SlideShare a Scribd company logo

Stenographgh[1]

A
Abhishek Srivastava

Steganography is a technique used to hide secret information or messages within other non-secret files or messages. It can be used to secretly communicate and transmit information without others knowing. Terrorist groups have used steganography by hiding secret messages and instructions within images, videos, and other files posted online. Detection of steganography is challenging as hidden messages are difficult to distinguish from ordinary files and images without knowing the correct decoding method. Government agencies have developed tools to detect steganography but terrorists continue finding ways to secretly communicate online.

Presentations & Public Speaking
1 of 9
Downloaded 13 times
1
2
3
4
5
6
7
8
9
Stenography and Terroirst What is stenography “Steganography is the art and science of communicating in a way which hides the existence of the communication.Steganography hides the covert message but not the fact that two parties are communicating with each other. The steganography process generally involves placing a hidden message in some transport medium, called the carrier. The secret message is embedded in the carrier to form the steganography medium. The use of a steganography key may be employed for encryption of the hidden message and/or for randomization in the steganography scheme. The terrorist groups are “hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other Web sites” . It doesn't surprise me that terrorists are using this trick. The very aspects of steganography that make it unsuitable for normal corporate use make it ideally suited for terrorist use. Most importantly, it can be used in an electronic dead drop.
Steganography is good way for terrorist cells to communicate, allowing communication without any group knowing the identity of the other. There are other ways to build a dead drop in cyberspace. For example, a spy can sign up for a free, anonymous e-mail account. And bin Laden probably uses those, too communicate. Using steganography to embed a message in a pornographic image and posting it to a Usenet newsgroup is the cyberspace equivalent of a dead drop. To everyone else, it's just a picture. But to the receiver, there's a message in there waiting to be extracted.In summary: steganography_medium = hidden_message + carrier + steganography_key Figure 1 shows the classification of steganography techniques (Adapted from Bauer 2002). Figure 1. Classification of Steganography Techniques (Adapted from Bauer 2002) Figure 1 shows a common taxonomy of steganographic techniques (Arnold et al. 2003; Bauer 2002). Technical steganography uses scientific methods to hide a message, such as the use of invisible ink or microdots and other size-reduction methods. History of Steganography
The darker sides of governments have utilized forms of steganography for decades. In WWII, German spies used null ciphers, which “camouflaged” the real message inside an innocent“sounding” message (Johnson).The following message was actually sent by a German Spy in WWII: Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils. Taking the second letter in each word produces the following message: Pershing sails from NY June 1 (Kahn 67). As message detection improved, the clandestine world was forced to develop new technologies, which could pass more information and be even less conspicuous. In 1941, the first microdots were discovered “masquerading as a period on a typed envelope carried by a German agent” (Johnson). FBI Director, J. Edgar Hoover referred to the microdot as “the enemy’s masterpiece of espionage.” The message was not hidden, nor encrypted; it was just so small, that it went unnoticed. The microdot permitted the transmission of large amounts of data including maps, photographs, documents, and drawings. With swarms of letters passing through the mails, the United States government panicked. By the end of the war, censors had
either prohibited or tampered with flower deliveries, radio song requests, weather reports, children’s drawings sent in the mail, knitting instructions, and anything else that might possibly encode Axis intelligence Steganography Software There are currently over 140 steganography programs available. The tools range from software that hides data in images to software that hides data in spam. Steganography programs are freely available and easy to use. Unfortunately, these two benefits have enabled terrorists to not only correspond for free, but to hide their plots without the threat of being caught. JSteg Shell Version 2.0 JPEG images are becoming more abundant on the Internet because large images with unlimited colors can be stored in relatively small files. For example, a 1073 x 790 pixel image with 16 million colors can be stored in a 170-kilobyte file. As a BMP, the same image would be more than 2 Megabytes (Johnson). JSteg shell is a Windows Shell. That means that it looks and runs like any other windows program, but to perform its primary
