Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Education

Hacktivismo to Release Steganography Tool 204

Posted by timothy from the say-cheese-in-pig-latin dept.
Anonymonkey writes: "According to this story at , a group called Hacktivismo will release a steganographic tool called Camera/Shy at H2K2 this year. Apparently, it will make it easy for persecuted political groups to hide messages in images. The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty."
This discussion has been archived. No new comments can be posted.

Hacktivismo to Release Steganography Tool More

Hacktivismo to Release Steganography Tool

Comments Filter:
  • it will make it easy for persecuted political groups to hide messages in images.

    What do they mean by persecuted anyway? One could argue that the Taliban/Al Qaeda are persecuted political groups...

    • Re:Hm... (Score:2, Interesting)

      by Smitedogg ( 527493 )
      It's easier, I'm sure, to make and distribute a program that terrorists could possibly use in some manner to attack us if you say 'It's for the persecuted political groups' instead. Has a catchy "For the children" ring to it". Plus it's good PR, of course.

      • You're absolutely right! (Score:5, Insightful)

        by brooks_talley ( 86840 ) <brooks@@@frnk...com> on Thursday July 04, 2002 @03:15PM (#3823583) Journal
        You're absolutely right. I find it dispicable that people would release programs that terrorists could possibly use, with the weak excuse that there might be other legitimate uses! I mean, if we got rid of Steganography, PGP, Linux, MS Word, AutoCAD, MS Project, Bablefish, Oracle, OpenOffice, Squid, Rogue Spear, Mathmatica, Apache, Cu-Seeme, and KSH... why, the world would surely be a safer place!

        Cheers
        -b
        • Not what I'm saying at all. I'm just saying with Ol' Bushie in office and everyone running around screaming about terrorists-this and terrorists-that you have to be careful; so why not just say your product helps 'oppressed people' and prempt anyone screaming "Terrorists can use that!"? Harms no one, but fools the jingos into thinking things like "Kurds and Chinese Christians can now tell the world their stories", which keeps the heat off us. Hell, we've lost enough rights already thanks to the Patriot Act, why put ourselves at risk more?
          • Hell, we've lost enough rights already thanks to the Patriot Act.

            What rights have you lost under the patriot act?

            • Re:You're absolutely right! (Score:4, Informative)

              by Anonymous Coward on Thursday July 04, 2002 @06:24PM (#3824235)
              There's a fairly comprehensive list here [ccr-ny.org].

              In summary:

              • Silencing Political Dissent
                Section 802 of the USA PATRIOT Act creates a federal crime of "domestic terrorism" that broadly extends to "acts dangerous to human life that are a violation of the criminal laws" if they "appear to be intended...to influence the policy of a government by intimidation or coercion," and if they "occur primarily within the territorial jurisdiction of the United States."

                Read: Politicial protestors who block traffic are terrorists.

              • Enhanced Surveillance Powers
                By and large, Congress granted the Administration its longstanding wish list of enhanced surveillance tools, coupled with the ability to use these tools with only minimal judicial and Congressional oversight. In its rush to pass an anti-terrorism bill, Congress failed to exact in exchange a showing that these highly intrusive new tools are actually needed to combat terrorism and that the Administration can be trusted not to abuse them.

                Read: Now we can spy on our citizens with minimal accountability.

              • Sneak and Peek Searches
                Section 213 of the Act authorizes federal agents to conduct "sneak and peek searches," or covert searches of a person's home or office that are conducted without notifying the person of the execution [within a "reasonable period", ie 90 days] of the search warrant until after the search has been completed.

                Read: Oh, by the way, we searched your apartment a few months ago while you and your family were at work/school. We were just checking to see if you were terrorists, but you werent! Just thought you would wanted to know. By the way those tapes of you and your wife were very kinky.

              • Access to Records in International Investigations
                Under Section 215, the Director of the FBI or a designee as low in rank as an Assistant Special Agent in Charge may apply for a court order requiring the production of "any tangible things (including books, records, papers, documents, and other items)" upon his written statement that these items are being sought for an investigation "to protect against international terrorism or clandestine intelligence activities."

