FontCode: Embed Secret Messages Within Text

Click to enlarge.

Computer scientists have invented FontCode, a way to embed hidden information in ordinary text by imperceptibly changing the shapes of fonts in text. 

The hidden information persists even when documents or images with perturbed texts are printed or converted to another file type. Method could prevent document tampering, protect copyrights, as well as embed QR codes and other metadata without altering the look or layout of a document.

"While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document," says Changxi Zheng, associate professor of computer science and the paper's senior author.  more

The Man with the Butterfly Net was a Spy... and then founded the Boy Scouts

Just a few years into his military service, Robert Baden-Powell had served in South Africa and was transferred to Malta, where he began his spy career as an intelligence officer for the director of military intelligence. One of his favorite disguises was that of an entomologist who studied butterflies, a cover that allowed him to move around freely without looking suspicious. He revealed his scientific subterfuge in his book "My Adventures as a Spy."

Click to enlarge.

"Carrying this book and a colour-box and a butterfly net in my hand, I was above all suspicion to anyone who met me on the lonely mountain side, even in the neighbourhood of the forts," Baden-Powell wrote. And not only did he disguise himself as a butterfly collector; he hid secret information about those forts, as well as other military secrets in drawings of insects and other natural ephemera, which you can see scattered throughout this post.

In Baden-Powell's illustrations, natural patterns are used to transmit messages and information within a drawing; a leaf's pattern could reveal the contours of an area to be invaded, as above. Once a recipient knew how to read the illustrations, it was possible to convey the information easily, without much translation or complex code-breaking needed. more

Let's YTRAP, mate!

A new kind of party craze has many Australians scrambling for invitations. 

Crypto parties, where people gather to learn online encryption, are attracting everyone from politicians, to business people, to activists.

Two years after US spy agency contractor Edward Snowden leaked documents from the National Security Agency exposing mass global internet surveillance, there is rapidly growing interest in protecting online activity.

There have been crypto parties in Brazil, Germany and the UK, and more than a dozen have already been held in Australia.

Apps like Wickr, Confide and WhatsApp have taken encryption out of the geek lab and to the masses. more

Audio Steganography - SkyDe, as in Skype Hide

Those awkward silences during phone calls can communicate a lot. Especially if you're sending hidden messages during them. 

Computer scientists at the Warsaw University of Technology have come up with a way to secretly send nearly 2000 bits of encrypted data per second during a typical Skype conversation by exploiting the peculiarities of how Skype packages up voice data. They reported their findings this week...

First the researchers noted that even when there's silence in a Skype call, the software is still generating and sending packets of audio data. After analyzing Skype calls, they found that they could reliably identify those silence packets, because they were only about half the size of packets containing voices. SkyDe (for Skype Hide) encrypts your hidden message, grabs a certain portion of outgoing silence packets, and stuffs the encrypted message into them. (more)

Important point: Conventional steganography hides data within photos and pictures. Downside... Your hidden message may languish on servers in multiple places for a long time, where it could eventually be discovered. Sky-De reduces this vulnerability. ~Kevin

Forensically Find Fake Photos Fast - Further Discussion

As most readers of the Security Scrapbook know, I do not sell products, nor do I profit in any way from items brought to your attention. The sole purpose when mentioning a product is to inform and educate. Sometimes, my readers provide additional insights and information. This helps all of us.

The other day I posted, "Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited." Wow! Cool stuff. Gimme, gimme.

Reality Check...
While this statement is technically accurate, one reader cautions that the company's other marketing information may lead one to expectations the product can not fulfill.

Read the review by Jim Hoerricks, and the response by Kevin Connor of Fourandsix Technologies, Inc.. Their discussion is very useful and illuminating, especially if you are in need of this technology.

P.S. The answer to the last "What's wrong with this picture?" (Rolling Stones album cover) is... "Former Rolling Stones’ bassist Bill Wyman was digitally removed from the cover..."

Next up...

What's wrong with this picture?

Forensically Find Fake Photos Fast

Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited. 

Fourandsix Technologies was co-founded last year by Kevin Connor, a 15-year veteran of the Adobe Photoshop team, and Hany Farid, a pioneering scientist in image forensics. Dr. Farid’s extensive research led to the development of FourMatch software, which provides compelling evidence for the authenticity of an image, while also serving as an efficient triage step for identifying photos that may require closer scrutiny.

...Increasingly, photographic evidence has been challenged in court as being unreliable. Similarly, media companies have faced embarrassment when running news photos that later were revealed to be falsified. (more)

Really interesting... Their Photo Tampering throughout History page. 
Example...

What's wrong with this picture?

Free Security e-Book of the Week

FREE book: Fundamentals of Media Security (110 pages)

The most interesting chapters...

• Steganography

• Digital Watermarking

• Digital Scrambling

• Digital Surveillance  

Enter your email address in #1. (The other three questions are benign.) The ebook will download as a pdf.

Encrypted Spyware Foils Antivirus Programs

via James Mulroy, PCWorld 

Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.... the virus writers behind this particular attack publishes new mirrors and new variants of the malware about every 2 days, though the encryption code has remained the same so far. This is certainly scary for anyone out there that values their private information, and I just hope that the antivirus software companies can keep up. (more)

Hiding Secret Data in VoIP Phone Calls

Researchers have devised a new scheme for hiding secret data within VoIP packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside.

