From: "J.A. Terranson" <measl@mfn.org> Sent: Dec 9, 2004 1:19 PM To: Tyler Durden <camera_lumina@hotmail.com> Cc: rah@shipwright.com, cryptography@metzdowd.com, cypherpunks@al-qaeda.net, osint@yahoogroups.com Subject: RE: Blinky Rides Again: RCMP suspect al-Qaida messages
..
As recently as two years ago, I had a classroom full of cops (mostly fedz from various well-known alphabets) who knew *nothing* about stego. And I mean *NOTHING*. They got a pretty shallow intro: here's a picture, and here's the secret message inside it, followed by an hour of theory and how-to's using the simplest of tools - every single one of them was just blown away. Actually, that's not true - the Postal Inspectors were bored, but everyone _else_ was floored.
But the real thing they needed to know was "there can be hidden information in files that look innocent" and what they need to do to find that hidden information. I expect the answer to that will involve either shipping it off to some expert at the FBI (who will have to do some serious flow control, or he'll be receiving copies of all the video games on every small-time drug dealer's computer), or running some tools to look for the hidden data. It's not like you're going to expect a random detective to learn how to cryptanalyze stego schemes, anymore than you're going to expect him to learn how to check for DNA matches in a lab. He'll need to have some notion of how the technology works, and some rules of thumb for how to handle the evidence to keep from tainting it, and that's about it.
J.A. Terranson sysadmin@mfn.org 0xBD4A95BF
--John