the lowest tech available like passing physical notes across the table and then burning them after the recipient reads them.

            If people want to pass secret communication around they will and man in the middle attacks aren't as effective as just having a man at the end attack (you know just bribe one of the intended recipients to tell you what it means).
          • Re: (Score:3, Insightful)

            by severoon (536737)

            Just as a degenerate example of a little thought experiment...what if I use PKE to encrypt a message to the person on the other end of the line and then write it out in hex? The conversation would go something like: "A! F! 3! 8! 8! 4! 9! BEEEEE!!!"

            This is, of course, the most trivially stupid possible way to do this. Much better would be to write a small program that translates the encrypted message to, say, base-256 and then bleeps short tones in one of 256 different frequencies to the receiver program,

        • Re: (Score:3, Insightful)

          by Lumpy (12016)
          Why waste the time. hook the cellphone to a PC, take a photo with the camera, load photo the pc, add your stenao message and then send it as a sms to the intended recipient.

          Far far easier than trying to secretly encode a message in the background of my audio phone call, and no special gear needed.

          Wow are the "spies" of the world getting incredibly lazy? I can come up with at least 30 ways to get around this, one of which is having several prepay disposable cellphones to get around them even tapping my pho
          • by mikael (484)
            Wow are the "spies" of the world getting incredibly lazy? I can come up with at least 30 ways to get around this, one of which is having several prepay disposable cellphones to get around them even tapping my phone call.

            If they can identify the location of a call through triangulation, they they probably have "areas of interest" - high immigrant populations. Then there's "tainted by association". If they have one telephone number of interest, then any number which makes a call to that number is also of inte
          • by geekoid (135745)
            "..at least 30 ways to get around this,..."
            Do any of them even remotly deal with the same thing i.e. sending a message over a known monitored device that sounds innocent? I ask because your examples sure don't.

            The idea isn't to send an unbreakable peace of code. The idea is to get some information to somebody while being monitored. In many countries, if you are being monitored and then send an encrypted message they will put in in jail. The don't need to prove your a spy. Rather, that's enough proof that yo
            • by blincoln (592401)
              Do any of them even remotly deal with the same thing i.e. sending a message over a known monitored device that sounds innocent? I ask because your examples sure don't.

              Sending vacation photos which contain tiny encrypted steganographic messages doesn't look innocent?
        • Not only that, but there have even been papers published on using unused parts of the IP packets to hide the data... this would work very well with VoIP, and this filtering system doesn't take THAT into account either.

          Of course, it's even easier to just stego a message anonymously into Slashdot... I've even seen software for encoding full binary files into a collection of posts on here :) Some of the trolls/out of context posts might have just a bit more meaning than we think....
        • Re: (Score:3, Informative)

          by QRDeNameland (873957)

          Who says that the people with secrets will even try to encode them in the background noise?

          Maybe they will use the foreground noise --

          I couldn't read TFA as Google translation was hung, but I question the summary's definition of steganography as hiding data in the "background noise".

          If you read wikipedia's steganography entry [wikipedia.org], you'll see no mention of background/foreground noise in the definition. My understanding is that steganography generally alters the lowest order bits in a audio/video/image fil

      • Re: (Score:2, Informative)

        by kreuzotter (13645)
        If they add just noise you can send the message many times and avarage on the receiving end. The noise will be reduced by a factor of square_root(n), where n is the number of messages. However, the article does not say they will just add noise. It says they will in the next few month waste some research money to study the topic. Interesting is also that they think that it is positive to support DRM with steganography. Die sind richtige Arschloecher.
    • by Zemran (3101) on Wednesday April 02, 2008 @03:43AM (#22938408) Homepage Journal
      would result in significant audible alteration of the sound to the point of unusability....

      Sounds like an average mobile phone call to me...
    • by jd (1658) <imipak @ y a h o o .com> on Wednesday April 02, 2008 @04:06AM (#22938488) Homepage Journal
      You're probably right. Block-length FEC and Turbo Codes allow you to fix errors assuming bursty data corruption of exactly this kind, which is why NASA uses them for deep space missions. You can't exactly ask a probe on the edge of the solar system or skimming geysers to repeat itself. With sound, there's also the fact that you've multiple parameters - delay, amplitude and frequency. Unless they plan to randomize all three, you can use any of the others for covert data. Data compression isolates anything either side, so whatever they are "protecting" is limited to that one side. Shouldn't be hard to use the other.
      • Re: (Score:3, Interesting)

        The jamming will also easily be defeated by an entirely new branch of coding theory using the BBC algorithm ( http://crisp.cs.du.edu/frisc/baird.pdf [du.edu]). Error correction is distributed throughout the data stream, so even if the jammer completely obliterates parts of the signal--to the point that the original signal is unintelligible--the coded message will still get through.

