Hidden Messages: Any There There?

By: Farhad Manjoo

Published on February 10, 2004 By Wahkonta Anathema In Internet

Since we have a group of computer experts at this site I put forth this srticle about 'steganography' and ask anyone with further information on people who are researching in this area to be so kind as to give me some links. Being the conspiracy type, I am always interested in such things and am confident there are some stories to tell in this area. Thank you for your help.
EXCERPT BEGINS
STANFORD, California -- Niels Provos, a computer science graduate student at the University of Michigan, took the dais at a Stanford University lecture hall Wednesday evening with what seemed a comforting message: After analyzing a couple million graphics files posted on the Internet, he has found no evidence that any of the pictures contained hidden communications sent by anyone, let alone agents of Osama bin Laden.

But as Provos went on to describe the ins and outs of detecting steganography -- the practice of hiding secret messages in graphic and sound files posted on the Internet -- it became clear that the comfort was illusory. If someone hides a message well enough, detecting it amid the swirl of other Internet traffic is a maddeningly slow and difficult process -- and it might even be impossible.

Provos has been working on steganography since June, ever since USA Today printed a sensationalistic report, which called encryption one of bin Laden's favorite tools.

In a subsequent Wired News article, Gary Gordon, a security expert, suggested that a few graphic files on such popular sites as eBay and Amazon might actually contain hidden messages -- and Provos said that he had to see this to believe it.

So Provos built a suite of tools to detect messages that might have been hidden using some of the steganographic programs available on the Internet, and -- using a stable of about 60 of the University of Michigan's computers -- he set about analyzing two million image files culled from eBay.

His tools detected several thousand possible hidden messages -- so Provos had to code another program to try to break apart the image files to see if they did indeed contain messages, or if he was instead getting a lot of false positives.

This turned out to be the time-sucking portion of his analysis. In order to break apart a possibly encrypted file, Provos used a dictionary of hundreds of thousands of possible passwords that might have been used to encrypt it. Each password was tried on each of the thousands of files, in a "brute force" process that took several weeks -- and in the end, Provos can say only that the two million images he checked were OK.

"I can't answer the question of whether or not there is hidden content on the Internet," he said Wednesday. "My negative result doesn't indicate that the hidden communications aren't there."

This situation is a bit like the old joke about the drunk who looks for his keys under a streetlight, even though he's lost them a few yards away. After all, since it was mentioned in the media as being a good place for secret messages, people looking for secrecy would have been reluctant to post their communications in image files on eBay.

And if someone was going to go through all the trouble to post images containing secret information of real value -- such as the location of an upcoming terrorist attack -- then wouldn't the person take care not to encode it with a password that can be found in a common dictionary?
Faced with such questions from the audience here, Provos conceded that his approach has limitations. He says that he is currently analyzing a Usenet archive of files that were posted before there was any media mention of steganography; many people believe that terrorists would be more likely to hide out on Usenet than eBay.

And while it's certainly likely, he says, that people hoping for secrecy would hide their data using passwords not found in dictionaries, "there are people out there who use stupid passwords," he said.

But that thought is likely to offer little solace to people who worry that innocent looking images on the Internet might contain plans for something disastrous.

If we can only find the people who leave their messages in places it's convenient to search -- eBay or Usenet, as opposed to some needle-in-a-haystack, transient homepage -- and who are also nice enough to use a password like "osama" instead of a pseudo-random string of numbers and letters ... if we can only do that, do we have any hope at all?

Like many parts of the digital world, however, this is a cat-and-mouse game. Provos said that he is already refining his code, and has seen measurable increases in his analysis speed.

But he is also playing the mouse in this game. He has created a new version of his own message-hiding program, OutGuess, which cannot be detected using known statistical techniques.

EXCERPT ENDS

Comments

Wahkonta Anathema

on Feb 10, 2004

The above article is interesting in relation to a web site once owned by the 'Saudi BinLadin Group' which was allowed to expire on 9/11, 2001. A very Hmmm-type thing, wouldn't you say? You can go to the site which is now owned by a group who are using it to collect info on the Binladin bunch now. You can see it at: http://www.saudi-binladin-group.com

PoetPhilosopher

on Feb 10, 2004

Reminds me of those stings where it comes to light that 90% of the people there are undercover

Wahkonta Anathema

on Feb 12, 2004

That's funny. Probably more true than we'll ever know. I remember a plane landed at a military airport and the M.P.'s were arresting the pilot for a few hundred pounds of cocaine found on-board. Then Oliver North pulled up in a limo and told them to back off as he was in a sting op for the gov't and they had to waive the whole load through to the streets of America. What a hero huh?
Hell, you know Hillary was the brains behind the clinto scam. They got into the books at Whitewater Corp. and found she had run the money through at least ten banks and that was but one of them. It was so jumbled and complex a scam they gave up even though they KNEW it was a crime. She is a genius at it, (heck! She never even lived in NY till right before election time and is now a Senator, d'oh) and I suspect at least as heartless as him. I doubt she ever gave two hoots about him cheating as she did it too and could care less about him. Would you if you lived with the --- for years and knew his ---?
She and her gang used to get popped in Arkansas for all sorts of crimes and because she was the A.G. they'd all get investigated and ORDERED as their penalty to put back all the money they took;nothing else, that is all they ever got. That's like a hand in the cookie jar.
It's all rigged to no end and stacked to the ceiling against us. The only benefit any American can hope to get out of the 'war on drugs' is a line or two out of the tons they pass out.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

Richer content, access to many features that are disabled for guests like commenting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!