# Lifestyles & Discussion > Privacy & Data Security >  You Can Now Easily Send Encrypted Texts to Anyone, and the NSA Is Gonna Hate It

## Suzanimal

> You Can Now Easily Send Encrypted Texts to Anyone, and the NSA Is Gonna Hate It
> 
> The NSA is not thrilled about the fact that encrypted communications are becoming easier and more widespread than ever before. Its director, Admiral Mike Rogers, said as much last week during a cybersecurity event in Washington, D.C., where he joined the FBI in asking for a legal framework by which government agencies can insert backdoors into commonly used communications software.
> 
> So chances are, NSA and co. are not going to like Si​gnal, a cross-platform app that now lets you send encrypted text, picture and video messages to virtually anyone with a smartphone.
> 
> The free app is made by Open Whisper Systems, makers of TextSecure and Redphone, which allow Android users to send end-to-end encrypted texts and calls, respectively. That means that short of someone hacking your phone and stealing your encryption keys, no onenot even the app's creatorscan eavesdrop on your calls and texts.
> 
> With Signal 2​.0, iOS users are finally getting in on the game, making it possible to send end-to-end encrypted group, text, picture, and video messages between Signal on iPhone and TextSecure on Android, all without SMS and MMS fees, the company says in a blog post. All you need is a phone number (stored as a hash, a fixed string of encrypted characters) to register with Whisper Systems' servers, and the app does the rest seamlessly in the background. A previous version of Signal did the same for phone calls on iOS, and the developers say they'll soon unite the different versions into one cohesive platform.
> ...


http://motherboard.vice.com/read/you...-gonna-hate-it

----------


## idiom

Bah. If you don't control the Certificate authority, assume the NSA does.

Encoding is always stronger than encryption.

A secure conversation over an analogue phone line:




Besides, any phone that is not blackberry, you can assume the NSA is able to read input at you type is, and messages as you decrypt them.

----------


## DamianTV

You know that in the UK, it is illegal to not surrender any encryption keys to Authority upon demand, right?  How long do you think it will be until that happens here?  Or as in Russia, where VPNs, Proxies, and other technologies that support Internet Anonymity are flat out illegal?  The thing is, it isnt the Surveillance by EVERYTHING you need to worry about, it is what is done with that information.

Next problem is that there is a ton of Misdirection.  Google tells you to "Be afraid of Hackers" when in reality it is Google itself that you need to worry about.  Egads!  Your Samsung TV is recording your voice and sending it to many Third Parties and its all Unencrypted!  Same message, be afraid of Hackers, but not of Samsung or the Third Parties, and in reality, it is Samsung and those Third Parties you need to be the most concerned with.

It isnt about Right or Wrong, it is about who determines what is Right or Wrong having access to all this information.

Now, lets find out which one of you are Jews...

----------


## jmdrake

> Bah. If you don't control the Certificate authority, assume the NSA does.
> 
> Encoding is always stronger than encryption.


So your solution is what exactly?




> A secure conversation over an analogue phone line:


Funny but not practical.  People are creatures of habit.  Undercover police quickly learn the lingo of whatever community they are watching.




> Besides, any phone that is not blackberry, you can assume the NSA is able to read input at you type is, and messages as you decrypt them.


So you're assuming that keylogging software works doesn't work on phones with keyboards?

----------


## DamianTV

What was the name of that company that made the news a while back for recording EVERY keystroke on your phone?  I dont think it was XKeyScore, but something like that...  Thus, who cares if the message is encrypted when it is sent if your keystrokes are not also encrypted?  THAT is the information they have access to, and with that information, can hang you with.

----------


## idiom

> So you're assuming that keylogging software works doesn't work on phones with keyboards?


Please.

I am assuming BB10 OS is a lot harder to crack open to get software in there.

Impracticality is the nature of security. The more practical it is, the less secure it is.

If you are using code, and rotating it often, it is impervious to computer assault and requires man-hours. Its a lot less practical to penetrate.

And have your own CA.

----------


## jmdrake

> Please.
> 
> I am assuming BB10 OS is a lot harder to crack open to get software in there.
> 
> Impracticality is the nature of security. The more practical it is, the less secure it is.
> 
> If you are using code, and rotating it often, it is impervious to computer assault and requires man-hours. Its a lot less practical to penetrate.
> 
> And have your own CA.


