Psst. Wanna See A Steganographic Picture?
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Psst. Wanna See A Steganographic Picture? as PDF for free.
More details
- Words: 1,842
- Pages: 5
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
A Cygnus Business Media Website
Officer.com
Web
Search
NewsAgency SearchWeb DirectoryProductsCareer CenterDiscussionMagazines
Section Sponsor
e-Alerts
Home News for Cops Jobs Central Officer Forums Resources Directory
Most Read
Most E-mailed
E-mail Article
Print Article
Home > Law Enforcement Technology
What You See Is Not Always What You Get
Shop/Products Magazines Services Advertise Link/Bookmark Contact
From the January 2006 Issue By Douglas Page The leader of a Toronto terrorist cell puts a different Persian rug for sale on eBay every Monday morning and posts a corresponding photograph. Bids commence, money is collected and items are shipped. So far, so good. But, on Tuesdays at 4 p.m., the photo is swapped for a version that contains a hidden message. By prearrangement, the cell members know when to download the image, and the weekly message is delivered. While this scenario is fictitious, the stealth itself is real enough. It even has a name. The practice of hiding information by embedding messages within other, seemingly harmless, messages is called steganography. Steganography, from Greek meaning "covered writing," is as old as the Greeks, who tattooed messages on the shaved heads of messengers. After the hair grew back, the messenger was dispatched. Invisible inks, written between the lines of innocuous letters, were a common form of steganography during World War II. In the digital age, steganography allows someone to hide any type of binary file inside any other binary file. Image and audio files are the most common carriers. Steganography is not encryption, because encryption relies on ciphers or codes to scramble a message. Steganography provides some legitimate uses in the digital world, most notably digital watermarking, wherein an author can embed a hidden message in a file so that ownership of intellectual property can later be substantiated. Not all applications of steganography are so benign. Steganography is drawing more forensic attention, not because it's being used by college students passing around final exam answers embedded in images, but because many people believe steganography is one of the ways Al Qaeda leaders communicate with terrorists around the world. There is also suspicion that the technology is exploited by organized crime and those engaged in corporate espionage. It gets worse.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (1 of 5)6/27/2009 6:21:12 PM
Sign Up for Free e-mail Notifications ✔ Promo Offers ✔
Job Updates
✔
Daily News
✔ Officer Down
Enter Email Click to Go
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
"I know of a case where steganography was employed to conceal child pornography," says steganography expert Neil Johnson, an associate at Booz Allen Hamilton in McLean, Virginia, and author of several papers investigating steganography and associated digital forensic considerations. Using patterns Johnson published in a paper, investigators were able to determine the existence of hidden images and the steganography tool used to produce them. Johnson says investigators must now look beyond file systems and recovered files to consider what may be hidden on computers. "Steganography goes beyond the difficulties of encrypted data in that an investigator must now determine whether hidden data exists," he says. Investigators should become familiar with the steganographic tools and the impact they have on computer systems, as well as the media that contains the hidden information, Johnson says. First clue The principal forensic problem is not enough computer forensic examiners have the first clue what steganography is, how it works, or how to detect or disarm it. "Stego is well under the radar of a lot of forensic examiners," says Gary Kessler, an associate professor in the Computer and Digital Forensics Program at Champlain College in Burlington, Vermont. "Many examiners don't take it seriously because they've never 'seen' it in use." Kessler also maintains that those examiners that do "look" for steganography often use the wrong tools. To address this issue, Kessler published a 12-page paper in the July 2004, issue of "Forensic Science Communication," offering a high-level, technical overview of steganography for those unfamiliar with the field. "The paper's emphasis is on digital applications, focusing on hiding information in online image or audio files," Kessler says. Examples of software tools that employ steganography to hide data inside of other files, as well as software to detect such hidden files, are presented. "At a high level, all a computer forensic examiner really needs is stego awareness, which means to look for stego clues at the scene and on the suspect computer," Kessler says. At the scene, for example, examiners should