Forgot your password?
typodupeerror
News

First Steganographic Image Found In The Wild 306

Posted by timothy
from the monkeying-with-images dept.
Niels Provos writes: "After months of searching for steganographic content on eBay and elsewhere -- downloading millions of images, we were finally able to find an image with a stegangraphic message hidden in it. Stegdetect and Stegbreak made short process with it. It took less than a second to compute the secret key necessary to extract the hidden message. Two commands at the prompt, and we found the hidden message to be an image of B-52 scrapyard. Right off Terraserver."
This discussion has been archived. No new comments can be posted.

First Steganographic Image Found In The Wild

Comments Filter:
  • Yeah, except for... (Score:5, Informative)

    by Anonymous Coward on Monday October 15, 2001 @02:18PM (#2432031)
    What about the Evil Bert picture? We didn't seem to have the flood of Anthrax here in the U.S. until after that poster came out.

    Hidden message?

    Hidden like a fox!
    • While the above post was meant to be humorous, it brings up an important point. The Taliban doesn't always utilize the most high tech tools, and for good reasons - they are often easy to track and/or detect. Instead, they are likely to use low tech mothods to hide their messages. Certain phrases, for example, in bin Laden's statements quite possible are intended to send an additional pre-defined meaning. This is something that only human reconnaissance can effectively decode.
      • by Gallowglass (22346) on Monday October 15, 2001 @02:48PM (#2432207)
        "Certain phrases, for example, in bin Laden's statements quite possible are intended to send an additional pre-defined meaning."

        My only exception to stwilwebm's comment above is the phrase "quite possibly". IMNSHO, "not bloody likely" is the correct adverbial phrase.

        Let's all stop and think about this for a meaning. I wish to send an important secret message to my evil henchmen on another continent. Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them?

        Apparently not, if we are to believe the Security Experts who don't want us to hear Bin-Laden. Apparently the best way to send secret messages, is to tape yourself and hope that the corporate minions of the Great Satan will transmit your message, complete, clear (no poorly translated voice-overs, if you please) and in a timely fashion.

        Am I the only one who thinks that if Bin-Laden really is that stupid, that we have little to worry about?

        • by AJWM (19027)
          Code phrases hidden (and sometimes, not so hidden) in public broadcasts have a long history. Recall BBC's nightly broadcasts during WW-II, which frequently concluded with a long list of apparently nonsense phrases. Most of them were, in fact, nonsense, but some were "trigger phrases" aimed at groups like the Resistance to coordinate actions. The nonsense phrases were thrown in so that the Germans couldn't do traffic analysis.

          If the secret message is just "the target is X, the date is Y" where X and Y are a relatively small list of predefined targets and dates, you don't need a whole lot of code phrases -- or even signs, given a video tape (consider signals between catcher and pitcher in baseball, for example) -- to convey which X and Y you mean.

          Farfetched? Not really. But even if it is, why take the slightest chance on spreading the enemy's message for him?

          And to answer your questions: Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them? The answer is NO, not if you are being actively sought out and such communications might fall into the wrong hands, betray your location and/or not get delivered.
          • Yes, but the BBC was in charge of the message transmission, and they were acting in direct concert with the people who wished to send the message. This is a very different situation to the alleged use of broadcast media by bin Laden.
          • Recall BBC's nightly broadcasts during WW-II, which frequently concluded with a long list of apparently nonsense phrases. Most of them were, in fact, nonsense, but some were "trigger phrases" aimed at groups like the Resistance to coordinate actions.

            Transmission of nonsense phrases to spies in Eastern Europe continued throughout the 1950s, under the codename The Goon Show. To this day, many of them have not been decoded and the chief steganographer [thegoonshow.co.uk] is likely to carry their secret meanings to his grave.

        • Sure, but you don't have to trust American media to get your message across. Apparently Al Jahira (I forgot the exact name of the network, forgive me) is widely available via satellite. This network is the one the original broadcast was from.

          It's not implausible to assume that the terrorists were instructed to watch that channel to receive instructions after the first US attacks occured.

        • by kilgore_47 (262118) <kilgore_47NO@SPAMyahoo.com> on Monday October 15, 2001 @03:14PM (#2432437) Homepage Journal
          According to this [smh.com.au], bin Laden is indeed using verbal codes to communicate with his people. What better way to get the message out than a public statement?

