Hidden Messages in Spam 232
randomwalker writes "There was an extremely interesting presentation at the Blackhat Windows Security Conference in January by Dr Curtis Kret entitled Nobody's Anonymous.
In his presentation he showed how information about spammers can be determined. In addition he showed that some spam is being used as a covert communication channel. This presentation demonstrates how to apply data forensics to spam in order to identify the sender of specific spam messages. Some senders can be identified by name, while others can be distinguished by attributes such as preferences, nationality, religion, and even left-handedness. Four spam categories are provided that classify spam by function, including List Makers, Scams, and Covert Communication channels. The examples provided include full-disclosure case studies: a phishing gang that targets bank customers with malware and impersonations, and an IRC group that uses spam as a covert communication channel."
Sublime! (Score:5, Funny)
Microdot! (Score:2, Funny)
Re:Sublime! (Score:2, Informative)
This "First post" contains a hidden message.
Re:Sublime! (Score:4, Funny)
"There was an extremely interesting fnord presentation at the Blackhat fnord Windows fnord Security Conference in January by Dr Curtis Kret entitled fnord Nobody's fnord Anonymous. In his presentation he showed how information about fnord spammers can be determined. In addition he showed that some fnord spam is being used as a fnord covert communication channel. This presentation demonstrates how to apply data forensics to spam fnord in order to identify the sender of specific fnord spam messages. Some fnord senders can be identified by name, while others can be distinguished by attributes such as preferences, fnord nationality, religion, and even left-handedness. Four fnord spam categories are provided that classify spam by function, including fnord List Makers, fnord Scams, and fnord Covert Communication channels. The examples provided include full-disclosure case studies: a fnord phishing fnord gang that targets fnord bank customers with fnord malware and fnord impersonations, and an IRC group that uses spam as a fnord covert fnord communication channel."
I figured it out! (Score:3, Funny)
It anagrams to "Dissident hangs the compassionate"
I know what you've been doing, and I'm alerting the police! You serial killers are always leaving sneaky notes behind, thinking we won't catch you. Well you deserve the electric chair! (see I'm not compassionate. Don't come after me.)
The next thing ... (Score:4, Funny)
Re:The next thing ... (Score:3, Funny)
When this guy figures out that he can actually sell these, watch out now!
Tin Foil Hats (Score:4, Insightful)
Oh, and Tin Foil Hats are useless - you must use my special patented Irradiated Tin Foil to keep the new mind control machines out.
Re:Tin Foil Hats (Score:2)
Do you sell patented Irradiated Tin Foil Hat plans, or do you just expect us to trust that you don't work ... with them?
Re:Tin Foil Hats (Score:3, Funny)
His patent covers the intellectual content generated by, through, or with Irradiated Tin Foil Hats. If you have an idea while wearing one of his hats, or even an idea which can be shown to have been influenced by wearing one of his hats, then he is entitled to a reasonable and non-discriminatory license fee on the results of that idea.
Best: you know about licenses that promise a piece of your first born chil
I doubt they will (Score:2, Insightful)
I doubt it. I think spam is too big of a money maker for "legitimate" businesses at this point; ISPs, banks, and of course a Slashdot favorite, marketing departments all are making a buck off of spam.
And don't think the possibility of using it for bad-guy communications will help; they'll just use it to limit freedoms, not actually remove the real problem
Re:Tin Foil Hats (Score:2)
Folks, don't believe it. Mr. Zadr is merely trying to play on your fears to sell more of his hats. Traditional Tin Foil Brand (r) Hats offer more than enough security for the average overly-paranoid kook.
Actually... (Score:3, Funny)
You don't want anything travelling from your fingers through to the keyboard...
myke
Re:The next thing ... (Score:2)
font size. (Score:3, Interesting)
Plaintext reading (Score:3, Interesting)
If the e-mail doesn't offer a plaintext counterpart, then most likely it's not worth reading anyway - lest it's an HTML newsletter that you actually signed up for, but that should be obvious to spot.
