Hidden In Plain View

[Atheist-Lite]

http://www.newscientist.com/article/mg2 ... crets.html

Covert hard drive fragmentation embeds a spy's secrets

GOOD news for spies. There is now a way to hide data on a hard drive without using encryption. Instead of using a cipher to scramble text, the method involves manipulating the location of data fragments.

The inventors say their method makes it possible to encode a 20-megabyte message on a 160-gigabyte portable hard drive. It hides data so well that its existence would be "unreasonably complex" to detect, they say.

Encryption should sometimes be avoided, says Hassan Khan at the University of Southern California in Los Angeles, because the gobbledegook it creates is a dead giveaway: it shows someone might have something to hide. That could spell disaster for someone trying to smuggle information out of a repressive country.

(continued)

[egbert]

Finally! Those poor priests won't have to sweat bullets anymore when checked by Customs and worrying about that stash of child porn on their notebooks...

[Atheist-Lite]

Industrial espionage is a more likely application given the relatively modest alcove.

[Seth]

So, with the advent of this technology, the procedures at border inspection stations and police departments will be to simply add or delete a file from the device under inspection, or simply run a "defrag" program on the disk, prior to returning it to the owner.

"Sir, since you have nothing to hide, you won't mind if we defrag your disk for you, will you? It's a new service your government offers at border stations in the interests of computing efficiency and preserving valuable disk capacity."

[Atheist-Lite]

So, with the advent of this technology, the procedures at border inspection stations and police departments will be to simply add or delete a file from the device under inspection, or simply run a "defrag" program on the disk, prior to returning it to the owner.

"Sir, since you have nothing to hide, you won't mind if we defrag your disk for you, will you? It's a new service your government offers at border stations in the interests of computing efficiency and preserving valuable disk capacity."

Just as easy to hide messages in pop culture. If you know the base lingo you'll see what I mean?

[youtube]http://www.youtube.com/watch?v=2s1Mspmf ... re=related[/youtube]

[Seth]

So, with the advent of this technology, the procedures at border inspection stations and police departments will be to simply add or delete a file from the device under inspection, or simply run a "defrag" program on the disk, prior to returning it to the owner.

"Sir, since you have nothing to hide, you won't mind if we defrag your disk for you, will you? It's a new service your government offers at border stations in the interests of computing efficiency and preserving valuable disk capacity."

Just as easy to hide messages in pop culture. If you know the base lingo you'll see what I mean?

Well, the very best encryption is the "one-time pad" method. It's virtually unbreakable if done properly, but it's vulnerable to interception of the keys.

The issue here is not so much preventing decryption as it is hiding the fact that something has been encrypted from authorities. Governments are naturally suspicious of encrypted data.

I'm just saying that this "new" technology will not, in the end, be an effective way of moving encrypted data because the encrypted data can be simply destroyed and made inaccessible. Were I with DHS, or any other security service, I would immediately implement a rule requiring that the owners of all suspect storage devices be required to run a government-approved defrag program at the border crossing, just to eliminate this technology as a threat to national security.

That would return things to the status quo ante, where the preferred method of smuggling encrypted data across borders is to stuff a micro SD card up your ass or otherwise conceal it from detection by authorities.

I favor the IronKey secure USB device in a "charger." If you don't know what a "charger" is, go read "Papillion" by Henri Charrier.

[Gawdzilla Sama]

Zimmerman.

[Seth]

Zimmerman.

Inventor of PGP and a hero of mine. Still, even 1028 bit PGP keys can be broken by the NSA (and others) and the most secure encryption in the world doesn't address the problem supposedly addressed by the "purloined letter" program mentioned in the article, which is that when a government agent finds an encrypted file on a storage device, he's going to want to know what's in the file, and he's going to find out one way or another, even if it means throwing you naked into a cell and pulling out your fingernails one at a time till you reveal the key.