          I'm still bitter it's not getting played on US tv stations; how can a video taped statement from public enemy number one not be "newsworthy"? They say it "might contain a message". Well one message I heard was "infidels out". Is that the message they don't want us to hear? That his main demand is for us to stop occupying his 'homeland' and whatnot?

          Sure, there might be a hidden message too. But people waiting to get the hidden message will undoubtedly obtain it from some foriegn news source that DOES deem it "newsworthy".

          Censorship will only hide the message from joe sixpack & friends, and I think thats exactly the goal.
          • Don't forget that there are people out there that support OBL and they are likely to be stoked listening to OBL himself. Having said that, once you start censoring on the grounds that 'someone bad' out there might have something to gain from listening to his words the slope becomes slippery.

            Especially if the justification is not what he actually said, but the secret hidden message that that must not be heard!

          • by srvivn21 (410280)
            Amazingly, showing Osama on the TV is not likely going to result in a massive outpouring of sympathy for him or his cause. A more likely result is a rise in TV repair business.

            The media (as encouraged by the US government) has whipped the masses into a hateful frenzy, with Osama as the target.

            Forget looking for the cause of his actions. Let's just label him a "mad man", and state that his goal is "the end of the free world".

            Showing, or not showing his press releases is not going to make a whit of difference in this "war". Just like my posting my views is not going to change the mind of someone who wishes to believe the rhetoric and absolute crap that is spewing forth from the main stream media.

            Overall, I enjoy being a U.S. citizen, but I am completely embarrassed, and even mortified by some of the actions that we (as a country) condone, and those that we perpetrate.
            • Forget looking for the cause of his actions. Let's just label him a "mad man", and state that his goal is "the end of the free world".

              No, they've given us the reason. We're a "beacon of freedom"!
              (and if you can swallow that, I've got a lollypop in my pants for you to try next.)

              Overall, I enjoy being a U.S. citizen, but I am completely embarrassed, and even mortified by some of the actions that we (as a country) condone, and those that we perpetrate.
              (My feelings exactly.)
          • I read that, for some years, British TV had forbidden broadcasting representatives of Sinn Feinn (even MPs). The result was that dubbing actors read their interesting declarations. I don't know if they had better voices than the originals.
        • My only exception to stwilwebm's comment above is the phrase "quite possibly". IMNSHO, "not bloody likely" is the correct adverbial phrase.

          Actually, it's highly likely. Winston Churchill did it during WWII with his radio announcements. They contained a predefined trigger to coordinate the release of toops during certain battle arrangements.

          Let's all stop and think about this for a meaning. I wish to send an important secret message to my evil henchmen on another continent. Do I send an encrypted letter? Do I send a human messenger by plane to carry the message? Do I phone them and use secret phrases with hidden meanings to convey the message to them?

          All of these are immediately noticeable if you are under surveillance. It's best to use something that is "not quite what it seems" as a method of communication.

          hope that the corporate minions of the Great Satan will transmit your message, complete, clear (no poorly translated voice-overs, if you please) and in a timely fashion.

          Actually, a voice over won't matter. If they use the same basic imagery when translated to English, the message would still be clear. It has been noted that Bin Laden frequently uses interesting combinations of imagery in his words during the few public releases he has. As far as timely release? Come on. Our news hounds are constantly striving to be the first to release such things. I would say that Osama could absolutely count on it being delivered almost immediately.

          The most clever way to plan during a "war" is to act with utter simplicity.

        • by TheCarp (96830)
          Actually... it seems to me that this is a fine way to send a message. The "not bloody likely" part is the idea that censoring this will stop the information from getting to its intended recipients.

          The message could be conveyed in something as simple as manner of dress or a key phrase. It could be "encoded" in where Bin Ladens gun rests in the background behind him in the shot.... or the even who sits to his right or left.

          The plans were made a long time ago. Messages from Bin Laden to his people are likely of no more granulairty than "continue as planned" or "halt and wait" or "go with plan B"

          Or even more specific... "transmit orders for plan B"... I think its very likely that Bin Laden, being a figurehead, has probably delegated the actual planning and coordination to someone else, so anything from him only has to be very very high level...which is where this sort of messahe excells.

          That said... I think its silly to believe that they don't have operations setup such as to continue even if the communication channel is cutoff. All that censoring him does is stop americans from hearing what he has to say.

