How to stash secret messages in tweets using point-and-click steganography

Centuries-old sleight of hand for concealing sensitive data goes mainstream.

by Dan Goodin - May 8 2014, http://arstechnica.com/security/2014/05/how-to-stash-secret-messages-in-tweets-using-point-and-click-steganography/

• Hacking
• Privacy

Steganography is the ancient practice of stashing secret text, images, or messages inside a different text, image, or message. It dates back to as early as the fifth century BC, when Spartan King Demaratus removed the wax from a writing tablet and wrote a message hidden on the wood underneath warning of an imminent invasion by Xerxes. Steganography was a common technique used by German spies in both World Wars. More recently, it has been used to conceal highly advanced espionage malware inside image files and stash secret al-Qaeda documents inside pornographic images.
Now steganography is going mainstream with a service that embeds hidden messages inside more or less ordinary Twitter messages. Users need only type the text they want others to see in one field and the hidden message in a separate field. The service, created by New Zealand-based developer Matthew Holloway, then spits out a tweetable message that fuses the two together in a way that's not noticeable to the human eye. Take the following tweet:             Dan Goodin @dangoodin001 Follow

Tｈｅ ｔｅⅹt hiｄdeｎ iｎ thіs⁰tweet іs so ｓeϲｒeｔ thａt ｉt's⁰іmpossіｂle foｒ adⅴｅｒsａrіｅs ｔo read оｒ dｅteϲt⁰#stｅｇaｎｏgｒaｐhyｒoｃks #ｓecｕｒiｔｙ #privacy

12:09 PM - 8 May 2014

Security through obscurity

Embedded in the visible message "The text hidden in this tweet is so secret that it's impossible for adversaries to read or detect #steganographyrocks #security #privacy" are the words "no, it's security through obscurity." The letters making up the secret text are expressed in unicode representations that are included in the public message. The encoding added to the messages explains the unusual spacing and fonts found in the tweet. With a little more work, or in formats not as constrained as Twitter's 140-character limit, it would almost certainly be easier to create messages that appeared less crude. The same service takes finished tweets and ferrets out their hidden cargo.

Further Reading

Steganography: how al-Qaeda hid secret documents in a porn video

Digital steganography hides files in plain sight, concealed in image and media files.

While steganography has long been relied on to safeguard sensitive messages, people should realize the technique is little more than security through obscurity. That's because the embedded secret is ripe for plucking by anyone who takes the time to look for it. By contrast, ciphertext generated using strong and time-tested encryption algorithms is virtually impossible to decode without the underlying key, which can take centuries or millennia to guess using even the fastest computers. So put steganography in the same category as disappearing ink. It may even have useful applications in rare circumstances. For instance, it might be an effective technique for a prisoner of war sending a postcard to family members. If it were to include a random-appearing sequence of letters, it would be clear to captors that it included an encrypted message. If instead the POW crafted a postcard that used every fifth letter to spell a hidden message, the captors might not notice. That said, steganography is mostly fun to play with. It should never be relied on to protect digital crown jewels without a good reason and with plenty of forethought.

    

Resource rich countries lead global conflict and political violence index

          

Excerpt
Over the last six months, levels of conflict and political violence have jumped significantly in 48 countries as a consequence of popular revolutions and regime change, a study released reveals.
In its latest conflict and political violence index, global risk analytics company Maplecroft analyzed 197 nations, placing the most risky at the top of the list. These countries include resource-rich Central African Republic (ranked 2nd most at risk), South Sudan (4th), Somalia (6th), DR Congo (7th), and Libya (8th), all of which saw significant increases in risk. Syria, considered the most risky place, retained its status, while Iraq (3rd), Afghanistan (5th), Sudan (9th), and Pakistan (10th) filed the bottom ten countries in the category.
From the states analyzed, Ukraine was the one that experienced the greatest fall in the index, dropping 52 places to 35th most at risk due to ongoing violence following the popular uprising in Kiev. Maplecroft expects the country’s ranking to fall even further this year.
“Over the longer term, analysis of conflict and political violence trends offer an essential barometer for global organizations and governments looking to monitor security risks to investments, populations and the dynamic geopolitical landscape,” says Charlotte Ingham, principal political risk analyst at Maplecroft.
She adds that the Middle East and North African regions had a difficult 2013, particularly Iraq (3rd), which endured its bloodiest year since 2008.
The report also highlights key emerging markets where the index of conflict and risk as reached the “high” and “extreme” categories, such as Colombia, Nigeria, Philippines, India, Bangladesh, Thailand, China, Indonesia and Turkey.
Violence impacting investors in growth economies
Many of the world’s key growth markets also feature in the ‘high’ and ‘extreme risk’ categories of the Conflict and Political Violence Index, including Colombia (11th), Nigeria (15th), Philippines (17th), India (18th), Bangladesh (21st), Thailand (23rd), China (25th), Indonesia (29th) and Turkey (31st).
Read More @ Source