consider the technical sophistication of the computer owner. What books, articles, magazines and software manuals are found in the suspect's library? Then, are there clues on the computer in the form of steganography programs, hex editors or a large number of potential carrier files, particularly where there are apparent duplicates, he says. Kessler recommends examiners add special equipment to their own arsenal in the form of steganographic detection software, such as WetStone Technologies' Stego Suite, as mentioned in the paper. "The tools to build stego files are not the same tools you need to search for stego files," he cautions. Ticket to hide In the aftermath of 9/11, several attempts were made to determine whether and to what extent steganographic images were present on the Internet. One well-known study searched more than 2 million eBay images. Using special detection programs, researchers at the University of Michigan were unable to find a single hidden message. Another group examined several hundred thousand random images from various Web sites with similar negative results. Although these projects provide a framework for searching a Web site for steganography images, no conclusions can be drawn from them about steganography images on the Internet. Absence of evidence is not evidence of http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (2 of 5)6/27/2009 6:21:12 PM
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
absence. "One problem is programs like Stegdetect only look at JPEG images," Kessler says. "Other image types were never examined. In the other study, only a limited number of Web sites were examined, far too few to make any definitive statements about the Internet as a whole." Free steganographic detection programs (such as Stegdetect and Stegbreak) are available at www.outguess.org. In case steganography abuse is more pervasive than anyone is presently aware, federal agencies remain eager to develop solid steganographic detection techniques. "One reason for federal interest is that stego tools have been found in the forensic analysis of computers belonging to some criminals and terrorists," says Hany Farid, a computer science professor at Dartmouth College, located in Hanover, New Hampshire. There are few hard statistics, however, about the frequency with which steganography software or media are discovered by law enforcement officials in the course of computer forensics analysis. "Anecdotal evidence suggests that many computer forensics examiners do not routinely search for steganography software, and many might not recognize such tools if they found them," Kessler says. "In addition, the tools that are employed to detect steganography software are often inadequate, with the examiner frequently relying solely on hash sets or the steganography tools themselves." Computer forensic examinations can be a lengthy process. A thorough search for evidence of steganography on a suspect hard drive containing thousands of images, audio files and video clips could take several days. Hide and seek Finding steganographic messages has been equated to finding a needle in a county of haystacks. There are millions of images, for instance, on eBay. Farid believes, however, that disabling steganography in a controlled environment like eBay could be easy. "Forget trying to find the needle in the haystack just turn the needle into a piece of straw by adding to each image a low-level noise pattern," he says. "The noise will be imperceptible to the user but will destroy the stego message, which, unlike digital watermarks, are highly sensitive to even the simplest attack." Farid's Dartmouth lab has developed a steganographic tool for use in less controlled environments. He admits, though, that while tools like these will become increasingly necessary in the future, it will always be possible to hide messages in images in ways that are imperceptible. "As detection algorithms get better, stego embedding programs will respond by simply embedding smaller amounts of information," Farid says. "At some point it will be nearly impossible to detect small amounts of hidden data," Still, a growing number of digital forensics examiners now consider the search for steganographic tools and/or media to be a routine part of every examination. "Searching for steganography is not only necessary in criminal investigations and intelligence gathering operations, but forensic accounting investigators are realizing the need to search for steganography as this becomes a viable way to hide financial records," Kessler says. While it is impossible to know how widespread the current use of steganography is, it may not matter. Kessler believes it is safe to assume the worst.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (3 of 5)6/27/2009 6:21:12 PM
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
"The use of steganography is certain to increase and will be a growing hurdle for law enforcement and counterterrorism activities," Kessler predicts.
E-mail Article
Printer Friendly
Share your thoughts, advice, opinions, and expertise @ Officer.com
Submit a comment
Submit a Comment Name: * Subject: City, State: Comment: *
For verifcation purposes, please enter the characters you see in the image below
Submit Comment
* = required (comments will appear after this article, as well as on our Readers Respond Page
To purchase single article reprints (minimum 250) for distribution please contact PARS International at 212-221-9595 x431 or at www.magreprints. com/quickquote.aspx?ID=cygnus Product Marketplace » Fire Arms & Accessories » Electronics & Surveillance » Books, Videos, Software » EMS & Safety » Apparel & Off-Duty Wear » Gifts & Collectibles » Vehicle & Traffic Accessories » Duty Gear & Tactical • All Products
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (4 of 5)6/27/2009 6:21:12 PM
Magazines
Law Enforcement Technology • Current Issue • Subscribe • E-Inquiry Law Enforcement Product News • Current Issue • Subscribe • E-Inquiry
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
Forum Discussions
Web Gateway
» All Discussions » Public Forums » For Officers » Law & Politics » Local Discussions » Equipment & Tactical » Communications • Register Now
» Police Agencies » Associations » Personal Pages » Supplier Directory » More Links » Training Schedule
More Headlines
» Top Stories » Officer Down » Internal Affairs » Most Wanted » Homeland Defense » Funding & Admin » Legislation » Industry News » Submit News
Jobs Central
» Search Jobs » Browse Jobs » 20 Newest Jobs » Career Forums » Degree Programs • Kaplan Criminal Justice • AIU Criminal Justice • Mountain State CJ
Advertise on Officer.com | Contact Us | Privacy Statement | User Agreement | Link to Us Law Enforcement Technology - Law Enforcement Product News - Officer.com e-Alerts Copyright © 2009 All rights reserved. - Cygnus Interactive, a Division of Cygnus Business Media.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (5 of 5)6/27/2009 6:21:12 PM
A Cygnus Business Media Website
Officer.com
Web
Search
NewsAgency SearchWeb DirectoryProductsCareer CenterDiscussionMagazines
Section Sponsor
e-Alerts
Home News for Cops Jobs Central Officer Forums Resources Directory
Most Read
Most E-mailed
E-mail Article
Print Article
Home > Law Enforcement Technology
What You See Is Not Always What You Get
Shop/Products Magazines Services Advertise Link/Bookmark Contact
From the January 2006 Issue By Douglas Page The leader of a Toronto terrorist cell puts a different Persian rug for sale on eBay every Monday morning and posts a corresponding photograph. Bids commence, money is collected and items are shipped. So far, so good. But, on Tuesdays at 4 p.m., the photo is swapped for a version that contains a hidden message. By prearrangement, the cell members know when to download the image, and the weekly message is delivered. While this scenario is fictitious, the stealth itself is real enough. It even has a name. The practice of hiding information by embedding messages within other, seemingly harmless, messages is called steganography. Steganography, from Greek meaning "covered writing," is as old as the Greeks, who tattooed messages on the shaved heads of messengers. After the hair grew back, the messenger was dispatched. Invisible inks, written between the lines of innocuous letters, were a common form of steganography during World War II. In the digital age, steganography allows someone to hide any type of binary file inside any other binary file. Image and audio files are the most common carriers. Steganography is not encryption, because encryption relies on ciphers or codes to scramble a message. Steganography provides some legitimate uses in the digital world, most notably digital watermarking, wherein an author can embed a hidden message in a file so that ownership of intellectual property can later be substantiated. Not all applications of steganography are so benign. Steganography is drawing more forensic attention, not because it's being used by college students passing around final exam answers embedded in images, but because many people believe steganography is one of the ways Al Qaeda leaders communicate with terrorists around the world. There is also suspicion that the technology is exploited by organized crime and those engaged in corporate espionage. It gets worse.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (1 of 5)6/27/2009 6:21:12 PM
Sign Up for Free e-mail Notifications ✔ Promo Offers ✔
Job Updates
✔
Daily News
✔ Officer Down
Enter Email Click to Go
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
