Re: blackmail / real world stego use

2003-08-27 Thread bear


On Sat, 23 Aug 2003, Barry Wels wrote:

Hi,

So far I have only found one English item in the news about this.

http://www.expatica.com/index.asp?pad=2,18,item_id=33655

So let me translate some of the dutch information about this
interesting case :

snip - story of a dutch man who used surfola.com, an american
 anonymizing service claiming we will not give out your info
 to anyone ever, to browse a website containing stego data
 worth US$185K that he'd extorted a dutch company into placing
 there.  FBI was apprised of situation, had his email address
 within 24 hours - he was arrested by (dutch?) police the
 instant he tried to touch the money. 

It is interesting to speculate about whether the FBI served
surfola.com with a warrant.  If the anonymizing service is
transparent after the fact to the details recorded during
the FBI's ordinary daily monitoring of the internet, then we
live in interesting times indeed.

That would imply packet recording and correlation on a level
greater than we've ever considered to be in the arsenal of
cryptographic threats, implying the emergence of forces (and
inevitably of forces other than governments) that have
eavesdropping capabilities that cannot be defeated except with
time-delayed packet relay through many hosts and re-encryption/
redecryption at each step of the way.

That is a model that does not permit realtime communication,
meaning that monitoring may be impossible to escape for
realtime activities such as web browsing.

Bear



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: blackmail / real world stego use

2003-08-27 Thread Enzo Michelangeli
- Original Message - 
From: bear [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 27, 2003 5:49 AM
Subject: Re: blackmail / real world stego use

[...]
 That would imply packet recording and correlation on a level
 greater than we've ever considered to be in the arsenal of
 cryptographic threats, implying the emergence of forces (and
 inevitably of forces other than governments) that have
 eavesdropping capabilities that cannot be defeated except with
 time-delayed packet relay through many hosts and re-encryption/
 redecryption at each step of the way.

 That is a model that does not permit realtime communication,
 meaning that monitoring may be impossible to escape for
 realtime activities such as web browsing.

That appears to be the conclusion reached by the developers of GNUnet:

http://www.ovmj.org/GNUnet/faq.php3?xlang=English#GNUweb
---
Q. Is it possible to use GNUnet via a browser as an anonymous WWW?

A. There is currently no proxy (like fproxy in Freenet) for GNUnet that
would make it accessible with a browser. It is possible to build such a
proxy and all one needs to know is the protocol used between browser and
proxy and a swift look at the sources in src/applications/afs/tools/.
The real question is, whether or not this is a good idea. In order to
achieve anonymity, GNUnet has a much higher latency than the WWW. Thus,
the experience of browsing the web will usually be hindered significantly
by these delays (potentially several minutes per page!).
If you still want to write a proxy, you are welcome to send us code and
join the developer team.
---

Enzo




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: blackmail / real world stego use

2003-08-27 Thread James A. Donald
--
bear
  That would imply packet recording and correlation on a
  level greater than we've ever considered to be in the
  arsenal of cryptographic threats, implying the emergence of
  forces (and inevitably of forces other than governments)
  that have eavesdropping capabilities that cannot be
  defeated except with time-delayed packet relay through many
  hosts and re-encryption/ redecryption at each step of the
  way.
 
  That is a model that does not permit realtime
  communication, meaning that monitoring may be impossible to
  escape for realtime activities such as web browsing.

Enzo Michelangeli
 That appears to be the conclusion reached by the developers
 of GNUnet:

Freenet's almost realtime nature probably means the authorities
can figure out what you are browsing if they have universal
monitoring  However the potentially long delay between
publication and appearance means that freenet could, if
implemented correctly, prevent the authorities from knowing who
published what, even with universal monitoring, and even if
they did know who read what. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 HIFlk2xg8PcuQkPVphQIwlHu7paDKTZ7LIeE6d6f
 42WEQReKUM4YG5+yuVLp3ddu8GwoARZ/Yb9coUEfi


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: blackmail / real world stego use

2003-08-27 Thread Ed Gerck

A guy in Google can do it. In short, if Bob would set up (or use
internally) a www cache, reachable as a public service, which
cache quickly downloads all the pages of several sites by multiple
HTTP connections, the desired image being among them, and do
this for a time window that overlaps the desired target time, then
the desired image can be seen almost in real time by Bob,
anonymously.

OTOH, it is possible that the dutch man was traced not by a one
time download of the image but by many attempts to find it,
since the upload time of the image to the site was not exactly
known to him and time was of essence. In this case, the required
tracing capability would NOT need a large capability for packet
recording and correlation. It would just include finding 100's
(or 1000's) of identical access occurrences in surfola's incoming
server traffic, after surfola's server was tagged from the website's
logs.

The lesson seems to be that, like with other security tools,
anonymizing tools also need to be correctly used. Providing an
action pattern can break an anonymizer -- to identify is to look
for coherence.

Cheers,
Ed Gerck

bear wrote:

 That is a model that does not permit realtime communication,
 meaning that monitoring may be impossible to escape for
 realtime activities such as web browsing.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]