×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

BitTorrent's Bram Cohen Unveils New Steganography Tool DissidentX

timothy posted about a year ago | from the what-does-this-guy-know? dept.

Communications 124

Sparrowvsrevolution writes "For the last year Bram Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a tool he calls DissidentX, a steganography tool that's available now but is still being improved with the help of a group of researchers at Stanford. Like any stego tool, DissidentX can camouflage users' secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego. And it also makes it possible to encode multiple encrypted messages to different keys in the same cover text."

Sorry! There are no comments related to the filter you selected.

Bram Cohen (5, Insightful)

vikingpower (768921) | about a year ago | (#45976057)

deserves a medal.

Re:Bram Cohen (5, Funny)

Anonymous Coward | about a year ago | (#45976377)

Yeah, I like that Dracula book.

Svefg cbfg! (5, Funny)

Grantbridge (1377621) | about a year ago | (#45976059)

Svefg cbfg!

Re:Svefg cbfg! (0)

Anonymous Coward | about a year ago | (#45976097)

YBY!

Re:Svefg cbfg! (5, Funny)

Thanshin (1188877) | about a year ago | (#45976217)

I almost modded that as Troll, but maybe it's insightful if decoded with a different key.

Re:Svefg cbfg! (1)

girlintraining (1395911) | about a year ago | (#45977509)

I almost modded that as Troll, but maybe it's insightful if decoded with a different key.

Iway on'tday inkthay it'sway anway encryptionway emeschay, utbay away ewnay anguagelay. Avehay ouyay iedtray unningray itway oughthray Ooglegay?

We got that covered (0)

Anonymous Coward | about a year ago | (#45978265)

I'm pretty sure people in this thread are confused between cryptography and steganography. Either way, I thought we had the latter one covered with the rising popularity in the online meme images. Since they're expected to be doctored you have no way of detecting a hidden message under the obvious stupidity. Wow.

Re:Svefg cbfg! (-1)

Anonymous Coward | about a year ago | (#45976283)

ROT13 -> First Post!

GAH! (0)

Anonymous Coward | about a year ago | (#45977665)

Christ! Spoiler alert please!!

Re:Svefg cbfg! (1)

EngineeringStudent (3003337) | about a year ago | (#45976357)

First post in Rot13? Not entirely informative. Also not first.

Re:Svefg cbfg! (0)

Anonymous Coward | about a year ago | (#45976675)

On a binary ROT 13 wheel, 1 becomes 0, which is first. What's really going to bake your noodle later on is how the poster managed to come up with that in time to be the exact second post.

Re:Svefg cbfg! (0)

Anonymous Coward | about a year ago | (#45978131)

V frr jung lbh qvq gurer!

Who the hell needs this? (-1, Flamebait)

Anonymous Coward | about a year ago | (#45976071)

I could see state level espionage, perhaps smugglers or mafia, drug dealers, etc. But normal people do not need this - it's completely loony-tunes.

Re:Who the hell needs this? (1)

Anonymous Coward | about a year ago | (#45976193)

People who want to increase the chances that something will stay secret? People who want to reveal the crimes of their governments?

Re: Who the hell needs this? (1)

Anonymous Coward | about a year ago | (#45977471)

Innocent People residing in a land with a security agency of questionable legality in its practices? In other words, 90+% of Americans?

Re:Who the hell needs this? (4, Insightful)

nurb432 (527695) | about a year ago | (#45976199)

Need is relative. Even if all i want to do is have my wife send me a note to pick up milk on the way home, its not the governments business. So in reality, *yes* i do have something to hide. It doesn't mean i'm a criminal. Its called personal privacy.

Re: Who the hell needs this? (0)

Anonymous Coward | about a year ago | (#45976275)

I think you are missing the point here. 1) You do not have a wife, & 2) Why are you letting her boss you around?

Re: Who the hell needs this? (1)

Anonymous Coward | about a year ago | (#45976373)

You seem confused about which way you want to troll this one. I admire the thought that maybe you could embrace the power of AND and go both ways, but, sometimes that doesn't work out. This is one of those times.

Re: Who the hell needs this? (1)

Goaway (82658) | about a year ago | (#45977247)

He got you, didn't he? I'd call that a success.

Re: Who the hell needs this? (2)

dkman (863999) | about a year ago | (#45976789)

1) Whether he has a wife or not is the government's business. He notifies them every time he files taxes (married and filing jointly/separately)

2) She can request that he buys milk on the way home. It's a sign of working as a team.

I could also say that he is likely to do it because he enjoys being married, but I think that's a bit sensationalist.

Re:Who the hell needs this? (1)

Thanshin (1188877) | about a year ago | (#45976247)

People who live in a country with a security force that can make you disappear and torture you to death for posting the wrong message unencrypted.

Re:Who the hell needs this? (1)

Anonymous Coward | about a year ago | (#45976719)

Yes, but other than that ... and a run-away / out of control government, the USA is not so bad!

Re:Who the hell needs this? (1)

mcneely.mike (927221) | about a year ago | (#45977177)

Yes, but other than that ... and a run-away / out of control government, the USA is not so bad!

Not so bad!?! They bribed Celine Dion away from us Canadians... the trigger happy Americans are wonderful! (There is a nudge nudge, wink wink somewhere in there...) :)

Re:Who the hell needs this? (4, Insightful)

gstoddart (321705) | about a year ago | (#45976317)

I could see state level espionage, perhaps smugglers or mafia, drug dealers, etc. But normal people do not need this - it's completely loony-tunes.

I see it as more of a big "screw you" to the people who want to watch everything we do.

I'm not committing any crime, and you have no reasonable basis to believe I am. It's still my right to communicate and keep some things private.

But if you're going to insist on tracking everything we do, we're going to make your job harder.

Expect to see lots of products intended to give end-user security.

If you're willing to allow the government to spy on everything you do (clearly not the case since you posted as AC), that's your problem.

Since the whole planet is being spied on by the US, denying them the information is the best response.

Re: Who the hell needs this? (0)

Anonymous Coward | about a year ago | (#45976479)

Not that I disagree with you. But posting AC only hides us from you.

Re:Who the hell needs this? (5, Insightful)

wonkey_monkey (2592601) | about a year ago | (#45976587)

But normal people do not need this - it's completely loony-tunes.

Normal people shouldn't need this. What's completely loony-tunes is that they do.

Re: Who the hell needs this? (0)

Anonymous Coward | about a year ago | (#45977493)

Amen!

Re:Who the hell needs this? (0)

Anonymous Coward | about a year ago | (#45976923)

Perhaps people who live in countries where information is censored by the government.

First (-1)

Anonymous Coward | about a year ago | (#45976075)

Yeah, I win!

Actual Link (5, Informative)

steamraven (2428480) | about a year ago | (#45976093)

Come on guys! At least post a link to the project.

https://github.com/bramcohen/DissidentX [github.com]

Re:Actual Link (2)

gstoddart (321705) | about a year ago | (#45976149)

Now there's going to be some download logs closely scrutinized by intelligence agencies.

Because, if you have nothing to hide you have nothing to fear, right? So if you've got something to hide, you must be guilty of something.

*sigh*

Re:Actual Link (1)

Penguinisto (415985) | about a year ago | (#45976431)

...so grab the thing via BitTorrent at the nearest McDonald's WiFi and be done with it.

(...geez - do I have to think of *everything*? ;) )

Re:Actual Link (0)

Anonymous Coward | about a year ago | (#45976803)

...so grab the thing via BitTorrent at a randomly chosen McDonald's WiFi and be done with it.

(...geez - do I have to think of *everything*? ;) )

Fixed that for you. ;)

Re:Actual Link (1)

Anonymous Coward | about a year ago | (#45977595)

And leave your cell at home!

Re:Actual Link (1)

Impy the Impiuos Imp (442658) | about a year ago | (#45976881)

Come on, nerds only go thru the drive thru late at nite.

Re:Actual Link (0)

Anonymous Coward | about a year ago | (#45977117)

Go during the day ... to obfuscate the traffic with a lot of instagrams from the shepple

Re:Actual Link (1)

StripedCow (776465) | about a year ago | (#45977075)

I'm curious what the actual "expansion ratio" is. I.e., if you want to encrypt N bytes in a cover-message of M bytes, how many bytes do you actually need to store/transmit?

Re:Actual Link (0)

Anonymous Coward | about a year ago | (#45978091)

I'm curious what the actual "expansion ratio" is. I.e., if you want to encrypt N bytes in a cover-message of M bytes, how many bytes do you actually need to store/transmit?

It would be M bytes.

Perhaps you meant the optimal ration of M/N such that M is large enough to hide N in while still being as small as possible.

Brave (1)

Anonymous Coward | about a year ago | (#45976147)

It's probably better to work on this kind of thing in silence until it's released...

Re:Brave (4, Funny)

Thanshin (1188877) | about a year ago | (#45976265)

It's probably better to work on this kind of thing in silence until it's released...

Or even beyond that point.

I released a similar tool two years ago and I'm still eagerly waiting for someone to discover it.

Re:Brave (3, Funny)

wonkey_monkey (2592601) | about a year ago | (#45976607)

I released a similar tool two years ago and I'm still eagerly waiting for someone to discover it.

I sent you an email to say thanks but it would have looked like a letter from a Nigerian diplomat.

Re:Brave (2)

Thanshin (1188877) | about a year ago | (#45977167)

I did receive it, but I didn't disclose its existence to protect your identity.

Once again, in cryptography, the user was his own worst enemy.

I originally read headline as (0)

Ukab the Great (87152) | about a year ago | (#45976153)

"Baron Cohen Unveils New Steganography Tool DissidentX"

Proprietary software... (1)

Anonymous Coward | about a year ago | (#45976155)

If you're a whistleblower and use proprietary software, you're braindead. Might soon all dead...

The problem... (0)

Anonymous Coward | about a year ago | (#45976175)

...If you're looking for a tool to protect your privacy from N*A, C*A, or any other A*holes monitoring teh Internets is that it would surprise me if they don't have automated tools to spot steganography. (i.e. They know exactly what the formatting of say a Word document should be, and should have the capability to automatically flag traffic which has nonstandard information in the headers or data.) And *that* will call their attention to you far more quickly than if you just store/send in clear.

So, that I post this with something like 46 75 63 6b 20 79 6f 75 20 4e 53 41 21 on a regular basis... I'll bet it's flagged for some human being's attention. And that information (the flow of the traffic) may be more important than the message proper.

Re:The problem... (2)

mlts (1038732) | about a year ago | (#45976241)

There are tools to spot obvious steganography, especially if the de-stegged picture is already on the Internet somewhere. I remember reading something on /. where a researcher did a mass scan of Web pictures, and found almost no stego whatsoever.

Stego is a useful tool for transporting provided the de-stegoed document never, ever winds up on the Internet, but for storing data, it would be a lot better to use something like TrueCrypt or PhonebookFS.

Re:The problem... (3, Interesting)

Anonymous Coward | about a year ago | (#45976983)

Stego is a useful tool for transporting provided the de-stegoed document never, ever winds up on the Internet

Just make sure vast numbers of multiple "similar but not exactly the same" pictures like that one you're using are already on the internet. What did you think all those funny cat meme pictures were for?

Re:The problem... (0)

Anonymous Coward | about a year ago | (#45976325)

Proper steganography where the data is first encrypted (which should make it indistinguishable from random noise) and then shaped to fit the statistical profile of the data it is being embedded in, which should be slightly noisy in itself, is virtually impossible to detect as long as the embedding rate is kept low. A short text message in a 500 K JPEG is extremely unlikely to be discovered.

Re:The problem... (1)

Penguinisto (415985) | about a year ago | (#45976581)

...what sibling said.

If you post a unique picture to, say, Instagram, then there's not going to be anything to compare against, especially if you're using something non-obvious and intelligent. If you post a unique Excel document with lots of formulas/macros in it, then that's obviously going to bork-up any attempt at finding steganography by way of algorithm. Even in your example of MS Word? one custom font, embedded picture/graph, macro and suchlike will happily help your document evade detection if the encryption lives within the image data.

That said, there are certainly means of testing against it by taking an image and meticulously deconstructing the thing, but that takes processing power and time (even if that time is measured in microseconds, it's still time, especially when you factor in download, data storage, IOPS, weeding out mis-named file extensions, etc - multiplied by the # of files processed.)

Also, I noticed something in your post - you mention posting something on a regular basis. Err, why bother using the same images over and over again? Upload each image/message once, and if it's pr0n (say you sketch the stuff and then photograph it, or make some unique screenshot and pass that around), your recipient would be only one of a mass of people downloading the thing.

Re:The problem... (1)

mlts (1038732) | about a year ago | (#45976673)

There are simpler ways as well, depending on what one's forseen adversary is. In a past life, I had to deal with a third party whose E-mail server refused to allow any E-mail attachments whatsoever except Acrobat, and AutoCAD files were needed to be exchanged fairly quickly. So, when sending the DXF file, I ended up embedding it as an attachment in a password-protected PDF, and this did the trick.

Re:The problem... (1)

cellocgw (617879) | about a year ago | (#45977701)

In a past life, I had to deal with a third party whose E-mail server refused to allow any E-mail attachments whatsoever except Acrobat, and AutoCAD files were needed to be exchanged fairly quickly. So, when sending the DXF file, I ended up embedding it as an attachment in a password-protected PDF, and this did the trick.

You probably went to a lot of unnecessary work. Just rename your file "sekritdrawing.dxf.PDF" and it'll get past the server's filter just fine.

Re:The problem... (3, Funny)

sexconker (1179573) | about a year ago | (#45978137)

it would surprise me if they don't have automated tools to spot steganography. (i.e. They know exactly what the formatting of say a Word document should be, and should have the capability to automatically flag traffic which has nonstandard information in the headers or data.)

Have you seen the formatting of Word documents that come out of your typical user?
You don't hit the "enter" key to make space, you jackasses. That creates a new fucking paragraph. Edit the paragraph's spacing if you want space below it. If you want an actual newline+carriage return, hit shift+enter. Stop using tab without first defining your tab stops to control where you want shit to be. Why are you using tabs to make columns anyway? Why are you trying to make columns (incorrectly via tabs) when what you want is a table? That's it, you're getting party vanned.

Re:The problem... (1)

MightyYar (622222) | about a year ago | (#45978359)

I have a macro that removes tabs, double newlines, and double spaces after periods among other things. I don't really fault users - most people learned word processing by simply dicking around with the software.

The worst one for me is when they don't set the tab stops and so resort to hitting tab and then space a few times until the text lines up approximately where they want. No (easy) way to automate that out!

Re:The problem... (0)

Anonymous Coward | about a year ago | (#45978667)

So you do have the delusion that steganographically hidden texts can reliably be found by using some generic algorithm that needs not to have specific information about at least the absolute basics of the applied method of embedding the message?

Note: I've hidden a (very short) message in the above sentence. I didn't even encrypt it. How would an algorithm detect that?

Everyone cashing in on this NSA spying shit (0)

Anonymous Coward | about a year ago | (#45976183)

Everyone has a new product out to stick it to the man. Not that the NSA scandal is anything to ignore, but a bunch of tinfoil hatters will buy some shit like this, money will be pocketed and the stuff will never really be used.

How about adding some anonymity and security to bittorrent?

Re:Everyone cashing in on this NSA spying shit (1)

Penguinisto (415985) | about a year ago | (#45976593)

*ahem* - apparently this little project costs the end-user $0.00 to acquire.

Not seeing much profit going on with this one...

Re:Everyone cashing in on this NSA spying shit (0)

Anonymous Coward | about a year ago | (#45977963)

You don't think the group of researchers at Stanford are working with, or for, some grant money? Not seeing a donation link?

Get real.

Brilliant (1)

guttentag (313541) | about a year ago | (#45976185)

To the typical user it just looks like a random bunch of ones and zeros.

01101110 01101111 00100000 01101101
01101111 01110010 01100101 00100000
01110011 01100101 01100011 01110010
01100101 01110100 01110011

Re:Brilliant (1)

VortexCortex (1117377) | about a year ago | (#45978741)

To the typical user it just looks like a random bunch of ones and zeros.

01101110 01101111 00100000 01101101
01101111 01110010 01100101 00100000
01110011 01100101 01100011 01110010
01100101 01110100 01110011

Nah, only morons openly represent encoded stuff exposed. Concealing real encodings takes stenography...

FTFY.

Steganography has always one big problem (0)

Anonymous Coward | about a year ago | (#45976249)

If you can make the diff of the documents, you can demonstrate that something is hidden, and therefore you are broadcasting "i have something to hide". Does it matter really if the encryption is more obfuscated ? All you need is a good enough encryption. The rest are sprinkle on the cake. All the other side needs to know is that you have something to hide, and depending on the level of society you live on, water boarding, lead pipes, or court order to make you divulge what it is.

Re:Steganography has always one big problem (3, Funny)

guttentag (313541) | about a year ago | (#45976439)

All the other side needs to know is that you have something to hide, and depending on the level of society you live on, water boarding, lead pipes, or court order to make you divulge what it is.

Unsophisticated societies use lead pipes to force people to divulge information.
Sophisticated societies use court orders.
Modern societies use waterboarding.
Postmodern societies use facebook.

Think about it.

found it. (0)

Anonymous Coward | about a year ago | (#45976255)

The whole code for the project is actually embedded in the Slashdot front page today.

tool? (3, Interesting)

Anonymous Coward | about a year ago | (#45976269)

This does not even have tests. Barely any project-like organization. Just a bunch of python scripts hobbled together. Seriously, this is barely v0.1 material.

Call it a proof-of-concept, an experiment, anything. But not a tool.

Re:tool? (1)

dotancohen (1015143) | about a year ago | (#45976805)

From the first lines of the first file on Github:

def x(m1, m2):
                assert type(m1) is bytes
                assert type(m2) is bytes
                return (int.from_bytes(m1, 'big') ^ int.from_bytes(m2, 'big')).to_bytes(len(m1), 'big')

assert x(x(b'abc', b'def'), b'def') == b'abc'

Maybe that was added after you posted. Note that it ostensibly has a 'test' (assert) but with functions named h(), x(), I find the code very unfriendly indeed.

Re:tool? (1)

XcepticZP (1331217) | about a year ago | (#45977325)

I had a look at the rest of the code. Granted, it's a tad better than what you posted, but it is still ridiculously amateurish... He should definitely submit some of it here [stackexchange.com] .

Re:tool? (0)

Anonymous Coward | about a year ago | (#45978177)

Q. Your code is horribly inefficient and can be optimized in all kinds of ways.

A. That's why it's called 'reference' code.

FAQ: [github.com]

Re:tool? (1)

XcepticZP (1331217) | about a year ago | (#45978651)

I wasn't talking about the "inefficiency" of the code. There's more to code than just how fast it runs. That has it's place, but most of the time, it is dwarfed by more important factors to consider.

Re:tool? (0)

Anonymous Coward | about a year ago | (#45978621)

Bunch of scripts? So was Bittorrent, when he started it.

Steganography? (1)

JustOK (667959) | about a year ago | (#45976273)

What is it with all the dinosaur porn lately? Stenography probably predates the first man-cave, and was probably responsible for early advances in inter-cave communication.

Leak Tracking (4, Insightful)

guttentag (313541) | about a year ago | (#45976287)

But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego.