                Read: Sorry we had to take all of your computer equipment; we just wanted to see if you were a terrorist. After scanning everything, we've decided that you're not. But don't worry... you'll get all of it back after all the red tape clears, in about 12-18 months.

              • Tracking Internet Usage
                Under Section 216 of the Act, courts are required to order the installation of a pen register and a trap and trace device31 to track both telephone and Internet "dialing, routing, addressing and signaling information"32 anywhere within the United States when a government attorney has certified that the information to be obtained is "relevant to an ongoing criminal investigation."

                Read: Oh, we found out that one of your neighbors is smoking pot, so we had to spy on everyone in the apartment complex for a few years to make sure nobody else was working in connection with this "terrorist".

              • Allowing Law Enforcement Agencies to Evade the Fourth Amendment's Probable Cause Requirement
                Perhaps the most radical provision of the USA PATRIOT Act is Section 218, which amends FISA's wiretap and physical search provisions. Under FISA, court orders permitting the executive to conduct surreptitious foreign intelligence wiretaps and physical searches may be obtained without the showing of probable cause required for wiretaps and physical searches in criminal investigations.

                Read: We don't need the 4th amendment anymore.

              • Sharing of Sensitive Criminal and Foreign Intelligence Information
                While some additional sharing of information between agencies is undoubtedly appropriate given the nature of the terrorist threats we face, the Act fails to protect us from the dangers posed to our political freedoms and our privacy when sensitive personal information is widely shared without court supervision.

                Read: Political dissidents (now called "benign domestic terrorists" by the media) have no rights to privacy.

              • Stripping Immigrants of Constitutional Protections
                The USA PATRIOT Act deprives immigrants of their due process and First Amendment rights through two mechanisms that operate in tandem. First, Section 411 vastly expands the class of immigrants who are subject to removal on terrorism grounds through its broad definitions of the terms "terrorist activity," "engage in terrorist activity," and "terrorist organization." Second, Section 412 vastly expands the authority of the Attorney General to place immigrants he suspects are engaged in terrorist activities in detention while their removal proceedings are pending.

                Read: If you've ever even send medical supplies or a care package to an innocent citizen in a middle eastern country while islamic extremists were in power, you and your family will be immediately jailed without explanation upon trying to immigrate to the USA.

              So basically, if you don't particularly want the rights given to you by the First and Fourth Amendments to the Constitution, then the Patriot Act is a Good Thing(TM)(R)(C)

              • I've see nothing except the 'mobile wire tap' that's different from what has always been available to law enforcement provided there is a court warrant. If someone is to be wiretapped at all, a mobile wire tap and a tap on Internet communications only makes sense.

                Due process appears to be intact.

              • Read: Politicial protestors who block traffic are terrorists.

                No, but running them down with my car shouldn't be a crime.

                Seriously, blocking ambulances or emergency vehicles are "acts dangerous to human life that are a violation of the criminal laws". Do so, and I hope you get a nice long jail term.

                Section 213 of the Act authorizes federal agents to conduct "sneak and peek searches," or covert searches of a person's home or office that are conducted without notifying the person of the execution [within a "reasonable period", ie 90 days] of the search warrant until after the search has been completed.

                Right. Because if you TOLD criminals you were going to search their places ahead of time, they'd do NOTHING to remove evidence.

                I'm not going to bother with the rest of your paranoia, because it mostly comes down to "Republicans are evil incarnate, and can't be trusted like those oppressive regimes that I love."

                -jon

        • There should be some limits though, by analogy:
          I mean, if we got rid of nuclear weapons, long range missiles, tanks, rifles, pistols, knives, spoons, tooth-picks, napkins... why, the world would surely be a safer place!

          Just an exageration meant to show that your argument does not necessarily hold. You can get rid of some things for the greater good, without infringing on regular people's rights. You don't always have to go by precedent, you can judge actions on their own merit.
          • Sure -- just like "you can take away bombs, guns, knives, box cutters, nail clippers, and toothpicks... and air travel would be so much safer" is a flawed analogy. Oh, wait, terrorist types have shown a shocking disregard for the principle of using obviously dangerous tools.

            Sure, some things are more dangerous or prone to dangerous use than others, but fact is, if someone's really looking to do evil shit, they will find a way to use a spoon if they have to. If "outlawing any implement that could possibly be used for evil" is the philosophy, you have to outlaw everything from nuclear bombs to napkins. Pure and simple.

