Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Terrorists and steganography
ZDNet ^ | September 24, 2001 | Bruce Schneier

Posted on 10/10/2001 5:08:55 PM PDT by Straight Vermonter

COMMENTARY--Guess what? Osama bin Laden uses steganography. According to nameless "U.S. officials and experts" and "U.S. and foreign officials," terrorist groups are "hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other Web sites."

Simply put, steganography is the science of hiding messages in messages. Typically, a message (either plaintext or, more cleverly, ciphertext) is hidden in the low-order bits of a digital photograph. To the uninitiated observer, it's just a picture. But to the sender and receiver, there's a message hiding in there.

It doesn't surprise me that terrorists are using this trick. The very aspects of steganography that make it unsuitable for normal corporate use make it ideally suited for terrorist use. Most importantly, it can be used in an electronic dead drop.

If you read the FBI affidavit against (accused spy) Robert Hanssen, you learn how Hanssen communicated with his Russian handlers. They never met, but would leave messages, money and documents for one another in plastic bags under a bridge. Hanssen's handler would leave a signal in a public place--a chalk mark on a mailbox--to indicate a waiting package. Hanssen would later collect the package.

That's called a 'dead drop'. It has many advantages over a face-to-face meeting. One, the two parties are never seen together. Two, the two parties don't have to coordinate a rendezvous. Three, and most importantly, one party doesn't even have to know who the other one is (a definite advantage if one of them is arrested). Dead drops can be used to facilitate completely anonymous, asynchronous communications.

Using steganography to embed a message in a pornographic image and posting it to a Usenet newsgroup is the cyberspace equivalent of a dead drop. To everyone else, it's just a picture. But to the receiver, there's a message in there waiting to be extracted.

To make it work in practice, the terrorists would need to set up some sort of code. Just as Hanssen knew to collect his package when he saw the chalk mark, a virtual terrorist will need to know to look for his message. (He can't be expected to search every picture.) There are lots of ways to communicate a signal: timestamp on the message, an uncommon word in the subject line, etc. Use your imagination here--the possibilities are limitless.

The effect is that the sender can transmit a message without ever communicating directly with the receiver. There is no e-mail between them, no remote logins, no instant messages. All that exists is a picture posted to a public forum, and then downloaded by anyone sufficiently enticed by the subject line (both third parties and the intended receiver of the secret message).

So, what's a counter-espionage agency to do? There are the standard ways of finding steganographic messages, some of which I have outlined in a previous essay. If bin Laden is using pornographic images to embed his secret messages, it is unlikely these pictures are being taken in Afghanistan. They're probably downloaded from the Web. If the NSA can keep a database of images (wouldn't that be something?), then they can find ones with subtle changes in the low-order bits. If Bin Laden uses the same image to transmit multiple messages, the NSA could notice that. Otherwise, there's probably nothing the NSA can do. Dead drops, both real and virtual, can't be prevented.

Why can't businesses use this? The primary reason is that legitimate businesses don't need dead drops. I remember one company talk about a corporation embedding a steganographic message to its salespeople in a photo on the corporate Web page. Why not just send an encrypted e-mail? Because someone might notice the e-mail and know that the salespeople all got an encrypted message. So send a message every day: a real message when you need to, and a dummy message otherwise. This is a traffic analysis problem, and there are other techniques to solve it. Steganography just doesn't apply here.

Steganography is good way for terrorist cells to communicate, allowing communication without any group knowing the identity of the other. There are other ways to build a dead drop in cyberspace. For example, a spy can sign up for a free, anonymous e-mail account. And bin Laden probably uses those, too.


TOPICS: Foreign Affairs; Front Page News; News/Current Events
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-2021-4041-46 next last
I thought this was interesting.
1 posted on 10/10/2001 5:08:55 PM PDT by Straight Vermonter
[ Post Reply | Private Reply | View Replies]

To: Straight Vermonter
So what messages were buried in Bin Laden's message of last Sunday? Any thoughts?
2 posted on 10/10/2001 5:15:51 PM PDT by alethia
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter
On the way home today I was listening to Kim Kommando (babe !) talk about this hidden text in pictures. I looked for a source in the pics to see what they were talking of and couldn't find the alphanumeric text they spoke of that could be looked at or altered ?

