[C1ay]

Bump...

[Tormod]

Man I thought you were joking until now. I tried a JpegX decrypter but it found nothing in either image. Another decryption tool kept asking for passwords!

But I found it now!

[C1ay]

In the news....

"Dark Reading" said:

Research Shows Image-Based Threat on the Rise
New Purdue University research shows steganography, long considered a minor threat, may be on the rise

Until recently, steganography, the stealth technique of hiding text or images within image files, has mostly been considered too complex -- and conspicuous -- to be much of a threat. But some forensics experts now worry that the bad guys are starting to use the tactic more frequently, especially in child pornography and identity theft trafficking.

There are an estimated 800 or so steganography tools available online, many of them free and with user-friendly graphical user interfaces and point-and-click features. This broad availability making steganography more accessible and easier to use for hiding and moving stolen or illicit payloads, experts say.

Security experts to date have mostly dismissed steganography as a mainstream threat, relegating it to the domain of spooks and the feds. Their skepticism has been well-founded: The few studies that have searched for images hiding steganographic messages have come up empty-handed.

But now, preliminary data from a new steganography study underway at Purdue University indicates that some criminals indeed may be using steganography tools, mainly in child pornography and financial fraud cases.

More....

[freeztar]

I'd like to play with steganography, but I haven't had much luck finding a good program for XP. The best I've found is S-Tools, but I haven't had any luck decrypting an image that I know for certain has a steganographic message. Does anyone have a suggestion for which program is the most versatile, and free?

[C1ay]

Bump...

[Tolouse]

a nice interesting topic
i haven't heard of this possibility
how would the authorities know which ones hold the code?

i'm sure pretty soon, they would find out an easy way though

[C1ay]

Interesting. This thread is more than 4 years old, has seen moves from host to host, server to server across several OSes along the way and even a conversion of the forum software and the integrity of the files in this thread is just as it was when they were posted

[Moontanman]

The Mona Lisa on the right has an image of her naked hidden in it....








Oh look, pwnies

[The Polymath]

Wait.. Don't they need the original image to check? It could be a normal photo taken with a bad camera...

[C1ay]

The Polymath, on 01 March 2011 - 08:54 PM, said:

Wait.. Don't they need the original image to check? It could be a normal photo taken with a bad camera...

Not necessarily. Certain statistical analyses can reveal that a secret message is likely contained in a file even if it can't be extracted. Search for steganalysis techniques...

[CraigD]

The Polymath, on 01 March 2011 - 08:54 PM, said:

Wait.. Don't they need the original image to check? It could be a normal photo taken with a bad camera...

As C1ay noted, no.

Also as he notes, an unencrypted (or poorly encrypted) steganographic message can be detected using fairly simple statistical analysis - ie: checking various permutation of the suspected message's bits to see if they form a message with a character distribution typical of written language.

A very simple way to steganographically embed a message in an image is simply using the least significant bits of each consecutive pixel's color values as consecutive bits of the message. Unless the image is of something sharp-edged and/or monochrome or low color resolution, the message bits will appear to be just ordinary, insignificant (that is, "least significant" ), natural color variation.

It's important to understand the difference between steganography, and cryptography. A stegaographic message is assumed to be readable by anyone who knows it's there, but not appear to an unsuspecting viewer to be a secret message (eg: look like a picture). A cryptographic message is assumed to be difficult or impossible for anyone who doesn't share a secret with its creator to read, but be obvious to even an unsuspecting viewer that it might be a secret message (eg: not look like data good for anything else).

Crypto and Stego can be used together, to make a file that doesn't appear to be a secret message, but even if the viewer knows it is, the easily readable message is cryptographic (ciphertext), so its plaintext cannot be easily read.

Stego doesn't need to be of binary data - for example, some of the oldest stegos are simple skip codes, where one takes, say, each 20th letter character from a written message to create another, secret written message.

[The Polymath]

Thanks for clearing that up.

But what about regular images? Could they 'trip' the steganographic 'detector', making the user think that there is a message in it, even when there isn't? And how likely is it that a normal, un-tampered-with image to have a message (probably not very likely, but there has to be some chance)?

[C1ay]

The Polymath, on 03 March 2011 - 05:29 AM, said:

Thanks for clearing that up.

But what about regular images? Could they 'trip' the steganographic 'detector', making the user think that there is a message in it, even when there isn't? And how likely is it that a normal, un-tampered-with image to have a message (probably not very likely, but there has to be some chance)?

In an indirect way that can be used to provide another level of stealth. You could hide a message in one image and then put that image in a gallery of other images which have all had noise added to them so that all of the images in the gallery exhibit the same statistical noise under analysis. In this way all of the images in the gallery would trigger the usual detection techniques.

Another method to utilize is to take a small 2 color picture of the message to hide and then hide the image of the message in another image which is much larger with many colors. Distributing image of only a few bytes within an image of a megabyte or more would result in a low statistical noise value and likely pass by most detection methods.

[CraigD]

The Polymath, on 03 March 2011 - 05:29 AM, said:

But what about regular images? Could they 'trip' the steganographic 'detector', making the user think that there is a message in it, even when there isn't? And how likely is it that a normal, un-tampered-with image to have a message (probably not very likely, but there has to be some chance)?

An image written directly from, for example, a camera, is vastly unlikely to have a significant message in it, but, as you note, the probability of that happening isn't zero. We're talking about the million monkey effect here: if you just keep snapping digital photos, eventually one of them will have, stegoed in some simple way like I described, a message like "Help! I'm a prisoner in a reality factory! To prove it, here's an elementary proof of F's LT: ..." The likelyhood, though, is something like 128^-n, where n is the number of characters in the message - which gives an expected value for when "Help! I'm a prisoner in a reality factory!" or, lets say any of 1000000 similar pithy messages, at some ridiculously astronomical value like 10⁸¹ years (I can't resist calling this a tenth of an attogoogol years ), if everybody on earth takes a 10Mp RGBA picture every second.

C1ay, on 03 March 2011 - 06:43 AM, said:

In an indirect way that can be used to provide another level of stealth. You could hide a message in one image and then put that image in a gallery of other images which have all had noise added to them so that all of the images in the gallery exhibit the same statistical noise under analysis.

You could, but this doesn't seem much worth the bother. Hiding a stegoed image in a larger image increases only to the effort (runtime) of finding it if you know to look in the large image. Almost any even vaguely strong crypto of the message will render it undetectable by any nearly any statistical approach.

It helps me to keep in mind a few high-level ideas:

• In any secret message scenario, there are 2 distinct data to consider: If a secret message is actually being sent, and what that message's plaintext is. In many practical scenarios, keeping the fact that you've sent, or would ever have reason to send, a secret message, is more important than the text of a particular message - you can be thrown in the king's dungeon for mere suspicion of being a spy, even if precisely what info you're stealing remains a mystery.
  
• Stego is an unacceptably weak substitute for crypto. If an eavesdropper knows you're sending a secret message, the only thing to prevent vim reading it is an unguessable secret shared by sender and receiver (a cryptographic key), and a strong cryptographic algorithm.
  
• There is such a thing as perfect (that is, unbreakable without its key) cryptographic algorithm: a one-time pad.