            That was my point, and I'll stick by it.

            Cheers
            -b
    • Um, they are persecuted political groups. But so are other groups that shouldn't be persecuted.

      Technology, ANY technology, helps your enemies as effectively as it helps your friends. Get over it.
      • I'm don't disagree with your position, but your logic is flawed. The fact that it helps your friends as effectively as your enemies is precisely why the US government doesn't want it's enemies to get tools like these.
    • Comment removed based on user account deletion

    • Falon Gong... (Score:2, Redundant)

      by User 956 ( 568564 )
      What do they mean by persecuted anyway? One could argue that the Taliban/Al Qaeda are persecuted political groups...

      That's correct, but it could also work for groups like the Falun Gong. The Falun Gong is a religous movement that has suffered much oppression [cnn.com] in China [gateway2china.com].

      • The Falun Gong is a religous movement that has suffered much oppression in China.

        Of course, one could also argue that Falun Gong is a doomsday cult which preachs racism [gospelcom.net]. I assume that PRC's government believes that, aside from the implications of competing with a powerful organization full of people with martyr complexes, their actions are little different from Germany's treatment of the Church of $cientology [hypermart.net] and the United States' treatment of Branch Davidians, for example.

    • Any political group who has a lot of enemies be it in China, Russia, Afghanistan, or the US. This is simply encryption, sure a form of encryption better prepared against public scrutiny but encryption none the less. It comes down as always to the fundamental question of whether you want to make available these tools to individuals who have legitimate uses with the understanding that they can also be used against you.
      • This isn't encryption, this is steganography. Encryption is a way of presenting information that makes it very hard to read the message. Steganography prevents you from finding the message itself.

        Both are effective means of communicating covertly, but they are two separate things.

    • Re:Hm... (Score:1, Insightful)

      by Anonymous Coward
      Now that the FBI is allowed to spy on domestic political groups again (not limited to terrorists), we can expect a lot more persecution of legitimate groups, as happened in the 70s under cointelpro [google.com]. Political persecution by the state is, and always has been, a reality to anyone whose activism could pose a problem to the powers that be.

  • It's not the first wheel. (Score:3, Interesting)

    by AftanGustur ( 7715 ) on Thursday July 04, 2002 @02:49PM (#3823470) Homepage

    Will it do anything differently than the rock-solid and famous OutGuess" [madchat.org] ?

  • ... this product is designed for non technical users... oh yah and you need IE5.0 or higher... i wonder what the good old feds are going to have to say about maybe giving some real encryption ro regular people...

    personally i think this is a good project BUT once again im afraid we may have to defend it from the same old DMCA/PATRIOT nonesense...
    • Did you bother to read the title of the article?
      Hacktivismo to Release Steganography Tool
      Please feel free to point out the part where they replace the word "Steganography" with "Encryption".
      • Did you bother to read more than just the title? :)

        From the article:

        Hacktivismo says Camera/Shy will also use encryption, suggesting keys will be needed to reveal secret information in full.

  • Traffic analysis (Score:5, Insightful)

    by AgTiger ( 458268 ) on Thursday July 04, 2002 @02:52PM (#3823483) Homepage
    Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

    That can be enough to tip off the wrong someone.

    Likewise, if you start sending graphic files back and forth where you USED to be sending other types of traffic, whatever entity might be watching those transmissions is likely to catch on. Let's not even go INTO how you're sending MORE data rather than less. Me, I'd be shooting for a method that breaks the communication up, sends it in with a bunch of other garbage to multi-pointed destinations at random times, strongly encrypted en-route so sender and receiver are masked...

    Oh wait, that sounds a lot like a mixmaster remailer.

    And yes, I know, mixmaster and PGP are not an option for environments where the very use of same is enough to get you drawn and quartered.

    • Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E. That can be enough to tip off the wrong someone.

      I would think you wouldn't send any data directly to B at all... you'd merely set up an account on eBay and start selling some junk... but in the pictures of the junk, you hide your steganographied secret messages. Your buddies pose as eBay buyers, and occasionally read your page (along with many others, for cameoflage)... but when they read your page, they "Save Image As..." and extract the secret messages.

      For them to reply back to you, the same process is done in reverse. It would take a pretty sharp government to catch on to this, I think....

    • You could always go out of band, like this [counterpane.com] for example.
    • Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E.

      Absolutely true !

      And sometimes human rights activists get arrested because they spoke to the wrong person.
      You are talking about mistakes here. If you embed messages in images you don't want to bring attention to those images by sending them off in a email. Instead you make them a part of some normaly looking webpage and let everyone download it. That is what is so cool about steganography, nobody will know about the secret message, and even if they know they can't find it unless they know the secret.

    • Ok, I'm referring to the country currently known as "Myanmar" [burmawatch.org], but I refuse to grant the torturing, fascist limp-dick fucks in SLORC the dignity of using their chosen name.

      Basically, from what I've heard, 10% of the adult population of Burma are secret police informants, either willingly or through coercion. You can never be sure who your real friends are, and no activity involving more than one person can be secure. More importantly (to this discussion), unlicensed possession of a modem is severely punished [ahrchk.net]. So, in Burma, stego, crypto, and traffic analysis are all effectively obsolete. Only "trusted" people and organizations get internet access, with the understanding that they will be watched closely. Everyone else lives in medieval isolation (except for working for PepsiCo), cut off from the rest of the world, with far fewer human rights than even the citizens of China.

    • Sometimes it isn't the content that gives you away, it's the fact that you're sending traffic between point A and point B, and B talks to C, D, and E

      In which case Alice, Bob, Chris, Denise and Edward don't communicate directly at all. Instead they use some method to broadcast their steganography disguised messages in a way that will be seen by lots of people.
  • The only thing that is news in that article to me was that a) steonography is being used, and b) the hidden messages will be encrypted.

    So, basically the author had to paste together some code for a front end gui that manages the stenographic encoding with the key based encryption.

    I don't even see how this is going to change anthing or be relevant to those indivuals who use combinations of both at present time.

    Although, I can see myself downloading this when it's released so I can send a test out. But c'mon...

  • Dumb, DUMB idea (Score:5, Insightful)

    by splorf ( 569185 ) on Thursday July 04, 2002 @02:56PM (#3823507)
    Steganography is a lot harder than it sounds. It's easy to hide a message in an image file and have the image still look normal on the screen to a casual observer. It's a hell of a lot harder to keep an opponent from detecting the message by analyzing the file knowing how your program works.

    I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed. By careful, I mean don't even mess with embedding messages in jpg images. It might be reasonably safe to embed them in audio or video streams at very low bit rates, like one bit per several seconds of 44 khz 16 bit PCM audio or mini-DV video. And even that would take sophisticated encoding to keep detection difficult.

    Reference: Security Engineering by Ross Anderson, reviewed on Slashdot a few months ago.

    • Re:Dumb, DUMB idea (Score:2, Insightful)

      by raytracer ( 51035 )
      No, it isn't a dumb idea. It is a very very good idea, and one that carries few risks that aren't risks inherent whenever any citizen works outside the limits their government prescribes for them.

      It isn't hard for to come up with conventional cryptography that is robust against normal attacks. The technology is well understood and can be engineered to be robust against virtually any conventional cryptographic attack. Similarly, steganography is fairly well understood. Even if the government could detect that images or audio files were being used as a covert channel, they would be unable to break the underlying encryption. It would be vastly easier for them to just imprison and torture people into revealing their activities than to assume a technological attack.

      Individuals in these countries are exercising a form of civil disobedience, and it is important that they continue to do so. If oppressive governments are forced to spend all their efforts to detect and eliminate perceived threats, it divides their power and makes it more difficult to hide their clandestine misdeeds.

      • Re:Dumb, DUMB idea (Score:3, Insightful)

        by splorf ( 569185 )
        Even if the government could detect that images or audio files were being used as a covert channel, they would be unable to break the underlying encryption. It would be vastly easier for them to just imprison and torture people into revealing their activities than to assume a technological attack.
        That's the point. In order to imprison and torture people you have to know who to imprison and torture (unless you do it to everyone). You torture people if they do things that attract your suspicion. So the idea of steganography is to avoid attracting suspicion. If the opponent figures out you're using it, you are toast.

        Cryptography is broken if the attacker can read a message, but steganography is broken if the attacker can detect the message. The consequences of either type of break are just as bad. So using detectable steganography is as bad as using weak cryptography.

        There are lots of strong cryptography programs like PGP out there, and well-informed users also know that there's a lot of cryptographic snake oil and understand what snake oil is. But many of the same people think they can blatantly mess around with GIF color tables (etc.) and not get noticed. They are wrong and they are asking for trouble. I haven't seen a steganography program yet whose use in messages isn't pretty easy to detect if you know how the program works. Steganography programs are almost all snake oil. I'd want to see very convincing evidence that the Hacktivision program isn't snake oil before letting anyone trust their life to it.

        • A combination of secure cryptography and steganography is ideal. Cryptographic data should be inheritantly random, and thus, when "they" try to analyze your image to see if there is hidden content, all they will get is random gibberish.
      • I am afraid unless Hacktivismo is really careful and knows what they're doing, their program may get some human rights workers tortured and killed.

      I suspect that it'll actually be repressive regimes that do that, not Hacktivismo. Incidentally, where can we find the steganography tools that you've made publically available?

  • Apparently, it will make it easy for persecuted political groups to hide messages in images.

    Why just 'persecuted political groups'? (which I hope isn't another name for a terrorist organization). The article says that it is easy to use. Which means that you and I can communicate with each other securely, with no one eavesdropping. It's neither a good or bad thing, it's a tool. This tool can be used for good and bad.

    I really think that this post was implying that terrorists will take advantage of this tool. Drop this terrorism crap. Terrorists use many other mundane things to cause damage, why not make a big deal about those items too.
    • Personally, I dont think he was talking about Terrorism. You people gotta get your mind off that shit. Life does not revolve around terrorists.

    • Why just 'persecuted political groups'? (which I hope isn't another name for a terrorist organization).

      Sigh, you are American, right ?
      *Everybody* is either a a terorrist or supporting terrorism !!!!!! Get this into your head !!! It only depends on from which side you are looking.

      Do you think that Afghans who lost their relatives to American cluster bombing think you are not supporting terrorism if you supported the Afghan war ???

      • Sigh, you are Idiot, right? Terrorism has nothing to do with what "side" you are on. That's the typical moral relativist crap that people use to avoid making moral judgements that might mean they'd have to commit to taking a side.

        Let me repeat this for the billionth time:

        TERRORISTS INTENTIONALLY ATTACK CIVILIAN TARGETS TO ADVANCE A POLITICAL AGENDA.

        Americans weren't targeting civilians on purpose in Afghanistan. If they were, a few nukes would have solved any problem with bin Laden real quick, and the collateral damage wouldn't have mattered. But since it DOES matter, the US has been doing things the hard way.

        Notice that the US apologized for attacking a wedding by accident (the funny thing is that no one can find the graves for the 40 people supposedly killed in the attack. A two day search turned up only 5 graves), even though the people were firing weapons (and possibly an anti-aircraft gun) in the air in the middle of a war zone. See, that's because the US is the good guys and regrets killing innocents. I don't remember the al Qaeda apology for killing 3,000 Americans with those airliners. Do you?

        -jon

  • To keep essays from being harvested and parsed into massive validation databases.

    Sites such as the Internet Paper Mill [coastal.edu] and Term Papers [termpapers.com] will start to have to list EssayWritingChicks.com

    Now we should be able to hide from these guys.
    Plagiarism.com [plagiarism.com]
    Plagiarism.org [plagiarism.org]
    Wordcheck [wordchecksystems.com]
    Integriguard [integriguard.com]
    Eve [canexus.com]

  • Certainly a nice toy, yeah, much like any other stego app.

    But, what's the practical application? Surely traffic analysis makes stuff like this pretty lame for routine use? Yes, you can hide one message, or a few, but how do you have a conversation using this kind of technology and not stick out for emailing huge JPEGs back and forth?

    What do you do? Have a competition to photoshop images? Run a porn site?

    I'm just not convinced this is the way to go for real applications.