Anyone know how to do this to a picture ?

3 posted on 10/10/2001 5:20:07 PM PDT by Squantos
[ Post Reply | Private Reply | To 1 | View Replies]

To: Straight Vermonter
If the NSA can keep a database of images (wouldn't that be something?), then they can find ones with subtle changes in the low-order bits.

Way too wasteful. The number of images on the web is, well, mindboggling. Many of the images are copies of each other, some of them with small variations from corruption, morphs, edits and such stuff.

What you need is something like this tool:

"Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are ..."

4 posted on 10/10/2001 5:24:06 PM PDT by Cachelot
[ Post Reply | Private Reply | To 1 | View Replies]

To: alethia
The messages that might have been hidden in Bin Ladin's video last Sunday would not have any relation to steganography. His video may have included code words or gestures for his flunkies to pick up on. In the gulf war pilots who were shot down signalled their superiors with gestures or just their posture.
5 posted on 10/10/2001 5:24:31 PM PDT by Straight Vermonter
[ Post Reply | Private Reply | To 2 | View Replies]

To: Squantos
There's computer programs that do it. It is also used as a way for artists to sign pictures electronically. Not too long ago it was recognized in court as a legal signature.
6 posted on 10/10/2001 5:26:57 PM PDT by NovemberCharlie
[ Post Reply | Private Reply | To 3 | View Replies]

To: Cachelot
"Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are ..."

That is actually what got me looking for info on this. Tony Snow mentioned today that a company had done an exhaustive search of the internet for these messages and turned the information over to the government.

7 posted on 10/10/2001 5:28:37 PM PDT by Straight Vermonter
[ Post Reply | Private Reply | To 4 | View Replies]

To: Straight Vermonter
Schneier is excellent; his Applied Cryptography is pretty much the standard text for people learning computer crypto. It doesn't quite stand alone. It's light on crypto history, and not completely up to date; there's nothing about quantum cryptography, for instance.

If Ashcroft gets his way, we will be circulating these works in samizdat.

d.o.l.

Criminal Number 18F

8 posted on 10/10/2001 5:30:51 PM PDT by Criminal Number 18F
[ Post Reply | Private Reply | To 1 | View Replies]

Does this explain "Bert"?
9 posted on 10/10/2001 5:31:44 PM PDT by Henry F. Bowman
[ Post Reply | Private Reply | To 1 | View Replies]

To: NovemberCharlie
Yeah I just ruined a perfectly good pic of a B-52 Bomber. I opened it up with notepad and entered a line of text and saved it . When I tried to open it again it wouldn't. Said it was corrupted......oh well, I 'll play with it till I figure it out , self taught so far, albeit not very far :o)..........Stay Safe !
10 posted on 10/10/2001 5:34:03 PM PDT by Squantos
[ Post Reply | Private Reply | To 6 | View Replies]

To: Squantos
Try reducing the message to a binary code (ASCII or not). Then open the message in Photoshop or some other graphic editor. Say, invert every 15th pixel if it's a one, leave it alone if it's a zero. If the picture is sufficiently busy, you wouldn't be able to see it. Time consuming I know, but it would work. There's also a method invented by Francis Bacon for hiding a message in another plain text message.
11 posted on 10/10/2001 5:41:34 PM PDT by NovemberCharlie
[ Post Reply | Private Reply | To 10 | View Replies]

To: Straight Vermonter; Squantos
Just so everyone knows..... this was published here on FR closer to the original date of publication (9/24). I'll see if I can dig it up and post the link to the original thread.
12 posted on 10/10/2001 5:42:35 PM PDT by NotJustAnotherPrettyFace
[ Post Reply | Private Reply | To 1 | View Replies]

To: Squantos
"Anyone know how to do this with a picture?"

