Fearmongering 101: Secrets on the internet.

Those weeks immediately after 9-11-2001 were pretty emotional. I remember experiencing shock, sorrow, anger, and anxiety. I wasn't really fearful for my personal safety, because I don't live in a place I would consider a target (maybe more on that some other day), but I was certainly fearful about society in general. In the wake of the tragedy, there were hundreds of rumors, speculations, you name it. This post relates to one in particular:

The terrorists were sending coded messages over pornography sites.
Here's a rebuttal of the actual rumor.

I don't care whether the rumor is true or BS. That it could be true is enough for me.

So here's the question? How hard is it to send coded messages in images? I decided to carry out this test by finding a photo, encoding a lengthy message into it, and timing how long it took me to do. Now, I'm not much of a programmer, but I took two classes in undergrad. And the answer is, it's really not hard at all. It took me 90 minutes to write a program that encodes a message into an image. It would probably probably take me another 30 minutes to write a decoding program, but at this point I got lazy. (hey, I already know what it says). As a general measure of my techonological capabilities, it took me 40 minutes to figure out how to post pictures on Blogger. (ie. no rocket scientist here).

For the results: check out the two penguin pictures below. One of them contains a secret message. (Ok cheaters, here's the message. That entire linked page fits in 1/3 of the image.) If you look carefully at the second photo you may be able to see a faint horizontal line about 1/3 of the way into the picture. That's the boundary where the message ends. On the whole though, it would be pretty damn hard to say there is something wrong with the photo. If I posted one yesterday, and then pulled it down and reposted the other today would anyone notice? I doubt anyone would notice even on the most heavily trafficked sites.

I undertook this project free from outside information (ie ignorantly). Now that it's done, I've done some reading. Evidently, this field is called steganography.

What's the point? Anyone sophisticated enough to hijack 4 planes can easily do what I just did. (And please, no criticism for pointing out this technology exists. The press made a big enough deal out of it that I'm not compromising national security here.) Anyway, here's where I engage in the fearmongering: this has got to be nearly impossible to detect. Add to that the liklihood of the underlying message being encoded, and we're in big trouble. Is that another site with Anna Kournikova in a bikini, or is it a message to kill the infidels?

How does one counter things like this? Well the easiest way is human intel. If a source reveals the website then the images can be captured and decoded. If you catch a terrorist's laptop, that works well too. Other ways? It might be possible to spot steganography at the fringes, as with my picture...I mean, maybe if the terrorists didn't spend more than 90 minutes on it. Maybe someone could write a program that scans the web for images that are almost, but not quite identical. Way beyond me, but I bet the NSA could pull it off. Hopefully they have.


PS: The picture was downloaded from some other site I was on when I had the idea. It suddenly occurs to me the photo might be copywrighted. If anyone claims it, let me know and I'll remove. (sorry, still new at this).