Re:Plaintext reading (Score:2, Funny)
Spam = Covert communications (Score:5, Funny)
Re:Spam = Covert communications (Score:5, Funny)
Re:Spam = Covert communications (Score:2)
Re:Spam = Covert communications (Score:3, Insightful)
Hidden food value in spam? (Score:5, Funny)
The Bible code was bad enough. Now we have people looking for messages in spam? Look! Played backwards it says "I buried Paul".
That's not what I heard. (Score:5, Funny)
I heard "I enlarged Peter."
Re:Hidden food value in spam? (Score:3, Funny)
Re:Hidden food value in spam? (Score:4, Funny)
But I never knew they had e-mail!
Usenet Spam also (Score:2, Funny)
hidden message (Score:4, Funny)
"mortal shut acrid crock cowl bawd hereditary devastate jellyfish brunette flog igor bonaparte tarry townsend discordant near aviv brigantine agnostic padlock cotangent roomy referee debater eve arlene can baroque conceptual italian congressmen infelicity modicum backplane antigen tie hilum seriate convent firewall "
Now this hidden message seems to be about a
Re:hidden message (Score:5, Funny)
MS a crock,
CB H devastate,
JBF Igor,
BTT discordant,
Nab agnostic
PCR referee
DEA can
BCI congressman
IMB antigen
THS convent
firewall
So the words say 'Firewall convent antigen, Congressman can referee agnostic discordant, Igor devastate Crock'. The first sentance says 'MS A crock' which sounds good to me, so maybe this secret group, the 'Firewall convent antigen' are being told by the congressman that they can referee the discord between the agnostic discordants and ensure 'Igor' (whoever that is) devestates Microsoft.
Or maybe I'm making it all up!
Secret messages in spam (Score:5, Informative)
Re:Secret messages in spam (Score:3, Funny)
Dear Friend , Especially for you - this red-hot intelligence
. If you no longer wish to receive our publications
simply reply with a Subject: of "REMOVE" and you will
immediately be removed from our mailing list . This
mail is being sent in compliance with Senate bill 1622
, Title 9 ; Section 308 ! This is NOT unsolicited bulk
mail . Why work for somebody else when you can become
rich as few as 40 weeks ! Have you ever notice
Re:Secret messages in spam (Score:3)
red-hot announcement . If you are not interested in
our publications and wish to be removed from our lists,
simply do NOT respond and ignore this mail . This mail
is being sent in compliance with Senate bill 2016
Title 3 , Section 302 ! This is not multi-level marketing
. Why work for somebody else when you can become rich
within 33 days . Have you ever noticed nearly every
commercial on television has a
baby boomers are more demanding tha
It's true. (Score:5, Funny)
I was Driving thru Nashvill this last week, and I stopped to piss on a run down ford truck. This guy came up to me and said "Your taillight is broken"
Re:It's true. (Score:2, Informative)
Covert Messages (Score:5, Interesting)
Re:Covert Messages (Score:3, Insightful)
Three Days of the Condor is an excellent movie with this very same premise.
If, as you say, so
Re:Covert Messages (Score:2)
rent '3 days of the condor' (Score:3, Informative)
Robert Redford discovers a double-secret CIA plot after analyzing book plots for the CIA.
P.S. - DO NOT look for the book in used bookstores, it sucks. The movie smooths out some of the macho BS in the book and adds some depth.
-- "Me post off-topic one day"
Re:Covert Messages (Score:5, Interesting)
Around 1920 Edgar Wallace used this scheme in one of his thrillers about "The Four Just Men". One of the group has been captured, and given the high profile of his crimes, he is being held in solitary. In order to pass along the rescue plan to their imprisoned colleague, his compatriots write a travel book that contains the scheme encoded and arrange for it to be reviewed in enough major newspapers that the prisoner can legitimately request a copy.
Yours truly,
Jeffrey Boulier
Re:Clancy (Score:3, Interesting)
Not to mention the first episode of The Lone Gunmen where the CIA sends a plane on autopilot to crash into the WTC. I was somewhat amazed that I didn't see a word of commentary about this after the real event.
Beat the Slashdot Spam Filter! (Score:5, Funny)
--
Click here for free V1(4)gr[a]!
emblem fredericton hustle glycerine busch humus condemnatory dummy definitive bernadine calder basemen conservatory advantage area academia ireland minimax suzerain felicity vomit davenport damn sybarite followeth dylan lariat transconductance when fogarty threadbare determine appalachia barbara concord anguish cranny ember pritchard dachshund cogitate affidavit am blaze
-- Copied out of real spam message sitting in my box --
Re:Beat the Slashdot Spam Filter! (Score:5, Funny)
Re:Beat the Slashdot Spam Filter! (Score:3, Funny)
and considering he runs http://www.backdoorjesus.com, who could blame her eh?
Re:Beat the Slashdot Spam Filter! (Score:2)
Things are looking up, he doesn't HAVE a girlfriend!
Re:Beat the Slashdot Spam Filter! (Score:2, Funny)
Life is so unfair - my girlfriend gets so much better spam than me. Her inbox gets filled with "Teens Cummin", I get viagra. Are they trying to tell me something?
Re:Beat the Slashdot Spam Filter! (Score:2, Funny)
i w4nt j00r m0n3y dud3!
It's a stock tip. (Score:2)
Al Qaeda! (Score:4, Funny)
X.
Re:Al Qaeda! (Score:2, Insightful)
> the Jihad we may finally get some political support for getting rid
> of spammers!
I know your post was modded funny, but it really isn't. But you aren't being paranoid enough.
Broadcasting to agents in the field is not a new idea, using UCE/SPAM is just teh latest example.
In WWII the BBC embedded messages in their newscasts. Of course in the current political environment over there they would be more likely to be embeding me
Re:Al Qaeda! (Score:3, Interesting)
But, then again, some people are crazy!
Some not-so-bright fellow in my country decided to extort a company by poisoning food (or something, I forgot). He had this great system devised for transferring the money (it involved sending out the data on a bank card's magnetic strip).
Not bad, since that way he would be able to withdraw the m
Re:Al Qaeda! (Score:2)
Lately I have noticed many messages in several news groups that 1) do not seem to sell anything or have any real purpose and 2) employ obviously machine generated text of the kind that is useful for embedding messages. I sincerely hope that somebody important is monitoring these groups.
Facts about spammers: (Score:3, Funny)
No trouble in tacking them down now.
Re:Facts about spammers: (Score:2)
2. 32.2 % want to enlarge my penis.
3. 25.3 % want to get me cheap mortage.
4. 86.4 % can't spell.
5. 98.3 % have a broken email program which produces defunct email header lines
What bothers me most is that 0% of the spam has penis size decreasing products.
Where is the market for those of us who are scaring women away with our incredibly huge johnsons?
Re:Facts about spammers: (Score:5, Insightful)
44.3% of the spammers want to get me rich, too.
32.2% want to enlarge my penis
Unbelievable! I never knew you could get 0.1% precision by analyzing a mere 100 discrete samples of email. Or does the 33rd spammer want to enlarge only 20% of your penis? Or is he only 20% sure that he wants to enlarge your entire penis?
Re:Facts about spammers: (Score:2)
Jeez, looking at these stats, I can't imagine why anybody WOULDN'T want to give their email address out to spammers. They seem to be nice people, geniuinely concerned about my wellbeing and happiness. We could ALL use more friends like these.
Re:Facts about spammers: (Score:2)
I wrote this many months ago, it seems to be on-topic here.
Where is the War On Terror when you need it? (Score:5, Funny)
Terrorists could use spam to send messages! Declare war on Hotmail! Nuke MSN! Hunt down the CEO of Yahoo! and tickle him until he talks!
*** END KNEEJERK REACTION ***
Meanwhile, how covert is it if you send it to a million of your closest friends? Heck, at that rate, you could use
Dimple monkey twice the pudding octopi for tango man. Very blender shoe, cellular, scooter my daisy heads. Diddley day.
And all the rest of you can kiss your ass goodbye.
Re:Where is the War On Terror when you need it? (Score:2)
Re:Where is the War On Terror when you need it? (Score:2)
>Terrorists could use spam to send messages!