        This coding theory is handy for all sorts of stuff, from military comms to cell phones to MIMO access points. And unlike most crypto

    • Re: (Score:3, Funny)

      Any amount of noise you add can simply be dealt with by including the stego data more than once or using checksums or whatever

      Yes, but how to do this in real-time in a cryptographically secure manner is the subject of much ongoing research.

      The feeling in the research community at the moment is that efficient stego-redundancy requires a working database of discovered steganographic synonyms, i.e. a stegosaurus [wikipedia.org].

    • Re: (Score:3, Insightful)

      by CastrTroy (595695)
      On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.
      • by cnettel (836611) on Wednesday April 02, 2008 @06:40AM (#22938936)

        On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

        (More) deniability.
        • Re: (Score:3, Insightful)

          If you want that, just post a one time pad code on a popular public website. I mean, that way people could post links to instructional manuals for covert materials creation for example and not get caught. Try to imagine the manpower involved to go through each lead.

          I doubt the CIA will investigate every no carrier joke on slashdot, and if they di^H^H^H^H^H^ 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01111001 01101111 01110101 01110100 01110101 01100010
          • Great, now I'm on some government watch list for watching the video! Wait, there's someone at the door, but at least I locked it so 'they' can't get;safkljwn GVL ... -NO CARRIER-
      • by gstoddart (321705) on Wednesday April 02, 2008 @08:51AM (#22939472) Homepage

        On top of this, if you have a VOIP/GSM phone, you probably have email. Why not just send encrypted email? Why jump through hoops trying to send stenographic data through the phone system.

        Because, they can tell when you send an encrypted e-mail.

        The whole point of steganography is to embed the secret message in something you broadcast in the clear, and have nobody be any the wiser that you are, in fact, sending hidden data. You give up your covertness when you observably send something secret. If nobody knows you sent it, they're not looking for it. They just think you were talking about your aunt's petunias.

        Think of it as analogous to fieldcraft for spies -- you're supposed to be able to do something completely innocuous so that they can't ever confirm that you've actually done something nefarious.

        This system is trying to preemptively just eliminate the ability to send something embedded in a clear-channel communication. Basically, take away your ability to send an encrypted sub-channel in your normal conversation.

        Cheers
        • Re: (Score:3, Interesting)

          by CastrTroy (595695)
          But by completely removing the ability for them to transmit the data, they've also lost the ability to catch people who want to transmit data this way. If you know how to break their codes, don't tell them, because they will find some other way of transmitting the data more securely.
          • by gstoddart (321705)

            But by completely removing the ability for them to transmit the data, they've also lost the ability to catch people who want to transmit data this way. If you know how to break their codes, don't tell them, because they will find some other way of transmitting the data more securely.

            Two things:

            1) They don't know how to break the codes -- they just postulate a method to stop you from transmitting the code by messing around with the background noise in such a way as you couldn't actually be transmitting some

        • by geekoid (135745)
          "Moby Dick" and the right key can produce any message.

    • by diodeus (96408)
      This new process is called....DOLBY.

      (not the lame Thomas kind either)
    • Re: (Score:2, Informative)

      by narrowhouse (1949)
      I personally would like to thank these gentlemen for working so hard to find a way to destroy watermarks in audio ripped from various sources. Watermarks are hidden data in audio, right? So do you think adding watermarks may become an act of terror now?
    • by mea37 (1201159)
      If you were "adding noise" in the sense of analog processing, that would be true.

      Since you can digitally manipulate the noise that's already there, you aren't so much "adding" noise as "replacing" the existing noise (which may not really be noise, as it may contain information) with new noise (which you know to be random).

      As to others' questions about whether anybody's really encoding information in the background noise... I don't know. I'm guessing anyone here who claims to be able to tell us one way or t
    • by aphor (99965)

      It can work, but how is it any more effective than digital compression algorithms? The real issue here is the same Psycho-Acoustic-Modelling (PAM) that has been beaten completely to death by the MP3 encoding efforts in the last 10 years. They may be able to reduce the digital bandwidth available in general, but they specifically say that they are manipulating inaudible background noise. Steganography can still exploit audible but imperceptible audio data. When they can effectively jam that channel, they wil

  • Could this just be subliminal white noise? (as opposed to superliminal).