Okay.  So why are you assumging that BB10 is harder to crack than the latest iOS and/or Android OS?

----------


## jmdrake

> What was the name of that company that made the news a while back for recording EVERY keystroke on your phone?  I dont think it was XKeyScore, but something like that...  Thus, who cares if the message is encrypted when it is sent if your keystrokes are not also encrypted?  THAT is the information they have access to, and with that information, can hang you with.


Stegonagaphy FTW!  http://en.wikipedia.org/wiki/Steganography

Seriously though, the benefit of encryption isn't as much for when the man is breathing down your neck but when he is out of a fishing expedition.  Does the NSA get to just datamine everything or do they have to work for it?  That's the question.  Good information about the Samsung TV!

----------


## idiom

> Okay.  So why are you assumging that BB10 is harder to crack than the latest iOS and/or Android OS?


DOD Stig for securing iPhone to military standards, 10 pages of settings, basically eviscerating all functionality of the OS.

DOD Stig for securing BB 10 to military standards, 1 setting, enabling a complete separate personal workspace on the phone where the user can load and do anything and not have it threaten the secure network at all.

Android? Samsung invested billions in Knox trying to create a secure infrastructure for Android, threw in the towel, hired Blackberry.

But really anti-nsa secure? No phone. But impractical for most.

----------


## puppetmaster

used to have a program called Steganos but it was bought and or shut down. worked very well but I cant find anything like it. Hidden encrypted messages in pictures

Anyone know of a similar program

----------


## Dr.3D

> Now, lets find out which one of you are Jews...


Just look for the yellow star.

----------


## puppetmaster

Bump for a steganos replacement

----------


## CPUd

http://steghide.sourceforge.net/docu...on/manpage.php

----------


## TheTexan

Every time you send an encrypted text, the government kills a kitten.

----------


## Origanalist

> Every time you send an encrypted text, the government kills a kitten.

----------


## jmdrake

> DOD Stig for securing iPhone to military standards, 10 pages of settings, basically eviscerating all functionality of the OS.
> 
> DOD Stig for securing BB 10 to military standards, 1 setting, enabling a complete separate personal workspace on the phone where the user can load and do anything and not have it threaten the secure network at all.
> 
> Android? Samsung invested billions in Knox trying to create a secure infrastructure for Android, threw in the towel, hired Blackberry.
> 
> But really anti-nsa secure? No phone. But impractical for most.


Right.  So people do nothing and the NSA job is easier.  Really I believe the NSA wants people to overestimate its capability so that everyone says "Screw it!  I'll just use nothing."  Beyond the NSA there are wiretaps by local cops that don't have access to the NSA data center.  And then there's your garden variety, not on the government payroll, criminal.  Anyway, I will check into the BB 10.  Glad to see BB is at least hanging in there.  And maybe my next phone will by one of these and I can roll my own security.

----------


## Ronin Truth

I'd really like to see tens of millions of folks routinely start to do this, just because they can.  

Screw the NSA.

----------


## osan

> You know that in the UK, it is illegal to not surrender any encryption keys to Authority upon demand, right?


Simple solution is single-use public-key pairs generated by a messaging system that automatically wipes them after use.   It could generate, say, 10K pairs, arrange them into a queue or stack, pull the next pair for the next message, do the do, wipe the key, generate a new one and put it at the end of the queue or push it onto the stack. "Encryption key? Here you go - there's ten thousand of them in this ring.  Have a nice day."

PITA, but nobody ever said that secure communication would be easy.  Also, it would not be perfect, but could go a long way toward painfully frustrating efforts to crack.

I've taken graduate level courses in encryption and it is so broad and deep and subtle, it makes you dizzy.  Sideband attacks alone are a body of science unto themselves.  The genius that has arisen from all the frenzied activities to hide and seek information walks right past being merely impressive.

Given what I have come to know, I would not quite trust any encryption system.

The core concept, though, is that a secure encryption stream carries no statistically significant difference in appearance from a random stream.  As little as one bit that wanders beyond a threshold of randomness (becomes predictable) can result in defeat of the cipher text.  From that minuscule toehold can the adept cracker work his magic.  That is why my trust is low, no matter how large the solution space may be.  Heuristics may be tricks, but good ones are indeed as magic spells.