    • But, what's the practical application? Surely traffic analysis makes stuff like this pretty lame for routine use? Yes, you can hide one message, or a few, but how do you have a conversation using this kind of technology and not stick out for emailing huge JPEGs back and forth? What do you do? Have a competition to photoshop images? Run a porn site?

      Simple, post a pr0n picture (with hidden message) to usenet and put a subject like "Any1 have more pictures of her!", your correspondant gets the message, make another pr0n picture (with hidden response) and post it to usenet with subject "Requested: a picture of that chix, request more" and so on.

      I see it everyday on pr0n newsgroups, err, no that I go there everyday, but errr, well gotta go!

    • Why not just use a webcam as a medium?
  • Hmmm, does it seem strange that such a tool would only be available for IE 5.5+ on the windows platform?
  • Is this anything like that episode of the X-Files where the code for a kill switch was interlaced into the data on a CD-ROM's audio track? It'd be kinda cool to do that ... Of course, there was also that Along came a Spider movie, where they were sending msn-style messages using this sort of technology ... that would also be kinda neat ... (Or did I miss something? Is this about encoding the message into an image, then using the original image to "subtract" and see the message?)
  • You know, in some circles (especially Middle Eastern), groups such as Al Qaida, Islamic Jihad and Hamas are considered "persecuted political gruops". Please, be honest with yourselves, people. That's like saying that the sole and most widespread use of P2P file trading software is for trading of Free, copylefted media.
  • Bond Good afternoon Q, what have you got for me today?

    Q Ok pay attention Bond there have been some developments in secret codes since you last came through. I'd like to tell you about our latest wheeze for getting messages back to HQ by e-mailing pictures of Anna Kournikova.

    Bond You mean the tennis player named after an Internet virus?

    Q The very same. What you need to do is put your message into a very small dot, a micro dot in fact . .

    Bond And stick the dot onto a Kournikova photo?

    Q Exactly.

    Bond Why Kournikova? apart from the obvious?

    Q Well that's the devilish part. You see noone will suspect that the picture is anything other than a virus so it will be blocked and deleted.

    Bond While all your team will have the perfect excuse to examine Kourno pictures in extreme detail. Now that is devilish cunning. Who invented this stuff?

    Q Ah well they used to call themselves the Cult of the Dead Cow but its really a SMERSH front

    Bond I see . . . . . .

  • Don't use this with E-mail (Score:3, Interesting)

    by DeadVulcan ( 182139 ) <dead.vulcan@pobNETBSDox.com minus bsd> on Thursday July 04, 2002 @03:17PM (#3823589)

    Some people are talking about traffic analysis, but it seems to me that the best way to use this would be to post images on the web (ideally, with no HTML files linking to them).

    In each message, you'd give a URL to the location of your next transmission. Maybe also a date and time period when it will be available.

    And, if you used public web access points like internet cafes to transmit and receive your images, your activity would probably be pretty darned hidden.

    Just a thought off the top of my head.

    • You are on the right track but showing up at kinkos to do this will likely get your face on tape.

      To truly be anonymous... find a good open proxy, post it to the web and update your message in your logo pic etc.

      Slashdot could be transmitting information to someone with their masthead daily... I say use fortune to give users a cool msg and viola.

  • I mean, seriously, how carefully is Uncle Sam going to keep tabs on alt.binaries.pictures.erotica.bin_laden_and_a_goat ?

  • LSB Steganographic Techniques = Easy Detection (Score:3, Informative)

    by DigitalDaedalus ( 142 ) on Thursday July 04, 2002 @03:39PM (#3823663)
    According to their press release [hacktivismo.com] they use "LSB steganographic techniques".
    In the stego world this is roughly equivalent to using ROT13. If you try and hide any sizeable amount it's a joke to detect. There are many better methods- F5, SSIS, etc...

  • Freedom of speech is being able to go in the center of a public square and say whatever you want. It's being able to put your ideas on the front page of a newspaper or pamphlet and distribute it without fear of persecution.

    That being said, this may be a useful tool for some people, but I doubt it will be undetectable. Steganography is a tough problem. And encryption won't help you if the stego is detected, because the police will just put you in jail until you give them the key, since you must have something to hide when you use encryption...