task, it feeds commands to another program (jpeg-jsteg for DOS) (Korejwa). Jsteg is quite simple to use, and manipulation of the container image is near impossible to detect. To use JSteg Shell, launch the program and choose Hide File in JPG Image. After the message file is selected, an RC4-40 encryption algorithm may be applied to the message by entering a passphrase. Applying an encryption algorithm to the message file is always a good idea becauseit enforces “defense in depth.” In other words, if an enemy retrieves the steganographic image, then the encryption algorithm will still have to be broken to retrieve the hidden message. Once the message file is chosen, JSteg reveals the amount of data that needs to be hidden (in bytes). A container file must be chosen. If the container is not big enough to hide the message, then an error message will be displayed. If the message is successfully hidden, then the new, steganographic image can be saved or viewed. Retrieving a file is just as simple as hiding the file. It is basically the same process with a few minor adjustments. Choose Extract File from JPG Image. Select the steganographic imageusing Find, and DJPEG.EXE will extract the data. If JSteg Shell finds hidden data that it does not recognize, then the screen below will be displayed; otherwise, this screen is skipped.
Spam Mimic One of the newest spins on Steganography includes a website called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact that confidential data has been exchanged. To use Spam Mimic, simply go to the site and choose ‘encode’ from the menu, type in a short message, and press enter. This generates a realistic spam message with the secret message imbedded inside it. The spam message can then be cut and pasted into an email client. Upon receiving the message, the email recipient can use the Spam Mimic website to ‘decode’ the spam, and retrieve the original message. One flaw in the software is that there is no limit on the size of the message to be encoded. Consequently, a large message will be encoded, but the spam will begin to repeat itself, which could possibly arouse suspicion. Furthermore, the site enforces government surveillance systems, similar
to Echelon, to scan through Terabytes of spam on the off chance that they may contain encrypted messages of interest to the authorities (Leyden). In other words, make sure that if you are going to use Spam Mimic that it is only for legal, legitimate purposes. Steganography Detection Iomart, a Scottish broadband provider and corporate spyware vendor, recently leaked some information about being “called in” by “U.S. authorities” to help in the /bin/laden hunt, and about finding Al Qaeda steganographic files on “the dark side of the Web” (Greene). The company
“has identified.... hundreds of files, some of them containing Arabic text and dates” (Greene). So what’s being done to protect U.S. citizens from future terrorist plots residing on the Web? In 1998, the Air Force commissioned WetStone Technologies “to develop a set of statistical tests capable of detecting secret messages in computer files and electronic transmissions, as well as attempting to identify the underlying steganographic method” (McCullagh). Thus, WetStone’s “Steganography Detection and Recovery Toolkit” (S-DART) was born. Gary Gordon, vice president of cyber-forensics at WetStone Technologies, reported that while most of the steganography found has been on hacker sites, several instances have been reported on heavily traveled commercial sites such as Amazon and eBay (McCullagh). In addition to S-DART, Neil Johnson has been developing a stego-detector for the past several months. The program is designed to examine hard drives “like a virus scanner” and identify the electronic fingerprints left behind by steganographic applications. In February, Johnson helped nab a suspect who raised suspicions after repeatedly emailing photographs to addresses that appeared to be of family members, but he never received any replies (McCullagh). Unfortunately, if this technology is being implemented in the background, bin Laden and his cohorts somehow managed to slip through the cracks. As far as the Government is concerned, there have been a few suggestions made known to the public. One suggestion is that the NSA could keep a database of images, which would help them identify images with subtle changes in the
low order bits (Schneier). U.S. officials concede that it is difficult to intercept, let alone find, hidden messages and images on the Internet’s estimated 28 billion images and 2 billion Web sites (Kelley). Neil Johnson explains, finding files tainted by steganography is like “looking for a piece of straw in a haystack – forget the needle” (Dibbell). The FBI wants all encryption programs to file what amounts to a “master key” with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security (Kelley). Senator Judd Gregg proposed that “software developers give government security agents the ‘keys’ to encryption programs when they are created,” this position is strongly opposed by many in the technology community who worry it could be used to invade the privacy of law-abiding computer users (Eunjung Cha, Krim). On October 26, President Bush and Attorney General John Ashcroft convinced Congress to pass the Anti-terrorism Act. The acts gives the police expanded power to wiretap the phone of suspected terrorists, keep tabs on their email, and track their Internet activity. Still, if a steganographic image cannot be found, or if a type of encryption cannot be cracked, then America is still at risk of having terrorist plots right under her nose without anyway to intercept them.

More Related Content

PDF
digital stega
James Eglinton
 
PDF
Steganography PDF
Nakul Dandona
 
PDF
10.1.1.157.3117
Anas Pa
 
PDF
Data security using stegnography and quantum cryptography
Alexander Decker
 
PDF
A Steganography-based Covert Keylogger
CSCJournals
 
PDF
Gates Toorcon X New School Information Gathering
Chris Gates
 
PDF
ClubHack Magazine Issue May 2012
ClubHack
 
PPTX
Steganography
Sagar Kumar
 
digital stega
James Eglinton
 
Steganography PDF
Nakul Dandona
 
10.1.1.157.3117
Anas Pa
 
Data security using stegnography and quantum cryptography
Alexander Decker
 
A Steganography-based Covert Keylogger
CSCJournals
 
Gates Toorcon X New School Information Gathering
Chris Gates
 
ClubHack Magazine Issue May 2012
ClubHack
 
Steganography
Sagar Kumar
 

What's hot (9)

PDF
The ultimate privacy guide
JD Liners
 
PDF
Hacking 10 2010
Felipe Prado
 
PDF
A Review on Stegnography Data Hiding using Color Images
ijtsrd
 
PDF
T0 numtq0nju=
International Journal of Science and Research (IJSR)
 
PDF
Christopher furton-darpa-project-memex-erodes-internet-privacy
Chris Furton
 
PDF
Review paper on Data Security using Cryptography and Steganography
vivatechijri
 
PPT
Steganography
Divam Goyal
 
PDF
Ijcta2011020338
Prabhu Prabhu
 
DOC
Networksecurity1 1
lakshmansoft7
 
The ultimate privacy guide
JD Liners
 
Hacking 10 2010
Felipe Prado
 
A Review on Stegnography Data Hiding using Color Images
ijtsrd
 
T0 numtq0nju=
International Journal of Science and Research (IJSR)
 
Christopher furton-darpa-project-memex-erodes-internet-privacy
Chris Furton
 
Review paper on Data Security using Cryptography and Steganography
vivatechijri
 
Steganography
Divam Goyal
 
Ijcta2011020338
Prabhu Prabhu
 
Networksecurity1 1
lakshmansoft7
 
Ad

Viewers also liked (19)

PDF
La Emperatriz Un Buen Auguro
auspiciouswoman78
 
DOCX
Los instrumentos de cuerdas
TrabajosTardes
 
PPTX
Catedral de milán
juli rueda
 
PDF
Smart Commerce 21 - Le ayudamos a vender más
Pere Sanz
 
PDF
JBM-HH Bulletin 5-20
Joint Base Myer-Henderson Hall
 
PDF
La lucha noviolenta criterios y metodos ( Gene Sharp)
72pantalla
 
PDF
DSD-INT 2015 - EO-related projects at deltares - Jaap Kwadijk
Deltares
 
PDF
Infografia: Variables SEO Local para Negocios
NeoAttack
 
PPT
Chuinti13 New modes of governance for urban regeneration Gracia Garcia Calvo
Territorial Intelligence
 
PPTX
Signo lingüístico Rodniel Ocando
Rodniel Ocando Rodriguez
 
PPTX
Componentes link basic
snake25237
 
PPT
Back to the roots. If email is the past, is Google Wave the future?
johanna kollmann
 
PPT
Enterprise Europe Network | C-Energy 2020 Updates | Christiana Siambekou
Invest Northern Ireland
 
PDF
Catalog ERA TAC | Optics Trade | 2013
Optics-Trade
 
PDF
Samuel Pipim biography
Samuel Pipim
 
PDF
Don't Think Like an Instructional Designer—Think Like a Game Designer
Karl Kapp
 
