Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Encryption Security Your Rights Online

Study Finds Low Use Of Steganography On Internet 291

schnippy writes: "New Scientist reports on new study from the University of Michigan that argues that steganography (the science of obfuscating communications) is not in wide use, or at least not on the 2 million images they scanned on eBay. Earlier this year, USA Today reported that Bin Laden was using steganography to disguise his communications. Full study is available here. Wonder how long before someone sets up a distributed computing client to help search for Bin Laden's secret communications? :p" Niels Provos' research was mentioned in Slashback not long ago, and this article is based on the same research.
This discussion has been archived. No new comments can be posted.

Study Finds Low Use Of Steganography On Internet

Comments Filter:
  • Half of slashdot posts are encrypted evil plots for mass destruction.
  • by datawar ( 200705 ) on Wednesday September 26, 2001 @10:57AM (#2352468)
    The whole point of stenography is that people CAN'T spot the fact that you're using it!

    • by dachshund ( 300733 ) on Wednesday September 26, 2001 @11:08AM (#2352546)
      The whole point of stenography is that people CAN'T spot the fact that you're using it!

      To elaborate... The whole point of good steganography is that people can't easily spot the fact that you're using it. If you use some common freeware steg. programs, people'll have no problem detecting it-- these programs make very little attempt to hide their trail if the files are carefully examined. In any case, except for the nefarious use by criminals, or a few people having fun, there's no reason to use steganography very much. The hope is not to be detected when you do use it.

      As an aside, one imagines that with the hundreds of millions of dollars Bin Laden has access to, he can afford to create some half-decent steganography procedures... Perhaps using one-time-pads to conceal the data as noise.

      • by 4of12 ( 97621 ) on Wednesday September 26, 2001 @12:13PM (#2352893) Homepage Journal

        There hasn't been much need for steganography so far.

        But if encryption is outlawed, then steganography will enjoy considerable growth as people find that the only way to secure their data is to hide the fact that they are doing so.

        With regards to Bin Laden, I continue to maintain that his use of high tech is overstated. (But making such statements is probably a great way to get government funding for fun stuff, make it look like "we're doing something", etc.)

        Low-tech means of infrequent verbal communications, not in Western language and frequently not conducted over electronic means, are more than sufficient to hide covert activities.

        Yeah, I can just see ObL and his gang firing up the diesel generators in their rural Afghan camp, setting up their satellite cell phones to upload and download complicated set of instructions that have been steganographically encoded. Give me a break. There are easier ways for him to communicate that are far less risky.

      • Really theres nothing to stenography ... atleast in images ... you just choose the ratio of normal bits to replaced ones ... The pattern of where the bits are hidden has to be a constant because the reciever has to be able to find them to :) I submit that "good steganography" is simply a high ratio of normal to replaced bits :) And good stenography CAN'T be proven to exist because its indistinguishable from gaussian noise in the image.
        • I disagree with one point:

          The pattern of where the bits are hidden has to be a constant because the reciever has to be able to find them to :)

          The pattern does not have to be constant; it simply has to be derivable by the recipient. For example, we could agree that when I diddle the low-order bit of the blue component of a pixel, the red component of the same pixel gives the offset to the next pixel which contains data...etc.

          We can get as complex as we like, provided we agree on the system. This is one of the things that makes it silly to even talk about "measuring steganography on the internet." It's also one of the case where "security through obscurity" pays off--or, to quote an old adage, people don't rob banks they can't find.

          To take this even further, imagine a system like Blonde=0, Dark hair=1; Large breasts=0, Small breasts=1; Full frontal=0, Partial=1; etc. where the pictures are to be read in the normal reading order. This provides a 64 bit convolution key, which is used to combine all of the images from another site; the result is used to select letters from the postings on an unrelated newsgroup...

          I defy anyone to prove that this sort of system is or isn't being used. And note that it need not use any standard encryption software.

          -- MarkusQ

      • Wrong (Score:2, Informative)

        by athmanb ( 100367 )
        If you're talking about applying the reverse of various well documented steganography algorithm on an image (or an mp3-song, for that matter) and then looking at the result, you're wrong.
        All you will get is a random stream of bits. And without the private key to which this message was encrypted, you have no possibility to know whether these random bits really are some supersecret data, or just random noise introduced by the digital camera, the image processing software or the compression algorithm.
      • In any case, except for the nefarious use by criminals, or a few people having fun, there's no reason to use steganography very much. The hope is not to be detected when you do use it.

        True, most stego falls into security through obscurity, and few systems have fit the design specs for a good stegosystem:

        • Difficult to detect that a message (hereinafter a "Watermark") exists in a signal without a key (possibly public key for sdmi; secret key for terrorist applications)
        • Difficult to remove the Watermark without unacceptably affecting the signal or using a second key (secret key for sdmi; not that important for terrorist apps)
        SDMI's four stegosystems failed because it was too easy to remove the watermark from the signal.
    • Read the article (Score:2, Interesting)

      by melquiades ( 314628 )
      Tampering can still leave traces, and once you know how a tool works, you may be able to detect it. This turns out to be the case with almost all of the currently available steganographic tools. From the Slashback link:

      "[The researcher has] been developing several interesting tools to do steganalysis during the course of his universal stego engine development: ( including stegbreak (which can detect images produced by all popular stego tools -- except outguess)....

      Of course, this only works if you know the tool, so this research only would detect the use of "off-the-shelf" steganography, as the researchers point out. From the article:

      The technique may not be infallible. The methods used by Provos and Honeyman were particularly aimed at uncovering use of steganographic tools already released on the internet.

      There are more advanced methods of hiding communications within images that involve using active, as well as redundant parts, of the underlying code. Sushil Jajodia of the Centre for Secure Information Systems at George Mason University in Virginia, US, says that this could have evaded detection but would require considerable technical sophistication.

      BTW, it's "steganography". "Stenography" is what those speedy typists in courtrooms do.
    • by Jburkholder ( 28127 ) on Wednesday September 26, 2001 @11:15AM (#2352581)
      >...stenography ... people CAN'T spot the fact that you're using it!

      but doesn't that wierd little typewriter [] usually tip everyone off?

    • There was supposedly a whole system of signals guiding African-American slaves to escape to the north. The signals were hidden in quilts, which could be left out in the open. It's written up in Hidden in Plain View [], and you can see some of the symbols here []. This was very low-tech, and the end-users didn't even have to be literate. Haven't you seen spy movies where signals were passed according to whether a curtain was open or shut, the color of a shirt hanging on a clothesline, etc.? This kind of low-tech signal would leave much less footprint than anything composed or transmitted via machine.
    • by rve ( 4436 )
      I'd use an obscure MP3 sharing site, not jpegs. Something that does not arouse suspicion if you try to do it covertly.

      Nothing as suspicious as trying to hide something seemingly innocent, but if they take it too far (pr0n jpegs or warez for instance) it would attract attention again.
  • by Anonymous Coward on Wednesday September 26, 2001 @10:57AM (#2352470)
    i think the extinction of the dinosaurs wiped out steganography; the mysteries of how the stegasaurus learned to write with its' tail will never be known to any of us...
  • by turbine216 ( 458014 ) <(turbine216) (at) (> on Wednesday September 26, 2001 @11:00AM (#2352480)
    ...does anyone else think that "steganography" is just the latest in annoying media-driven hysterics? Every month there's a new buzzword that exists simply to point out the "evils" of the internet...

    MAYBE this is just another one of those words!! With so many other more effective and simple methods of encryption (read: PGP), why would anyone go to all the trouble?
    • PGP, and most encryptions are 'obvious'. There's a large PGP header denoting version, user name, et al.

      The point of stego is to conceal the fact that something is being sent.

      Stego works best in conjunction with crypto. Hide encrypted data in an image, or song.
    • by Erasmus Darwin ( 183180 ) on Wednesday September 26, 2001 @11:10AM (#2352555)
      "With so many other more effective and simple methods of encryption (read: PGP), why would anyone go to all the trouble?"

      You're comparing apples and oranges. Steganography isn't encryption -- it's concealment. If I send a PGP-encrypted message, regardless of whether or not they can break it, every eavesdropper knows that I just sent a PGP-encrypted message. If I use stenography to hide a message, an eavesdropper might miss the message, but would be able to decode it if it's discovered. If I use both, it's a win-win situation.

    • As a science steganography is vary old. One of the first book on the subject steganographica [] was written by Gaspari Schotti in 1665. It has however been a subject of limited public interest until vary recently. This is not to say that various steganographic techniques haven't been used ovar the years. On the contrary, many intelligence agencies have uses steganographic techniques to smuggle secrets our of various countries throughout the cold war and before. One of the best known ancient uses of Steganography was in the book Hypnerotomachia Poliphili published in 1499. The point is, it's been around for a vary long time, there just hasn't been any public interest.

  • So does someone have a super-duper steganography-detection algorithm, or what?

    Maybe they assume in color-discretized images that images having RGBs one-off of their surrounding pixels are steganographic? I gotta write a filter to induce 1-off color changes then, just to keep 'em busy. =)

    Or are these people just freakin morons?
  • Steganography is supposed to hide messages as well as possible. That's the whole point. So wouldn't a study just find the use of bad steganography, that is, stego that is easy to detect?
    • Steganography is supposed to hide messages as well as possible. That's the whole point. So wouldn't a study just find the use of bad steganography, that is, stego that is easy to detect?

      Yes but it seems reasonable to infer that if you can't find anyone doing it badly, it's fairly rarely used. It's human nature that for every guru there are 10-100 novices.

  • How do they know? (Score:5, Insightful)

    by ( 114827 ) <> on Wednesday September 26, 2001 @11:02AM (#2352497) Homepage
    How can they know that the 2E+09 images on eBay don't contain hidden messages? They might not have detected them, but that doesn't mean they're not there. Perhaps these damn terrorists (gasp!) made their own software!

    And who says that you have to post images to send a message? Maybe posting a baseball card for sale means that a cell is to attack on the day that the auction closes. A Sammy Sosa card means we fly into the Sears Tower; a Thurman Munson card means the WTC. The starting bid is the price is the time at which it's to happen.

    The whole point of steganography is that the outside world doesn't even know what your encoding system is, much less be able to decipher it.

    • your later examples are codes, not ciphers. Codes like you say are basically unbreakable, but require that the parties know ahead of time what might be said. Ciphers are capable of communicating anything which can be written down.
    • Didn't you know? Only law-abiding U.S. companies can make security software!! This is why implementing encryption backdoors is such a good idea for national security as well as the national economy, because the world needs to use our products to ensure high quality security.
    • Re:How do they know? (Score:2, Interesting)

      by dugb ( 10154 )
      Also, there are other ways to investigate image files.

      I've experimented with Provos' steganographic tool, outguess [] . I encoded a short message in a .jpg using the default option to foil detection by preserving statistical properties of the cover medium. Sure enough, the companion detection tool, stegdetect was not able to detect that a message was concealed.

      Then, on a hunch, I converted the original and altered .jpgs to .bmps, and examined them side by
      side using od -c | less. In the .bmp produced from the altered .jpg, I noted repeated 'senseless variations' in color values, usually pixel triplets of 377-376-377 (octal), as my sample pic was an object on a white background.

      Of course you would need the original image to definitively prove alteration of content. But this could be reduced to process and used to sift through content for likelihood of alteration. Such a tool might prove beneficial as a substitute for blunt instruments such as Carnivore.


  • by xinu ( 64069 ) on Wednesday September 26, 2001 @11:04AM (#2352504) Homepage Journal
    From what I heard, not that I have any clue what I'm talking about other then what I've seen on the news and water cooler talk. But, they don't even use computers for the most part. Not only are they low-tech, they are no-tech. I don't see what the fear is other then some goverment officials taking advantage of the mass hysteria.
  • Steganography in and of itself is fairly powerful. However, the real beauty lies when you combine it with encryption. Encrypt your strings of bytes, strip off headers and define the headers through some other mechanism and THEN you'll have truly clandestine communications. The best steganography is the kind no one even knows is there (as has been mentioned previously).

    I know a group of guys who were literally taking all of the porn off of the alt.binaries newsgroups to look for hidden messages, but gave up do to the volune, the low chance of actually getting a hit, etc. In other words, it will be impossible to tell if the image you have is actually encoded.

    An interesting look at what steganography is [] for beginners.

  • This is naive (Score:5, Flamebait)

    by scorbett ( 203664 ) on Wednesday September 26, 2001 @11:05AM (#2352510) Homepage
    According to the details of their study, they took images from Ebay and scanned them for steganographic content using statistical analysis. Out of the two million images they scanned from Ebay, they determined that about 17000 seemed to have steganographic content. They then used a dictionary attack to try and extract any encrypted messages that may be contained within. They failed on all 17000 images. Their report indicates one of three possible explanations for this:
    1. There is no significant use of steganography on the Internet.
    2. Nobody uses steganographic systems that we can find.
    3. All users of steganographic systems carefully choose passwords that are not susceptible to dictionary attacks. (emphasis mine)
    In response to number 3, I'd like to say, "well, duh". Anyone clever enough to transmit messages via steganography is not going to be stupid enough to potentially compromise themselves by choosing a simple password.

    But beyond that, this search is limited to one small part (Ebay) of the entire Internet. There are certainly many other places where images can be transmitted inconspicuously (certain usenet groups come to mind).

    To me, this seems like a "feel good" story designed to put people at ease. It has little actual merit.

    • In response to number 3, I'd like to say, "well, duh". Anyone clever enough to transmit messages via steganography is not going to be stupid enough to potentially compromise themselves by choosing a simple password.

      But what about folks who use Microsoft Visual Steganography Studio? You take a .bmp or .jpg and you type text on it and hit compile... wham! you've got covert operations. Those folks might use a simple password like ***** or password!
    • Re:This is naive (Score:3, Interesting)

      by Cerebus ( 10185 )
      Worse-- the study looked only for three common stegongraphic tools, and noted that the best of them (OutGuess) has a new version that is not detectible using the method descibed in the study.

      If you're smart enough to use steganography, wouldn't you be smart enough to use the latest version of the most advanced tool?

      "Well, duh," again.

      While I applaud Mr. Provos and Mr. Honeyman's efforts, the study uses a flawed methodology and this is reflected in the distinct lack of any real conclusions. You'll note that section 9, Conclusions doesn't actually conclude anything-- they simply state "we are unable to report finding a single message."
    • Re:This is naive (Score:2, Informative)

      by Liquor ( 189040 )
      Their report indicates one of three possible explanations for this

      Perhaps we could add:

      4. They are detecting simple watermarks generated by normal image processing tools such as Photoshop.

      Is this a fourth possibility? After all, the watermarks are effectively embedded using steganographic methods, and the 'encrypted content' would simply be the creator's identification.

      Although the study notes that watermarking is similar to steganography, but is generally embedded in a 'more robust manner', nowhere does it imply that they tried to determine whether the their detection tools were falsely detecting normal watermarking, or if they were allowing for the 'random bits' that would be created by watermarking. Indeed, they admit that a watermark will affect many of the same things that steganographic content will.

      Nowhere in the study does it imply that they actually tried to check for watermarking in order to allow for or eliminate the watermarked images, just checking for data that seemed to fit the format for 'released steganographic tools'.

      In addition, they note that verifying that an image has hidden content requires attempting to decrypt the hidden content using one of the 3 tools that they were testing for - and failed on all of the tests - so I take this as further evidence that they didnt' check for simple watermarks.

      And a lot of posters on ebay will simply grab an image from a manufacturers site - and those images may well be watermarked.

      To me, this seems like a "feel good" story designed to put people at ease. It has little actual merit.

      I agree.

  • No kidding... (Score:2, Insightful)

    by BMazurek ( 137285 )
    "The technique may not be infallible. The methods used by Provos and Honeyman were particularly aimed at uncovering use of steganographic tools already released on the internet."

    Yeah, if I was going to hide a message, I'd use commonly available tools already out there. *sigh*

    Terrorists are not stupid. I would think a home-brew methods would be better in many circumstances.

    These people aren't communicating with 45 meg Powerpoint Presentations outlining the plans. Short, concise messages could be encrypted with previously agreed upon one-time pads, hidden in a few bytes of an image, or even across 8 or 10 images across multiple sites. These people have time and a mountain of data to hide in.

  • Why Ebay? (Score:5, Interesting)

    by jandrese ( 485 ) <> on Wednesday September 26, 2001 @11:05AM (#2352518) Homepage Journal
    Ebay seems like a poor choice for stenography. First off, you have to actually sell something to get a picture on Ebay (IIRC), and I doubt the terrorists are going to want to bother with having buyers on their back all the time.

