Do you believe in hidden-messages?
August 31, 2007 8:21am CST
I just found these news and I am very curious about this subject. What do you think about it? STANFORD, California -- Niels Provos, a computer science graduate student at the University of Michigan, took the dais at a Stanford University lecture hall Wednesday evening with what seemed a comforting message: After analyzing a couple million graphics files posted on the Internet, he has found no evidence that any of the pictures contained hidden communications sent by anyone, let alone agents of Osama bin Laden. But as Provos went on to describe the ins and outs of detecting steganography -- the practice of hiding secret messages in graphic and sound files posted on the Internet -- it became clear that the comfort was illusory. If someone hides a message well enough, detecting it amid the swirl of other Internet traffic is a maddeningly slow and difficult process -- and it might even be impossible. Provos has been working on steganography since June, ever since USA Today printed a sensationalistic report, which called encryption one of bin Laden's favorite tools. In a subsequent Wired News article, Gary Gordon, a security expert, suggested that a few graphic files on such popular sites as eBay and Amazon might actually contain hidden messages -- and Provos said that he had to see this to believe it. So Provos built a suite of tools to detect messages that might have been hidden using some of the steganographic programs available on the Internet, and -- using a stable of about 60 of the University of Michigan's computers -- he set about analyzing two million image files culled from eBay. His tools detected several thousand possible hidden messages -- so Provos had to code another program to try to break apart the image files to see if they did indeed contain messages, or if he was instead getting a lot of false positives. This turned out to be the time-sucking portion of his analysis. In order to break apart a possibly encrypted file, Provos used a dictionary of hundreds of thousands of possible passwords that might have been used to encrypt it. Each password was tried on each of the thousands of files, in a "brute force" process that took several weeks -- and in the end, Provos can say only that the two million images he checked were OK. "I can't answer the question of whether or not there is hidden content on the Internet," he said Wednesday. "My negative result doesn't indicate that the hidden communications aren't there." This situation is a bit like the old joke about the drunk who looks for his keys under a streetlight, even though he's lost them a few yards away. After all, since it was mentioned in the media as being a good place for secret messages, people looking for secrecy would have been reluctant to post their communications in image files on eBay. And if someone was going to go through all the trouble to post images containing secret information of real value -- such as the location of an upcoming terrorist attack -- then wouldn't the person take care not to encode it with a password that can be found in a common dictionary? Faced with such questions from the audience here, Provos conceded that his approach has limitations. He says that he is currently analyzing a Usenet archive of files that were posted before there was any media mention of steganography; many people believe that terrorists would be more likely to hide out on Usenet than eBay. And while it's certainly likely, he says, that people hoping for secrecy would hide their data using passwords not found in dictionaries, "there are people out there who use stupid passwords," he said. But that thought is likely to offer little solace to people who worry that innocent looking images on the Internet might contain plans for something disastrous. If we can only find the people who leave their messages in places it's convenient to search -- eBay or Usenet, as opposed to some needle-in-a-haystack, transient homepage -- and who are also nice enough to use a password like "osama" instead of a pseudo-random string of numbers and letters ... if we can only do that, do we have any hope at all? Like many parts of the digital world, however, this is a cat-and-mouse game. Provos said that he is already refining his code, and has seen measurable increases in his analysis speed. But he is also playing the mouse in this game. He has created a new version of his own message-hiding program, OutGuess, which cannot be detected using known statistical techniques.