Simplest way would be to open the picture in say .jpg or .gif format (or .bmp) or other formats with a text editor and look for hidden code. Sometimes in binary newsgroups my browser opens them as gibberish rather than the picture relatively often (a nuisance to a normal binary newsgroup user) but could be done on purpose.

I'm not real up on it, but some formats have unused bits for text that are transparent and you would have to know where and how to look for them like in Photoshop or PSP. I saw a discussion about it on one of my graphics newsgroups but at the time they didn't think much info could be transmitted that way. I thought otherwise.

There would be other techniques using layers (some practically invisible) and isolating the layer with the message, such as in a .pdf or .psp file for download. I thought about trying it myself as a joke before all this happened but didn't get around to experimenting with the idea.

There are probably other imaginative ways to conceal a message just about anywhere on the net. Usenet newsgroups would be a good place to send prearranged signals in regular language although they are mostly in English I believe.

13 posted on 10/10/2001 5:45:25 PM PDT by Aliska
[ Post Reply | Private Reply | To 3 | View Replies]

To: Squantos
Yeah I just ruined a perfectly good pic of a B-52 Bomber. I opened it up with notepad and entered a line of text and saved it . When I tried to open it again it wouldn't. Said it was corrupted....

LOL! Yeah, that would be about what I'd expect to happen. ;)

It's a little more subtle than that. Remember that computer data is stored as bits and bytes. What steganography does is very subtly tweak the low-order bits in a picture or sound file, in order to encode hidden data within the file. The reason it stays hidden is that tweaking the low-order bytes results in changes to the original that are basically imperceptible no the naked eye (ear, for sound files) - think of it as just ever-so-slightly shifting colors by one shade darker, and you've got a good mental picture of the changes that result.

Anyway, as the previous poster said, you need specialized software to encode and decode steganographic information. StegoArchive.com is a good source of various programs that hide information steganographically. Neil Johnson's steganography and digital watermarking site is a good theoretical and technical introduction to the mechanical nuts-and-bolts of how information hiding is done.
14 posted on 10/10/2001 5:45:25 PM PDT by general_re
[ Post Reply | Private Reply | To 10 | View Replies]

To: Straight Vermonter; Squantos; ALL
Here is the original thread, posted on 9/24/01.

Terrorists and steganography

15 posted on 10/10/2001 5:45:36 PM PDT by NotJustAnotherPrettyFace
[ Post Reply | Private Reply | To 1 | View Replies]

To: Squantos
There's some programs and info here. Have fun.
16 posted on 10/10/2001 5:46:06 PM PDT by spunkets
[ Post Reply | Private Reply | To 10 | View Replies]

To: Straight Vermonter
Tony Snow mentioned today that a company had done an exhaustive search of the internet for these messages and turned the information over to the government.

They may have made a good showing, but an "exhaustive" search they didn't. Too much data, the content is fluid, not all stego can be found with statistical methods (the company that makes Stegdetect also makes another product, OutGuess - "anti-statistical" steganography). Plus the fact that you don't necessarily need to hide things in pictures. There's stego for sound-files too..

17 posted on 10/10/2001 5:48:09 PM PDT by Cachelot
[ Post Reply | Private Reply | To 7 | View Replies]

To: general_re
Crap.

low-order bytes = low-order bits
18 posted on 10/10/2001 5:48:13 PM PDT by general_re
[ Post Reply | Private Reply | To 14 | View Replies]

To: Squantos
Open the file in a word processing program. You get code. Add text to the file, the next person to open the file in a word processing program can read the text. Pic is unchanged.
19 posted on 10/10/2001 5:49:29 PM PDT by theneanderthal
[ Post Reply | Private Reply | To 3 | View Replies]

To: Straight Vermonter
I've been wondering whether government surveillance of the web may be responsible for slowing it down. There are other influences too, of course, including people looking for news about September 11. But what would be the effect if Carnivore and hundreds of other supercomputers were constantly scanning sites on the web, looking for information. How much effect might it have? Can anyone hazard a guess?
20 posted on 10/10/2001 5:49:46 PM PDT by Cicero
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-46 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson