[Nottingham] Considering the last talk...

Duncan notlug at pendinas.org.uk
Sat Apr 30 17:33:10 UTC 2011


On 26/04/11 09:11, Jason Irwin wrote:
>
> ...this might be of interest.
>
> http://www.theregister.co.uk/2011/04/26/cluster_based_steganography/
>
"The inventors said their method makes it possible to stealthily store a
20-megabyte message on a 160-gigabyte portable hard drive."

Assuming the traditional 1024 bytes/kb that gives you
a hidden/totalData ratio of  .00012.

Thinking about this (perhaps too much), you'd  be better off using
steganography to hide data in your spam folder by encoding it as
spelling mistakes in 419er letters (or any other spam).

A recipe for a "super secret spam steganography program":

1. Modify a mail header (message-id, subject or reply-to)
to encode enough information to:
a) allow the separate emails to be ordered correctly
b) identify the encoding scheme.

2. Encode the data to be hidden as extra random characters
(or by replacing words with mis-spellings from a lookup table).

Assume we can encode at least 5-bits () per mistake
(eg. adding an [a-zA-Z] as an extra random character) then,
if the 419er emails have on average 1500 characters of header
and a 1000 characters of body,  writing 10 mistakes (50 bits)
per email would give a hidden/totalData ratio of
50/(2500*8) = .0025 -- a factor of 20 better than the cluster based
steganography.

Okay, the fact the 419er has _only_ 10 mistakes /might/ look a little
suspicious, as would the 8192+ messages needed in your spam
folder to encode a single 50k but as a _distribution_ mechanism for
  super secret data (lawful or otherwise) -- who is going to notice an
extra few thousand 419er messages (or any other spam message)
flying around the intertubes except for those whom have configured
their spam filters to watch out for the special messages ?

By these means, the spy who hasn't yet come in from the cold could
send (by single-use hotmail account, via anonymous remailer
or a friendly botnet) his (or her) mother lots of lovely holiday snaps
from the pistes without risking an international fashion scandal
over what they were (or were not !?!) wearing.

Have fun,
Duncan





More information about the Nottingham mailing list