    I guess its one way to prevent getting the alien infection from over the phone (anyone remember Threshold)... might mitigate some people's fears of harmful sensation. http://en.wikipedia.org/wiki/Motif_of_harmful_sensation [wikipedia.org]

    I wonder if it will foil over the phone lie-detectors like this one: http://www.liarcard.com/ [liarcard.com] ?
  • by Creepy Crawler (680178) on Wednesday April 02, 2008 @03:33AM (#22938374)
    The butterfly flaps its wings twice.

    I repeat, the butterfly flaps its wings twice.
    • by Thanshin (1188877)

      The butterfly flaps its wings twice.
      Oh dear God no! Quick, everybody to the shelter. Micky, take the tinfoil, Becky, the red ink. John, the condenser and the racket.

      Just hope we're not too late.
    • Re: (Score:3, Funny)

      by Alsee (515537)
      After anti-steganographic transformation:

      I saw a bug.

      -
    • by Chrisq (894406) on Wednesday April 02, 2008 @05:04AM (#22938638)
      The butterfly flaps its wings twice.

      I repeat, the butterfly flaps its wings twice.


      Please clarify immediately. Is that just a repetition or does the butterfly flap its wings four times. This could be the difference between a gang of naked teenagers invading Prime Minister's question time and the defacing of Nelson's column.
    • What is this a reference to? Whatever it is, it doesn't appear to be that popular [google.co.in]. If this is a sci-fi movie quote... I wanna see the movie it's in...

      • I was giving an example of hidden information that was not OOB. Given a proper codebook, one could make seemingly normal speech into codes. No amount of static in the background is going to stop that.

        Now about the codebook... Anonymously put it on a FTP server GPG'ed and zip passworded (yes, zipasswd to prevent finding which public keys it uses).

    • by ozbird (127571)
      Ah! The tobacconist [wikipedia.org] flaps its wings twice.
    • They say stegosaurus was the sneakiest of the dinosaurs, and could hide in plain sight.
    • You can add "random noise" to an .exe file - most processors have at least some opcodes with "don't care" bits. You can alter those bits without affecting the semantics of the code.
      • by Chrisq (894406)
        Or just jump over a group of random bytes that will never be executed. In a high level language have some unused variable

        myString = "FooFoogh234h2j4hj23hj";

        search the executable for FooFoo then read the following bytes.
        • Re:Or.. (Score:4, Informative)

          by kvezach (1199717) on Wednesday April 02, 2008 @06:07AM (#22938836)
          Or perturb the logic. The easy way is just to look at how polymorphic viruses did it. The hard way is to get out your disassembler and change

          cmp eax, edx
          jle offset

          to
          cmp edx, eax
          jae offset

          (insert your own variation here). Have a program read all cmp eax, edx (or cmp edx, eax) opcodes and output 0 for the first and 1 for the second.
      • There is a very interesting program named hydan http://www.crazyboy.com/hydan/ [crazyboy.com] that does something very interesting.

        It looks for numeric operators and, using certain rules such as change a subtracting a constant to adding a negative constant, will change some and leave others alone to encode binary data. The executable's hash is changed, obviously, but its functionality is not, and you can encode a message within an executable in a manner that would be difficult to detect, especially if people do things li
    • Re: (Score:2, Informative)

      by Anonymous Coward
      Um, yes you can. Many instruction combinations are interchangeable. You merely need to be certain the result is same in all relevant cases for both instruction sequences. In the easy cases it might mean just to swap two instructions. See polymorphic viruses.

      Additionally you can use empty areas in executable formats, in the headers or padding. Or even add an extra data segment... If file size is no issue, you can typically just concatenate some extra data in the end of file.

      However, instruction sequenc
    • Of course you can. Just don't expect it to still execute. If we're talking here about steganography (stegano-[something else?]), you can still carry the file as an .exe file and go: "I don't know why it doesn't execute ... I guess it's corrupted!"
      • Re: (Score:3, Informative)

        by hairyfeet (841228)
        Uh, they actually had an article on slashdot a few years back about a program that would let you hide stuff in executables. And they still worked fine. Here is the article [slashdot.org] and the link to where you can get the code still works.