PPTX
Presentation av första kvartalet 2016
PostNord
 
PPTX
KLUV Media Kit 5-11-2015
CBS/KLUV Radio
 
PPTX
Realidad Aumentada, una nueva lente para ver el mundo.
Telefónica Grandes Clientes
 
La Emperatriz Un Buen Auguro
auspiciouswoman78
 
Los instrumentos de cuerdas
TrabajosTardes
 
Catedral de milán
juli rueda
 
Smart Commerce 21 - Le ayudamos a vender más
Pere Sanz
 
JBM-HH Bulletin 5-20
Joint Base Myer-Henderson Hall
 
La lucha noviolenta criterios y metodos ( Gene Sharp)
72pantalla
 
DSD-INT 2015 - EO-related projects at deltares - Jaap Kwadijk
Deltares
 
Infografia: Variables SEO Local para Negocios
NeoAttack
 
Chuinti13 New modes of governance for urban regeneration Gracia Garcia Calvo
Territorial Intelligence
 
Signo lingüístico Rodniel Ocando
Rodniel Ocando Rodriguez
 
Componentes link basic
snake25237
 
Back to the roots. If email is the past, is Google Wave the future?
johanna kollmann
 
Enterprise Europe Network | C-Energy 2020 Updates | Christiana Siambekou
Invest Northern Ireland
 
Catalog ERA TAC | Optics Trade | 2013
Optics-Trade
 
Samuel Pipim biography
Samuel Pipim
 
Don't Think Like an Instructional Designer—Think Like a Game Designer
Karl Kapp
 
Presentation av första kvartalet 2016
PostNord
 
KLUV Media Kit 5-11-2015
CBS/KLUV Radio
 
Realidad Aumentada, una nueva lente para ver el mundo.
Telefónica Grandes Clientes
 
Ad

Similar to Stenographgh[1] (20)

PPT
Steganography
Presentaionslive.blogspot.com
 
PPTX
Presentation1
guestb8230c
 
PPTX
Steganography
Bahaa Aladdin
 
PPTX
steganography-252-uzLRCSm.pptx
AkashBhosale50
 
PPTX
Steganography flooding
HENI BHUNGALIA
 
PPTX
CSE steganography for data writing and reading
misbanausheenparvam
 
PPTX
Steganography ppt
OECLIB Odisha Electronics Control Library
 
PDF
Phd T H E S I Sproposal
guest6caaab
 
PDF
Hi3612991303
IJERA Editor
 
PDF
Steganography and Its Applications in Security
IJMER
 
PPT
Steganography - The art of hiding data
Sarin Thapa
 
PDF
Steganography using Interpolation and LSB with Cryptography on Video Images -...
Editor IJCATR
 
PDF
Steganography using Interpolation and LSB with Cryptography on Video Images-A...
Editor IJCATR
 
PDF
Feature Selection Algorithm for Supervised and Semisupervised Clustering
Editor IJCATR
 
PPTX
yoda at rotary_pune_club
Antz911
 
PDF
Steganography Technique of Sending Random Passwords on Receiver’s Mobile (A N...
IOSR Journals
 
PDF
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
DOC
Steganography ProjectReport
ekta sharma
 
PDF
Stegnography Systems for Securing DataFile in Image
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
Steganography
Presentaionslive.blogspot.com
 
Presentation1
guestb8230c
 
Steganography
Bahaa Aladdin
 
steganography-252-uzLRCSm.pptx
AkashBhosale50
 
Steganography flooding
HENI BHUNGALIA
 
CSE steganography for data writing and reading
misbanausheenparvam
 
Steganography ppt
OECLIB Odisha Electronics Control Library
 
Phd T H E S I Sproposal
guest6caaab
 
Hi3612991303
IJERA Editor
 
Steganography and Its Applications in Security
IJMER
 
Steganography - The art of hiding data
Sarin Thapa
 
Steganography using Interpolation and LSB with Cryptography on Video Images -...
Editor IJCATR
 