    It seems to me like it would be much easier just to set up some random Geocities site with text like:
    Hi, I'm Lisa Smith and this is my site about me and my 10 cats!
    Then include several pictures of 10 different cats, including some with covert information. If you need new information you can reencode some of the pictures and reupload them. Other messages can be sent by subtly changing the HTML (adding and deleting extra spaces for instance).

    I still can't figure out why they thought the images would be one Ebay.
    • The reason is probably political. As soon as a crisis appears, everybody suspects the things they don't like and should therefore be blamed.

      EBay is a nice choice for this: it is a symbol of the DotCom hysteria, and there are already a lot of stories about it (people selling their child's names, organs, nazi ensigns).

      Now you idea is much more logical, but emotionnaly unnaceptable. Having the FBI raid eBay is one thing (nobody works there anyway) but suspecting people who show pictures of their cats, that would be truly evil (everybody knows somebody who likes cats).

      This is not about logic, but about finding somebody to blame. It's much easier to suspect and to blame people you don't know... Why do you think comes the idea that Bin Laden had to use the internet?

    • Re:Why Ebay? (Score:2, Insightful)

      by Atzanteol ( 99067 )
      Why even make the site 'public'? Restrict access, and don't have a link on your main page pointing to a hyper-secret-photo.

      It's absurdly trivial to hide something, for a short time at least.
      • Re:Why Ebay? (Score:2, Informative)

        by aozilla ( 133143 )

        Why even make the site 'public'? Restrict access, and don't have a link on your main page pointing to a hyper-secret-photo.

        Because that would defeat the whole point of using steganography. The idea is that terrorists can talk to each other without the government knowing that they're even talking to each other. If only one person visits the site, you might as well just email the encrypted data.

        If 10,000 people all view the picture, how do you know which one is actually receiving the information? It's just one more layer of "security".

    • The specific rumor, back in Feb2K, when this whole hysteria started, cited EBay. That's why.
    • Re:Why Ebay? (Score:2, Interesting)

      by Coniine ( 524342 )
      Two simple points :

      1) you do not ever want to use the same image for multiple messages. The fact that the same image is shown but has subtle differences is a strong indicator of the presence of stegoed data.

      2) you do not ever want to restrict access to the images containing stegoed messages - that enables traffic and association analysis.

      If you do place stego data in an image make sure that the image is an original ( eg from your own digital camera or scanner ) and that once you have produced the modified image you destroy all copies of the original - see #1 above.

  • e-Bay? (Score:5, Insightful)

    by gus goose ( 306978 ) on Wednesday September 26, 2001 @11:06AM (#2352521) Journal
    Apart from the fact that by default, good steganography should be undetectable, it appears that e-bay is a poor site to use. By default, the user posting a sale has to exist in some manner, unless a new identity is created for each item to be sold - which makes sense, but the bottom line is that it is a pain to keep creating e-bay accounts, and making up e-mail addresses.

    Something on the newsgroups would be a much better place to look. the* areas. Almost total anonymity.

    If I were to want to communicate this way, I would avoid e-bay.

    • > Something on the newsgroups would be a much better place to look. the* areas.

      Finally, the excuse I've been looking for to download copious quantities of pr0n! (Honest, honey, I'm just looking for stego!)

      Actually, you've got me thinking. The best place to hide stego in USENET binaries wouldn't be the pr0n. It'd be the pr0n-spam, which nobody ever downloads.

      • > The best place to hide stego in USENET binaries wouldn't be the pr0n. It'd be the pr0n-spam, which nobody ever downloads.

        Sorry to follow up to my own post.

        But has anyone considered the possibility that the forged headers, path preloads, and/or hashbusters (the "random" digits after the Subject: lines in spam, or the "random" c'h,a'r`a.c,t.e'r`s inserted to foil regular expression matches in killfiles) in USENET spam might not be random?

        Someone with a lot of computing power and a large archive of postings might want to look into that.


          It's a site that will take a message and encode it as spam.

          Really, a hidden message can be encoded into anything, pictures are just best because they're usually capable of holding a thousand words. :)

          There's an even better way to hide data, split it (a bit at a time) between two images, so that without both, the stream is undecipherable.

          Just remember, always encrypt data before using stego, and output it to binary, not text. uuencoded text would be easy to detect in a picture.
  • Alright, this thing answers crazy kooks, and that makes it damn nigh insightful. go hand the news to all those that claim steganography is being used for neferious purposes.

    This is important, because the FBI, NSA, CIA, etc. should definitely NOT be wasting its time looking into these crazy claims of hidden messages.

  • Someone pointed out these paragraphs to me, from the BBC's coverage [] of this story:

    Before now, there has been speculation that Osama Bin Laden has hidden messages in pornographic images posted and swapped on Usenet, eBay and Amazon.

    However, after analysing over two million images from eBay, Niels Provos and colleagues from the University of Michigan have said they found no evidence of hidden messages. Mr Provos and his colleagues are now extending their work to check more images.

    "No, really, we havehave to look at more pr0n now..."

  • Fundamental flaw (Score:2, Interesting)

    by gazbo ( 517111 )
    I know people are joking about it being the whole point that you can't find it in use, but reading the article, this is not far from the truth. The researchers admitted that the method they used only hunted for known, commercially available techniques, and that there were other techniques available that would not have been spotted. Add in any totally novel methods people may have used themselves.

    Still, if we're going to give these researchers funding...
  • I couldn't help laughing at the title. The first thing that popped into my head was, "How do you measure the amount of steganography on the internet?" Seems like the answer is that there should be a lot of nearly useless information, a low signal-to-noise ratio if you will. Which, I'm sorry to say, is a very accurate description of the internet. :P

    Okay, okay, now I'll go read the article. :)

    Happy winnowing and chaffing!

