Stegdetect 0.4 released and results from USENET search available
Arnold G. Reinhold
reinhold at world.std.com
Sun Dec 30 10:23:26 EST 2001
At 2:47 PM -0800 12/28/01, Bill Stewart wrote:
>...
>So tracing a single transmission may be hard, but tracing an ongoing pattern
>is easier, unless there's a trusted Usenet site in some
>country where you don't have jurisdiction problems.
>That means that A.A.M + PGP is fine for an occasional
>"Attack at Dawn" message, but not necessarily for routine traffic.
A background stream of ordinary, unencrypted voice and e-mail to
family and friends, plus some pre-established code phrases, is all
one needs for the occasional "Attack at Dawn" message. From press
reports, that appears to be what the September 11 cell used.
>
>So it helps to add an extra step - posting the anonymous message
>through a web2news gateway through an anonymizer,
>or a mail2news gateway from a webmail account from a cybercafe,
>or mail2news through an open relay somewhere in the world
>(since open relays are usually people who haven't bothered
>configuring their mail systems, and are less likely to keep logs
>unless that's the default, plus you can spread your messages
>among lots of different relays.)
>
I would assume cybercafes are prime targets for signal intelligence
organizations and all e-mail traffic they generate is recorded. More
generally, imagine you are a consultant to some nefarious
organization and think about what it would take to convince them that
the method you propose is safe, capable of being taught to their
covert agents, and tolerant of the inevitable slip ups in the field
(and remember their attitude toward warrantee disclaimers).
All this is fun speculation, but avoids the original question in the
thread: is it possible to reliably detect stego use, given certain
weakness in many widely available methods?
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list