          -Steve
  • by wiredog (43288) on Monday October 15, 2001 @02:18PM (#2432033) Journal
    It was shown on ABC news during a discussion of, guess what, steganography. The key was "abc". The person who created it said that it had a message hidden in it. An image "in the wild" would be one that was found at images. [slashdot.org] that wasn't known beforehand to have steganographic content.
    • Preview is my friend (Score:3, Informative)

      by wiredog (43288)
      images. [google.com]
      • I think you mean:


        Preview is
        now my friend
        images. [slashdot.org]


        ;o)
    • What about images attached to emails? I can see it now:
      new abc worm scans users hard drive for images with secret messages, sends email to FBI

    • Right, but it was a good demonstration that their steganography detection tools work.


  • what exactly is the purpose of this. After perusing the site i'm not exactly sure what the purpose of this is. at first i thought it was related to terrorist hiding information in images on the internet. can someone shed some light of this situation.
    • by sphealey (2855) on Monday October 15, 2001 @02:26PM (#2432096)
      what exactly is the purpose of this. After perusing the site i'm not exactly sure what the purpose of this is. at first i thought it was related to terrorist hiding information in images on the internet. can someone shed some light of this situation.
      Based on my pre-9/11 reading, bin Laden's bunch pass messages via the spoken word, face-to-face, using messengers who are personally known to them and who usually have some sort of family tie.

      Therefore, we are going to get very worried about, and pass lots of laws concerning, ultra-sophisticated encryption technology that no evil-doer would ever touch due to (a) complexity (b) potential to stand out like a sore thumb.

      Clear now?

      sPh

      • You aren't REALLY so naive as to believe they intend to use these to combat *terrorism*, are you?

        These "antiterrorist" laws are nothing more than the standard antiprivacy "pro law" items that certain elements have been trying to get for years. Now they have a window of opportunity to ram them through.

        If passed the average person convicted of a crime using the antiterrorist rules will be high school kids selling pot or dicking with their school's chess club web page.

        They know damn well that these provisions won't really let them watch terrorists, but it will sure as hell let them watch YOU!

        KFG
  • by garcia (6573) on Monday October 15, 2001 @02:19PM (#2432035) Homepage
    It says "host cannot be reached, click OK to continue"

    yay. It only took me 10s w/Netscape to find the message :)
  • wow (Score:1, Funny)

    by part!cle (473500)
    downloading millions of images? you think they would want to find something better than a pic off of terraserver with that kind of investment.
  • Oh great... (Score:4, Funny)

    by RedOregon (161027) <redoregon@satx.r ... m minus math_god> on Monday October 15, 2001 @02:19PM (#2432037) Homepage Journal
    ...now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!
    • by ackthpt (218170) on Monday October 15, 2001 @02:38PM (#2432156) Homepage Journal
      now we're going to need federal registration to download images off the web... all for the greater cause of fighting terrorism, of course!

      Now I'm beginning to see how evil and subversive those Find the Hidden Picture's were in Highlights Magazine I read as a child! See what diabolical effect it's had on my effort to draw a picture of a simple emoticon!

      cccccccccccccccccccc
      cccccc/ccccccccEcccc
      ccccc/ccc====ccAcJcc
      cccc|ccccccccccTcOcc
      cccc|cccc====ccccEcc
      ccccc\cccccccccAc'cc
      cccccc\ccccccccTcScc
      cccccccccccccccccccc

      The horror, the horror!

  • by Anonymous Coward
    ...the theory that no-one's using this technique!
  • If I told you.... (Score:1, Interesting)

    by Russ Nelson (33911)
    If I told you that one of the images on my website had stegagnographic content, would that count as "in the wild"?
    -russ
  • This wasn't on EBay. This was a published demonstration of how steganography works.

    But if you look at the Slashdot image: http://images.slashdot.org/title.gif you'll see cmdrtaco and cowboyneal with pasty white bodies on the well tanned French Riviera.
  • Super Troll (Score:4, Redundant)

    by Outland Traveller (12138) on Monday October 15, 2001 @02:21PM (#2432054)
    The linked page says that the steg. image found "in the wild" was intentionally done as a demo of steganography and publicized on TV.