  • It seems a bit sketchy to conclude that if something doesn't happen on e-bay, then it must not be happening anywhere else on the internet.
  • by MadCow42 ( 243108 ) on Wednesday September 26, 2001 @11:08AM (#2352541) Homepage
    I could easily encode a message into an image, and NOBODY could detect that one was there, even through careful examination... why would this study be accurate?

    For example:

    -take an original image as a reference
    -encode a message into binary 1's and 0's (use encryption if you like, or just the binary ascii equivalent)
    -go through the image in a certain direction, and change each pixel value by 1 to encode a binary "1", or leave it alone to encode a binary "0".
    -distribute a "reference image" separately that can be used to decode the image (like a key)
    -use a simple algorythm to compare the original and reference, which will give you a binary sequence
    -decode the binary sequence using whatever method you used to encode it

    Unless you have the reference image, you're screwed. Changing RGB values by 0 or 1 will not be detectable, and will easily blend in with the noise of most images.

    The only thing you can't do is compress the image with JPEG or other "lossy" compression routines.

    How could you detect this? How could you prevent it from being used? You can't, unless you know the reference image. I could post secret messages on the front page of and nobody would know (ok, assuming I had access to to post an image).

    • I would guess your method won't work because the least significant bit of each pixel value isn't really random, i.e., in "normal" pictures, this bit has a certain kind of distribution and your method would detectably change it. A better method would be to scan the original image and find those pixels where the value of the least significant bit is 50/50. These would be the bits that you could encode. Of course, this is only as good as your model of the least significant bit.
      • by MadCow42 ( 243108 ) on Wednesday September 26, 2001 @11:34AM (#2352681) Homepage
        I don't agree with you, actually...

        If binary "1"s are encoded as "different than original image, and 0's are "same as original image", you could change the pixel value by +/- 1 to suit the general area of the image.

        If you look closely at any scanned or digitally captured image, there's always a "noise factor", from sensor gain, etc. A value change of 1 would not be detectable due to a noise level of at least 1 pixel value.

        You could also triple your data density by encoding the R, G, and B channels separately. This could potentially be a little more noticable, but not by much. You could also encode them in different orders (rgbrgb... rrrrggggbbbb, whatever order you want) to further encrypt it.

        The only images that do not have noise are digitally created images (i.e. rendered, or drawn in a computer). Just JPEG compressing an image causes noise of more than 1 value.

        I could write a program to encrypt/decrypt like this in less than 5 minutes... the only problem I can see is distributing the "key images", which would be susceptible to being intercepted. You could always distribute them on a hard medium (CD), and trust that noone is a spy in your group. I'd probably distribute a few hundered "refrence images".

    • Unless you have the reference image, you're screwed. Changing RGB values by 0 or 1 will not be detectable, and will easily blend in with the noise of most images.

      The only thing you can't do is compress the image with JPEG or other "lossy" compression routines.

      Applying steganographic encoding to an image before JPEG compression wouldn't work too well, but it should be possible to apply it after compression. You could hide your data in the low bit or two of the DC coefficients without noticeable degradation. It might even be possible to use the lower-frequency AC coefficients, though I don't know if I would want to bet on it (haven't looked into it too closely). Your payload won't be too great (assuming that chroma is decimated 2:1 on both axes and that you use only the low bit of each DC component, that's only six bits per 256 pixels), but it could work well enough for short messages.
    • I could easily encode a message into an image, and NOBODY could detect that one was there, even through careful examination.

      You are so wrong. This is just like encryption: Intuitively, everyone thinks it is easy to scramble information, but eventually, cryptanalysis got sophisticated, and we learned that only mathematically sophisticated, rigorously reviewed cryptography has a chance at being safe. Similarly, amateur steganography schemes are probably worthless.

      -go through the image in a certain direction, and change each pixel value by 1 to encode a binary "1", or leave it alone to encode a binary "0".

      Of course the method you describe isn't detectable to the naked eye. But it would be trivial to detect it statistically. Just look at the gradients in adjacent pixels. In you image, they will be jumpier than in a normal image. Go check out stegdetect [] to see some of their techniques and results.

      • I'm curious...

        I'll use my "method" above to encode a message in an image tonite, and then try out such tools to see what they find. I truly believe that it would be impossible to detect a 1-value change (out of 255), even if it is a regular pattern, due to the noise level apparent in any normal digital photo/scan.

        Hey, I'm always willing to be proved wrong, but that's just it, I am the type that needs proof.

        If you're interested in trying to "break" such a scheme, let me know and I'll post a link to the image with the hidden text tonite.

    • The only thing you can't do is compress the image with JPEG or other "lossy" compression routines.

      That's a major problem though. In the real world lossy compression techniques are far more widely used than raw data. Simply posting a .bmp on Ebay or sending a .wav to a friend could be flagged as suspicious activity. For steganography to be truly useful you need to be able to intergrate with the most common file formats and protocols.

      BTW, the technique works better if you simply encode your hidden message in the least significant bit of color values. If the original picture was of poor quality, it would be impossible to distinguish this from normal noise. The benefit is that you merely need to know the technique, not the original image.

  • by perdida ( 251676 ) <thethreatproject ... m ['hoo' in gap]> on Wednesday September 26, 2001 @11:08AM (#2352549) Homepage Journal
    is like trying to prevent a germ warfare attack.

    The truth is, that even if we had known about the WTC attack we could not have prevented it without causing an economic loss of millions of dollars in the city of New York that our current hero-mayor -- Rudy Giuliani -- would have prevented, to the accolades of his fellow citizens if an attack had not come.

    You have to do so much alteration to the medium which you are trying to keep free of bad stuff, be it Internet porn or our daily lives, that the medium itself is changed beyond recognition. It's not worth it.