"I know of a case where steganography was employed to conceal child pornography," says steganography expert Neil Johnson, an associate at Booz Allen Hamilton in McLean, Virginia, and author of several papers investigating steganography and associated digital forensic considerations. Using patterns Johnson published in a paper, investigators were able to determine the existence of hidden images and the steganography tool used to produce them. Johnson says investigators must now look beyond file systems and recovered files to consider what may be hidden on computers. "Steganography goes beyond the difficulties of encrypted data in that an investigator must now determine whether hidden data exists," he says. Investigators should become familiar with the steganographic tools and the impact they have on computer systems, as well as the media that contains the hidden information, Johnson says. First clue The principal forensic problem is not enough computer forensic examiners have the first clue what steganography is, how it works, or how to detect or disarm it. "Stego is well under the radar of a lot of forensic examiners," says Gary Kessler, an associate professor in the Computer and Digital Forensics Program at Champlain College in Burlington, Vermont. "Many examiners don't take it seriously because they've never 'seen' it in use." Kessler also maintains that those examiners that do "look" for steganography often use the wrong tools. To address this issue, Kessler published a 12-page paper in the July 2004, issue of "Forensic Science Communication," offering a high-level, technical overview of steganography for those unfamiliar with the field. "The paper's emphasis is on digital applications, focusing on hiding information in online image or audio files," Kessler says. Examples of software tools that employ steganography to hide data inside of other files, as well as software to detect such hidden files, are presented. "At a high level, all a computer forensic examiner really needs is stego awareness, which means to look for stego clues at the scene and on the suspect computer," Kessler says. At the scene, for example, examiners should consider the technical sophistication of the computer owner. What books, articles, magazines and software manuals are found in the suspect's library? Then, are there clues on the computer in the form of steganography programs, hex editors or a large number of potential carrier files, particularly where there are apparent duplicates, he says. Kessler recommends examiners add special equipment to their own arsenal in the form of steganographic detection software, such as WetStone Technologies' Stego Suite, as mentioned in the paper. "The tools to build stego files are not the same tools you need to search for stego files," he cautions. Ticket to hide In the aftermath of 9/11, several attempts were made to determine whether and to what extent steganographic images were present on the Internet. One well-known study searched more than 2 million eBay images. Using special detection programs, researchers at the University of Michigan were unable to find a single hidden message. Another group examined several hundred thousand random images from various Web sites with similar negative results. Although these projects provide a framework for searching a Web site for steganography images, no conclusions can be drawn from them about steganography images on the Internet. Absence of evidence is not evidence of http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (2 of 5)6/27/2009 6:21:12 PM
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
absence. "One problem is programs like Stegdetect only look at JPEG images," Kessler says. "Other image types were never examined. In the other study, only a limited number of Web sites were examined, far too few to make any definitive statements about the Internet as a whole." Free steganographic detection programs (such as Stegdetect and Stegbreak) are available at www.outguess.org. In case steganography abuse is more pervasive than anyone is presently aware, federal agencies remain eager to develop solid steganographic detection techniques. "One reason for federal interest is that stego tools have been found in the forensic analysis of computers belonging to some criminals and terrorists," says Hany Farid, a computer science professor at Dartmouth College, located in Hanover, New Hampshire. There are few hard statistics, however, about the frequency with which steganography software or media are discovered by law enforcement officials in the course of computer forensics analysis. "Anecdotal evidence suggests that many computer forensics examiners do not routinely search for steganography software, and many might not recognize such tools if they found them," Kessler says. "In addition, the tools that are employed to detect steganography software are often inadequate, with