On Fri, 13 Aug 2004, Major Variola (ret) wrote:
Any jpg which looks like noise will be of interest. And any stego program will make them look at your images (etc) more closely :-)
Most of the programs they've hashed is so the forensic pigs can discount them. But they would find known-stego tools very interesting. And they would find them, even if renamed, from their sigs; but not if polymorphic or encrypted, but then they would be in the "unknown" category, along with user-created files. And programs :-) To be manually inspected by a forensic dude.
Run a tool for signature changing preemptively, on *all* the files in the system that can be changed without changing their function? Then you have the forest where every tree is marked and the leprechaun is laughing.
These hash-CDROMs are also useful for finding unlicensed software and music....
Another reason for making your data unique.
---- Osama sez: Always use original images and sounds as stego carriers.
DV camcorders are becoming increasingly popular. Is there any software to stego the data into DV streams? Such files are suitable as carriers, as it is easy to produce gigabytes and gigabytes of meaningful data from a single friend's wedding - which allows even sparse encoding without having improbable amount of data.
And keep your tools encrypted, or on memory sticks you can flush or snap with your fingers.
Beware of destruction of memory sticks; as long as the Flash chip is intact, even if its casing itself is broken, it is easy for a properly equipped lab to get the chip out of the case and bond it to new casing. The Flash chips used in the USB disks have serial interfaces, which makes the task of connecting them again rather easy, if you have the right toys (available for anybody who does eg. thick-layer hybrid circuits). A neat trick to lower the suspicion-factor for stego in JPEG or video could be releasing a closed-source program for Windows as either freeware or easy-to-hack (or without the time check at all) shareware (we don't want the money here, but we want the people to think it's doing a lot of good for them, and there still is a segment of consumers who think that when it is free, it's worthless), which is touted loudly for enhancing the images. While all it can be doing is to slightly manipulate brightness and contrast in the too dark or too light areas, smear or sharpen the image a little bit; may be just couple NetPBM tools cobbled together with a nice interface added (we'll violate the licence here, but that's a minor detail - which can further serve to bring attention to the tool). And, last but not least, inserting a steganographed random data into them. May be something meaningful, may be just random data, may be perhaps random data chunked to packets looking like a GPG-encrypted file. Put it online, wait until the news are slow, and get some computer graphics magazines interested in it, writing articles about it. Perhaps run an astroturf campaign, guerrilla marketing. Get it distributed on the CDs shipped with them. Even with just fraction of % of the images "in the wild" there will be a lot of them looking like stegoed, serving as a convenient smokescreen for the "real" ones. The sheeple don't have to be only a threat. They can be useful, if their gullibility is properly exploited.