Entries Tagged "steganography"

Page 4 of 5

Natural Language Shellcode


In this paper we revisit the assumption that shellcode need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shellcode that is superficially similar to English prose. We argue that this new development poses significant challenges for inline payloadbased inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shellcode injection attacks altogether.

Posted on March 25, 2010 at 7:16 AMView Comments

Steganography Using TCP Retransmission


Hiding Information in Retransmissions

Wojciech Mazurczyk, Milosz Smolarczyk, Krzysztof Szczypiorski

The paper presents a new steganographic method called RSTEG (Retransmission Steganography), which is intended for a broad class of protocols that utilises retransmission mechanisms. The main innovation of RSTEG is to not acknowledge a successfully received packet in order to intentionally invoke retransmission. The retransmitted packet carries a steganogram instead of user data in the payload field. RSTEG is presented in the broad context of network steganography, and the utilisation of RSTEG for TCP (Transport Control Protocol) retransmission mechanisms is described in detail. Simulation results are also presented with the main aim to measure and compare the steganographic bandwidth of the proposed method for different TCP retransmission mechanisms as well as to determine the influence of RSTEG on the network retransmissions level.

I don’t think these sorts of things have any large-scale applications, but they are clever.

Posted on May 28, 2009 at 6:40 AMView Comments

Terrorists and Child Porn, Oh My!

It’s the ultimate movie-plot threat: terrorists using child porn:

It is thought Islamist extremists are concealing messages in digital images and audio, video or other files.

Police are now investigating the link between terrorists and paedophilia in an attempt to unravel the system.

It could lead to the training of child welfare experts to identify signs of terrorist involvement as they monitor pornographic websites.

Of course, terrorists and strangers preying on our children are two of the things that cause the most fear in people. Put them together, and there’s no limit to what sorts of laws you can get passed.

EDITED TO ADD (10/22): Best comment:

Why would terrorists hide incriminating messages inside incriminating photographs? That would be like drug smugglers hiding kilos of cocaine in bales of marijuana.

Posted on October 22, 2008 at 12:57 PMView Comments

Friday Squid Blogging: Natural Squid Steganography

Squid can communicate with each other without any other fish noticing:

Squid and their relatives have eyes that are sensitive to polarised light and to them and are known to use it to signal to one another. Their predators on the other hand, like seals or whales, don’t share this ability and cannot see the squids’ signals.

Most of all, the polarised iridescent light, is not affected by the chromatophores and passes through unaltered. This means that camouflaged squid can have entire visual conversations while remaining invisible to passing predators. In the world of squid, conversations carry secrets wrapped in lies.

Posted on October 10, 2008 at 4:58 PMView Comments

The Pentagon's World of Warcraft Movie-Plot Threat

In a presentation that rivals any of my movie-plot threat contest entries, a Pentagon researcher is worried that terrorists might plot using World of Warcraft:

In a presentation late last week at the Director of National Intelligence Open Source Conference in Washington, Dr. Dwight Toavs, a professor at the Pentagon-funded National Defense University, gave a bit of a primer on virtual worlds to an audience largely ignorant about what happens in these online spaces. Then he launched into a scenario, to demonstrate how a meatspace plot might be hidden by in-game chatter.

In it, two World of Warcraft players discuss a raid on the “White Keep” inside the “Stonetalon Mountains.” The major objective is to set off a “Dragon Fire spell” inside, and make off with “110 Gold and 234 Silver” in treasure. “No one will dance there for a hundred years after this spell is cast,” one player, “war_monger,” crows.

Except, in this case, the White Keep is at 1600 Pennsylvania Avenue. “Dragon Fire” is an unconventional weapon. And “110 Gold and 234 Silver” tells the plotters how to align the game’s map with one of Washington, D.C.

I don’t know why he thinks that the terrorists will use World of Warcraft and not some other online world. Or Facebook. Or Usenet. Or a chat room. Or e-mail. Or the telephone. I don’t even know why the particular form of communication is in any way important.

The article ends with this nice paragraph:

Steven Aftergood, the Federation of the American Scientists analyst who’s been following the intelligence community for years, wonders how realistic these sorts of scenarios are, really. “This concern is out there. But it has to be viewed in context. It’s the job of intelligence agencies to anticipate threats and counter them. With that orientation, they’re always going to give more weight to a particular scenario than an objective analysis would allow,” he tells Danger Room. “Could terrorists use Second Life? Sure, they can use anything. But is it a significant augmentation? That’s not obvious. It’s a scenario that an intelligence officer is duty-bound to consider. That’s all.”

My guess is still that some clever Pentagon researchers have figured out how to play World of Warcraft on the job, and they’re not giving that perk up anytime soon.

Posted on September 18, 2008 at 1:29 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.