NSA, Pentagon, police fund research into steganography detection
http://www.wired.com/news/politics/0,1283,41861,00.html Secret Messages Come in .Wavs by Declan McCullagh (declan@wired.com) 2:00 a.m. Feb. 20, 2001 PST FAIRFAX, Virginia -- Neil Johnson has a job that's nothing if not unusual: He investigates how to uncover concealed messages embedded in sound and video files. A researcher at Virginia's George Mason University, Johnson is one of a small but growing number of digital detectives working in the field of computer steganalysis -- the science of detecting hidden communications. "I analyze stego tools," said the 32-year-old security specialist who is the associate director of GMU's Center for Secure Information Systems. "I try to find out what can be detected or disabled. I see what their limitations are." The tools he's talking about include programs such as Steghide, which can embed a message in .bmp, .wav and .au files; and Hide and Seek, which works with .gif images. Most computer-based steganography tools have one thing in common: They conceal information in digitized information -- typically audio, video or still image files -- in a way that prevents a casual observer from learning that anything unusual is taking place. The surprising news, according to Johnson and other researchers: Current stego programs don't work well at all. Nearly all leave behind fingerprints that tip off a careful observer that something unusual is going on. Johnson's work on steganalysis may seem obscure, but it has important law enforcement and military applications. The National Security Agency and police agencies have underwritten his research -- his center's graduate program at GMU is even certified by the NSA. The Pentagon funds related research at other institutions, and the Naval Research Laboratory is helping to organize the fourth annual Information Hiding Workshop in Pittsburgh from April 25 to 27. Earlier this month, news reports said U.S. officials were worried that operatives of accused terrorist Osama bin Laden now use steganographic applications to pass messages through sports chat rooms, sexually explicit bulletin boards and other sites. That complicates the NSA's mission of "sigint," or signals intelligence, which relies on intercepting communications traffic. [...] WetStone's "Steganography Detection and Recovery Toolkit" is being developed for the Air Force Research Laboratory in Rome, New York. The project overview, according to the company, is "to develop a set of statistical tests capable of detecting secret messages in computer files and electronic transmissions, as well as attempting to identify the underlying steganographic method. An important part of the research is the development of blind steganography detection methods for algorithms." Gordon said the effort arose from a study the Air Force commissioned from WetStone on forensic information warfare in 1998. The company was asked to identify technologies that the Air Force needed to guard against and it highlighted steganography as one of them. In addition to the NSA and the eavesdrop establishment, military installations, government agencies, and private employers could be affected by steganography. An employee or contractor could send sensitive information via e-mail that, if hidden, would not arouse suspicion. [...] -Declan http://www.mccullagh.org/
Declan McCullagh wrote:
The surprising news, according to Johnson and other researchers: Current stego programs don't work well at all. Nearly all leave behind fingerprints that tip off a careful observer that something unusual is going on.
So now the question becomes which stego programs don't leave fingerprints. Should they wish to block stego they might have in mind setting up gateways that twiddle with the low level bits to prevent the message getting through, but that opens up lots of cans of worms for them. This is exceedingly difficult because your router now has to try and detect, recognize, and edit images, sounds, movies and other media on the fly. Of course it will set off signatures if they're used. A user might create a bullshit hotmail account and send a picture to himself then compare the two, etc... so it would have to be done at the legal level, which for us USA folks would bring in freedom of speech issues. For China or Singapore where there's the big firewall, it's not an issue. That leaves only detection open. Which doesn't provide the actual info stored in the stegoed message. Just flags it as "hey this guy is hiding something." Might be enough in some countries to cause the death of the sender and/or receiver. Here, I suppose it's a reason to have them watched closer.
From their point of view, I suspect they'd be worried about stegoed messages leaving from .mil addresses as this would likely indicate the sender is a traitor. i.e. like the Fed that got caught recently spying for the Russians.
-- ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\ \|/ :aren't security. A |share them, you don't hang them on your/\|/\ <--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/ /|\ :masked killer, but |don't email them, or put them on a web \|/ + v + :will violate privacy|site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------
participants (2)
-
Declan McCullagh
-
Sunder