Flutterby™! : steganography and spam 2008-06-05 15:20:34.382121+00

steganography and spam

2008-06-05 15:20:34.382121+00 by Dan Lyke 5 comments

Jay linked to The Interocitor: If I were a terrorist mastermind (part 1): Secret messages, which makes the obvious link: If you want to send obscured messages without revealing the target of the messages, use steganographic techniques inside spam messages.

Then today I saw a spam message and made the link: I believe that The Freenet Project works by sending around a whole bunch of encrypted data, making sure that every node sees a sizable portion of what, to that node, looks like noise, and only those who can decrypt it get the intended message.

Now I'm convinced that there's a large "freenet" like network operating through steganography in spam messages.

And, like the author of that article, I now believe that the best thing we can do to fight terrorism is to fight spam.

There are many reasons to stamp out spam, but fighting terrorism is not likely to be one. There are just too many data sources in which coded messages can be hidden. As you point out, steganography probably provides the best possible mechanism for encoding, though similar techniques for audio and just about any other data stream are possible. Pictures abound on the web, and the subtle replacement of a picture with a coded counterfeit is unlikely to be detected.

The real problem is the size of the encodeable set. The universe of the net is so large that even wiping out spam, as laudable as it is, would not sufficiently reduce the potential data set enough to make any practical difference.

Yeah. I guess I've actually always figured that some of the comment and wiki spam that shows up is command and control systems for bot networks, and really, detecting steganography is an arms race.

I'm still in favor of diverting some small portion, say 75%, of the resources devoted to the "war on terror" to wiping out spammers.

#Comment Re: made: 2008-06-06 16:03:19.985444+00 by: ziffle [edit history]

The big email guys, comcast, yahoo, etc etc have established new procedures whereby anyone sending large amounts of email is automatically considered a spammer and the mail server it eminates from is blocked, not just that emailer but everyone who emails through that server.

This means that even legitimate emailers like an Animal Center, Little League Baseball, etc. can no longer send out over 10 cc or bc at a time. This is burdensome to them.

Some ISPs are ignoring the issue and their customers are not able to send email to yahoo etc accounts reliably. Some ISP's in the Midwest I was informed are no longer providing email, just http and ftp.

In my opinion this is not the right way to go about things, and reflects another agenda, that is, homeland security wants to limit communication between Americans - or the NSA can't keep up with all the email and wanted to reduce the volume.

Where did America go? Is everyone happy with the fascism you have voted for and allowed?

Yeah, I've got a few folks at Pixar on mailing lists I run, and one of them recently emailed me asking why he wasn't getting his mails at work.

In terms of what mail people are and aren't getting at Comcast and Yahoo, I think there's going to be a showdown soon over the word "Internet". It seems pretty clear to me that what Comcast is selling you when they give you what they call an "Internet" connection, isn't the Internet, it's some small subset that gets altered and redefined at will. I think, therefore, that they should be sued 'til they stop calling their connection "Internet".

If the NSA is trying to limit communication between Americans, then it's going about it very subtly by spamming the hell out of everyone.

I work at a small webhosting company, and for the better part of this year, our largest expense has been email. A good 90% of all the email we get is spam. We've now automated requests to be removed from blacklists because some of our customers have catch-all addresses and it looks like our servers are sending spam. We've changed our email system twice in the past six months. I've mentioned at just about every weekly meeting that we should force our customers to use Gmail or something equivalent because I'm tired of dealing with email.