While the U Mich analysis was good, it did not support their conclusions. Most of the stego community would concur. Their methodology looked at a VERY limited set of potential sources of stego and used a VERY limited detection criteria. In fact they did not detect the stego in use at any of the academic stego web sites. Their methodology was: (1) Look at images on e-bay and select news groups. (2) Look at .jpg files and detect coding anomalies. (3) Use two different stego tools and the password guess data bases to see if stego could be confirmed. The correct conclusion should be: given that methodology, they did not find any stego. If over time we have many such studies using different criteria, then we can conclude that setgo is not in general use. It would still be hard to state it is not used at all as some messages need only a bit to be communicated - such as attack to day - which could very well just be the absence of a space .gif on a specific web page. By definition, any stego which transmits data at or below the Shannon limit is impossible to detect. David Aucsmith Chief Security Architect Intel Corporation *--------------------------------------- * * "All that is required for evil to triumph is for good men * to do nothing" - Sir Edmond Burke * * PGP Key Fingerprint * C727 36AE 2DEF 5214 2116 2E28 7CDF C06F 3473 1AE3 *--------------------------------------- -----Original Message----- From: George Heuston [mailto:GeorgeH@private] Sent: Friday, 12 July, 2002 06:46 To: 'crime@private' Subject: RE: CRIME More on terrorist use of Stegonography The conclusion reached--or assumed--that stego is not used by terrorists is bogus. It is not only bogus, but incredibly naieve. Stego, being easy to use, and easy to train people to use, is most certainly being used. E-bay and news groups (IRC being notably absent from the scrutiny of this purported study), though 2 logical places to look, are vast in themselves, and I would argue that a 'scientific analysis' of 2 million images would be little more effective or comprehensive than a random Internet-wide search. -----Original Message----- From: Alan To: 'crime@private' Sent: 7/11/02 10:40 PM Subject: CRIME More on terrorist use of Stegonography Forward from the politech list. From: "Quinn, SallyAnn" <SallyAnn.Quinn@private> To: "'declan@private'" <declan@private> Subject: RE: Politech challenge: Decode Al Qaeda stego-communications! Date: Wed, 10 Jul 2002 17:23:56 -0500 MIME-Version: 1.0 I can't believe this is back. Niels Provos and Peter Honeyman at the Center for Information Technology integration at U Mich drove a stake through the heart of this rumor last fall by scientifically analyzing 2 million images from e-Bay and 1 million images from USENET. Their conclusion is: "...we are unable to report finding a single hidden message." The study can be viewed at: http://www.citi.umich.edu/u/provos/papers/detecting.pdf Oh, Gina Kolata's stories are highly suspect. She interviewed PGP's author Phillip Zimmerman after 9-11, and wrote an article insinuating the the algorithm was somehow the terrorists' best friend and that Phil was quite happy about it. Sally Ann Quinn, Software Test Engineer West 50 East Broad St., Rochester, NY 14694 Mail Drop A1-N135 Tel (585) 546-5530 x3243
This archive was generated by hypermail 2b30 : Fri Jul 12 2002 - 10:06:01 PDT