Steganography using Interpolation and LSB with Cryptography on Video Images-A...
Editor IJCATR
 
Feature Selection Algorithm for Supervised and Semisupervised Clustering
Editor IJCATR
 
yoda at rotary_pune_club
Antz911
 
Steganography Technique of Sending Random Passwords on Receiver’s Mobile (A N...
IOSR Journals
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
Steganography ProjectReport
ekta sharma
 
Stegnography Systems for Securing DataFile in Image
International Journal of Engineering Inventions www.ijeijournal.com
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 

Recently uploaded (20)

PPTX
The spiral of silence is a theory in communication and political science that...
MrSam30
 
PPTX
Learning-Plan-5-Policies-and-Practices.pptx
judekimwellnombre15
 
PDF
Instagram's Product Secrets Unveiled with this PPT
mainikunal09
 
PPTX
Non-Verbal-Communication .mh.pdf_110245_compressed.pptx
ansarihussainh
 
PPTX
Tour Presentation Educational Activity.pptx
PaulineAngeliqueBere
 
PPTX
Self management and self evaluation presentation
NikkySharma5
 
PPTX
Emphasizing It's Not The End 08 06 2025.pptx
FamilyWorshipCenterD
 
PPTX
Impressionism_PostImpressionism_Presentation.pptx
PrincessJazminAligan
 
PDF
Swiggy’s Playbook: UX, Logistics & Monetization
mainikunal09
 
PPTX
Intro to ISO 9001 2015.pptx wareness raising
nadianisar5
 
PPTX
nose tajweed for the arabic alphabets for the responsive
Hijabi1
 
PPTX
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
PPTX
Understanding-Communication-Berlos-S-M-C-R-Model.pptx
JommelVienne
 
DOCX
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
PPTX
INTERNATIONAL LABOUR ORAGNISATION PPT ON SOCIAL SCIENCE
AbinayaaAnbazhakan
 
PPTX
AcademyNaturalLanguageProcessing-EN-ILT-M02-Introduction.pptx
nguyenhung549091
 
PDF
Parts of Speech Prepositions Presentation in Colorful Cute Style_20250724_230...
ShomailahRashid
 
PPTX
Presentation for DGJV QMS (PQP)_12.03.2025.pptx
M. Alper SAHIN
 
PPTX
Role and Responsibilities of Bangladesh Coast Guard Base, Mongla Challenges
Tasnim Alam Safin
 
PDF
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 
The spiral of silence is a theory in communication and political science that...
MrSam30
 
Learning-Plan-5-Policies-and-Practices.pptx
judekimwellnombre15
 
Instagram's Product Secrets Unveiled with this PPT
mainikunal09
 
Non-Verbal-Communication .mh.pdf_110245_compressed.pptx
ansarihussainh
 
Tour Presentation Educational Activity.pptx
PaulineAngeliqueBere
 
Self management and self evaluation presentation
NikkySharma5
 
Emphasizing It's Not The End 08 06 2025.pptx
FamilyWorshipCenterD
 
Impressionism_PostImpressionism_Presentation.pptx
PrincessJazminAligan
 
Swiggy’s Playbook: UX, Logistics & Monetization
mainikunal09
 
Intro to ISO 9001 2015.pptx wareness raising
nadianisar5
 
nose tajweed for the arabic alphabets for the responsive
Hijabi1
 
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
Understanding-Communication-Berlos-S-M-C-R-Model.pptx
JommelVienne
 
"Project Management: Ultimate Guide to Tools, Techniques, and Strategies (2025)"
Myplanningtemplates
 
INTERNATIONAL LABOUR ORAGNISATION PPT ON SOCIAL SCIENCE
AbinayaaAnbazhakan
 
AcademyNaturalLanguageProcessing-EN-ILT-M02-Introduction.pptx
nguyenhung549091
 
Parts of Speech Prepositions Presentation in Colorful Cute Style_20250724_230...
ShomailahRashid
 
Presentation for DGJV QMS (PQP)_12.03.2025.pptx
M. Alper SAHIN
 
Role and Responsibilities of Bangladesh Coast Guard Base, Mongla Challenges
Tasnim Alam Safin
 