I think steganography is far more likely to be used to track the people who leak information. When information gets out that was apparently available to multiple people, the leaker may not realize that his copy had a specific steganographic signature that identifies him as the source. It could be a pattern of extra spaces or line breaks in the code of document that he doesn't even see. The increased availability of the technology will likely mean smaller companies or government agencies will use it to suppress leaks.

Re:Leak Tracking (2)

milesy20 (94995) | about a year ago | (#45976351)

Wouldn't this concern be nullified if the original leaked documents are even slightly changed prior to release? From what I understand, any modification would render any encrypted messages unreadable...

Re:Leak Tracking (1)

MobyDisk (75490) | about a year ago | (#45976507)

No necessarily, because guttentag is really talking about watermarking, not steganography. You can watermark a document in such a way that the reader cannot detect the watermark (unless the compare theirs to the original). The watermark is retained even during (most) modifications. For example, a misspelling can be a watermark. Even if it is modified, so long as one or more misspellings remain, the watermark can be identified.

Re:Leak Tracking (1)

Monoman (8745) | about a year ago | (#45977585)

What about converting to another file format before passing along the data?

jpg ---> png
doc ---> pdf
pdf --> screenshot ---> ?

Re:Leak Tracking (1)

kagerato (2920999) | about a year ago | (#45978821)

That would remove nearly all steganography during the encoding phase, since the encoder doesn't care much about seemingly insignificant bits (like the low-order, high-entropy bits of an RGB image).

As the person you replied to pointed out, tracking is more about clever watermarking. Watermarks will not necessarily be removed by encoding to a new format. For text, patterns of spelling or mis-spelling will be preserved. Whitespace may or may not be preserved, depending on the source and target formats. Image watermarks will tend to be preserved, unless they are so subtle that they were very close to the noise of the image in the first place.

Metadata from the source format may or may not be preserved; that depends on the compatibility of the source and target formats and the options used during conversion. For example, ID3 tags are roughly comparable with the OGG metadata tags, but that doesn't guarantee they will be preserved in translation. It's a similar situation for metadata in video files.

The lesson here is not to rely on steganography for tracking purposes, since educated people will be able to work around it and even the ignorant may evade it simply by chance conversions.

Re:Leak Tracking (1)

guttentag (313541) | about a year ago | (#45976583)

You would have to know where the signature was. If the document was distributed to a few dozen people, a single character could be used to identify which one leaked the document. It could be a punctuation "mistake" or any number of other minor things you wouldn't think to change. It could be a different thing that is changed in each version (in John's copy there is an extra space after the end of the first sentence, but in Jane's copy there is an extra space after the second sentence, etc.).

Re:Leak Tracking (1)

StripedCow (776465) | about a year ago | (#45976871)

You can nullify that by doing an N-way merge of the document with the N people that received it.

Re:Leak Tracking (1)

kaiser423 (828989) | about a year ago | (#45976927)

That then requires N people to be in on the leak, making the bar to anonymously leak information even higher. Still doesn't stop a Snowden though :)

Re:Leak Tracking (1)

StripedCow (776465) | about a year ago | (#45976987)

An authority like Wikileaks can do the N-way merge for you.
Just upload the document to Wikileaks.
And supply the parameter N (meaning you don't want it published if the merge uses less than N documents).

Of course, you should then trust that the others uploading the document are not working against you.

Re:Leak Tracking (3, Interesting)

girlintraining (1395911) | about a year ago | (#45977605)

I think steganography is far more likely to be used to track the people who leak information.

You've got the right idea, but you're not connecting all the pieces of the puzzle to answer how. Allow me: You know that massive data center the NSA is building to basically "download the internet"? Well, as it turns out, the overwhelming amount of traffic on the internet is just a copy of something else. Translation: If you compressed it you'd get some amazing compression rates. Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration. In other words, if you use any publicly available image, document, etc., and then "stego" it... an adversary like the NSA can programically detect this. Plausible deniability goes right out the window.

The increased availability of the technology will likely mean smaller companies or government agencies will use it to suppress leaks.

This is something separate from steganography. What you're talking about is watermarking, and it's something color printers already do -- the serial number, username, time, etc., is encoded in yellow microdots on all pages. It was originally implimented to assist in anti-counterfeiting measures, but has since expanded to cover "national security" interests. And by that, I mean tracking down political undesireables and neutralizing them.

Re:Leak Tracking (1)

Anonymous Coward | about a year ago | (#45978413)

I think steganography is far more likely to be used to track the people who leak information.

You've got the right idea, but you're not connecting all the pieces of the puzzle to answer how. Allow me: You know that massive data center the NSA is building to basically "download the internet"? Well, as it turns out, the overwhelming amount of traffic on the internet is just a copy of something else. Translation: If you compressed it you'd get some amazing compression rates. Here's the thing about steganography that is going to fuck most people who try to use it: If they ever find the original file that you used pre-stego, a simple binary comparison will reveal the alteration. In other words, if you use any publicly available image, document, etc., and then "stego" it... an adversary like the NSA can programically detect this. Plausible deniability goes right out the window.