    Unlike a specific cryptographic algorithm, steganography is a group of methods that take advantage of the huge volume of information that passes over the internet.

    Unless you want to dramatically slow down the transfer of all information, making sure the file looks the same at each gateway it passes through, there is very little you can do to catch people who disguise information in this way.

    ObL is a modern terrorist, using modern methods to operate and communicate. He want us to be afraid of our own modern trappings and conveniences in our lives; if we try to make it impossible for him to communicate, we give up far too much ourselves.

    We must allow full encryption freedom, full steganography freedom, and all otehr lifestyle freedoms in the US and around the world.

    Traditional deterrence methods, such as massive military response, should be used to stop terrorists; we need to stop them after their attacks, and instill fear in others who would attack through a terrifying military response, unfortunately against the innocent as well as the guilty.

    • ObL is a modern terrorist, using modern methods to operate and communicate

      This is SO absurd. The legions of speculators on this situation who are suggesting Bin Laden and his crew used the internet and all this other technology are trying to pre-empt the Tom Clancy novelization of this attack. But these fantastic imaginings of how the hijackers communicated are not grounded in reality.

      Take a look at the living conditions in Afghanistan. The Taliban's banning the use of computers is a little moot when no one can: A. Afford a computer. B. Afford the internet. C. Afford the electricity to power the computer. Osama Bin Laden and / or whoever organized this project is using the crudest of means in the most effective way possible. They don't have the luxury of spending money to write their own steganography software. Sure, Bin Laden is supposed to be rich, but he's spending that money on guns and bombs, not some la-la steganography program. There are so many other more likely means of communicating from the mountains of Afghanistan to Florida or New Jersey. Not that I think they did this, but they could have:

      Purchased digitally encrypted cellphones from China or the Russian black market.

      Written correspondence encoded with one-time pads.

      Actual face-to-face visits.

      Not a lot of communication needed to take place for this project, anyway. Once the plan was designed, why would the perpetrators need to contact their home base again?

      I agree with perdida's comment about preventing steganography is like trying to prevent a germ warfare attack.
  • Earlier this year, USA Today reported that Bin Laden was using stegnography to disguise his communications.

    In other new, Osama bin Laden has unilaterally agreed to stop sending encrypted messages, in advance of forthcoming legislation U.S. legislation restricting cryptography. When approached for a quote, bin Laden quipped, "I no longer wish to be secretive in my communications, from here on, I vow to only Exchange pictures of beautiful American women with my friends in the United States.

  • News Flash (Score:2, Funny)

    by OzPeter ( 195038 )

    After an extensive search I have concluded that Flying Saucers, Santa Claus and the Tooth Fairy don't exist because I couldn't find them.

  • by firewort ( 180062 ) on Wednesday September 26, 2001 @11:15AM (#2352585)
    Ignoring terrorists for the moment, what about the rest of us?

    Most of us agree that use of encryption is probably a good thing. (Envelope as opposed to postcard and all that.)

    So, how do we get normal folks to use encryption? By creating tools that interface well with the tools normal folks use. If that means writing a plugin to outlook, so that the braindead can encrypt the latest virus they're trying to pass me, we should do it.

    The study is about detecting stego when normal tools are used for the encryption. It doesn't suggest that the message is easily extracted, and it's foolish to suppose that terrorists will only use the most commonly available tools.

    What can we do to get normal folks to use stego, PGP, or other forms of encryption?

    I think that we spend a lot of time on Slashdot arguing about Linux and it's place on the desktop, when we could be focusing on encryption as well, and how to make it ubiquitous.
  • by SirSlud ( 67381 ) on Wednesday September 26, 2001 @11:17AM (#2352590) Homepage
    The report omits a glaring error in the study. Namely, that the researchers never checked out the group. And the moral? Never send a scientist to do a lurkers job.
  • When everyone is scouring the internet for hidden messages, a better form of steganography would avoid using the internet at all.

    Granted, I suspect it's just the media that's obsessed by the internet, so any intelligence organization worth its salt would be doing a thorough monitoring of all possible communications channels.

    It's like the article says: Using a code word in a telephone conversation or a radio broadcast would provide a far easier way to communicate in secret.

  • I can help (Score:5, Funny)

    by ellem ( 147712 ) <.ellem52. .at.> on Wednesday September 26, 2001 @11:17AM (#2352596) Homepage Journal
    there has been speculation that Osama Bin Laden has hidden messages in pornographic images posted and swapped on Usenet

    If they posted in alt.binaries.erotica.veils or alt.binaries.erotica.bondage.camels between 1990 and 2001 I have every .jpg, .mpg, .avi, .bmp, .pcx, .mov and .html file ever posted. Also I have every .txt, .doc file from alt.stories.erotica.camel.
  • WHAT?

    Stenography is nothing of the sort!

    Stenography is shorthand. It's a method of quickly writing information down in an abbreviated form that's still fully comprehensible later.

    Part of the problem with not recognizing stenography anymore is the fact that it's no longer really taught in schools. With the advent of compact tape recorders and dictaphones, the need for steno skills pretty much evaporated.
  • with the "backdoor" that Ashcroft feels is so important? Now that the US Government has so blatantly advertised its intent to try to get encryption standards with a "key" that can be known to a government agency, why would anyone "upgrade" to such a system? It's not like the ones we use now don't work.