        I personally think this is just another government handout. There are so many much easier ways to hide a secret message than using a phone. Hell, they could just post one of those stupid lolcat pictures on the web with the message inside. The operative would only have to know somet

    • by yoris (776276) on Wednesday April 02, 2008 @04:51AM (#22938604)
      Yes you can. Some examples: - replace "add 1024" with "substract -1024" - replace "if greater then 100" with "if greater then or equal to 99" - replace "copy a to b, copy c to d" by "copy c to d, copy a to b" Just have a look at any assembly language and use your imagination. To make matters even simpler, there are operators which completely ignore certain parameters (e.g. a JUMP operator which only takes 1 parameter leaves room for hidden data in the 2nd and 3rd operator field). There are plenty of instructions or combinations of instructions which leave room to such minor changes without any difference in execution. So for the steganographers, the goal would be to look for all of such instances in an executable, then agree on some kind of code (for example "add n" is a 1, "substract -n" is a 0). Semantically there is no difference, both codes will result in the exact same execution, but you found some wiggle room to leave a message. It was reported on Slashdot a few years ago.
      • by mapkinase (958129)
        The subject is blocking, so returning to it: looks like blocking can be easily done with the same software used for coding the hidden message. It's important to know that you do not need to know what code they are using in the hidden message or what decoding software. You just have to know that they are using software X.

        It's much easier to destroy the message than to intercept it.
      • by 3vi1 (544505)
        >> ...replace "if greater then 100" with "if greater then or equal to 99"...

        Ummm... that's not going to work like you think.
  • by Rah'Dick (976472) on Wednesday April 02, 2008 @03:38AM (#22938390)
    I wonder if we will ever have widespread end-to-end encryption for all of our private communication, so that "service providers" cannot mess with our actual message and/or data stream. I guess there will always be someone making a profit by preventing this on a legal level, sadly. When will the "mindless consumer" finally wake up and kick the government that allows all this?
    • by monsted (6709)
      You can use SRTP [networksorcery.com]. It's been available in many VoIP implementations for years. For lawful interception, the call controller (cisco call manager or such) usually holds the key to the stream, but if you're in control of both ends and the controller, you're safe.
  • by SharpFang (651121) on Wednesday April 02, 2008 @03:48AM (#22938420) Homepage Journal
    I wonder if this method could be applied to hiding messages in executables, too.

    Yes, a similar method has been employed by Microsoft to all the executables it ever released, ever since the times of MS-DOS.
    After compilation they run the program through a special utility that modifies a few bits in the executable at random. Then they run the resulting executable through some tests and if it passes, they release it, if it crashes, they try with a different random bits.
    • That is what they call an evolutionary algorithm, I guess...
  • Arrogant bastards! (Score:5, Interesting)

    by pla (258480) on Wednesday April 02, 2008 @05:27AM (#22938712) Journal
    scientists at FH St. Polten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise

    ...And once again, they treat all of us like criminals for the sake of annoying (not even preventing or catching) the 0.0001% that really pose a threat.

    Good work, guys - Even a classic BOFH has higher efficacy and useability standards than anything related to the War on Non-Western, Non-Irish, Non-Russian (and "non-former-Soviet") Terror. At least the BOFH's systems work for him, you asshats can't even manage that despite taking all that daaaaaaangerous toothpaste away from us.

    However, even I overstate the case here - Encoding data in background noise doesn't break any laws!

    We all have every right to send hidden data, or even to use hard encryption right in plain sight. However, exercising that right may lead to some undue scrutiny, and thus we expose the real reason for techniques like this... Erosion of plausible deniability, which The Powers That Be loathe far, far more than any actual threat. It looks bad to just deport and torture someone with no evidence. But if you can demonstrate that he had (gasp!) something he didn't want the whole world to know about (because only criminals have secrets, of course), well then the sheep will approve of going all Jack Bauer on him.
  • by Anonymous Coward on Wednesday April 02, 2008 @05:33AM (#22938724)
    Data can only be defined as varying bits of a defined pattern. So if the pattern is defined as 'a bunch of numbers that are either 0s or 1s', then the data stored within it is defined as varying the positions of 0s and 1s.

    Obscuring data equals obscuring the patterns. So, to obscure the data within a 0 and 1 pattern, you might switch around the 0s and 1s.

    For a message embedded in the background noise in a phone call, data may be modulated as 'loudness of background noise within a certain frequency range' or whatever. Obscuring this would be to add random data in the frequency range or whatever.

    But that actually takes knowledge of the pattern used. If the pattern is rather the speaker knocking on a table, then any method designed to obscure background noise wouldn't register it or obscure it. It's similar to a scrambling technique that randomizes the 0s and 1s on a diskette sent in the post, while the actual message may be morse code holes punched in the plastic.