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 

Stenographgh[1]

  • 1. Stenography and Terroirst What is stenography “Steganography is the art and science of communicating in a way which hides the existence of the communication.Steganography hides the covert message but not the fact that two parties are communicating with each other. The steganography process generally involves placing a hidden message in some transport medium, called the carrier. The secret message is embedded in the carrier to form the steganography medium. The use of a steganography key may be employed for encryption of the hidden message and/or for randomization in the steganography scheme. The terrorist groups are “hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other Web sites” . It doesn't surprise me that terrorists are using this trick. The very aspects of steganography that make it unsuitable for normal corporate use make it ideally suited for terrorist use. Most importantly, it can be used in an electronic dead drop.
  • 2. Steganography is good way for terrorist cells to communicate, allowing communication without any group knowing the identity of the other. There are other ways to build a dead drop in cyberspace. For example, a spy can sign up for a free, anonymous e-mail account. And bin Laden probably uses those, too communicate. Using steganography to embed a message in a pornographic image and posting it to a Usenet newsgroup is the cyberspace equivalent of a dead drop. To everyone else, it's just a picture. But to the receiver, there's a message in there waiting to be extracted.In summary: steganography_medium = hidden_message + carrier + steganography_key Figure 1 shows the classification of steganography techniques (Adapted from Bauer 2002). Figure 1. Classification of Steganography Techniques (Adapted from Bauer 2002) Figure 1 shows a common taxonomy of steganographic techniques (Arnold et al. 2003; Bauer 2002). Technical steganography uses scientific methods to hide a message, such as the use of invisible ink or microdots and other size-reduction methods. History of Steganography
  • 3. The darker sides of governments have utilized forms of steganography for decades. In WWII, German spies used null ciphers, which “camouflaged” the real message inside an innocent“sounding” message (Johnson).The following message was actually sent by a German Spy in WWII: Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by products, ejecting suets and vegetable oils. Taking the second letter in each word produces the following message: Pershing sails from NY June 1 (Kahn 67). As message detection improved, the clandestine world was forced to develop new technologies, which could pass more information and be even less conspicuous. In 1941, the first microdots were discovered “masquerading as a period on a typed envelope carried by a German agent” (Johnson). FBI Director, J. Edgar Hoover referred to the microdot as “the enemy’s masterpiece of espionage.” The message was not hidden, nor encrypted; it was just so small, that it went unnoticed. The microdot permitted the transmission of large amounts of data including maps, photographs, documents, and drawings. With swarms of letters passing through the mails, the United States government panicked. By the end of the war, censors had
  • 4. either prohibited or tampered with flower deliveries, radio song requests, weather reports, children’s drawings sent in the mail, knitting instructions, and anything else that might possibly encode Axis intelligence Steganography Software There are currently over 140 steganography programs available. The tools range from software that hides data in images to software that hides data in spam. Steganography programs are freely available and easy to use. Unfortunately, these two benefits have enabled terrorists to not only correspond for free, but to hide their plots without the threat of being caught. JSteg Shell Version 2.0 JPEG images are becoming more abundant on the Internet because large images with unlimited colors can be stored in relatively small files. For example, a 1073 x 790 pixel image with 16 million colors can be stored in a 170-kilobyte file. As a BMP, the same image would be more than 2 Megabytes (Johnson). JSteg shell is a Windows Shell. That means that it looks and runs like any other windows program, but to perform its primary
