Steganography: how al-Qaeda hid secret documents in a porn video

When a suspected al-Qaeda member was arrested in Berlin in May of 2011, he was found with a memory card with a password-protected folder—and the files within it were hidden. But, as the German newspaper Die Zeit reports, computer forensics experts from the German Federal Criminal Police (BKA) claim to have eventually uncovered its contents—what appeared to be a pornographic video called “KickAss.”

Within that video, they discovered 141 separate text files, containing what officials claim are documents detailing al-Qaeda operations and plans for future operations—among them, three entitled “Future Works,” “Lessons Learned,” and “Report on Operations.”

So just how does one store a terrorist’s home study library in a pirated porn video file? In this case the files had been hidden (unencrypted) within the video file through a well-known approach for concealing messages in plain sight: steganography.

» via ars technica

Hiding messages in VoIP packets

A group of researchers from the Institute of Telecommunications of the Warsaw University of Technology have devised a relatively simple way of hiding information within VoIP packets exchanged during a phone conversation.

The called the method TranSteg, and they have proved its effectiveness by creating a proof-of-concept implementation that allowed them to send 2.2MB (in each direction) during a 9-minute call.

» via Help Net Security

Clive Thompson on Secret Messages in the Digital Age

In 440 BC, the Greek historian Herodotus first described a trick that spies used to send hidden messages. They’d write something on the wooden back of a wax tablet, then cover the message with wax bearing its own message. If enemies intercepted the tablet, they wouldn’t suspect it contained anything strange. It’s called steganography: hiding one message inside another.
Two thousand years later, teenagers are doing something similar to communicate with one another—on Facebook.
What turned teens into Greek spies? The parent problem. If you’re in high school these days, a lot of your socializing happens online, but your parents usually insist on being “friended” so they can check what you’re posting. This creates a communication dilemma. You want to post candid updates about your life so your friends know what’s going on—but not so candid that your folks catch wind of it.
The solution is what researcher Danah Boyd has dubbed social steganography. Teenagers now post status updates that have two layers: A bland surface meaning intended for parents, and a deeper, richer significance that can be decoded only by close friends.

» via Wired High-res

Clive Thompson on Secret Messages in the Digital Age

In 440 BC, the Greek historian Herodotus first described a trick that spies used to send hidden messages. They’d write something on the wooden back of a wax tablet, then cover the message with wax bearing its own message. If enemies intercepted the tablet, they wouldn’t suspect it contained anything strange. It’s called steganography: hiding one message inside another.

Two thousand years later, teenagers are doing something similar to communicate with one another—on Facebook.

What turned teens into Greek spies? The parent problem. If you’re in high school these days, a lot of your socializing happens online, but your parents usually insist on being “friended” so they can check what you’re posting. This creates a communication dilemma. You want to post candid updates about your life so your friends know what’s going on—but not so candid that your folks catch wind of it.

The solution is what researcher Danah Boyd has dubbed social steganography. Teenagers now post status updates that have two layers: A bland surface meaning intended for parents, and a deeper, richer significance that can be decoded only by close friends.

» via Wired

Social Steganography: Learning to Hide in Plain Sight

Carmen is engaging in social steganography. She’s hiding information in plain sight, creating a message that can be read in one way by those who aren’t in the know and read differently by those who are. She’s communicating to different audiences simultaneously, relying on specific cultural awareness to provide the right interpretive lens. While she’s focused primarily on separating her mother from her friends, her message is also meaningless to broader audiences who have no idea that she had just broken up with her boyfriend. As far as they’re concerned, Carmen just posted an interesting lyric.

Social steganography is one privacy tactic teens take when engaging in semi-public forums like Facebook. While adults have worked diligently to exclude people through privacy settings, many teenagers have been unable to exclude certain classes of adults – namely their parents – for quite some time. For this reason, they’ve had to develop new techniques to speak to their friends fully aware that their parents are overhearing. Social steganography is one of the most common techniques that teens employ. They do this because they care about privacy, they care about misinterpretation, they care about segmented communications strategies. And they know that technical tools for restricting access don’t trump parental demands to gain access. So they find new ways of getting around limitations. And, in doing so, reconstruct age-old practices.

» via apophenia

prostheticknowledge:

Collage: Defeating Censorship with User-Generated Content
Stenanographic tool to beat censorship, helping insert hidden messages into tweets and Flickr images
From Ars Technica:

Georgia Tech researchers have developed a tool called Collage that will  allow Internet dissidents to insert hidden messages into Twitter posts  and Flickr images in order to circumvent the censorship measures imposed  by oppressive governments.
…
“This project offers a possible next step in the censorship arms race:  rather than relying on a single system or set of proxies to circumvent  censorship firewalls, we explore whether the vast deployment of sites  that host user-generated content can breach these firewalls,” the  project’s website explains. “We have developed Collage, which allows  users to exchange messages through hidden channels in sites that host  user-generated content.”
(Link To Arts Technica article)

It was also noted that hidden messages on social networks occured during the recent insident involving a Russian spy (and Facebook)!!
Software will be released in a few weeks, which I’m sure will have some meaningful, useful (and even creative) uses.
Link to Collage web page High-res

prostheticknowledge:

Collage: Defeating Censorship with User-Generated Content

Stenanographic tool to beat censorship, helping insert hidden messages into tweets and Flickr images

From Ars Technica:

Georgia Tech researchers have developed a tool called Collage that will allow Internet dissidents to insert hidden messages into Twitter posts and Flickr images in order to circumvent the censorship measures imposed by oppressive governments.

“This project offers a possible next step in the censorship arms race: rather than relying on a single system or set of proxies to circumvent censorship firewalls, we explore whether the vast deployment of sites that host user-generated content can breach these firewalls,” the project’s website explains. “We have developed Collage, which allows users to exchange messages through hidden channels in sites that host user-generated content.”

(Link To Arts Technica article)

It was also noted that hidden messages on social networks occured during the recent insident involving a Russian spy (and Facebook)!!

Software will be released in a few weeks, which I’m sure will have some meaningful, useful (and even creative) uses.

Link to Collage web page

FBI: Spies Hid Secret Messages on Public Websites

The accused Russian spy network started using steganography as early as 2005, according to the Justice Department’s criminal complaint against the conspirators, unsealed yesterday in Manhattan. In 2005, law enforcement agents raided the home of one of the alleged spies. There, they found a set of password-protected disks and a piece of paper, marked with “alt,” “control,” “e,” and a string of 27 characters. When they used that as a password, the G-Men found a program that allowed the spies “to encrypt data, and then clandestinely to embed the data in images on publicly available websites.”

The G-Men also found a hard drive. On it was an address book with website URLs, as well as the user’s web traffic history. “These addresses, in turn, had links to other websites,” the complaint notes. “Law-enforcement agents visited some of the referenced websites, and many others as well, and have downloaded images from them. These images appear wholly unremarkable to the naked eye. But these images (and others) have been analyzed using the Steganography Program. As a result of this analysis, some of the images have been revealed as containing readable text files.”

These messages were used to arrange meetings, cash drops, deliveries of laptops and further information exchanges. One of the steganographically hidden messages also directed the conspirators to use radiograms — a decades-old method to pass information, long discredited in spooky circles.

» via Wired