Why would you use something already public as the carrier? Just encode your secret payload into a video you just made of your cat playing with a piece of string, and then delete the original video. Now nobody can diff your carrier file.

Re:Leak Tracking (1)

kagerato (2920999) | about a year ago | (#45979037)

Your first point/paragraph is why steganography can't replace good encryption as a data hiding technique. Steganography is much older than strong cryptographic encryption, but likewise it is much more limited in its capacities. When one relies on steganography, that person is taking a gamble that the method of data obscuration is never discovered. With encryption, assuming the algorithm is actually cryptographically sound, the discovery of the algorithm and even its specific implementation is not a big concern. It was often already known ahead of time anyway.

The whole trick to encryption, of course, is figuring out how to hide the keys where the user can reach them, but no one else can. There's no perfect solution to that problem. Any key that can be remembered is likely to be vulnerable to dictionary or other types of pattern attacks, and some even to brute force evaluation. Keys that can't be remembered need to be recorded, and then that requires defending a particular physical setting (place and time) essentially indefinitely against unknown adversaries of potentially great capability.

As to your second point, yeah. It sounded like a conspiracy theory when I first read about it, but many (if not most) printers do in fact leave watermarks in nearly everything they produce. I believe (but I'm not sure) that the method is actually usually implemented in the the printer firmware or even the hardware mechanism itself, rather than the driver. If so, it's extremely difficult to bypass. As for what the FBI and others may be using it for (beyond tracking counterfeiting), these days it's really anyone's guess. The FBI, much like the CIA and the NSA, suffers from a extreme case of mission creep.

We need a higher level of functionality (2)

Tangential (266113) | about a year ago | (#45976339)

I'd like to see someone come up with a steganographic RAID-ish storage volume. I'd like a driver that scattered encrypted data throughout my media files but presented that data as an updateable storage volume. It would need enough redundancy to survive the loss of some of the files (hence the RAID-ish part.) If I could hide writeable encrypted data throughout my iTunes, Photo, Video files and access/update it without actually changing the size, mod dates, etc of the files it would be very handy and reasonably hard to detect.

Re:We need a higher level of functionality (0)

Anonymous Coward | about a year ago | (#45976421)

hanging out on slashdot was pretty poor return already, imagine if all of these forum discussions
contained synthesized slices of text holding little bits of some larger filesystem ..wait..

Re:We need a higher level of functionality (0)

Anonymous Coward | about a year ago | (#45977579)

Wait, how would you cram data into existing files without changing their size...?

Re:We need a higher level of functionality (0)

Anonymous Coward | about a year ago | (#45978007)

This is typically done by storing it in files where slight changes to the data doesn't affect the use of the file, e.g. images. If the pixels of an image are slightly bluer or redder or greener you probably won't notice, same with music files and other things like that. You store the information in the least significant parts of the information.

Re:We need a higher level of functionality (2)

swb (14022) | about a year ago | (#45978141)

I was thinking of something similar.

The idea that popped into my head was a virtual volume whose backing store was a directory full of image files with the data spread out across the image files using a distributed parity system. Ideally it would be encrypted prior to being stored steganographically in the image files.

With the right automation you could have the storage system dynamically use something like Google image search to grab new images to use as stego storage targets.

Re:We need a higher level of functionality (1)

Insightfill (554828) | about a year ago | (#45978383)

I'd like to see someone come up with a steganographic RAID-ish storage volume.

Sounds like a variation on a "PAR" archive. [wikipedia.org] It may be that a combination of PAR with a TrueCrypt volume way to go. If someone could do PAR as a FUSE project, then you'd be partway there. This would still be missing the steganography angle, and I don't see anything to help that along.

better name (0)

Anonymous Coward | about a year ago | (#45976345)

XfiltratorX

#BADBIOS IS FUCKING YOU AND STILL YOU DISBELIEVE (-1)

Anonymous Coward | about a year ago | (#45976355)

N.S.A. Devises Radio Pathway Into Computers

By david e. sanger and thom shanker = jan. 14, 2014

= URL: http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html [nytimes.com]
= Image: http://cryptome.org/2014/01/nsa-quantum-radio.jpg [cryptome.org]
== Coverage #1: http://news.slashdot.org/story/14/01/15/1324216/nyt-nsa-put-100000-radio-pathway-backdoors-in-pcs [slashdot.org]
== Coverage #2: http://cryptome.org/2014/01/nsa-quantum-radio.htm [cryptome.org]
== Coverage #3: http://rt.com/usa/nsa-radio-wave-cyberattack-607/ [rt.com]
== Coverage #4: http://arstechnica.com/security/2014/01/nsa-uses-covert-radio-transmissions-to-monitor-100000-bugged-computers/ [arstechnica.com]
=== Archive: http://web.archive.org/web/20140116010210/http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html [archive.org]

"WASHINGTON - The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.

While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.

The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.

The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.