----------


## osan

> used to have a program called Steganos but it was bought and or shut down. worked very well but I cant find anything like it. Hidden encrypted messages in pictures
> 
> Anyone know of a similar program


Write your own.  It is not that difficult.  Rather than using actual photographs, images of random noise would be better and here is why.  Images have a color depth that typically runs between 24 nd 32 bits.  That means each pixel is represented by, say, a 24-bit number, the value of which determines its frequency- or color-value.

Being a binary string, it has a most-significant-bit (MSB) and a least-significant-bit (LSB).  The closer you make value changes (1 or 0) to the MSB, the greater the obvious effect on the visual quality of the image to the human eye.  If you want your message to remain hidden, you do not want someone with a copy of the message to look at it and say "yeah, this one's been stepped on... better check it out", because when NSA checks you out, you have problems.

Conceptually, you can look at an image as a series of stacked planes,  Here is one for an 8-bit grey-scale image:



In this case, conceptually this 8-bit image is easily separated into its constituent planes by placing every bit into planes 0-7 using a simple loop counter or by reading the stream and using modulo 8 division.  This will result in 8 "bins" so to speak, each representing the bits from LSP to MSB for the image.  Conceptually, they make what are called "bit-planes".  Mathematically, they are equivalence classes and may even qualify as groups or subgroups... sorry, my discrete math is very old and rusty.

You can then choose a plane and insert your message into it - either by salting the stream or replacing it completely.  But if you do not want a casual viewer to become suspicious, you want to select your plane as close to the LSB as possible, or else significant changes to each pixel may occur.  Because of this, anyone on the lookout for steganographic masking of messages will naturally check the LSB planes first, working their ways upward.  That puts you in a difficult position.  You could also salt the entire image "randomly" (not really random, or else your recipient would have difficulty locating each bit in its proper succession) in the sense that your "linked-list" of successive bits would be very convoluted.  Unfortunately, NSA as several dozens of ACRES of Crays that might be able to make doable work of finding each bit in its correct position.  Once the algorithm for determining the next bit address is cracked, you are lost, steganograhically speaking.

Therefore, a better strategy is to us a random noise stream into which to embed to message.  Only you and the recipient would know the start location, which might be calculated using a hash-function of some similar device.  From there, you could salt the entire image or just inject the entire message as a single string, spanning as many planes as necessary.  A casual observer would see only a random field of pixels.  He might still be suspicious, but he might also not.

You would have to become familiar with the data specifications for the various image types such as jpeg, png, bmp, and so on.  There are headers and signaling structures within the bodies of these image files which you probably so not want to alter, if for no other reason than you do not want to arouse suspicions.  If someone sees the framework of the image has been tampered with, that would be a very red flag.  IOW, you want the image file to remain an image file to retain the veneer of innocence..

Another strategy is to send loads of these every day to all sorts of locations- thousands of them or even millions.  Most are nothing other than stock images.  The stream is salted with message-bearing files as needed.  This obfuscates your true activity by sheer volume of data.  If you punch out 10 TB of data on a very high-speed link to parts far flung, anyone watching you is going to have a fit.   You can exacerbate the anger and frustration of anyone attempting to monitor you by making the messages very small - just a few characters each, and distributing them over many files.

There are all manner of very devious things you can do to aid and abet your monitors desire to go home and shoot themselves at the ends of their workdays.

One thing you do NOT want to do is attempt to cobble up a home-brewed system for doing the actual encryption of the message.  In this I would give you a 99.9999999% change of failing miserably.  Be aware that no matter how clever you think you have been, professional crackers with the resources of NSA behind them are far more clever, better endowed, treacherous, and eager to assume the challenge.  Unless you have an extensive background in the mathematics of encryption, you will not be able to devise a system that NSA will not break in but a handful of machine cycles.  I'm trained in this and I would not attempt this seriously for either money or love.  As I mentioned, sideband attack methods alone are innumerable and so fiendishly clever as to leave your jaw on the ground.  Seriously, some of the methods are so out there that when you learn about them you just get all doe-eyed.  Some of it is true first-order genius.

