yes, they look for stego, as a "Hacker Tool"
shaddack at ns.arachne.cz
Fri Aug 13 16:48:06 PDT 2004
On Fri, 13 Aug 2004, Major Variola (ret) wrote:
> Any jpg which looks like noise will be of interest. And any stego
> program will make them look at your images (etc) more closely :-)
> Most of the programs they've hashed is so the forensic pigs can discount
> them. But they would find known-stego tools very interesting. And they
> would find them, even if renamed, from their sigs; but not if
> polymorphic or encrypted, but then they would be in the "unknown"
> category, along with user-created files. And programs :-) To be
> manually inspected by a forensic dude.
Run a tool for signature changing preemptively, on *all* the files in the
system that can be changed without changing their function? Then you have
the forest where every tree is marked and the leprechaun is laughing.
> These hash-CDROMs are also useful for finding unlicensed software and
Another reason for making your data unique.
> Osama sez: Always use original images and sounds as stego carriers.
DV camcorders are becoming increasingly popular. Is there any software to
stego the data into DV streams? Such files are suitable as carriers, as it
is easy to produce gigabytes and gigabytes of meaningful data from a
single friend's wedding - which allows even sparse encoding without having
improbable amount of data.
> And keep your tools encrypted, or on memory sticks you can flush or
> snap with your fingers.
Beware of destruction of memory sticks; as long as the Flash chip is
intact, even if its casing itself is broken, it is easy for a properly
equipped lab to get the chip out of the case and bond it to new casing.
The Flash chips used in the USB disks have serial interfaces, which makes
the task of connecting them again rather easy, if you have the right toys
(available for anybody who does eg. thick-layer hybrid circuits).
A neat trick to lower the suspicion-factor for stego in JPEG or video
could be releasing a closed-source program for Windows as either freeware
or easy-to-hack (or without the time check at all) shareware (we don't
want the money here, but we want the people to think it's doing a lot of
good for them, and there still is a segment of consumers who think that
when it is free, it's worthless), which is touted loudly for enhancing the
images. While all it can be doing is to slightly manipulate brightness and
contrast in the too dark or too light areas, smear or sharpen the image a
little bit; may be just couple NetPBM tools cobbled together with a nice
interface added (we'll violate the licence here, but that's a minor detail
- which can further serve to bring attention to the tool). And, last but
not least, inserting a steganographed random data into them. May be
something meaningful, may be just random data, may be perhaps random data
chunked to packets looking like a GPG-encrypted file.
Put it online, wait until the news are slow, and get some computer
graphics magazines interested in it, writing articles about it. Perhaps
run an astroturf campaign, guerrilla marketing. Get it distributed on the
CDs shipped with them. Even with just fraction of % of the images "in the
wild" there will be a lot of them looking like stegoed, serving as a
convenient smokescreen for the "real" ones.
The sheeple don't have to be only a threat. They can be useful, if their
gullibility is properly exploited.
More information about the cypherpunks-legacy