    Someone please take this article out. It's an embarassment.
  • No suprise (Score:5, Insightful)

    by Lumpy (12016) on Monday October 15, 2001 @02:21PM (#2432055) Homepage
    That it was the planted image from ABC. This is not what I would call a real detection of "in the wild" Show me an image that wasn't part of a media company stunt, or other reporter activity on the very technology of stenaography. Any of the supposed bin-laden images? How about a simple script-kiddie or cracker/thief communication?

    In the wild denotes actual use by thrid parties.. A virus in the wild means it's out there looking to do damage and infect, This image is the equilivant of a hello world program on a how to program website.

    It's not in the wild, It's an example placed by ABC news.
  • hmm (Score:2, Offtopic)

    by ByteHog (247706)
    "of course we needed to visit all these pr0n sites! that's where 70% of all the images on the web are!"

  • ...a sure fire way to crash your webserver.
  • So what we have, is an image prepare by ABC as a demonstation of how this type of steganography works. This strikes me more as an image found in the lab rather than the wild.

    What I would like to see is a truly wild image culled from the net. Unfortunately, it probably would be kiddie porn.....

    Still, the test is interesting.

  • ... will be the ones in the DECSS gallery [cmu.edu].
  • Now wait for Terraserver to e-mail you about your violation of the DMCA.

    Heh heh heh.
  • by Tassach (137772) on Monday October 15, 2001 @02:26PM (#2432093)
    If it only took "a couple of seconds" to find the secret key, it couldn't be very good. There's a big difference between "hide a message in the low bits of an image" grade stego and cryptographically secure stego. If you "encrypt" a message by XORing it with 0xDEADBEEF, don't be suprised when your super-secret encryption is broken.


    Good stego should be undetectable -- first off, the hidden message should be encrypted, and therefore nearly indistinguishable from any other set of random numbers. Also, the message needs to be several orders of magnitude smaller than the carrier image -- if you want to hide a 1K message, you ideally want a ~1M image to put it in. Isolating 1K of signal out of 1M of noise would be very computationally difficult.

    • by Lumpy (12016) on Monday October 15, 2001 @02:34PM (#2432135) Homepage
      Exactly, a 1st year C programming student could re-write a cheezt stego program to hide that 1 to 2 K message at a Certian byte offset or at a repeating offset.

      Stego detection software makes me laugh, it will only detect morons and idiots, and if you really worry about detection increast the Signal to noise ratio. stego EVERY image you come across with the contents of /dev/random. If you saturate the detectors then you can slide what you want through un-noticed.

      I dont care what they develop for detection or interception, anyone with 1/2 a brain can get past them without effort. The difference between a madman and a genius is that a genius won't use his/her knowlege to kill people for sport (or any other reason) The madman looks for any excuse to use his/her knowlege to kill maim or destroy.
      • I think it takes more than half a brain. Some of those statistical stega ("stego"?) detectors are pretty clever, and I would imagine that my first try would be caught. I think you'd need to at least sit down and do statistical analysis in order to write a successful tool.

        Before you berate the clueless programmers, let's see your solution...
        • Ok, re-read my post and there is my solution. Other than writing the code for you it is there.

          Statistical Analysis is not needed in this case. Flooding the detectors is a well known and a method that does not need any analysis or focus groups to look at. If you cause a giant chunk of images to have false positives then the real positive detection will go un-noticed or ignored. It's a simple microbiological method, Testing for e-coli is a specific and narrow band test.. If I throw in staph and a ton of interference then the e-coli test can no longer be trusted and any positive results must be discarded or ignored.

          you can be as clever as you want, but if I dump 20 million images in your lap that will set off your detector, but only 100 contain real information... I just defeated you with no effort other than writing a 15 line perl script. By the time you find my 100 real messages it will be too late.

          How am I going to put a ton of images out that are false positives? simple perl script that starts yanking images off the web, shovel's /dev/random into them and then flings them out on the net, maybe even into the irc channel I use to send my messages on how to pirate microsoft BOB, or how to overthrow the RIAA by recording mp3's backwards, or my secret communications to the mothership in orbit.... whatever.

    • by cs668 (89484) <cservin@cromagnon.com> on Monday October 15, 2001 @02:43PM (#2432190)
      That is the problem. Sometimes stego can be detected because it is more random than the surrounding data.

