[tsaoutourpants]

Stenography is one of the NSA's worst nightmares. Encrypted strings sent over the Internet they know are encrypted, and often know what algorithm and key length. But the fact that any image can contain an encrypted message, and there's know way to know whether or not something exists within, scares the shit out of them.

So, good work.

[DanBC]

Most steganography is trivially easy to detect.

Steganography that is implemented correctly then requires reasonable amounts of cover text, and small amounts of hidden text.

NSA fucking loves steganography because most of it is a toy implementation where someone hides text in the LSB of the bytes of a gif or jpeg. The ratio of cover:hidden text is terrible. And the implementer forgot to mention that it's just a toy and not to be used seriously.

The number of decently implemented steganography systems is small.

[im3w1l]

No most of steg is actually even worse then that: append text/rar to end of other file (many formats are tolerant to extra data at end).

[chongli]

Why use cover text? Why not just put ciphertext in a jpeg? Wouldn't that just show up as noise?

[DanBC]

Sorry, by cover text I mean anything that is used to hide the hidden text. Thus, the jpeg would be the cover text.

Thanks for pointing that out.

To answer the question: It shows up as a specific type of noise that's easy to detect. Some of the crypto / math people will be able to explain it much better than I can.

[chongli]

To answer the question: It shows up as a specific type of noise that's easy to detect. Some of the crypto / math people will be able to explain it much better than I can.

Ahhh. What if you were to use a video instead of a still image and only use a handful of pixels (or macroblocks) in each frame, chosen randomly (the random seed exchanged out-of-band)? Seems like that would give you a very high cover:hidden text ratio.

[rosser]

Seems like that would give you a very high cover:hidden text ratio.

It would, but that doesn't change the principles used to detect the steganographically encoded cyphertext. The bits would still be twiddled in the same way, and could be found in the same way.

[chongli]

The question is: would it be feasible to search for them? Scan every single video on youtube looking for noise with some elevated probability of containing hidden text? What happens when you find a candidate? Pick random pixels out of every frame and then try and brute force it with every known symmetric cipher and every single key?

You could flip a single, random, least-significant bit on each frame of a 1 hour movie. This would allow you to store a 10.5KB encrypted message within. I'd like to know how anyone could possibly find those bits, let alone decipher them.

[jcarpio]

I'd like to know if there's been an implementation of that. I remember reading about such a thing in William Gibson's Pattern Recognition.

[dclusin]

Perhaps the reason for creating this?

[mcphilip]

Interestingly enough, stenography was already being decried pre 9/11 as a tool used by terrorists [1]:

>"Uncrackable encryption is allowing terrorists — Hamas, Hezbollah, al-Qaida and others — to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities."

So law enforcement is fine with encryption so long as it's crackable...

[1]http://usatoday30.usatoday.com/tech/news/2001-02-05-binladen...

[dmix]

The consensus in the infosec community seems to be that most (real) Islamic terrorists haven't been using email or cellphones since ~2003. So any mass-surveillance/SIGINT sales pitch about catching terrorists is mostly bullshit. If they do catch anyone, they are likely not the type of people who could have accomplished anything. It seems to be much more useful for catching other nation-state intelligence spies at work or catching aloof criminals.

[jorgem]

Interesting... source?

[dmix]

Here is one interesting discussion:

https://twitter.com/thegrugq/status/399352954060144640

The author has cited terrorists training manuals elsewhere on his blog, that are apparently available publicly online, dated from as early as 2003 with security guidelines to not use email or talk on cellphones.

TLDR: The adversary can easily stop using email/cellphones to discuss plans. Do they still use email/cellphones for other reasons? Sure most likely, as was shown in Zero Dark Thirty, but not in any meaningful way that can be usefully gleaned from a mass-surveillance approach. Therefore the large investment and privacy trade-offs to the greater society isn't worth it.

[nodata]

What do they use? Trusted couriers?

[dmix]

"Terrorists use web forums and couriers."

From same source as previous comment: https://twitter.com/thegrugq/status/407662098093580288

[jorgem]

Silly... seems like forums would be easier to snoop than phone calls.

[ma2rten]

I was thinking the same. Maybe they don't really use forums to plan and coordinate plots, but only to recruit and spread propaganda.

