Entries Tagged "steganography"

Page 2 of 5

Friday Squid Blogging: More Research Inspired by Squid Skin

Research on color-changing materials:

What do squid and jellyfish skin have in common with human skin? All three have inspired a team of chemists to create materials that change color or texture in response to variations in their surroundings. These materials could be used for encrypting secret messages, creating anti-glare surfaces, or detecting moisture or damage.

They don’t really mean “encrypting”; they mean hiding. But interesting nonetheless.

Posted on September 9, 2016 at 4:31 PMView Comments

HAMMERTOSS: New Russian Malware

FireEye has a detailed report of a sophisticated piece of Russian malware: HAMMERTOSS. It uses some clever techniques to hide:

The Hammertoss backdoor malware looks for a different Twitter handle each day — automatically prompted by a list generated by the tool — to get its instructions. If the handle it’s looking for is not registered that day, it merely returns the next day and checks for the Twitter handle designated for that day. If the account is active, Hammertoss searches for a tweet with a URL and hashtag, and then visits the URL.

That’s where a legit-looking image is grabbed and then opened by Hammertoss: the image contains encrypted instructions, which Hammertoss decrypts. The commands, which include instructions for obtaining files from the victim’s network, typically then lead the malware to send that stolen information to a cloud-based storage service.

Another article. Reddit thread.

Posted on July 31, 2015 at 11:12 AMView Comments

Hiding a Morse Code Message in a Pop Song

In Colombia:

The team began experimenting with Morse code using various percussion instruments and a keyboard. They learned that operators skilled in Morse code can often read the signals at a rate of 40 words per minute ­ but played that fast, the beat would sound like a European Dance track. “We discovered the magic number was 20,” says Portela. “You can fit approximately 20 Morse code words into a piece of music the length of a chorus, and it sounds okay.”

[…]

Portela says they played with the Morse code using Reason software, which gives each audio channel or instrument its own dedicated track. With a separate visual lane for certain elements, it was possible to match the code to the beat of the song — and, crucially, blend it in.

Hiding the Morse code took weeks, with constant back-and-forth with Col. Espejo and the military to make sure their men could understand the message. “It was difficult because Morse code is not a musical beat. Sometimes it was too obvious,” says Portela. “Other times the code was not understood. And we had to hide it three times in the song to make sure the message was received.”

Posted on February 2, 2015 at 7:01 AMView Comments

Analysis of Printer Watermarking Techniques

Interesting paper: Maya Embar, Louis M. McHough IV, and William R. Wesselman, “Printer watermark obfuscation,” Proceeding
RIIT ’14: Proceedings of the 3rd annual conference on Research in information technology
:

Abstract: Most color laser printers manufactured and sold today add “invisible” information to make it easier to determine when a particular document was printed and exactly which printer was used. Some manufacturers have acknowledged the existence of the tracking information in their documentation while others have not. None of them have explained exactly how it works or the scope of the information that is conveyed. There are no laws or regulations that require printer companies to track printer users this way, and none that prevent them from ceasing this practice or providing customers a means to opt out of being tracked. The tracking information is coded by patterns of yellow dots that the printers add to every page they print. The details of the patterns vary by manufacturer and printer model.

EDITED TO ADD (11/14): List of printers and whether or not they display tracking dots (may not be up to date).

Posted on October 24, 2014 at 8:36 AMView Comments

Operation Vula

Talking to Vula” is the story of a 1980s secret communications channel between black South African leaders and others living in exile in the UK. The system used encrypted text encoded into DTMF “touch tones” and transmitted from pay phones.

Our next project was one that led to the breakthrough we had been waiting for. We had received a request, as members of the Technical Committee, to find a way for activists to contact each other safely in an urban environment. Ronnie had seen a paging device that could be used between users of walkie-talkies. A numeric keypad was attached to the front of each radio set and when a particular number was pressed a light would flash on the remote set that corresponded to the number. The recipient of the paging signal could then respond to the caller using a pre-determined frequency so that the other users would not know about it.