The N.S.A. calls its efforts more an act of "active defense" against foreign cyberattacks than a tool to go on the offensive. But when Chinese attackers place similar software on the computer systems of American companies or government agencies, American officials have protested, often at the presidential level.

Among the most frequent targets of the N.S.A. and its Pentagon partner, United States Cyber Command, have been units of the Chinese Army, which the United States has accused of launching regular digital probes and attacks on American industrial and military targets, usually to steal secrets or intellectual property. But the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls "computer network exploitation."

"What's new here is the scale and the sophistication of the intelligence agency's ability to get into computers and networks to which no one has ever had access before," said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. "Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it's never had before."

No Domestic Use Seen

There is no evidence that the N.S.A. has implanted its software or used its radio frequency technology inside the United States. While refusing to comment on the scope of the Quantum program, the N.S.A. said its actions were not comparable to China's.

"N.S.A.'s activities are focused and specifically deployed against - and only against - valid foreign intelligence targets in response to intelligence requirements," Vanee Vines, an agency spokeswoman, said in a statement. "We do not use foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of - or give intelligence we collect to - U.S. companies to enhance their international competitiveness or increase their bottom line."

Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.

President Obama is scheduled to announce on Friday what recommendations he is accepting from an advisory panel on changing N.S.A. practices. The panel agreed with Silicon Valley executives that some of the techniques developed by the agency to find flaws in computer systems undermine global confidence in a range of American-made information products like laptop computers and cloud services.

Embracing Silicon Valley's critique of the N.S.A., the panel has recommended banning, except in extreme cases, the N.S.A. practice of exploiting flaws in common software to aid in American surveillance and cyberattacks. It also called for an end to government efforts to weaken publicly available encryption systems, and said the government should never develop secret ways into computer systems to exploit them, which sometimes include software implants.

Richard A. Clarke, an official in the Clinton and Bush administrations who served as one of the five members of the advisory panel, explained the group's reasoning in an email last week, saying that "it is more important that we defend ourselves than that we attack others."

"Holes in encryption software would be more of a risk to us than a benefit," he said, adding: "If we can find the vulnerability, so can others. It's more important that we protect our power grid than that we get into China's."

From the earliest days of the Internet, the N.S.A. had little trouble monitoring traffic because a vast majority of messages and searches were moved through servers on American soil. As the Internet expanded, so did the N.S.A.'s efforts to understand its geography. A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.

A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables - it calls them "covert, clandestine or cooperative large accesses" - not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted "more than 50,000 worldwide implants," and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.

That map suggests how the United States was able to speed ahead with implanting malicious software on the computers around the world that it most wanted to monitor - or disable before they could be used to launch a cyberattack.

A Focus on Defense

In interviews, officials and experts said that a vast majority of such implants are intended only for surveillance and serve as an early warning system for cyberattacks directed at the United States.

"How do you ensure that Cyber Command people" are able to look at "those that are attacking us?" a senior official, who compared it to submarine warfare, asked in an interview several months ago.

"That is what the submarines do all the time," said the official, speaking on the condition of anonymity to describe policy. "They track the adversary submarines." In cyberspace, he said, the United States tries "to silently track the adversaries while they're trying to silently track you."

If tracking subs was a Cold War cat-and-mouse game with the Soviets, tracking malware is a pursuit played most aggressively with the Chinese.

The United States has targeted Unit 61398, the Shanghai-based Chinese Army unit believed to be responsible for many of the biggest cyberattacks on the United States, in an effort to see attacks being prepared. With Australia's help, one N.S.A. document suggests, the United States has also focused on another specific Chinese Army unit.

Documents obtained by Mr. Snowden indicate that the United States has set up two data centers in China - perhaps through front companies - from which it can insert malware into computers. When the Chinese place surveillance software on American computer systems - and they have, on systems like those at the Pentagon and at The Times - the United States usually regards it as a potentially hostile act, a possible prelude to an attack. Mr. Obama laid out America's complaints about those practices to President Xi Jinping of China in a long session at a summit meeting in California last June.

At that session, Mr. Obama tried to differentiate between conducting surveillance for national security - which the United States argues is legitimate - and conducting it to steal intellectual property.

"The argument is not working," said Peter W. Singer of the Brookings Institution, a co-author of a new book called "Cybersecurity and Cyberwar." "To the Chinese, gaining economic advantage is part of national security. And the Snowden revelations have taken a lot of the pressure off" the Chinese. Still, the United States has banned the sale of computer servers from a major Chinese manufacturer, Huawei, for fear that they could contain technology to penetrate American networks.

An Old Technology

The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.

In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond's technology supplier.

One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer "through a covert channel" that allows "data infiltration and exfiltration." Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer - either in the field or when they are shipped from manufacturers - so that the computer is broadcasting to the N.S.A. even while the computer's user enjoys the false confidence that being walled off from the Internet constitutes real protection.

The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer "from as far away as eight miles under ideal environmental conditions." It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.

Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.

Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries' computer systems.