----------


## staerker

> One thing you do NOT want to do is attempt to cobble up a home-brewed system for doing the actual encryption of the message.  In this I would give you a 99.9999999% change of failing miserably.  Be aware that no matter how clever you think you have been, professional crackers with the resources of NSA behind them are far more clever, better endowed, treacherous, and eager to assume the challenge.  Unless you have an extensive background in the mathematics of encryption, you will not be able to devise a system that NSA will not break in but a handful of machine cycles.  I'm trained in this and I would not attempt this seriously for either money or love.  As I mentioned, sideband attack methods alone are innumerable and so fiendishly clever as to leave your jaw on the ground.  Seriously, some of the methods are so out there that when you learn about them you just get all doe-eyed.  Some of it is true first-order genius.


I understand this fact, in general. Based on your experience, and off the top of your head, does the following technique have any glaring insecurities:?

1. Encrypt message
2. Generate random noise, in this case a large amount of data
3. Generate a random "location" number
4. Use the information in "location" to intersperse the encrypted message into the noise
5. Encrypt "location", and append the new noise+message
6. Send it off

The goal of this is not to add any more security, but to prevent the message from being stored, and decrypted at a later point in time (impractical to save _every_ text if they are all 1gb, whereas I just delete mine when I get them.)

I guess the key is in determining a good function to intersperse the message, tricky, but I have a few in mind.

edit: I admit, I did not read your entire post the first time.

----------


## TheCount

> Bah. If you don't control the Certificate authority, assume the NSA does.
> 
> Encoding is always stronger than encryption.
> 
> ...
> 
> Besides, any phone that is not blackberry, you can assume the NSA is able to read input at you type is, and messages as you decrypt them.


Even if that were the case, you just have to consider if the NSA would reveal its ability to do such in order to punish you for whatever it is that you're talking about.  For every person on this board, I'm guessing the answer would be no.

----------


## TheCount

> The goal of this is not to add any more security, but to prevent the message from being stored, and decrypted at a later point in time (impractical to save _every_ text if they are all 1gb, whereas I just delete mine when I get them.)
> 
> I guess the key is in determining a good function to intersperse the message, tricky, but I have a few in mind.
> 
> edit: I admit, I did not read your entire post the first time.


1)  I don't think that storage capacity is really a factor for alphabet agencies.

2)  Your traffic would really stand out amongst all the other bazillion texts being sent, and IMHO would attract rather than detract attention.

3)  If you only do this some of the time, then now it's clear that you send unimportant things one way, and important things another way.


The safest thing, as mentioned by the EFF and others, is to use prudent, reasonable encryption all the time for everything.  If even 25% of the population did this, the resources required to decrypt any significant percentage of their traffic would be astronomical.

----------


## tangent4ronpaul

> Even if that were the case, you just have to *consider if the NSA would reveal its ability to do such in order to punish you* for whatever it is that you're talking about.  For every person on this board, I'm guessing the answer would be no.


That is a serious downside of the Snowden leaks.  If the public already knows...

-t

----------


## DamianTV

> used to have a program called Steganos but it was bought and or shut down. worked very well but I cant find anything like it. Hidden encrypted messages in pictures
> 
> Anyone know of a similar program


Doesnt need any Stenography, just a CMD line:

*c:\directory>copy /B picture.gif + YourMenu.zip newfile.gif*

/B switch makes it a Binary Output.

I know stuff works for JPEGs also.  Virses were sometimes payloaded within the images themselves.  If I could upload files on this server, I'd show you all how, but trust me, it isnt difficult AT ALL.

--- Edit ---

Example:  This picture I just slapped together is merged with a zip file.  Save the file, change the file extension to .zip and you should see a HiddenMsg.txt inside the zip archive.



This can be done with ANY type of files in the Zip Archive.  The thing is, this type of activity is so low under the radar that even if I put a virus in here (which I easily could have) due to the file extension and compression, not a single Anti Virus (commercial grade) was able to find this.  Things got even worse several years ago when Zip files with Passwords were being used to distribute viruses.  Due to the passwords, Anti Virus companies were not able to check the contents of the Zip Files.  Since then, passwords on zip files became useless as compression software companies gave the backdoor keys to anti virus companies.  Its off topic, but this is a way to stay completely under the radar when distributing files you want to be percieved as something else.

----------


## jmdrake

> Even if that were the case, you just have to consider if the NSA would reveal its ability to do such in order to punish you for whatever it is that you're talking about.  For every person on this board, I'm guessing the answer would be no.


That's true.  Also the NSA isn't the only person listening in.  Decent encryption might have kept certain silly movie starlets from having their nude iCloud pics spread over the internet.  Or there's the random identity theft criminal.  Or the deranged ex boyfriend/girlfriend.

----------


## jmdrake

> That is a serious downside of the Snowden leaks.  If the public already knows...
> 
> -t


Yeah....but the NSA is still publicly denying all of this.  Did you watch the debate between judge Napolitano and Gollum?  (General Michael Hayden.  Or should I call him Lord Saruman?  He looks more like Gollum but he's evil and smart like Saruman.)  The whole time Hayden kept denying that the NSA was doing anything but collecting metadata.  Obvious lie, but as long as some in the pubic will believe it........

Plus we're all "low value targets."Speaking only for myself, I'm not talking or texting about anything illegal, I just don't want the NSA listening in.  And I *want* the NSA to have to use more processing power.  If it takes 1 extra second each for the NSA to process a billion messages, that's a billion more seconds.  It adds up if *everybody* encrypts.

----------


## jmdrake

> Write your own.  It is not that difficult.  Rather than using actual photographs, images of random noise would be better and here is why.  Images have a color depth that typically runs between 24 nd 32 bits.  That means each pixel is represented by, say, a 24-bit number, the value of which determines its frequency- or color-value.


Isn't the value of stegonagraphy that the message is hidden in plain sight + plausible deniability?  Doesn't using random noise kind of ruin it?  If someone intercepts my messages or grabs my cell phone and see pictures of random noise they might think "There is something hidden here."  But if all they see are pictures of fluffy kittens (or whatever), they might just think "Awwww....he likes fluffy kittens.  Move along."  And of course this depends on whether or not you are already a high value target, but if you are already a high value target none of this matters anyway.  Here's why:



What I want is plausible deniability.  (Now I can't use fluffy kittens because the NSA is reading this. Oh the sacrifices I make in the cause of cyber freedom!)

----------


## jmdrake

> Doesnt need any Stenography, just a CMD line:
> 
> *c:\directory>copy /B picture.gif + YourMenu.zip newfile.gif*
> 
> /B switch makes it a Binary Output.
> 
> I know stuff works for JPEGs also.  Virses were sometimes payloaded within the images themselves.  If I could upload files on this server, I'd show you all how, but trust me, it isnt difficult AT ALL.


Sure.  That would work against the beat cop.  The NSA will probably add "search for zip header" into their algorithm after reading this.    Still, everything that costs them cycles costs them cycles.  I'm curious about viruses embedded in images.  How would such a virus actually get run?  The image viewer program should look at the image file as data and not instructions and not attempt to run anything.

----------


## DamianTV

> Sure.  That would work against the beat cop.  The NSA will probably add "search for zip header" into their algorithm after reading this.    Still, everything that costs them cycles costs them cycles.  I'm curious about viruses embedded in images.  How would such a virus actually get run?  The image viewer program should look at the image file as data and not instructions and not attempt to run anything.


A:  Care to elaborate on finding the zip header?  I edited the post above and added an actual merged image so you can play with it...

B:  Believe it or not, the .exe file was literally run by the users!  Password for the zip archive that contained the malicious payload was typically embedded within the image, not the text, so it couldnt be as easily scanned (more cycles, like you said) in the text of the email.  Most of these types of emails did contain just Zip files, but a few did embed exes the same way as jpg + zip can be merged.  "I accidentally got your emails and forwarded them back to you!  I zipped them up so no one could see them.  Password is 1234.  Just run the exe file.  Sorry about that!"  And user after user would fall for this same trick.

C:  I think the biggest problem is that since MS in its infinite wisdom decided to hide file extensions, users that opened "email.exe" only saw "email" and couldnt tell the file was probably a virus.

Hell, how many people here even know what a FILE EXTENSION is?