      If you have an image and you store the encrypted message in the low order bits of the image then they will look too random when compared to typical images.
      • by Anonymous Coward on Monday October 15, 2001 @03:03PM (#2432346)
        You can use spread spectrum techniques, you dont have to use the LSB. If an image has any uncorrelated noise at all you can always make sure the signal strength of your encrypted message is below the level of that noise ... and if the encryption algorithm can produce a sequence indistuingishable from noise if you dont know the key ...
      • If you have an image and you store the encrypted message in the low order bits of the image then they will look too random when compared to typical images.

        Yes, that is right. However, that is not the correct way of hiding information in images. What you should rather do is match the distribution of the encrypted data to the noise characteristics of a known, plausible source (e.g., a CCD camera). Alternatively, you just make sure that you encode at a bit rate that is low enough not to change the noise characteristics of the image detectably. Either is easy to do.

    • In this case we happen to know that the key was the TLA of the orginization that placed the image.

      The key was so poorly chosen that many would be able to *guess* it before the couple of seconds it took a computer to "brute force" it, if you can call coming up with "abc" as requiring brute force.

      The coolest thing to come out of this though is the fact that literally millions of people who had never heard of steganography before have now not only heard of it, they've had it explained to them in detail.

      Expect trivial usage, and thus the signal to noise ratio, to soar, making the technique far more useful for actually hiding information.

      KFG
    • If you "encrypt" a message by XORing it with 0xDEADBEEF, don't be suprised when your super-secret encryption is broken.

      You should use the much more secure method of XORing it with 0xFEEDFACEDEADBEEF instead.
  • it were a real, honest-to-goodness, in the wild picture, would it really be that exciting? I mean, the picture is available to the public anyways, so what _would_ be the big deal??

    -Jon
  • by trilucid (515316) <pparadis@havensystems.net> on Monday October 15, 2001 @02:26PM (#2432097) Homepage Journal

    but I'm kinda bothered by this sort of thing, not in the way some might think. I don't have any problem at all with the research being conducted (actually I support it, good stuff!), but I hate that gobs of bandwidth are wasted by this sort of thing.

    I mean, how much bandwidth is taken from companies with large numbes of images on their sites (EBay for example) as a results of stuff like this? It's not exactly something you can say adheres to purely ethical use of their bandwidth.

    There's got be lots of projects out there attempting this stuff, especially given recent press coverage on the topic. Who's picking up the tab for the network usage?

    Perhaps a permission-based scheme would be better, or better yet a volunteer-supported test server pool dedicated to hosting images. That way, people could test out steganography techniques by posting their images to the pool for the community at large to take a crack at. Thoughts? Flames? Oranges?

    • I'm sure the steg detection site scraper was adhering to the web server "robot" policy.

      _cough_
    • It's a PUBLIC internet and a PUBLIC web site. There is a "risk-analysis" companies make in doing business on and being connected to the Internet, whether it's virii, hackers and script kiddies, just plain web browses.

      I admit there may be a huge glut bandwidth being used in the research, but it's just a fact of life on the internet.
    • MOD PARENT UP! (Score:3, Informative)

      by fmaxwell (249001)
      I am sorry to see the above post modded down as "troll". The poster makes some very good points. Here's eBay's own 'acceptable use policy' excerpt that covers this:

      Access and Interference.
      Our web site contains robot exclusion headers and you agree that you will not use any robot, spider, other automatic device, or manual process to monitor or copy our web pages or the content contained herein without our prior expressed written permission. You agree that you will not use any device, software or routine to bypass our robot exclusion headers, or to interfere or attempt to interfere with the proper working of the eBay site or any auction being conducted on our site. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on our infrastructure. Much of the information on our site is updated on a real time basis and is proprietary or is licensed to eBay by our users or third parties. You agree that you will not copy, reproduce, alter, modify, create derivative works, or publicly display any content (except for Your Information) from our website without the prior expressed written permission of eBay or the appropriate third party.


      I think that this very clearly shows that eBay does take a dim view of these things and that such abuses of their network are prohibited. Whether it would stand up in a court of law is another matter, but trying to predict the court system in the U.S. is about as easy as winning at roulette.
      • by ethereal (13958) on Monday October 15, 2001 @02:56PM (#2432265) Journal

        But, eBay did grant permission for the download. Somebody's client said "GET http://www.ebay.com/image/something", and eBay said "OK, here it is, catch!". If they didn't want to spend the bandwidth to send it to you, they shouldn't have done so. At no point did eBay not have a choice.

