[Cryptography] stego mechanism used in real life (presumably), then outed

iang iang at iang.org
Fri Jun 9 01:06:25 EDT 2017


On 08/06/2017 23:23, Richard Outerbridge wrote:

>> On 2017-06-07 (158), at 16:33:09, Kent Borg <kentborg at borg.org> wrote:
>>
>> On 06/07/2017 03:34 PM, Ray Dillinger wrote:
>>> You'd want it to avoid editing any direct quotes, but otherwise there
>>> are a dozen things you could do to most sentences in English to change
>>> the word order or clausal structure that wouldn't affect the information
>>> content at all.  Two or three per thousand characters, and leaked text
>>> would become easily traceable.
>> Stego or not, this sounds like a useful utility for cheating students: Rewrite plagiarized material so as to be harder to catch. Not a perfect solution, but a salvo in the arms race that must be going on in that realm.
> What if it were to be applied to the texts of received texts, like ”The Gold Bug”?
>
> Would it come out the same, each time, every time?

Technically, this is doable and the experts are the intel agencies who 
rewrite their raw intel to mask the source.

However, there is a drawback with this.  Once so done, it isn't the 
source material.  So it is no longer of so much use as evidence against 
the leakee.  That is, the leakee can simply say, "that's not our 
material, we didn't write that" and they'd be right.

The process of whistle blowing depends heavily on the use of internal 
evidence that is strong.  So the original document has to be 
undeniable.  (Which is to say, if the right document is denied, it 
compounds by adding a lie which may later turn into a perjury...)

Another issue is that we're dealing with a leaker who's aware of some 
tradecraft but we're also dealing with journalists who aren't so aware.  
Maybe surprising to many here, but I also had forgotten about the yellow 
dots, and may well have made the mistake of using a photocopier.  Now 
that I think about it, I'd use a camera then an OCR ... but very quickly 
we're slowing down the whole process so much, and we're overcomplicating 
it.  Did they put in word-errors? Did I destroy the camera?

Remember K6 - I'm in a rush, I need to get it out quickly, else I'll cut 
past the process and end up with zero security.

iang


More information about the cryptography mailing list