the examiner frequently relying solely on hash sets or the steganography tools themselves." Computer forensic examinations can be a lengthy process. A thorough search for evidence of steganography on a suspect hard drive containing thousands of images, audio files and video clips could take several days. Hide and seek Finding steganographic messages has been equated to finding a needle in a county of haystacks. There are millions of images, for instance, on eBay. Farid believes, however, that disabling steganography in a controlled environment like eBay could be easy. "Forget trying to find the needle in the haystack just turn the needle into a piece of straw by adding to each image a low-level noise pattern," he says. "The noise will be imperceptible to the user but will destroy the stego message, which, unlike digital watermarks, are highly sensitive to even the simplest attack." Farid's Dartmouth lab has developed a steganographic tool for use in less controlled environments. He admits, though, that while tools like these will become increasingly necessary in the future, it will always be possible to hide messages in images in ways that are imperceptible. "As detection algorithms get better, stego embedding programs will respond by simply embedding smaller amounts of information," Farid says. "At some point it will be nearly impossible to detect small amounts of hidden data," Still, a growing number of digital forensics examiners now consider the search for steganographic tools and/or media to be a routine part of every examination. "Searching for steganography is not only necessary in criminal investigations and intelligence gathering operations, but forensic accounting investigators are realizing the need to search for steganography as this becomes a viable way to hide financial records," Kessler says. While it is impossible to know how widespread the current use of steganography is, it may not matter. Kessler believes it is safe to assume the worst.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (3 of 5)6/27/2009 6:21:12 PM
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
"The use of steganography is certain to increase and will be a growing hurdle for law enforcement and counterterrorism activities," Kessler predicts.
E-mail Article
Printer Friendly
Share your thoughts, advice, opinions, and expertise @ Officer.com
Submit a comment
Submit a Comment Name: * Subject: City, State: Comment: *
For verifcation purposes, please enter the characters you see in the image below
Submit Comment
* = required (comments will appear after this article, as well as on our Readers Respond Page
To purchase single article reprints (minimum 250) for distribution please contact PARS International at 212-221-9595 x431 or at www.magreprints. com/quickquote.aspx?ID=cygnus Product Marketplace » Fire Arms & Accessories » Electronics & Surveillance » Books, Videos, Software » EMS & Safety » Apparel & Off-Duty Wear » Gifts & Collectibles » Vehicle & Traffic Accessories » Duty Gear & Tactical • All Products
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (4 of 5)6/27/2009 6:21:12 PM
Magazines
Law Enforcement Technology • Current Issue • Subscribe • E-Inquiry Law Enforcement Product News • Current Issue • Subscribe • E-Inquiry
What You See Is Not Always What You Get from Law Enforcement Technology at Officer.com
Forum Discussions
Web Gateway
» All Discussions » Public Forums » For Officers » Law & Politics » Local Discussions » Equipment & Tactical » Communications • Register Now
» Police Agencies » Associations » Personal Pages » Supplier Directory » More Links » Training Schedule
More Headlines
» Top Stories » Officer Down » Internal Affairs » Most Wanted » Homeland Defense » Funding & Admin » Legislation » Industry News » Submit News
Jobs Central
» Search Jobs » Browse Jobs » 20 Newest Jobs » Career Forums » Degree Programs • Kaplan Criminal Justice • AIU Criminal Justice • Mountain State CJ
Advertise on Officer.com | Contact Us | Privacy Statement | User Agreement | Link to Us Law Enforcement Technology - Law Enforcement Product News - Officer.com e-Alerts Copyright © 2009 All rights reserved. - Cygnus Interactive, a Division of Cygnus Business Media.
http://www.officer.com/publication/article.jsp?pubId=1&id=27989&submit_comment=y (5 of 5)6/27/2009 6:21:12 PM
Related Documents
Psst. Wanna See A Steganographic Picture?
May 2020 2
Psst
May 2020 3
Wanna
December 2019 7
Wanna
December 2019 9
You Will See A Very Spectacular Picture
July 2020 11
We Wanna See Jesus Lifted High
April 2020 14More Documents from "joseph"
Meadow Lakes Cg: Wastewater Treatment Makeover
May 2020 10
The Roisters Of Tornado Alley
May 2020 8
The Crash Of Comair 5191
May 2020 6
Eating Curry Nightmare #2
May 2020 11