>[...]
>Heck, at that rate, you could use
>*** END KNEEJERK REACTION ***
*** BEGIN KNEEJERK REACTION ***
BOMB SLASHDOT NOW!!!
*** END KNEEJERK REACTION ***
Re:Where is the War On Terror when you need it? (Score:2)
ANNOUNCER: Attention Employees! Nuclear Warhead approaching!
BILL GATES: Quickly, crash the navigation systems!
TECH #2398: I've tried all the standard tricks! I cannae crash!
TECH #2399: Probing... It runs... The M-OS sir.
BILL GATES: M-OS??
TECH #2398: You know, the Fruit?
BILL GATES: Which fruit??
TECH #2399: The red one the students give teachers?
BILL GATES: Damn you Mattintosh!
* The blast destroys the Microsoft Campus, taking MSN and Hotmail with it *
Re:Where is the War On Terror when you need it? (Score:4, Funny)
Not Surprising (Score:5, Interesting)
Really, the Feds ought to be hauling in spammers (for violations of all sorts of existing laws pertaining to fraud, computer cracking, etc) and anal-probing them for customer records, instead of wasting time on nonsense [slashdot.org].
Re:Mistaken covert messages? (Score:3, Interesting)
1. Set up a short list of words, one of which will appear in the subject line of each hidden message. (They need not be "spammy" words; random anti-filter(?) junk has been showing up in spam subject lines as well as the message body.)
2. Brute-force the process by running all incoming mail through your stegonography program.
I already miss spam... (Score:5, Funny)
Well, actually, there's something wrong with my theory, cause (a) spam is never ever going to disappear from electronic communications, and (b) more money is spent on Viagra and plastic surgery than research into Alzheimers, so when we're old and clunky, the women will have superb breasts, the men iron-hard equipment, but no-one will remember what it's all for.
Re:I already miss spam... (Score:5, Informative)
Actually, Viagra (sildenafil citrate) was originally an arrhythmia treatment (i.e. heart medicine, to help people with strokes and frequent heart attacks). ALL of the money that went into the research of (what is now called) Viagra was there to support a drug for cardiac patients.
Only when some of the clinical trials had less-than-optimal results as a cardiac treatment, and an additional "side effect" of erectile sustainment, was it recast as an erectile dysfunctant treatment. They weren't going to pour the millions they spent on researching the cardiac drug, down the drain, so they recast it as Viagra, and that is what you know today.
I know this, because I used to work with the group responsible for doing the purity/potency testing of this specific compound within $PHARMA.
Also, contrary to popular belief, Viagra does not produce erections . It increases blood flow (hence the original cardiac target). The increased bloodflow helps you sustain an existing erection longer than you normally could. It does not give you an erection.
Aha I knew it! (Score:5, Funny)
"Fat White suckers please hand over your money and I will laugh at you"
To reveal more secrets of spam please send me $200 to:
Mr Okilea Bessei
3 St Lener St
Abuja
Nigeria
Could it be?? (Score:2)
Mozilla, it say... (Score:4, Funny)
Oh the irony.
Why is this suprising. (Score:5, Insightful)
What looks more suspicious - A spam with some seemingly random keywords to throw off the filters at the bottom, or a highly encrypted data transmission on an obscure port. I know what one would make me take notice first.
Re:Why is this suprising. (Score:2)
Guess I'll have to get that box of Cap'n Crunch to get the secret decoder ring now too. Too bad kids, Dad get's this decoder ring.
The Purloined Letter (Score:2)
[Yeah. It's offtopic. Neener.]
-Carolyn
Re:The Purloined Letter (Score:2)
-Carolyn
Re:Why is this suprising. (Score:2)
Re:Why is this suprising. (Score:2)
perhaps i'm missing something here, but if someone wanted to send someone else an extremely covert message, why wouldn't they just encrypt it? i mean, wouldn't 1024 bit be enough?
Re:Why is this suprising. (Score:3, Insightful)
I know its ironic, but often the best hiding place is in plain sight.