The "defrag the drive" expedient I mention is simply a way for customs personnel to be sure that the "purloined letter" stego system mentioned becomes an ineffective method of hiding encrypted data, in the same way that forcing you to boot up your computer or look through your camera lens is a way of helping to ensure that there's no Semtex replacing the CPU or glass.

[MrJonno]

Err whats wrong with the government saying decrypt that or go to jail?

[Seth]

Err whats wrong with the government saying decrypt that or go to jail?

Depends on the government and why they want to examine one's personal papers. Here in the US, they have to have probable cause to believe a crime is involved, and a warrant from a judge.

[MrJonno]

Err whats wrong with the government saying decrypt that or go to jail?

Depends on the government and why they want to examine one's personal papers. Here in the US, they have to have probable cause to believe a crime is involved, and a warrant from a judge.

Or trying to enter/leave the country I suspect as well

[Gawdzilla Sama]

Zimmerman.

Inventor of PGP and a hero of mine. Still, even 1028 bit PGP keys can be broken by the NSA (and others) and the most secure encryption in the world doesn't address the problem supposedly addressed by the "purloined letter" program mentioned in the article, which is that when a government agent finds an encrypted file on a storage device, he's going to want to know what's in the file, and he's going to find out one way or another, even if it means throwing you naked into a cell and pulling out your fingernails one at a time till you reveal the key.

The "defrag the drive" expedient I mention is simply a way for customs personnel to be sure that the "purloined letter" stego system mentioned becomes an ineffective method of hiding encrypted data, in the same way that forcing you to boot up your computer or look through your camera lens is a way of helping to ensure that there's no Semtex replacing the CPU or glass.

Wrong Zimmerman.

[Seth]

Err whats wrong with the government saying decrypt that or go to jail?

Depends on the government and why they want to examine one's personal papers. Here in the US, they have to have probable cause to believe a crime is involved, and a warrant from a judge.

Or trying to enter/leave the country I suspect as well

Yah. There's currently a couple of court cases circulating about whether Customs has the right to seize and copy computer storage media without probable cause and a warrant. We should know in a year or two.

[egbert]

Err whats wrong with the government saying decrypt that or go to jail?

Depends on the government and why they want to examine one's personal papers. Here in the US, they have to have probable cause to believe a crime is involved, and a warrant from a judge.

"you're just talking out your ass again and making things up out of whole cloth."

Customs/Border Patrol Agents don't need no steenkin Judge's order - they can inspect everything you try to bring into the country, including your rectum, and the mere fact they don't like you is justification enough. And, if you won't co-operate in disclosing what's in those encrypted files on your laptop, you'll probably never see it again, and YOU likely won't get in the country either, unless you're already a citizen, in which case you'll get a hard time.
Just ask the Ottawa Bishop who thought they'd never dare search a man of the cloth's laptop, and lordy, lordy, if they didn't find his stash of kiddy porn! Heh, heh - talk about a quick defrocking!

[egbert]

Zimmerman.

Inventor of PGP and a hero of mine. Still, even 1028 bit PGP keys can be broken by the NSA (and others) and the most secure encryption in the world doesn't address the problem supposedly addressed by the "purloined letter" program mentioned in the article, which is that when a government agent finds an encrypted file on a storage device, he's going to want to know what's in the file, and he's going to find out one way or another, even if it means throwing you naked into a cell and pulling out your fingernails one at a time till you reveal the key.

The "defrag the drive" expedient I mention is simply a way for customs personnel to be sure that the "purloined letter" stego system mentioned becomes an ineffective method of hiding encrypted data, in the same way that forcing you to boot up your computer or look through your camera lens is a way of helping to ensure that there's no Semtex replacing the CPU or glass.

Yada, yada. You must have gotten your secret spy agent training from one of those comic book coupons.

Only an idiot would lug a laptop with contraband on it through customs.
Upload your encrypted stuff to an online storage site, then cross the border, and then download your stuff. Sheesh. Domfkop.