The N.S.A. refused to talk about the documents that contained these descriptions, even after they were published in Europe.

"Continuous and selective publication of specific techniques and tools used by N.S.A. to pursue legitimate foreign intelligence targets is detrimental to the security of the United States and our allies," Ms. Vines, the N.S.A. spokeswoman, said.

But the Iranians and others discovered some of those techniques years ago. The hardware in the N.S.A.'s catalog was crucial in the cyberattacks on Iran's nuclear facilities, code-named Olympic Games, that began around 2008 and proceeded through the summer of 2010, when a technical error revealed the attack software, later called Stuxnet. That was the first major test of the technology.

One feature of the Stuxnet attack was that the technology the United States slipped into Iran's nuclear enrichment plant at Natanz was able to map how it operated, then "phone home" the details. Later, that equipment was used to insert malware that blew up nearly 1,000 centrifuges, and temporarily set back Iran's program.

But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country's underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as "the remains of a device capable of intercepting data from computers at the plant." The origins of that device have never been determined.

On Sunday, according to the semiofficial Fars news agency, Iran's Oil Ministry issued another warning about possible cyberattacks, describing a series of defenses it was erecting - and making no mention of what are suspected of being its own attacks on Saudi Arabia's largest oil producer."

"A version of this article appears in print on January 15, 2014, on page A1 of the New York edition with the headline: N.S.A. Devises Radio Pathway Into Computers."

@@@@@@@@@@@@@@@@@

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events.

@@@@@@@@@@@@@@@@@

This is based mostly on the NSA Catalog released by Jacob Appelbaum and Der Spiegel on 30 December 2013:

http://cryptome.org/2013/12/nsa-catalog.zip [cryptome.org] (16.2MB)

NY Times reportedly has the full Snowden material sent to it by The Guardian but, like others, has published very little of it:

http://cryptome.org/2013/11/snowden-tally.htm [cryptome.org]

Cue the NSA (1)

Jason Levine (196982) | about a year ago | (#45976409)

Cue the NSA insisting that they need to examine every photo and video that passes over the Internet because terrorists might be using this.

Also cue some enterprising NSA employee convincing his superiors that terrorists might hide stuff on porn sites and he needs to examine those photos/videos very carefully and repeatedly.

Re:Cue the NSA (1)

PPH (736903) | about a year ago | (#45977951)

In related news, the NSA's Utah data center is filled to capacity with versions of Goatse Guy.

Comic Sans (1)

ArhcAngel (247594) | about a year ago | (#45976747)

I just encode messages by changing the font of the letters in the hidden message to comic sans.

Closed? (1)

alexandre (53) | about a year ago | (#45977331)

Will it be closed like Bittorrent-sync?

Re:Closed? (0)

Anonymous Coward | about a year ago | (#45977539)

Closed in not strong enough of a word considering the way those jerks attack and threaten lawsuits or even arrests of people that talk about how the product works.

Question (1)

PPH (736903) | about a year ago | (#45978019)

Of course I didn't read TFA!

Will there be an effective way for cryptanalysts to know the number of separately encrypted messages that exist within a data object? If so, the deniability feature of this will be of little use. If the number is not known, then handing over the password to a relatively innocuous message might be sufficient to end the interrogation. If the number is known, the waterboarding will continue until all passwords are revealed..

Not based on hashes (1)

dutchwhizzman (817898) | about a year ago | (#45978545)

Hashes are *always* one way. So you can't ever decrypt something that you only have a hash from. The best you can do is compare the hash to a hash of something you have as well and see if the hashes are the same. Unless you've chosen an algorithm that is known to have a lot of collisions, you can be fairly certain that your original text is probably the same thing as the other person's original text if the hashes are identical. Encrypting something with hashes so others can read it therefor doesn't work and this can't be based on "cryptographic hashes"

its crackable (0)

Anonymous Coward | about a year ago | (#45978553)

its crackable and its not safe...period considering he works essentially for warner brothers...this is not even news its a joke on any that think it is

copyright infringment (0)

Anonymous Coward | about a year ago | (#45978595)

i have a tool like this as part of my hacker tools
its 12 years old time to sue warner borthers and brahm cohen

Hide text in the indentation of source code. (0)

Anonymous Coward | about a year ago | (#45978801)

You know about those people who say: "indents must be 4 spaces", "no indents must be tabs".
Well I use both, I encode messages in the indentations of my source code.
I set tabs to be 4 characters wide. Then use the following encoding:

tab = 0
space tab = 1
space space tab = 2
space space space tab = 3
space space space space = 4

Each line can encode multiple quinary digits. It is best when you program to make large functions, and to have multiple levels of for and while loops and deep if statements.

Encoding cleverly uses spaces, Oxford commas (2)

__roo (86767) | about a year ago | (#45978975)

This is really clever. It includes encoders that use tabs [github.com] spaces at the ends of lines [github.com] , and even Oxford commas [github.com] . That is ridiculously cool. Nice work, Bram & co.!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?