  • Well steganography is nothing new, frankly it's rather old stuff. Any decent coder could do simple
    steganography stuff. And really attack-safe steganography is beyond the abilities of these guys. Personally I think such groups just create
    some PR-hype to found a little later a "security
    company" and suck money out of clueless customers.
    Just take a look at @Stake formerly l0pht.

    And peek-a-booty ?
    Rather peek-a-vaporware.
    The "Cult of the Dead Cow" should rename itself to "Cult of Microsoft" for their 31337 v4p0rw4r1ng 5|<155.

  • Weapon of Choice (Score:3, Interesting)

    by mike_lynn ( 463952 ) on Thursday July 04, 2002 @03:46PM (#3823690)
    In reading about the software mentioned, I was more impressed with Peek-a-Booty than Camera/Shy. The ability to make use of 'https' connections to not only get access to prohibited/filtered materials but encrypt them as well (with standards currently accepted as 'unsnoopable' by the business community) makes Peek-a-Booty the posterchild for the Right to Learn and Know. I hope it adds in Freedom of Speech by allowing POST/cgi interaction along those connections.

    But that doesn't mean I hate Camera/Shy. It's all about giving people more options to talk to each other. If someone's country has decided to filter what you know, restrict what you say and jail you for just thinking different, I'll give praise to any software, hardware, wetware, lotek or notek method for getting people talking to each other, even if it's just a ROT13 plugin for Eudora.
    • I'm figuring that not only will this [peek-a-booty.org] kind of software allow people to get around censorship, but wouldn't it also create a P2P-style anonymizer [anonymizer.com]? This would pretty much make logging of user activity useless for criminal investigations. Would the "host" of a benevolent node on this network be liable for illegal activity that was routed through hir machine?
  • With this tech there is many ways to hide your message.

    Of course e-mail is out. But using a web site and splitting up your message throughout the images would be great.

    Maybe as the images are layed out on the screen, the top one being part one, middle part two and so on.

    A whole site can be used to hide anything from Decss to "anarchy" text files or plans to blow up shit.

    Still, my favorite was the earlier suggested posting pr0n to newsgroups. See, before you "diss" this type of product get creative. The users will, the NSA will....

  • Hiding information in the least significant bits of images is okay if you keep the bit rate low. If it gets too high, the statistical profiles of the image changes and that can set off detectors.

    I currently like the list of disco songs tool [wayner.org] because it doens't have the same statistical problems.
  • here [theregister.co.uk]

    Fav quote -

    "If there were no state-sponsored censorship of the Internet, if Cisco et al weren't crack hoes for hire, if there were no democracy activists screaming for help -- hell, we could be off having fun instead of working long hours after our day jobs," Hacktivismo member and occasional Reg contributor Oxblood Ruffin told us
  • the moral issue here is rather interesting, if a terrorist organisation were to use the technology would the programmers have a moral responsibilty?

    there's also a rather nice Steganography Plugin for The GIMP [gimp.org].

  • 1000 words (Score:2, Funny)

    by krath ( 542732 )

    Thought we already knew that a picture tells a 1000 words...

  • How about just using Slashdot forums to hide messages cleverly disguised as "fp!" ? Seems to me that no one reads that shit anyway...

  • Then... "Think about the Children!" (i.e. kiddie pr0n)

    now... "Think about the terrorists" (i.e. taking away our rights)
  • From their site:

    The cDc and Peek-A-Booty
    A commonly-perpetuated misconception about this project is that it is run by CULT OF THE DEAD COW (cDc). This is a myth that has been propagating since the projects inception. The Peekabooty project has its own open- source group, entirely separate from the cDc.

    I'm at a loss here...

  • Why Bother? (Score:2, Insightful)

    by balloonhead ( 589759 )
    I don't see the point. If I was a terrorist and posted a USENET / slashdot / other pre-arranged forum message with "big day on Sept 11, flying into NY with a few buddies on flight XXX", there is no way that any FBI / CIA / other agency guy would know what it meant if he saw it on Sept 10, even assuming he looked at it.