[simbolit]

i am also interested in what they use?

[bramcohen]

There was a CIA contractor who outright defrauded them claiming that he had tools which were detecting steganographic messages used by terrorists on the internet. He didn't get prosecuted because they were too embarrassed to admit that they'd been completely bamboozled.

[phil_2-0]

> "Uncrackable encryption is allowing terrorists — Hamas, Hezbollah, al-Qaida and others — to communicate about their criminal intentions without fear of outside intrusion,

You succeeded to put 3 different ethnic groups - I should say 2, the last one being an US product - in the same bag and doing then, a misleading association, fucking idiot!

[DigitalJack]

It was a quote.

[dinkumthinkum]

:( Are you one of those people that doesn't like to call things what they are? I have noticed many problems in life are due to people know wanting to call things what they are.

[onetwofiveten]

Are you one of those people who thinks he knows an obvious truth that everyone else ignores for some reason?

[dinkumthinkum]

No.

[MichaelGG]

I was under the impression that undetectable steganography was extremely difficult. If commonplace steganography was widespread, no doubt they'd write analyzers to determine what things might be hiding data. On top of that, if steganography becomes widespread, it's likely the protocol will be a common one adopted by plenty of people. At that point, it reduces to encryption, does it not?

[tsaoutourpants]

I don't see how it would be terribly difficult to undetectably (without key) hide a few bytes of data in the least significant bits of a .jpg.

There are likely trillions of images available on the Internet. I would imagine less than 0.001% of them have a hidden message. This increases the "haystack" so drastically for the NSA that, even if 100x as many people started using it, it's still a big-ass haystack.

[DanBC]

This is one of the worst, easiest to detect, form of steganography. Publishers like Springer Verlag have many papers and books about detecting that type of steganography.

While analysis (breaking) of steganography is long lived there hasn't been much work on creating new better forms.

Just as things like PGP are still hard for regular people to use, and there's no real encrypted chat, there's not much in the way of strong stego.

Obvious caveats apply here: How much does the text need to be hidden? Who does it need to be hidden from? Me hiding my angsty poetry from my sister doesn't need much and anything is going to be okay. But me hiding material that could get me killed, from a well funded government? I need something better than a reference github project.

[Gnewt]

> and there's no real encrypted chat

What about OTP? One of the easiest things to set up and use imo, users just need to know to exchange key fingerprints over a third party medium (in person being the foolproof way).

[MichaelGG]

At some ratio of hidden data to visible data, I'm sure it can be undetectable. But transmitting reasonable amounts of data leaves a trace using LSB algorithms. Here's one paper. It shows the LSB part of the image, which leaves an obvious looking impression.

http://rahuldotgarg.appspot.com/data/steg.pdf

[chongli]

This is just showing steganography with plaintext payloads. If you use only ciphertext payloads (with the keys exchanged out of band) you sidestep this problem.

[danbruc]

Not really. Encrypting the message will yield uniformly distributed noise and that is a very rare in nature. So if you attempt to hide an encrypted message in the least significant bits of images, audio recordings or video it is as easy to detect as plain text messages if not even easier.

[chongli]

Then don't use every LSB in the image; use a low percentage. Just a guess, but I bet if you applied your stego detection algorithm to a large sampling of random images on the internet, you'd find a significant false positive rate. Just hide your messages in the false positives.

[vezzy-fnord]

It's true that many common forms of steganography (such as hiding information in the alpha channels of a given image) are easily detectable, and analyzers already exist, but in some aspects steganalysis is somewhat of an oxymoron, since the entire point of steganography is to conceal the fact that hidden information even exists in the first place.

I'm not sure exactly how you'd define a steganographic protocol. It's not quite as straightforward as cryptography, in fact it's yet again oxymoronic. Steganography (at least ideally) works somewhat like an archetypal spy's codebook. It sounds like everyday conversation to you, unless you're meant to know it's not, and that there's a hidden meaning. If you catch something off-guard, then the stego has failed.

[dinkumthinkum]

I mean this in all seriousness ... Is there any evidence that anyone in the NSA is really that scared of stenography?

[dragonwriter]

Stenography ≠ Steganography