        You may think I'm being needlessly literal here (and in a sense I am), but really this points out the fact that HTTP isn't a suitable protocol to use if you want to shape and/or limit your traffic in certain non-basic ways like eBay does. Not that I'm in favor of traffic limitations, though - anyone who can type a /. comment in less than 20 seconds will agree with me there :)

        • Re:MOD PARENT UP! (Score:4, Insightful)

          by fmaxwell (249001) on Monday October 15, 2001 @03:47PM (#2432694) Homepage Journal
          But, eBay did grant permission for the download. Somebody's client said "GET http://www.ebay.com/image/something", and eBay said "OK, here it is, catch!". If they didn't want to spend the bandwidth to send it to you, they shouldn't have done so. At no point did eBay not have a choice.

          What the agreement said was "prior expressed written permission", which the people conducting the study probably did not have.

          Granting an HTTP request does not constitute "permisssion" to use the service for whatever purpose you want. By analogy, the fact that Yahoo's FTP server accepts porn you upload does not mean that they have given you permission to post porn on your web page. If you send out 100,000 get-rich-quick e-mails, you cannot assume that you have "permission" from your ISP to do so because their SMTP server accepted them. The key point is intended use -- which eBay does not know. That's why they have an AUP.
      • OK, it's nice that EBay has a acceptable use policy. But how can a robot agree to that policy?
        • OK, it's nice that EBay has a acceptable use policy. But how can a robot agree to that policy?

          1. It can't. The person running the robot needs to read the policy before running it.

          2. The bot can respect the rules in the ./robots.txt file that disallows bots (http://{FQDN}/robots.txt). eBay has such a file.

          3. The bot can respect the html meta tag (e.g., meta name="robots" content="noindex,nofollow" ) that appears on individual html files.

    • Umm...I don't think eBay actually hosts any images other than basic layout stuff. All the auction images are linked from other providers.
  • by DrXym (126579) on Monday October 15, 2001 @02:27PM (#2432101)
    Given the publicity that the first stego search got, I wouldn't be surprised if you ran the test again that it would find thousands of stego messages out there.


    No doubt a fair proportion of them contain spook words too.

  • I do not know anything about steganography but I think that there is no general method to find a message hidden in a picture. If the length of the message is small enough compared to the length of the picture and the picture has some random noise in it (like every photography has). A typical GIF contains tens of thousands pixels. Assume that I want to hide a short message (50 chars 5.5 bits per char ie 275 bits in total) it means that I must add a single bit of noise to one of 40 bites of data. How can anyone find that? And what if I add the noise myself? I mean somethig like one-time pad cipher.
  • Has anyone done this personally? I'd love to do this - has anyone out there tried it?

    Do the tools cost money? Are they easy to use?

    Any experienced people, please respond...?
  • by Anonymous Coward
    I'm trying to picture this image leaping about the Serengeti, grazing amongst the gazelle, and fleeing from lions...
  • DMCA (Score:5, Funny)

    by Spankophile (78098) on Monday October 15, 2001 @02:31PM (#2432124) Homepage
    For you 'merkins out there, as long as you own the copyright on the information you "hide" in pictures, wouldn't it be illegal for people to circumvent the protection you used to hide it (i.e. steganography etc)..


    Unless of course they have a warrant, or the US government implements some more 1984 laws.

  • Reading the links , I was not able to figure out whether they found the image during their search of random images on the web ?

    Or did they use the known image from the ABC show and decoded it ?

    Its less interesting if they already knew about the image, than to have found one out of millions of random images.
  • I was over at my parents' house on Oct. 6th and, of course, Sept. 11th came up. I tried to explain how stupid the notion of encryption with backdoors was, and how there had never been any verified case of messages hidden in images on the Internet.

    Two of my aunts mentioned the coverage on ABC [go.com]. They thought that the demonstration images shown had actually been found and related to the terrorist strikes. I didn't actually see the broadcast, but the two ladies involved aren't stupid. It must have been pretty misleading coverage to give them that impression.

    Did anyone actually see the story when it was broadcast and can comment on it?

  • by Simon Brooke (45012) <stillyet@googlemail.com> on Monday October 15, 2001 @02:42PM (#2432180) Homepage Journal
    They search for steganographic images on eBay and have found none. Quel surprise.

