Comments

Glenn Willen October 29, 2012 6:08 PM

Error level analysis is a great example of a little knowledge being a dangerous thing. This guy appears to know how to use it, but mostly it gets used by people who have no idea what it is, to call ‘fake’ on photos which, though they make be fake, do not actually show any suspicious ELA signs…

Jim October 29, 2012 6:15 PM

This is bogus. Fotoforensics and “error level analysis” is hardly proof of anything. For the uninitiated, all they do is decompress, recompress, and decompress the JPEG, then show the subtracted difference between the two decompressed versions.

This article’s author states: “See how the statue of liberty and land on which she stands is much brighter than the background? That indicates that that image has been pasted on top of the other, so we know it’s fake.”. But go try it on a real image of the Statue of Liberty and you’ll see the exact same thing.

Emma Bull October 29, 2012 6:55 PM

Of course, the best proof is that the storm image is a photo of a tornado, not a hurricane. But maybe you have to be a Midwesterner to recognize it. g

Guy October 29, 2012 6:59 PM

@Jim — It’s true that it’s not proof, but it is suggestive. The photo you show should be typical for an unmanipulated photo that contains a clear sky. As the sky is just a gradient (almost no detail), there’s little potential for error, so the ELA analysis is dark for this part. But note that he rest of the photo ie even noise. This suggests that it is unmanimupulated.

Matthew October 29, 2012 10:13 PM

Jim, the original you selected is tiny, meaning it has already been resized and that its error levels will be high. Additionally, the ELA shows a great deal of color, where the RJS one does not.

But of course, the image from the RJS Security article is also tiny, so the image you chose might be a good control.

Here’s the ELA of a substantially larger image of the statue, taken from flickr. As the fotoforensics.com tutorial suggests, we see the high error levels almost entirely around the high contrast edges of things.

Ian October 30, 2012 5:50 AM

Sorry to be a pedant but…. “even if there weren’t a hurricane”, surely it should be “even if there wasn’t a hurricane”

Jonadab October 30, 2012 5:59 AM

The really interesting thing here is the use of TinEye to suss out one of the source photos.

Of course, that’s only possible if the source photos are available on the public internet. That’s almost always the case for amateur jobs, but a better-funded hoax (in particular, one conducted as part of an organized commercial fraud) might have access to non-public stock photo libraries or even have the ability to take custom photographs for the fake in some cases. In this particular instance, it would probably not be practical to take a custom photo of a tornado, but if the fraud were e.g. a bogus new medical product (a perennially popular way to separate people from their money) it would be relatively trivial to put together a team of actors and make-up artists and fake up any photo set you like. The first victim who parts with a few thousand dollars more than pays for the lot, and after that it’s all profit.

Ken October 30, 2012 8:28 AM

Fake images aren’t as much of an issue as real images taken out of context.

I performed a bit of a social engineering experiment yesterday. I took the NASA image of Hurricane Sandy from space, added some static, a nonsense camera ID label (something like “VIS CAM 003 NA”), and a real-time timestamp, and streamed the image to USTREAM for a couple hours – never making the claim that it was an actual live feed. Viewers peaked at about 10 viewers for an hour.

I can’t help but chuckle a little at the fact that 10 people stared at the same image for an hour, and never questioned the fact that the image never changed.

Thunderbird October 30, 2012 9:55 AM

I can’t help but chuckle a little at the fact that 10 people stared at the same image for an hour, and never questioned the fact that the image never changed.

Was the same ten people?

boog October 30, 2012 10:42 AM

@Jim

This is bogus. Fotoforensics and “error level analysis” is hardly proof of anything.

Agreed. The author would do best next time to note that sometimes ELA doesn’t work.

tc October 30, 2012 11:30 AM

To state the obvious, regardless of the photo analysis, the photo doesn’t line up with facts, which are the path of the hurricane. The center (eye) didn’t come ashore in NYC. One could claim a twister being spawned, but that would also have been reported.

Ken October 30, 2012 12:10 PM

@Thunderbird – Yes I do believe it was the same 10 people, as the “total views” didn’t change during this time either.

Normally if someone stops watching, and another takes their place, the number of “total views” will increase, even if the number of “current views” remains the same.

Josh More October 30, 2012 2:19 PM

@Jim, I disagree that it is bogus. ELA isn’t magic and, as @Glenn noted, can be misused, but it is a decent initial indicator that something warrants deeper inspection.

There are many ways to detect manipulated images, ranging from looking at light/shadow direction to colour distortion to compression artifacts to the expert knowledge that @tc mentions. However, my quick and dirty HOWTO was intended to be just that. My goal is not to provide a definitive source to identifying manipulated images, it was to provide an easy method for non-technical and novices at image analysis to protect themselves. I am trying to promote skepticism, not arm people for a fight.

Of course ELA can be trivially circumvented, as @Johns noted. It does not, for example, indicate manipulations done on lossless raster images. So, if you want to make a more convincing fake, you could simple convert to .png, manipulate, possibly do a colour adjustment, resave as .jpg and submit.

If you are serious about it, you’d do what Ti Kawamoto did with the Nexus X. (Site currently offline due to the hurricane. Google cache here. That’s the attack vector that @Jonadeb mentions, and is a completely different attack tier than the “let’s fool a lot of people quick” attack that I was concerned about.

I did consider going a bit deeper into the flaws with ELA, but my concern was that if it got overly technical I’d do a good job of communicating to hoax-resistant people and completely miss the intended audience of people making the problem worse on Facebook and Twitter. FotoForensics has a decent FAQ and Tutorial for the interested. I figured that, in this case, speed outweighed robust technical accuracy.

It’s a difficult balance to strike.

Ken October 30, 2012 3:58 PM

I’ve finally had a chance to review the statistics from yesterday’s webcam broadcast and have posted an article on the topic for anyone interested.

I also used the FotoForensics tool on the webcam image…and it passes the test…because it is a “real” image. It’s just taken out of context.

Interestingly enough according to FotoForensics of the photoshopped UFO image, the only “real” part of the image is the UFO.

Josh More October 30, 2012 4:25 PM

@Ken, What you’re seeing in the ELA in the UFO image is the compression difficulty of working with a noisy image. Since the original image was high noise (low quality), it has high ELA values. The UFO, in contrast, compresses better, so it has lower values. Changes that are detectable by ELA aren’t only bright areas (though they often are).

A better UFO hoax would have been to run a noise reduction on the original image, add the UFO at a similar blur level and then add blur back in. That would look more uniform.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.