    Had the US Government been doing the things that it, itself, recommended back in 1991 to better secure airports, the terrorists would have had no chance to hijack the aircraft in the first place. Corporate (airlines) interests fought those to a standstill, however. Now they blather about a backdoor in encryption systems as if that would fix the problems they, themselves, ignored
  • by clary ( 141424 ) on Wednesday September 26, 2001 @11:42AM (#2352714)
    The thought occurred to me that conspirers could meet on a FPS server (Quake, Unreal, whatever), and communicate using gestures. Perhaps shooting a rocket into the third tower from the left means let's meet at the usual place. (Note that you wouldn't want to use the chat feature of the game, since that is probably coded pretty clearly in the game's client/server protocol.) This would be an extremely low-bandwidth approach, but fiendishly difficult to detect.

    Well, now it is my patriotic duty to spend time checking out UT servers for potential terrorists!

    • I've actually suggested this before. It's not a bad idea, except that you'd get fragged a lot unless you found a quiet server.

      If you were willing to wait a while, you could even encode a message by adding to your ping time. Every two seconds, add 20% to your ping for a one, or remove the modifier for a zero. Of course, ping times fluctuate anyways, but this is how you hide your fluctuations.

      The observer figures out the best guess of 'normal' ping fluctuations, by watching all clients on the server and removing any changes common to all of them.

      This final data stream would still have some errors in it, but reed-solomon redundancy would take care of that, at the expense of increasing the ammount of data that needed to be sent.

      But, the good thing about this is you could enjoy a nice game of Quake at the same time, and your behaviour wouldn't look suspicious to anyone watching.
    • Well, now it is my patriotic duty to spend time checking out UT servers for potential terrorists!

      At first I thought you were joking, but then I went and started up Counterstrike - good god, there are terrorists everywhere in that game!
  • /.
    If you want to securely signal someone, you start with the previously mentioned "here's a picture of my cat" in a web ghetto.
    Encrypt some textual child porn into the picture. Once the thought police find that, they stop looking at the data and come looking for you.
    This ensures that dopy morals enforcement cops will trigger your early warning system before the theoretically subtle and dangerous secret agent heros show up.
    But, since you are smarter than a gelded water buffalo, the porn contains key words that indicate meaning based on knowledge shared by the correspondents. For example, any reference to Marsha Brady combind with the word "pigtails" would mean that you've shot a bunch of morals cops and relocated your base of operations. You get the idea.
    Criminal and spy communications have been done through the personals in newspapers for a century at least. Restrictions on encryption impose no significant hardship on persons who consider themselves either above or beneath the law.
  • by mttlg ( 174815 ) on Wednesday September 26, 2001 @12:01PM (#2352814) Homepage Journal
    Ok, so we have a study that says that only a small percentage of pictures on eBay seem to have some kind of steganographic content, but none of them can be confirmed to actually contain this information. You can conclude several things from this, depending on your personal bias:

    -Steganography is not used on the web.
    -Steganography is not used on eBay.
    -We can't detect steganography.
    -Any steganographic we can detect can't be decoded.
    -Steganography isn't widely used - yet.

    You can mix and match these to fit your personal agenda, which I'm sure many people will do. In reality though, these results say almost nothing. The only way to know where, how, and how often steganography is used is to find out from the people using it.

    Unfortunately, I have a feeling some people in Congress and elsewhere in the US government will use this as proof that if they can control encryption, there won't be too much use of other methods of hiding data. Ignoring all of the flaws in this conclusion, there is a further flaw in the assumption that by changing the security in encryption, the amount of use of other methods will remain the same. I would not be surprised if there aren't any people on eBay using steganography, nor would I be surprised if the same was true on most other sites; with available alternatives, this is just one of many tools that could be used to transmit messages securely. If the alternatives are removed, more effort will be spent on steganography, resulting in more widespread use and more resistance to detection. In other words, a ban on secure encryption would just encourage development in other areas, even if such development is dormant right now.

    On a final note, if you want to look for steganography, try a sleazy porn site. Not that I've seen any myself, but I've heard that they toss all kinds of random stuff up on those, grabbing the images from all over the internet. This would seem to make a more representative sample than a site full of people selling their junk.
  • I would have just emailed a plaintext message "Achmed, meet me at WTC at 9". The whole f**king FBI/CIA could have read that message Sept 10 and not thought anything about it.
  • by Get Behind the Mule ( 61986 ) on Wednesday September 26, 2001 @12:09PM (#2352860)
    Snow White,

    The owl howls at midnight.

  • Searching for a method that is not susceptible to computerised scanning such as the research mentioned in the article, I have decided the best way is to always send my secret messages on the insides of drinks cartons, in December. I have had gret success in passing on information with out detection this way, so I heartily recommend you all adopt eggnoggraphy as your chosen espionage technique from now on.
  • by trb ( 8509 ) on Wednesday September 26, 2001 @12:14PM (#2352896)
    The paper describes a system for gathering and analyzing steganography data. The researchers are smart enough to know that their methods don't find all methods of hiding text, but their framework can be used to apply whatever analytical tools you like to the images it collects.

    The point isn't "there is no steganography on the web." The point is "here is a system to look for steganography."

    In typical mass media fashion, both New Scientist and Slashdot go for the flashy story rather than the more interesting point of the research.

  • by CharlieG ( 34950 ) on Wednesday September 26, 2001 @12:15PM (#2352898) Homepage
    Passing secret data, if you have resources, is not that hard. Look up any book on "Field Craft" in the field of "Intelligence"

    Real low bandwith messages are trivial - aka, attack tommorow. It could be a chalk mark on the wall, a newspaper folded a certain way etc.

    Even more fun is to pass LOTS of encrypted messages in the clear, but 99% are nothing but random noise. Look up the topic "Numbers Station"

    Add in a few cutoffs / dead drops, and it's trivial

    Let's say OBL wants to send a message. He could use a combination of low/high tech. He uses a courier to move the data from where he is, to the first drop. The next person has NO idea where OBL is. They use another drop. That person sends a message via the net "Look at the new picture of my dog" might be the whole message - the data isn't even in the picture. Youc could go even further. Use some sort of Steg, but spread the message across multiple images.

