yes, they look for stego, as a "Hacker Tool"
Major Variola (ret)
mv at cdc.gov
Fri Aug 13 16:19:05 PDT 2004
>> A cool thing for this purpose could be a patch for gcc to produce
unique
>> code every time, perhaps using some of the polymorphic methods used
by
>> viruses.
>
>The purpose would be that they do not figure out that you are using
some
>security program, so they don't suspect that noise in the file or look
for
>stego, right?
Yes, they do. Check the link. The CDROM of file hashes contains a
category
"Hacker Tools" that includes the Stego tools they could
download from the 'net.
Any jpg which looks like noise will be of interest. And any stego
program
will make them look at your images (etc) more closely :-)
Most of the programs they've hashed is so the forensic pigs can discount
them.
But they would find known-stego tools very interesting.
And they would find them, even if renamed, from their sigs; but not if
polymorphic or encrypted, but then they would be in the "unknown"
category, along with user-created files. And programs :-) To be
manually
inspected by a forensic dude.
These hash-CDROMs are also useful for finding unlicensed software and
music....
----
Osama sez: Always use original images and sounds as stego carriers. And
keep your tools encrypted, or on memory sticks you can flush or
snap with your fingers.
More information about the cypherpunks-legacy
mailing list