On Fri, Feb 28, 2020 at 12:11:10AM +0000, coderman wrote:
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, February 27, 2020 11:43 PM, John Young <jya@pipeline.com> wrote:
Ex-CIA Joshua Schulte Describes His Data/Crypto Hiding Prowess (WikiLeaks Vault 7)
"Which brings me to my next point. Do you know what my specialty was at the CIA? Do you know what I did for fun? Data hiding and crypto. I designed and wrote software to conceal data in a custom-designed file system contained within the drive slack space, or hidden partitions. I disguised data. I split data across files and file systems to conceal the crypto. Analysis tools would never detect random or pseudorandom data indicative of potential crypto. I designed and wrote my own crypto. How better to fool buffoons like forensic examiners and the FBI than to have custom software that doesn't fit into their two-week class where they become forensic experts? Make no mistake. I am an expert in data hiding and cryptography with thousands of hours of experience and among the top specialists in the world, or was."
Joshua continuing to prove he lacks good sense in legal matters. these steganographic techniques are most effective when not suspected. if you point out you're using them, the adversary is going to reverse them, negating your advantage. (full disk encryption helps protect against disclosure, but FDE is designed for confidentiality, not covertness!)
back at DEF CON 13 discussed a system with an MIT alum; he used the inode entries themselves as covert storage. slack space is poor at stealth! down side with inode approach is paltry volume sizes, relative to cover storage. (although, i'd argue, the effectiveness makes it attractive, none the less :)
Useful when one distinguishes classes of storage - e.g. master keys, key and header volumes, bulk stores - matching perfectly to the inode slack, fs slack, std volumes. If you've whipped it up yourself, an issue is storage of your scripts/progs which know your used layout/ volume separation scheme, and keeping backups of such bins. The majority of sheeple are on the treadmill of mortgage and moronicity - paying tithes to BigGov and her corrupt spawn. Perhaps Schulte's fs slack scheme has already been 'cracked' in this case against him - he apparently dumped vault 7 for us all, and that's quite a cache indeed! Perhaps that's his trick, and his trick is done, so he's no more to hide... just postulating.