    Conclusion: To void steganographic data, you need to know the method used to embed it.
  • by Terje Mathisen (128806) on Wednesday April 02, 2008 @05:50AM (#22938770)
    They key to hiding data in executables is to realize that there are many instructions with multiple possible encodings.

    You can also reverse the order of many comparison operations as long as you also modify the following branch/set instructions.

    If you want to jam such a channel you would have to do the same job, first identifying all the possible locations for such transformations, then randomly flip half of them.

    (Un?)fortunately neither the encoding nor the jamming process can be totally secure, because you can check (or know up front) which compiler had generated the original executable, then decompile/recompile and check which encodings the compiler tend to use.

    Terje
  • I've been wondering when the governments of the world would start doing something like this. No need to overtly outlaw encryption, just arm-twist the folks on the backbone to drop or block encrypted traffic or just modify it so that it can't be decrypted.
    • No need to overtly outlaw encryption, just arm-twist the folks on the backbone to drop or block encrypted traffic or just modify it so that it can't be decrypted.

      So what is the difference between highly compressed traffic and highly encrypted traffic?

  • by kurt555gs (309278) <kurt555gs&ovi,com> on Wednesday April 02, 2008 @06:40AM (#22938932) Homepage
    This could be better spent on more cell towers, or not allowing bastard fone companies to charge $200.00 termination fees.

    Stopping secret messages? , puleeese.

    "John has a long mustache"
    "The chair is against the wall"

    Stop that!
  • They can send a 'secret' message if they so desire. That can be by asking if aunt Lilly is still sick. This could trigger an event or it could be that aunt Lilly was sick. Or even both.

    What is more important very often is being able to link people. To see who is talking to who. The fact that a secret message is send will highten the importance.

    So what could a wannabe terrerist do to avaid that? Usenet! No direct connection between the two and everybody can connect from everywhere and post to any group. As l
  • by MartinG (52587) on Wednesday April 02, 2008 @06:51AM (#22938964) Homepage Journal
    I'm sure someone will correct me if I have missed something, but it seems to me that the desire by some to hide irremovable watermarks within digital streams is a similar technical challenge to adding steganographic content. Similarly, those attempting to destroy watermarks will face the same problems as those wishing to remove or destroy steganographic content.

    The interesting thing is who is on which side of the battle.

    Generally it's corporations who like the idea of watermarks, and individuals who don't. Individuals do however like steganography, but the authorities don't. It will be interesting to see who develops what technologies and who, if anyone, wins this arms race.
  • by lakiw (1039502) on Wednesday April 02, 2008 @06:54AM (#22938978)
    How often do people hide data in the background noise of their phones? Is this a big enough problem that we should care about solving it? I mean, first of all you need a program to do the stego, (short of having someone talk really softly in the background). Then you would need to play back the recording during your conversation. Wouldn't it be easier for the criminal to send an encrypted e-mail instead? Given a choice, I'll pick strong crypto over stegonography any day. The only good thing about stego is it's useful if whatever authority in charge blocks all unauthorized messages.

    It's along the lines of "How do you tell if there are stego images on someone's computer?"

    Answer:You find the stego converter tool on their harddrive.

    • Re: (Score:3, Interesting)

      by smellsofbikes (890263)
      I don't know how often people have done this with phones. I've done stego in noise in pictures, when I was exchanging email with a friend who was living in China; we used a Matlab function. (It relied on her getting pictures from me and comparing them to the originals posted on a US-based website.)
      The nice thing was precisely that it wasn't encrypted so the messages didn't just disappear, as so many others we sent did. (We started serializing our messages so we could tell when ones were going missing.)
      So
      • I am personally interested in the LK 2.2 implementation found here [mcdonald.org.uk].

        I would love if this was brought current to FUSE on 2.6 , as I have many ideas on creating stegfs files via ftpfs and googlemailfs.

        Steged cd's would also be intersting... What IS this jibberish ;)
    • by mapkinase (958129)
      And if they do not find it on someone's computer, they also search all the key drives in his pockets.
  • Snoops (Score:3, Interesting)

    by Detritus (11846) on Wednesday April 02, 2008 @07:18AM (#22939046) Homepage
    How about not monitoring my calls in the first place? I am at a loss to understand the mindset of a person who thought that this was a problem that needed a solution.