  • 5. task, it feeds commands to another program (jpeg-jsteg for DOS) (Korejwa). Jsteg is quite simple to use, and manipulation of the container image is near impossible to detect. To use JSteg Shell, launch the program and choose Hide File in JPG Image. After the message file is selected, an RC4-40 encryption algorithm may be applied to the message by entering a passphrase. Applying an encryption algorithm to the message file is always a good idea becauseit enforces “defense in depth.” In other words, if an enemy retrieves the steganographic image, then the encryption algorithm will still have to be broken to retrieve the hidden message. Once the message file is chosen, JSteg reveals the amount of data that needs to be hidden (in bytes). A container file must be chosen. If the container is not big enough to hide the message, then an error message will be displayed. If the message is successfully hidden, then the new, steganographic image can be saved or viewed. Retrieving a file is just as simple as hiding the file. It is basically the same process with a few minor adjustments. Choose Extract File from JPG Image. Select the steganographic imageusing Find, and DJPEG.EXE will extract the data. If JSteg Shell finds hidden data that it does not recognize, then the screen below will be displayed; otherwise, this screen is skipped.
  • 6. Spam Mimic One of the newest spins on Steganography includes a website called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact that confidential data has been exchanged. To use Spam Mimic, simply go to the site and choose ‘encode’ from the menu, type in a short message, and press enter. This generates a realistic spam message with the secret message imbedded inside it. The spam message can then be cut and pasted into an email client. Upon receiving the message, the email recipient can use the Spam Mimic website to ‘decode’ the spam, and retrieve the original message. One flaw in the software is that there is no limit on the size of the message to be encoded. Consequently, a large message will be encoded, but the spam will begin to repeat itself, which could possibly arouse suspicion. Furthermore, the site enforces government surveillance systems, similar
  • 7. to Echelon, to scan through Terabytes of spam on the off chance that they may contain encrypted messages of interest to the authorities (Leyden). In other words, make sure that if you are going to use Spam Mimic that it is only for legal, legitimate purposes. Steganography Detection Iomart, a Scottish broadband provider and corporate spyware vendor, recently leaked some information about being “called in” by “U.S. authorities” to help in the /bin/laden hunt, and about finding Al Qaeda steganographic files on “the dark side of the Web” (Greene). The company
  • 8. “has identified.... hundreds of files, some of them containing Arabic text and dates” (Greene). So what’s being done to protect U.S. citizens from future terrorist plots residing on the Web? In 1998, the Air Force commissioned WetStone Technologies “to develop a set of statistical tests capable of detecting secret messages in computer files and electronic transmissions, as well as attempting to identify the underlying steganographic method” (McCullagh). Thus, WetStone’s “Steganography Detection and Recovery Toolkit” (S-DART) was born. Gary Gordon, vice president of cyber-forensics at WetStone Technologies, reported that while most of the steganography found has been on hacker sites, several instances have been reported on heavily traveled commercial sites such as Amazon and eBay (McCullagh). In addition to S-DART, Neil Johnson has been developing a stego-detector for the past several months. The program is designed to examine hard drives “like a virus scanner” and identify the electronic fingerprints left behind by steganographic applications. In February, Johnson helped nab a suspect who raised suspicions after repeatedly emailing photographs to addresses that appeared to be of family members, but he never received any replies (McCullagh). Unfortunately, if this technology is being implemented in the background, bin Laden and his cohorts somehow managed to slip through the cracks. As far as the Government is concerned, there have been a few suggestions made known to the public. One suggestion is that the NSA could keep a database of images, which would help them identify images with subtle changes in the
  • 9. low order bits (Schneier). U.S. officials concede that it is difficult to intercept, let alone find, hidden messages and images on the Internet’s estimated 28 billion images and 2 billion Web sites (Kelley). Neil Johnson explains, finding files tainted by steganography is like “looking for a piece of straw in a haystack – forget the needle” (Dibbell). The FBI wants all encryption programs to file what amounts to a “master key” with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security (Kelley). Senator Judd Gregg proposed that “software developers give government security agents the ‘keys’ to encryption programs when they are created,” this position is strongly opposed by many in the technology community who worry it could be used to invade the privacy of law-abiding computer users (Eunjung Cha, Krim). On October 26, President Bush and Attorney General John Ashcroft convinced Congress to pass the Anti-terrorism Act. The acts gives the police expanded power to wiretap the phone of suspected terrorists, keep tabs on their email, and track their Internet activity. Still, if a steganographic image cannot be found, or if a type of encryption cannot be cracked, then America is still at risk of having terrorist plots right under her nose without anyway to intercept them.