    There are just too many ways of sending unencrypted / unhidden messages; adding more work just seems like a big hassle for the sender and recipient - as was said after 11/9/01, the reason that messages were not intercepted was because they were low-tech / plain text / whatever. It is quicker and easier to make it innocent-sounding except to those who know already. Any agency screening emails / web pages / whatever would have a lot LESS work to do if it just had an image scanner that decided if there was any potential code, then concentrating on those. As another poster said, checking if a pic does or doesn't have steganography involved is easy (though you then have to decode it) - would it not then be easier to have an image of unencoded text which would be easily readable only if you look at it, on an obscurely titled web page? No automated searcher would be able to read it, no human would ever know where to look unless they alredy knew where it was.

    With email, text messaging, instant messaging, unlimited internet forums, the internet pages themselves, snail mail, telephone, telegraph, morse, hundreds of languages, and god-knows what other methods, there are just too may ways to transmit info to plough through these and find hidden messages.

    I just don't see the point.

    On another note - could terrorist emails be easily intercepted if the volume of traffic was reduced significantly? i.e. if spam was banned?

    • On another note - could terrorist emails be easily intercepted if the volume of traffic was reduced significantly? i.e. if spam was banned?

      Given that various individuals with bugger-all resources have managed to build reasonably effective spam filters, I'd imagine that the NSA, with decades of experience in filtering wheat from chaff and with huge resources to throw at the problem, are probably very good at filtering out spam from their searches.

      Unless terrorists disguise their messages as spam :)

    • With email, text messaging, instant messaging, unlimited internet forums, the internet pages themselves, snail mail, telephone, telegraph, morse, hundreds of languages, and god-knows what other methods, there are just too may ways to transmit info to plough through these and find hidden messages.

      Which is why mass interception isn't really very effective. Unless you know where to look in the first place you simply have a large quantity of utterly useless information. Yet after September the 11th there were calls for more automated interception, even when it was revealed that security services in the US lacked people who knew Arabic.
  • Timothy writes:
    The group has links to the Cult of the Dead Cow, which is, of course, working on Peek-a-Booty.
    However if you visit the PeekABooty people:

    A commonly-perpetuated misconception about this project is that it is run by CULT OF THE DEAD COW (cDc). This is a myth that has been propagating since the projects inception. The Peekabooty project has its own open-source group, entirely separate from the cDc.
    Oh well ;)
  • Quote: "Honeyman says existing steganography cannot be completely undetectable and adds that the key used to hide messages in images can be revealed with brute force computing power."

    Any weakness of steganographic systems can be overcome.

    For example; to beat brute force computing power only requires to have the message as an image of obfuscated text. There are several ways to do this; for one - think red-green colourblind eye test charts. It can also be multi-layered - each with seperate key. This would require manual viewing at every single attempt to crack it. The man hours required are too large to estimate.

    P.S. The United Nations World Intellectual Property Organization and the United States Department are hiding the simple solution to uniquely identify all registered trademarks on the Internet. The answer to this problem has been ratified by honest Lawyers. I believe UN WIPO and US DoC to be corrupt.

    If you have heard of the respected Dr. Milton Mueller, you may be interested in the conclusion of his recent report, Domain Name Trademark Disputes under ICANN's UDRP. My comments and link to it on ICANN forum [icann.org]. His conclusion matches what I told UN WIPO and Nominet UK [icann.org] over a year ago.

    Please visit World Intellectual Piracy Organization [wipo.org.uk] - Not associated with visit United Nations World Intellectual Property Organization [wipo.org]
  • uhm guys, peek-a-booty is NOT a cDc project.

    anyone who had actually read the peek-a-booty website could have seen that.

    more crack reporting by slashdot. sigh.
  • One item on the feature list reads:
    "Automatic scanning of Web pages for stegged and encrypted gif files."

    It seems to me that this would allow those opposed to the use of this tool to use it to scan for sites that employ it for transmission of state censored information, hurting those this tool is supposedly meant to help, and helping those this tool is meant to circumvent. This of course would not let those entities decrypt and view the censored information, but just the knowledge of what sites, people, etc. are connected to an underground movement is enough to get somebody thrown into prison let alone killed.
  • this is not to be confused with the Saganography tool, which will be released in the near future, and will allow the common PC to visualize billions and billions of hidden alien transmissions.

Slashdot Top Deals

It is better to travel hopefully than to fly Continental.

Close