----------


## jmdrake

> A:  Care to elaborate on finding the zip header?  I edited the post above and added an actual merged image so you can play with it...


I threw together this Python script and it seems to work.  It gives some false positives for jpg files, but it catches every zip file including the zip you embedded in HiddenFile.jpg.



```
def iszip(filename):
    f = open(filename, "rb")
        data = f.read()
    if data.find("PK") >= 0:
        return True
    else:
        return False
```

(Note: Ignore the ">>".  This forum keeps screwing with the white space for some reason and white space means something in Python.)

(Note Note: I"m dumb.  I just not realized this forum has a "CODE" tag.)

I tried renaming your file to a jpg extension and while it appears as a zip file in the directory, it doesn't open from Windows.  So I tried PeaZip and it worked.

_Congratulashun!  You founded teh hidden message!  Good for you!

D_




> B:  Believe it or not, the .exe file was literally run by the users!  Password for the zip archive that contained the malicious payload was typically embedded within the image, not the text, so it couldnt be as easily scanned (more cycles, like you said) in the text of the email.  Most of these types of emails did contain just Zip files, but a few did embed exes the same way as jpg + zip can be merged.  "I accidentally got your emails and forwarded them back to you!  I zipped them up so no one could see them.  Password is 1234.  Just run the exe file.  Sorry about that!"  And user after user would fall for this same trick.


Ah.  A combination phishing/trojan horse attack.




> C:  I think the biggest problem is that since MS in its infinite wisdom decided to hide file extensions, users that opened "email.exe" only saw "email" and couldnt tell the file was probably a virus.


Yeah.  Throwback to CPM.  In the Unix world the difference between a runnable file and one that isn't is CHMOD as opposed to the file extension.




> Hell, how many people here even know what a FILE EXTENSION is?


Those of us who have used computers from the MSDOS days certainly do.  

Edit: Still though, even though it's pretty easy to set a filter to find images with zip files (and with a little work I could weed out the false positives), this isn't a bad trick.  You're still costing the snoops cycles and you have plausible deniability.  "Hey!  All I did was retweet a cute picture that had gone viral! I had no idea there was a hidden message, honest I didn't!"  And if the image truly goes viral lots of people will honestly re-post the hidden message.  By the time it got to the intended recipient it could have literally been re-posted by millions of people.  It would be like having an ad-hoc and truly anonymous TOR.

----------


## TheCount

You beat me to the punch on this reply.


Commercial forensic  software like the stuff police departments buy and use will scan the  hard drive and alert the operator to any files where the type of data in  the file does not match with the type of file.  You will actually  attract more attention this way than otherwise.

An example of this is free software Sleuthkit, which you can mess with to see how it works.  Here's the relevant feature:




> *File Type Detection* based on signatures and extension mismatch detection.


Again, this is free software.  Obviously, the capabilities available if you're paying for something or making you own may be greater.

Also, for those thinking that hiding files in unusual places is a good security method:




> *Interesting Files Module* will flag files and folders based on name and path.

----------


## puppetmaster

> Doesnt need any Stenography, just a CMD line:
> 
> *c:\directory>copy /B picture.gif + YourMenu.zip newfile.gif*
> 
> /B switch makes it a Binary Output.
> 
> I know stuff works for JPEGs also.  Virses were sometimes payloaded within the images themselves.  If I could upload files on this server, I'd show you all how, but trust me, it isnt difficult AT ALL.
> 
> --- Edit ---
> ...


 Thanks I will look into it.

----------


## TheCount

> Sure.  That would work against the beat cop.


It's extremely unlikely that a person will manually troll through your computer.  They will have some kind of automated hardware or software forensics 'kit' that they will use to scan a copy of your drive.  Note:  Copy, not original.  If they don't have that capability or if they are particularly interested in you, they will mail your hardware off to experts for analysis.

----------


## TheCount

Woops, I meant to include this video in the last post.  The whole thing is worth it, but relevant section is 10:15ish to 11:20.  Pretty funny as well.