    Eventually they get told that yes, there is a steganographic image on ABC, and they look at it, and guess what? They prove that it is a steganographic image and they can really desteg it. Quel surprise!

    Of course, this particular image was very simply constructed as an example for a mass entertainment news channel intended for a general, non-specialist, audience. It was not constructed by someone concerned about secrecy or desperate to conceal a secret message. On the contrary it was constructed using handy, freely available steganographic image tools, not special purpose custom written ones.

    Great!

    This doesn't prove that there aren't staganographic images on eBay which their software can't detect. It doesn't prove there aren't steganographic images on alt.sex.binaries.fluffy-bunnies. It doesn't prove there aren't steganographic images on your favourite pr0n site.

    It doesn't even prove that some spook agency somewhere can't detect all these steganographic messages, desteg them, and read the payload. All it proves is that these two academics can only detect a steganographic image it they're told where it is and what it is, and even then only if it's produced with a small range of well known, freely available tools.

    Incidentally, there is a steganographic payload in this post. Care to scan all Slashdot posts for steganographic payload? All Usenet? No, thought not.

  • by idonotexist (450877) on Monday October 15, 2001 @02:45PM (#2432193)
    Recently, I have been frustrated by 1) not really doing something (other than donating) related to the recent events, and 2) the government's accusations that technology is actively utilized for terrorism without providing an example.

    Considering the importance of this project and the number of images provided on the web, would it be possible for this project, or maybe another, to go to a distributed computing model (@home) ?
  • Computing power (Score:3, Interesting)

    by Anonymous Coward on Monday October 15, 2001 @02:51PM (#2432223)
    How much computing power does this type of decryption/investigation take? How much would it take to examine the large (ie > 1M) pictures? If it takes a non-trivial amount of computing power, it sounds like an excellent candidate for a seti-at-home or similar project: "Help us fight terrorism: download this program and help us crack images"...
  • by ellem (147712) <<moc.liamg> <ta> <25melle>> on Monday October 15, 2001 @02:52PM (#2432228) Homepage Journal
    I looked at that picture for hours and I couldn't see those B-52s

    I just kept staring at it and staring at it....
  • Information *hiding* (Score:2, Interesting)

    by tmdybvik (70460)
    Just one little thing that seems to be easily forgotten...
    The purpose of steganography is information hiding . An information hiding method that reveals more than random noise to an observer is broken. The only thing that can be deducted from a properly encoded steganographic message is the presence of (seemingly) random noise modulated on top of an information carrier. Claim: Encryption is a requirement in order to properly implement information hiding, otherwise one simply ends up with two images/message on top of each other.
    There is no way anybody that is serious about information hiding (and we all know who that could be...) will resort to simply mixing two picture sources using [choose your favourite modulation scheme here].
    This is also why it is so easy to detect and remove a known watermark from documents. (And certain unknown ones as well, as demonstrated by Felten & Co)
    So, while scanning the net can be useful for detecting broken applications of steganography, it will hardly reveal interesting information. (note: "Application" here refers to "method" or "usage" and not necessarily to the software performing the modulation.)
  • Well.. (Score:3, Insightful)

    by mindstrm (20013) on Monday October 15, 2001 @03:02PM (#2432337)
    the reason they 'cracked' the key was obviously because it wasn't really encrypted.

    Any real stego you wanted to hide would also be encrypted. Strongly. So all you would find is noise.

  • Detection Methods (Score:3, Informative)

    by Keeper ofthe Keys (48750) on Monday October 15, 2001 @03:13PM (#2432426) Homepage
    Many are beginning to discredit the detection of steganographic images in the wild without learning the actual methods of detection!

    While it is very easy to change an algorithm by byte offset, this is NOT the method of detection being used.

    The method of detection exploits the characteristics of the JPEG compression algorithm to detect non-naturally occuring deviations in the image file. An example of this would be the gamma balance which is averaged over a certain number of pixels. In order to "hide" a change to a single bit, another bit would need to be inversely modified such that the balance of the image remains within or close to natural balance.

