ENCRYPTION
Steganography - the practice of encoding data into the least significant bit of another file - has become a popular tool for secretly sending and receiving digital messages, which isn't surprising when you consider how it's linked with two of the Net's hot-button issues: privacy and porn. Of course, having a high-profile user like Osama bin Laden doesn't hurt, either. The terrorist reportedly relies on stego files to transmit maps, photos, and instructions outlining future targets via pornographic bulletin boards and sports chat rooms. Such tactics have led to a greater interest in finding more of these messages, which are camouflaged in various formats, including JPEG, MP3, and .wav, says stego sleuth Neil Johnson, associate director of George Mason University's Center for Secure Information Systems. The Fairfax, Virginia, research group is partly underwritten by the National Security Agency.
Steganography has long served the useful functions of watermarking copyrighted material and allowing users to send and receive secure info. But more recently, it's served less reputable purposes. "There have been cases where people were distributing child pornography and were caught trying to cover their tracks using steganography," Johnson says, adding that by his count, about 140 programs for creating stego files are now available, with new additions every month.
WetStone Technologies counters these apps with stego detector S-Dart, a program that crawls Web sites for files with telltale signs of steganography. Chet Hosmer, president of the Freeville, New York, company, says S-Dart has turned up stego in "obvious places like hacker and pornography sites, but also on eBay." An image of a sewing machine offered on the auction site had several different messages embedded in it over the course of a week, but their nature remains a mystery, because their contents were encrypted.
Finding files tainted by steganography is akin to "looking for a piece of straw in a haystack - forget the needle," laments Johnson, who is working on an app that reveals signatures from stego programs. "The more and more privacy comes up, the more I expect to see steganography used. The idea behind it has been around for centuries, but the computer and the Internet just gave it a shot in the arm."
MUST READ
Come In, Sit Down, You're Fired
P2P Talk: Thanks for Not Sharing
The MS Federation: Join or Be Assimilated
Spawn of Slashdot
Gorilla Positioning System
DVD Hacking for Dummies
People
Jargon Watch
Hiding in Plain Sight
Fiesta Americana
Raw Data