----------


## GunnyFreedom

> Yeah....but the NSA is still publicly denying all of this.  Did you watch the debate between judge Napolitano and Gollum?  (General Michael Hayden.  Or should I call him Lord Saruman?  He looks more like Gollum but he's evil and smart like Saruman.)  The whole time Hayden kept denying that the NSA was doing anything but collecting metadata.  Obvious lie, but as long as some in the pubic will believe it........
> 
> Plus we're all "low value targets."Speaking only for myself, I'm not talking or texting about anything illegal, I just don't want the NSA listening in.  And I *want* the NSA to have to use more processing power.  If it takes 1 extra second each for the NSA to process a billion messages, that's a billion more seconds.  It adds up if *everybody* encrypts.


That's how I am working the problem.  The "big haystack" gambit.  Create as much encrypted traffic all over the place everywhere so that the haystack becomes so enormous that the needle isn't even in question.  Crush them with numbers.

----------


## CPUd

Another metric forensic searches will use is the modified/accessed date.  Example: You have a directory where all the files were last accessed in 2008, except for 1 that was accessed this morning, because this is where you keep your hidden container.

In windows, LOL
In linux, you can use touch to change the modify and access time, but if you stat the file you will see another value, "changed time", AKA ctime.  This is like "modified time", except for the inode, so if you never modify or access the file, but do something like chmod on it, this data will be updated.  So ctime is easy to set to the current timestamp, but to set it to whatever date you want, you will need to be creative.  The code that makes this happen is in attr.c in your kernel source.

----------


## DamianTV

> You beat me to the punch on this reply.
> 
> 
> Commercial forensic  software like the stuff police departments buy and use will scan the  hard drive and alert the operator to any files where the type of data in  the file does not match with the type of file.  You will actually  attract more attention this way than otherwise.
> 
> An example of this is free software Sleuthkit, which you can mess with to see how it works.  Here's the relevant feature:
> 
> 
> 
> ...


That is just it tho.  File type does match the extension type, even if it is merged with another file.  Scanning for this type of content will usually see both .jpg and .jpg file headers and probably go on to the next step.  One of their many goals is to eliminate as many cycles as possible.  Like the early days of encryption.  Sure, they could try to brute force a password of a really long phrase, and some of those techniques would take literally millions of years to do.  They want the quick easy back door.  But give them enough time and resources and they will conclude that to protect the safety of everyone, just put every man, woman and child that is not out thugging for the US Govt completely naked in glass prison cells with absolutely no possessions what so ever.  We are all going to end up there eventually anyway, regardless if we do anything wrong or not.

---

@Count: That vid was pretty funny.  But if youre at the point where forensic analasys is taking place, most people are pretty much $#@!ed anyway.  Renaming the file doesnt really work, as discussed in the vid.  But again, this may or may not flag as the content type does match the file extension.  Changing the file extension from .exe to .jpg would definitely set off their flags.  Now if you really wanna beat these guys, go low tech.  Pen and paper and a shredder and a bon fire.

----------


## jmdrake

> That is just it tho.  File type does match the extension type, even if it is merged with another file.  Scanning for this type of content will usually see both .jpg and .jpg file headers and probably go on to the next step.  One of their many goals is to eliminate as many cycles as possible.  Like the early days of encryption.  Sure, they could try to brute force a password of a really long phrase, and some of those techniques would take literally millions of years to do.  They want the quick easy back door.  But give them enough time and resources and they will conclude that to protect the safety of everyone, just put every man, woman and child that is not out thugging for the US Govt completely naked in glass prison cells with absolutely no possessions what so ever.  We are all going to end up there eventually anyway, regardless if we do anything wrong or not.
> 
> ---
> 
> @Count: That vid was pretty funny.  But if youre at the point where forensic analasys is taking place, most people are pretty much $#@!ed anyway.  Renaming the file doesnt really work, as discussed in the vid.  But again, this may or may not flag as the content type does match the file extension.  Changing the file extension from .exe to .jpg would definitely set off their flags.  Now if you really wanna beat these guys, go low tech.  Pen and paper and a shredder and a bon fire.


Something else to consider.  It doesn't have to be a zip file.  My little "zip filter" program wouldn't be worth spit if the target was using, say an .ARC file.  (Anybody remember those?)  Say the the text is not only encrypted but encoded in EBCIDIC.  The handy thing about file extensions is that you have some idea of what kind of program to throw at it.  How many compressed file formats have their been since then 1970s?  Forget mainstream, there are file formats for little known experimental operating systems that only had a few thousand users *ever*.  I suppose it's possible to right a filter that looks at every image file (and sound file...and movie file) to make sure there is no "junk data" attached.  But then if you have no clue as to the format, what do you do with the junk data?