Re:Why is this suprising. (Score:2)
However, what if your recipient is going to be using publicly accessible (non-safe) terminals, which won't have your decrypt software on it?
How better to conceal it than to obfuscate it in the message? That way those who know will see the "hidden" message, and other people won't (given a reasonably complex cipher).
Don't over water the daisys, but remember to trim the marigolds.
Comment removed (Score:5, Informative)
Steganography... (Score:5, Informative)
A google search for "steganography" [google.com] yields a lot of useful documents on this.
Re:Steganography... (Score:3, Insightful)
Re:Steganography... (Score:3, Insightful)
In fact, when I first saw these random word lists the first thing I thought of was hidden communication, NOT defeating filters...
Btw, Usenet also makes a great medium for this since it's possibly even harder to discover the intended recipient (especially when you encode the message in some pictures posted to an alt.binaries.erotica group...).
Re:Steganography... (Score:2)
Incidentally, it's steganography, not stenography, a common mistake. Stenography is a system for writing really fast...
Re:Steganography... (Score:2)
In a human language that has no possibility for redundancy (allows anything to be described in only one way) there wouldn't be space for steganography at all. Combined with the fact that most la
Quick, start writing (Score:2, Funny)
Re:Quick, start writing (Score:2)
That's exactly what I did, and someone bombed my house!
Mirror (Score:5, Informative)
Crazy (Score:5, Funny)
Next time they start finding information in
Steganography (Score:5, Interesting)
In regular email, just the fact a PGP encrypted message was sent by Alice to Bob would tip the authorities off that Alice and Bob were at least communicating; if they are both criminals for instance, just seeing the activity between Alice and Bob might be enough to alert the authorities to watch the pair a bit more closely because something's about to go down - even if they can't actually discover the message content.
However, if Alice and Bob are both spammers, and use the Windows worm du jour as their open spam relay, and each spam a few million email addresses, it's much harder to see that Alice and Bob are in fact conversing let alone find the actual message.
Re:Steganography (Score:3, Funny)
Just the fact Alice sent a PGP encrypted message to Bob defines them both as criminals. At least, in the USA it does. Britain too, I think...
Re:Steganography (Score:2)
If the Police are trying to get you for *something* but can't get anything to stick, or a high-end civil servant is trying the same, what's to stop them demanding your encryption k
The TRUE hidden message... (Score:4, Funny)
YOU HAVE A SMALL DICK.
-m
Working URL for the Paper (Score:5, Informative)
bh-win-04-kret.pdf [thebunker.net]
Just strip HTML out at the milter/MTA side (Score:3, Interesting)
Safe for you, safe for your users, and brings email back the way it ought to be, 7-bit ascii text.
I'll contine to take my webpages on port 80, and my mail on port 25, thank you very much.
7 years too late... (Score:2)
Cold fusion was the other plot piece to it. Damn Halliburton putting the kibosh on that...
Petra Arkanian? (Score:2)
I decoded it! (Score:3, Funny)
Oddly enough it was the presence of text that was MORE random than statistically likely, not less random, ie: the randomness was TOO PERFECT.
After intense analysis I have decoded the hidden plain-text. It reads:
"BUY OVALTINE"
What does that mean?
Re:I decoded it! (Score:2)
It means you decoded it wrong.
It should read "DRINK MORE OVALTINE"
What about the NSA, etc? (Score:2)
Having a system of communication in place that is normally resigned to 'chatter, junk, and immediate delete' allows for cell(terrorist/activist/..ist) communications right under the radar of those who are supposed to monitor such communications. If that angle is approached I don't see them n
Analogous to spy numbers stations? (Score:2)
I've really scairt meself today (Score:2)
Re:hidden messages? (Score:2)
Re:If you use Spamcop, messages are bidirectional (Score:2)
Apr x xx:xx:xx inetd[1513]: ftp from 81.57.71.105 exceeded counts/min (limit 2/min)
Apr x xx:xx:xx last message repeated 225 times
This IP address hit our ftp server 227 times in the period of ONE SECOND. The IP is from a French DSL pool, a