  • by friday2k (205692) on Monday October 15, 2001 @03:19PM (#2432495)
    I just find it very strange that somebody tries to make us believe that Steganographic content is limited to pictures and will be found on eBay. _IF_ you really want to hide something you might want to embedd a message at a certain time (time synching is not a problem) into an ever changing stream of data (like a webcam or an Internet radio station). The content has to be spread out over a certain amount of time. Maybe only chunks of a message per hour. This is not exactly emergency communication, orders, information, etc. can be received over several hours if needed. Now you spread the content over a pre-defined sequence and maybe start with a "wakeup" message to indicate that a new block of cipher information is about to come. This would be impossible to detect, because you have nothing to compare against (like a picture of a busy street is never the same). So I personally think that this "we scan on eBay and the pictures are evil" is something to put people at ease, but is not really helping a lot. Other than people will be forced into more stealthier methods ...
  • Hmph (Score:2, Interesting)

    by Anonymous Coward
    I've been putting images with steganographic goodies in them up on message boards and other public webby places for months, in hopes that someone would trip over them.

    Been making it as obvious as possible, only to discover that the "I thought it was obvious" password was too tough for the U Mich guys to break with their dictionary attack.

    Just me jammin', trying to stir up trouble in the name of liberty and other outmoded concepts.
  • by supabeast! (84658) on Monday October 15, 2001 @03:48PM (#2432699)
    Given that image based steganography has been around for a while, and there are probably at least a few thousand people online experimenting with it, they should be turning up a lot of these. That doesn't even begin to factor in that criminal organizations all over the world are probably playing with the stuff, especially given recent coverage of steganography in the news.

    What does this really mean? Perhaps finding well hidden messages is a hell of a lot harder than anyone expected- and it will only get harder. If criminals are using this to communicate, they may be justified in feeling safe doing so.

    Of course, it is probably a bad idea to put stock in anything that comes from guys trying to grab the spotlight by reporting an image created by abc news as a steganographic image found "in the wild." If nothing else it reminds me of idiots who try to get attention reposting known securiuty vulnerabilities to BuqTraq.
  • For the impatient (Score:2, Redundant)

    by Sir_Real (179104)
    The image [msn.com] on terraserver that abc encoded. Clarification: This was NOT a terrorist encoded picture. This was planted by ABC and found and decoded.
  • If a person creates there own, unknown program with new algorythims, an FBI agent will not be able to decode the hidden measage. why? because if you do not have any information about the system that created the picture, you will not know how to decode it. the only way that the FBI will be able to decode pictures would be to get the program from some one...if you are a terrorist, are you going to give them a copy of your program?
  • OutGuess 0.2 can not be detected using these techniques.

    A little cornfusing, but it sounds like they couldn't really find any hidden info IN THE WILD, so ABC creates this image for a stego program and challenges these genie-asses to decode it? Bloody difficult key there, ABC.

    Excuse me but this sounds like a police dept. with a bloodhound who couldn't find squat, takes a prisoner, ties a t-bone steak around his neck, puts him in the dog house and says, "Find the criminal, boy! Good dog! Good Doggie!! See what progress we are making in the fight against terrorism?!" while the media are rolling film.

    Or they want to justify continued funding for their research on images in alt.binaries.pictures.you.know.what.

  • I wonder what would happen when some freak hides some instructions to carry out some sort of terrorist act in a pr0n image and it gets widely disseminated and shared around. Now if law enforcement found such an image on you, how would you prove you weren't the one who wrote the message?
  • by VV (41058)
    Here is a message right off the back of my 3com shirt which got at a trade show 3 years ago:

    http://doom.net/pics/3com-shirt.jpg
  • I have the same combination on my luggage!
  • Intelligent terrorists would use their own courier.

    When not planning face to face, terrorists will just have to send personal couriers - or get caught.

    Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.

    Government are using terrorism as an excuse - to scare people into supporting them in the monitoring of Internet traffic.

    This is all propaganda by government - to invade our basic human right to privacy.

    Government say about surveillance - "you've nothing to fear - if you are not breaking the law"

    This argument is made to pressure people into acquiesce - else appear guilty of hiding something.

    It does not address the real reason, why they want this information - they want a surveillance society.

    This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.

    All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.

    Do not believe the lies of Government - even more money spent on Carnivore will not protect you.

    Incidentally, the United States Department of Commerce and the United Nations World Intellectual Property Organization know the solution to trademark and domain name problems.

    You will find it on WIPO.org.uk [wipo.org.uk]

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.

Working...