----------


## TheCount

> That is just it tho.  File type does match the extension type, even if it is merged with another file.


Depending on file types, you can 'expect' the end of a file to look a certain way.  For example, MP3s stick the artist, album, track, etc. data at the end.  Also, file headers for certain file types describe the size of the file itself.  If the header says 'this image is 20 megs' and it's actually 120, that would be a red flag to an appropriate forensic program.  You would need to know these things for the file type that you're using to avoid these mistakes.  In addition, you would need to be sure to add an 'appropriate' amount of data to be sure that you're not creating files that are clearly larger than they should be.  Overall, I don't think that you would be adding to the security of your data by using any technique like this.

A steganographic program that spreads your hidden data throughout a file would be better, but still has the issue of bloating the file if you're trying to hide large amounts of data.

Better still would be cultivating personal habits of consistently encrypting all of your data both at rest and in transit so that there's nothing to identify that this piece of data is more sensitive than that piece.  If you have ten USB drives and only one is encrypted, you've created interest.  If you call people normally 99% of the time and 1% of the time you use a secure VOIP program, you've created interest.  If you have two different electronic devices (phones, for example), and you use one for 99% of the things you do, and the other for the 1%, you've created interest.

This expands to the group as more people secure their communications.  If one person in 100 takes an encrypted laptop through customs, that's an outlier.  If 40 do, that's a norm, and it's infeasible to take an interest in all 40.

----------


## jmdrake

> That's how I am working the problem.  The "big haystack" gambit.  Create as much encrypted traffic all over the place everywhere so that the haystack becomes so enormous that the needle isn't even in question.  Crush them with numbers.





> Depending on file types, you can 'expect' the end of a file to look a certain way.  For example, MP3s stick the artist, album, track, etc. data at the end.  Also, file headers for certain file types describe the size of the file itself.  If the header says 'this image is 20 megs' and it's actually 120, that would be a red flag to an appropriate forensic program.  You would need to know these things for the file type that you're using to avoid these mistakes.  In addition, you would need to be sure to add an 'appropriate' amount of data to be sure that you're not creating files that are clearly larger than they should be.  Overall, I don't think that you would be adding to the security of your data by using any technique like this.
> 
> A steganographic program that spreads your hidden data throughout a file would be better, but still has the issue of bloating the file if you're trying to hide large amounts of data.
> 
> Better still would be cultivating personal habits of consistently encrypting all of your data both at rest and in transit so that there's nothing to identify that this piece of data is more sensitive than that piece.  If you have ten USB drives and only one is encrypted, you've created interest.  If you call people normally 99% of the time and 1% of the time you use a secure VOIP program, you've created interest.  If you have two different electronic devices (phones, for example), and you use one for 99% of the things you do, and the other for the 1%, you've created interest.
> 
> This expands to the group as more people secure their communications.  If one person in 100 takes an encrypted laptop through customs, that's an outlier.  If 40 do, that's a norm, and it's infeasible to take an interest in all 40.


You, Gunny and I are basically saying the same ultimate thing.  The way to beat these people is for everybody to encrypt or at least a significant critical mass.  I hate it when I hear people say stupid stuff like "Why should I encrypt?  I've got nothing to hide."  Those are the exact people that need to encrypt if we are going to have freedom.  I want the NSA having to spend billions of CPU cycles analyzing images of kittens only to find biscuit recipes embedded in them.  Jokes should be encrypted.  Make these SOBs work for it.

----------


## TheCount

I don't think that they would spend time decrypting everything in that event.  There's a lot that can be done with metadata, for example, that isn't so easily controlled by the end user.

----------


## DamianTV

Screw it.  Fully encrypt all your personal hard drives, flash drives, and data transmissions.  At work, dont surf Nickelback Pregger Porn, and expect no privacy, or respect.

The escalation in Surveillance is cumulative in its effects and chilling in its nature, which can only lead to the total disrespect of every citizen.
(paraphrasing George Orwell...)

----------