Click to enlarge.

Called transcoding steganography or TranSteg, the method calls for setting a larger-than-necessary payload space in VoIP packets and using the extra room to carry covert messages. In their experiment the researchers could send 2.2MB of covert data in each direction during an average seven-minute phone call.

As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists. (more)

IN PICTURES: A brief history of steganography

Is that runny nose a cold, or just a new message coming in?

via our West Coast ghost... 
Espionage just got a little more sophisticated and scientific. Invisible ink? Decoder rings? Lemon juice? Puh-lease -- that's mere child's play compared to what double agents scientists at Tufts University just created.

Now secret messages can be hidden in genetically engineered bacteria, thanks to a new method called steganography by printed arrays of microbes, or SPAM. Developed by chemistry professor David Walt and his cloak-and-dagger team of researchers, this new method uses an assortment of E. coli strains modified with fluorescent proteins that glow in seven colors.

Multiply that number by the two colors each message character is encoded with, and spies like us have more than 49 possible code combinations. That's enough for the alphabet, plus digits 0 to 9, with room left over for a few extra symbols...

It is also possible to develop bacteria that lose their fluorescent properties over time, creating a message that self-destructs in the style of Mission Impossible. (more)

"You vare personally responsible for your spy equipments...

...lose zem, and ve dock your pay!" 

You’ve gotta hand it to Russian intelligence, they’ve got chutzpah. First they planted a network of sleeper agents in the United States. Now, two of the busted and deported spies are demanding that the feds fork over their impounded spy gear...

...two former members of Russia’s Foreign Intelligence Service  (SVR) who hid in the U.S. for years, have hired lawyers to demand the FBI give them their stuff back. Vladimir and Lidia Guryev (a.k.a. Richard and Cynthia Murphy) are asking the Justice Department to return their cars, money, video cameras, computers, digital photos and unnamed “other equipment.” They’d also like the data on their digital gear back, too or, failing that, copies of it. Their tech gear and files have no “material value,” the request claims; it’s just “dear to the Guryevs.”(more)

National Security Aims Risk Shooting Foot

Paul Mah has something important for the FBI, all lawmakers and the rest of us to ponder. 

 "...the implementation of (encryption) backdoors is not a technically feasible idea. ...the presence of backdoors being built into existing software will prove to be completely irresistible to cybercriminals. And we're not even talking about foreign states yet, one of which is suspected to have created the extremely advanced Stuxnet worm. So yes, these backdoors will be cracked eventually, resulting in devastating consequences to U.S. businesses and interests." (more)

FutureWatch Prediction - Not all encryption will have a back door. 

Personal communications like phone calls and e-mail, yes. Government communications, no. A diplomatic pouch, even an electronic one, will remain a diplomatic pouch. Encryption in support of critical system infrastructures (like financial) will be licensed, with the proviso that the government can have the key under due process of law. 

Some things will never change. Governments will still crack. Criminals will still hack. Terrorists will won't care - they still have codes, cyphers and stenography. Businesses which take their counterespionage strategies seriously will fare better than those who do not.

Chameleon™ & PrivateEye™ - Two Cool Security Products

Now you can blind shoulder surfers with these two very cool computer security products. Very innovative. Very clever. Very secure. 

PrivateEye™ is active display security software that responds conveniently and automatically to a user. PrivateEye presents a normal clear screen when the user is present and looking at the display, but when the user’s attention moves away from the display the software immediately blurs the screen. Similarly, if PrivateEye detects an eavesdropper it can automatically blur the screen. The solution also includes a facial recognition engine. PrivateEye requires only a standard webcam. (video). 

Chameleon™ is a software and hardware solution from Oculis Labs that addresses the unique security challenge of protecting sensitive and classified materials while it is being displayed on computer screens. The solution protects displayed information against over-the-shoulder eavesdroppers, video recorders, remote electronic surveillance, and TEMPEST style threats. Using a patent-pending, gaze contingent, secure content rendering system, the software allows a trusted user to read a screen normally, but no one else can.

If you agree that this techonolgy is too cool, take a moment and help these folks win the "Hottest Tech in Town" Award. (vote here)

Is it possible that these spies were thwarted at least in part by their reliance on out-dated steganography programs?

Steganography is becoming the tool of choice for a whole cadre of criminals a lot more daunting than these putative Borises and Natashas. It’s been used to exfiltrate sensitive data in corporate espionage, state sponsored espionage, and oddly enough--by gangs. 

What’s odd here is that the SVR went with such an old-school steganography method, one that leaves traceable evidence. Because there’s a lot better stuff out there....

Instead of leaving behind an artifact of your wrong-doing for the Justice Department to download, new stego programs use ephemeral channels that disappear when the communication has been completed. It’s called network steganography. You can do it in real time, you can transmit huge amounts of data, and you can do it without leaving behind any artifacts to implicate you.

If the Russian spies had known about these new protocols, they might not have gotten caught so handily. You can bet that the non-Russian spies in the United States (insert your own xenophobia here) are using more sophisticated methods to phone home. (more)