    I want end-to-end encryption on all my calls. This could be added to cell phones with some modest changes. Not having it on VOIP is just inexcusable. If the FBI wants to tap my phone, why don't they get off their lazy asses, obtain a warrant, and do some actual work, rather than expecting everything to be handed to them on a silver platter, complete with booze and hookers. I'm under no obligation to make it easy for them.

    • Your problem is not interception of the radio signals, your problem is the (US) federally mandated CALEA interface on every switch in the network.
      A mobile-to-mobile call almost always (unless you're both on the same tower) needs to pass over a landline, and to do that, it needs to be unencrypted.
      • by Detritus (11846)
        It doesn't have to be unencrypted. There's no reason that encrypted frames of GSM data can't be packetized and shipped off to another GSM base station. From what I've read GSM only offers link encryption, of questionable strength, for the mobile-to-base link. Since modern cell phone networks are already switching packets between end-user nodes, why not treat them as dumb networks and let the cell phones directly negotiate protocols and communicate with each other.
      • They going to "federally mandate" it in my house?

        Ive got tripwire everywhere on my server. I also check it every so often with a clean disk for kernel based trojans.

        Like I said, how exactly they going to do it?
  • by jackjeff (955699)
    I guess the same kind of technique could be applied to steganographic data contained in HD playback or mp3s.

    Nice to know someone is actually looking for a way to destroy these :P

  • Well, I think this is a really bad idea, and is going to cause massive trouble. If you stop stegosaurs using the phone, they are going to get really pissed off, and well, have you ever seen a pissed off stegosaurus? Trust me you don't want to, those spiky tails, eek!
  • Why block? (Score:3, Insightful)

    by redelm (54142) on Wednesday April 02, 2008 @08:44AM (#22939424) Homepage
    First and foremost, I'm not sure it is moral or ethical to block any form of communications, crypto or stego. One might well claim certain communications are illegal and facilitate harm. But that is for already-illegal and incontrovertibly harmful activities apart from the communications. Police authorities are grasping at communications because they are otherwise impotent (by design). Fighting against stego or crypto seriously risks causing greater, even if less-spectacular, harm. Baby out with the bathwater.

    That said, it is relatively easy to disrupt stego by lossy compression/decompression or vice-versa if the source is compressed. Low-order bits will get stripped in JPEGs & MP3s. This obviously doesn't work for loss-less compression as is needed for binaries. If hash or other non-compressibles found, just rehash. Once you've decided to meddle inthe datastream, some eggs will get broken. You'll have both alpha and beta errors (misses and false postives).

  • I wonder if this method could be applied to hiding messages in executables, too."

    Um, no, because the two technologies are completely different?

    Yes, there is an analogue for "background noise" in an executable, and there is a lot of redundancy there too. But I can't imagine how any approach to removing encoded data there could share anything except on the most basic conceptual level.
  • A Minor Correction:

    You have the association arrow backward. Hiding a message in radio or telephone background noise is one of many techniques collectively called steganography (literally "hidden writing"). Also, breaking this form is yesterday's war.

  • I wonder if this method could be applied to hiding messages in executables, too.

    Try introducing random bit changes into an executable. Let us know how it goes for ya.
  • Sounds impossibly (Score:3, Interesting)

    by MobyDisk (75490) on Wednesday April 02, 2008 @10:34AM (#22940270) Homepage
    If you could detect and modify the background noise, then you could simply eliminate it. But I don't think that is possible, since what makes something "background noise" is the fact that it can't really be removed without damaging the foreground signal. If it could, you would have a perfect signal-to-noise ratio. Such a technology could be used to improve the bandwidth, compression ratios, etc. - which is something far more useful than fearmongering.

    Unfortunately, I don't real have anything to go on other than a Google translated abstract, a Slashdot headline, and armchair knowledge of electronics. Anyone care to correct me?
  • 4e:45:56:45:52:20:47:4f:4e:4e:41:20:47:49:56:45:20:59:4f:55:20:55:50
    4e:45:56:45:52:20:47:4f:4e:4e:41:20:4c:45:54:20:59:4f:55:20:44:4f:57:4e
    4e:45:56:45:52:20:47:4f:4e:4e:41:20:52:55:4e:20:41:52:4f:55:4e:44
    41:4e:44:20:48:55:52:54:20:59:4f:55

    Osama, the CDs are on the plane.

    --
    BMO
  • If you can remove stego'd data from the audio recording then you can remove watermarking. Circumvention of copy right protection measures, so it's a criminal offence. Send round the bobbies and nail 'em up.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...