From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
Sent: Monday, September 17, 2001 10:10 PM> However, given mil-grade VPNs these days, there is no way
they can read what
> you sent. They can only tell that you sent something.
However, I just
> discovered the Steganography stuff in my SuSE Linux
distribution, hmmmmm.
> But, they still know where it came from and where it went.As Bruce Schneier said, the problem with steganography is
that you need
a good cover story for why you're mailing JPG's of giraffes
back and forth...
I can actually see lots of applications for steganography; Stealth porn on a
public web-site, for example. But for purposes of clandestine communications
with and far-flung org, use a news content site that has pictures and imbed
messages in the news content pictures. A site like www.Kavkaz.org, for an
example, could be used to transmit messages in such a way.
Another method is to take advantage of a photo album sharing site like
www.ofoto.com. Whom is to know that a mega-pixel image isn't just an image
of the family dog? Photos are just the easiest thing, there are other
multi-media content vehicles. However, most folks aren't sufficiently
talented to be able to post original music. I imagine that the terrorist
population has no larger percentage of musical composers than the general
populous. Whereas, people generally take snapshots like crazy.
I am reasonably sure that Casper the friendly ghost has either thought of,
or used, most of them, at one time or another. I can't think that your
average terrorist scum-bag has any less of an imagination.
So, Bruce Schneier, when posing that problem, must have had his imagination
disengaged. There is more than adequate cover story for passing huge JPGs
around.