Since the numbers on the keypad actually generated the same tones as those of a touch-tone telephone it occurred to us that instead of merely having a flashing light at the recipient`s end you could have a number appear corresponding to the number pressed on the keypad. If you could have one number appear you could have all numbers appear and in this way send a coded message. If the enemy was monitoring the airwaves all they would hear was a series of tones that would mean nothing.

Taking this a step further we realised that if you could send the tones by radio then they could also be sent by telephone, especially as the tones were intended for use on telephone systems. Ronnie put together a little microphone device that – when held on the earpiece of the receiving telephone – could display whatever number was pressed at the sending end. Using touch-tone telephones or separate tone pads as used for telephone banking services two people could send each other coded messages over the telephone. This could be done from public telephones, thus ensuring the safety of the users.

To avoid having to key in the numbers while in a telephone booth the tones could be recorded on a tape recorder at home and then played into the telephone. Similarly, at the receiving end, the tones could be recorded on a tape recorder and then decoded later. Messages could even be sent to an answering machine and picked up from an answering machine if left as the outgoing message.

We gave a few of these devices, disguised as electronic calculators, to activists to take back to South Africa. They were not immensely successful as the coding still had to be done by hand and that remained the chief factor discouraging people from communicating.

The next step was an attempt to marry the tone communication system with computer encryption. Ronnie got one of the boffins at the polytechnic to construct a device that produced the telephone tones at very high speed. This was attached to a computer that did the encryption. The computer, through the device, output the encrypted message as a series of tones and these could be saved on a cassette tape recorder that could be taken to a public telephone. This seemed to solve the problem of underground communications as everything could be done from public telephones and the encryption was done by computer.

Lots more operational details in the article.

Posted on December 26, 2013 at 6:44 AMView Comments

New Report on Teens, Social Media, and Privacy

Interesting report from the From the Pew Internet and American Life Project:

Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006:

  • 91% post a photo of themselves, up from 79% in 2006.
  • 71% post their school name, up from 49%.
  • 71% post the city or town where they live, up from 61%.
  • 53% post their email address, up from 29%.
  • 20% post their cell phone number, up from 2%.

60% of teen Facebook users set their Facebook profiles to private (friends only), and most report high levels of confidence in their ability to manage their settings.

danah boyd points out something interesting in the data:

My favorite finding of Pew’s is that 58% of teens cloak their messages either through inside jokes or other obscure references, with more older teens (62%) engaging in this practice than younger teens (46%)….

While adults are often anxious about shared data that might be used by government agencies, advertisers, or evil older men, teens are much more attentive to those who hold immediate power over them — parents, teachers, college admissions officers, army recruiters, etc. To adults, services like Facebook that may seem “private” because you can use privacy tools, but they don’t feel that way to youth who feel like their privacy is invaded on a daily basis. (This, btw, is part of why teens feel like Twitter is more intimate than Facebook. And why you see data like Pew’s that show that teens on Facebook have, on average 300 friends while, on Twitter, they have 79 friends.) Most teens aren’t worried about strangers; they’re worried about getting in trouble.

Over the last few years, I’ve watched as teens have given up on controlling access to content. It’s too hard, too frustrating, and technology simply can’t fix the power issues. Instead, what they’ve been doing is focusing on controlling access to meaning. A comment might look like it means one thing, when in fact it means something quite different. By cloaking their accessible content, teens reclaim power over those who they know who are surveilling them. This practice is still only really emerging en masse, so I was delighted that Pew could put numbers to it. I should note that, as Instagram grows, I’m seeing more and more of this. A picture of a donut may not be about a donut. While adults worry about how teens’ demographic data might be used, teens are becoming much more savvy at finding ways to encode their content and achieve privacy in public.

Posted on May 24, 2013 at 8:40 AMView Comments

Al Qaeda Steganography

The reports are still early, but it seems that a bunch of terrorist planning documents were found embedded in a digital file of a porn movie.

Several weeks later, after laborious efforts to crack a password and software to make the file almost invisible, German investigators discovered encoded inside the actual video a treasure trove of intelligence — more than 100 al Qaeda documents that included an inside track on some of the terror group’s most audacious plots and a road map for future operations.

Posted on May 2, 2012 at 12:41 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.