    The whole trick is to make the signal/noise ratio low enough that you can't see the signal unless you know where to look
      • Even more fun is to pass LOTS of encrypted messages in the clear, but 99% are nothing but random noise. Look up the topic "Numbers Station"

      I have even heard convincing arguments in favour of actually communicating in cleartext (or in a trivial or known broken code).

      The reason is fiendishly simple. Your eavesdropper, an intelligence operative, will disbelieve anything that's too easy to intercept. He will spend all of his resources looking for hidden communications that aren't there.

      It sounds too trivial and theoretical to be practical, but ask yourself this: when you read about a de-classified project, do you ever think "Ah, but what aren't they telling us?". Why do you think that? Why do people spend their lives analysing the Kennedy assination, Area 51, even the moon landings? We want to believe that there's more to be found, and we want to believe that we will be the ones to find it.

      I'll bet dollars to cents that the folks who did this study were really gutted that they didn't find anything, and that we (i.e. our intelligence services) will keep on spending resources on looking for obfuscated political communication, when they could just drop by any of a dozen soc.culture groups and see plenty of it in plaintext. "But anything in plaintext won't be worth reading!", I hear you cry.

      Exactly. Why even bother looking? Who'd be that stupid...

  • Everything I read about stegonagraphy seems to rely on hiding sensitive information within a single, seemingly innocous file.

    I've always thought it'd make more sense to spread it between files so that, with the encoding based on differences between the files.

    For example, say I want to transmit the binary number 1011, for whatever reason. 1011 is in decimal number the 11, so now I take an image, make a single pixel change at (1,11) and then make some humorous 'before and after' changes to the image, like moustaches, body parts or captions. Whatever, just don't alter row 1.

    Send the two pictures, the receiver checks the difference between row 1 of the two images, and gets 11, which he can then converts to 1011. From there, he uses whatever binary-message decoding.

    You can thus encode a 512-bit message by making a single pixel change to a 264x512 image.

    Include those two images in a pic gallery of 200 images, and now it really becomes hell for anybody trying to detect it.

    And that's using a very, very simple method.
  • Ebay also MODIFIES the images once they get to their servers for the purposes of fitting pages correctly!

    I'd bet money that messes w/ messages...And their detection...

  • Why use EBay when you can get CNN to distribute your stegonagraphically encoded messages [] for you?
  • exactly vot ve vant them to think. Ve make beeg trouble for moose and squirrel for sure now.
  • by magi ( 91730 )
    Overall steganography applications might arise, this harms especially United States' international status considering other matters in neareast geopolitical future or relations you ought understand, really unwanted now!

    PS. If you're a terrorist, read the first letters of my above paragraph.
  • by Captain_Frisk ( 248297 ) <captain_frisk.bootless@org> on Wednesday September 26, 2001 @01:39PM (#2353429) Homepage
    Why would you put the images on ebay? There are plenty of forums that aren't as public, and don't require as much information to register, and best of all, don't cost money.

    There is absolutely no relationship between there being no stenographic images on Ebay, and the use of stenography by Bin Laden or other terrorist groups.

    Seriously, think about where you would put your images? I would say porno boards would be the best place, possibly newsgroups. Tons of people look at porn, so the traffic wouldn't seem strange, and theres so much out there, you wouldn't even know where to look if you were looking for said stenographic images.

    As for distributed clients... I'd love to see a distributed client that started searching all the pr0n sites out there, checking them for secret messages. Could you see that popping up as your screen saver?

    Its just not going to happen.

  • by VORNAN-20 ( 318139 ) on Wednesday September 26, 2001 @02:12PM (#2353704)
    I think the detection of steganography in an image file, given reasonable smarts on the part of the stego software designers, is totally impossible. A typical plain text email message might have 1k words, to be generous. This works out to about 40k bits (5 characters per word, 8 bits per character). A 2048x1536 tiff file, common with today's digital cameras, is about 10+ MB in size. I think that hiding the 40k bits in 10MB of binary image file would result in a file that would pass any practical test, statistical or otherwise.

    Also consider this technique, you (the encryptor) could run the statistical tests on the output file and tweak garbage bits at random until it would not raise any alarms. The design principle would be: 1. Encrypt your message, 2. Insert a compensating set of (probably ordered) bits into the image. 3. Test for randomness, you want to have the final encrypted/hidden output look like the original by every statistical measure you can test for. Repeat steps 2 & 3 until done.

    The basic principle is that you keep the number of encrypted bits in the hidden part buried in the file low relative to the size of the file the message is buried in; I am not a crypto guy but maybe someone who is would care to comment. I would not bet on the TLAs in this race, it's too easy to hide stuff.
  • Why would they even be posted on e-bay where lots of personal information has to be given out. The sites with less public traffic is usualy sought out when hiding information to reduce the number of chance discoveries. All two parties need is a mutual place to check in. Some personal obscure "My vacation pictures of Alabama" on My-Yahoo may be a better place to look.
  • Detect this (Score:3, Interesting)

    by roman_mir ( 125474 ) on Wednesday September 26, 2001 @03:24PM (#2354136) Homepage Journal
    If I really wanted noone ever to guess what I am sending to someone, I would use a number, a LARGE number of free internet services to send SMALL portions of my message through them. I need many accounts on geocities, yahoo, tripod, ebay, maybe some news groups, and I would distribute my super secret message among them in a fassion that would only be known to me and the person I am communicating with. Every message would be sent in a different manner with different accounts. Decrypt this.

Executive ability is deciding quickly and getting somebody else to do the work. -- John G. Pollard