Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Hide Secret Messages In Facebook Photos With My Chrome Extension (owencampbellmoore.com)
153 points by owencm on April 8, 2013 | hide | past | favorite | 54 comments



I built this Steganography tool as a research project within Oxford University. The goal was for users to be able to communicate via Facebook without anybody being able to even detect the presence of a message, let alone the content.

This is a dramatic improvement over the 'dead-dropping' technique of communicating secretly by leaving emails in the draft box for others to receive without actually sending them.

The really notable thing about this extension is that the JPEGs it produces can handle recompression without the contained message being damaged. Simply strapping error correction onto Steganography doesn't work and this extension is based on a new algorithm for JPEG steganography which I explain in the paper linked from the article.

I'd love to get your feedback on the extension, let me know how you found it to use and let me know if there's anything I can do to make the experience easier!


Just wanted to toss this out there: I noticed that your host for the PDF was dropbox, which often turns off access if a document gets a lot of traffic. Because of that, I mirrored the pdf here: http://lelandbatey.com/secretbook-draft-1.pdf

I hope that's alright with you. If not, I'll happily take it down.


I'm the author of umshade (http://umshade.it), which aims to bring a chrome extension that provides proof-of-concept grade text-encryption to any website. Obviously I like what you did a lot. How much further are you taking it? What other approaches to UI/flows did you consider?


How far I take it depends largely on feedback I receive. I have now completed this research project so in that capacity it is complete.

I considered a number of flows but eventually decided this was most discrete. Check out the paper I link to at the bottom of my post to read all about the options I considered and why I selected this one.


Except for the fact that you can detect that there is steganographic content it is aweseome :-) UMich's CITI group put together a tool to find stegonagraphic images and tested it on ebay. Now I don't have a Sun system to run their tool (if I could even load it off of QIC tape!) but the basic idea was that steganographic encoding techniques interfered with the natural noise of the image. As I recall they used techniques similar to what the SETI@Home guys were using to detect the presence of signal in noise. Dr. Peter Honeyman could tell you more and probably point you at the sources. If would be a great followup to that work to see how well it detects your images.


Great work! Which JPEG stego algorithm do you use (if you don't mind sharing)?

Edit: Found the linked paper. Thanks!


Governments also do not have access to privately shared Facebook albums

Don't count on it.


God you guys need to start wearing tinfoil hats


God you guys need to start wearing tinfoil hats

It's not really a secret: http://www.youtube.com/watch?v=XDM3MqHln8U#t=3318s (note that Facebook was specifically mentioned @ 56:07)


He also specifically mentions 'cloud'. Just saying.


I remember reading an article where Al Qaeda is using the same practices for sending messages to hidden members via eBay (and other sites). Here is an article (not the same one I read, but the same topic): http://www.nytimes.com/2001/10/30/science/physical/30STEG.ht...

The article mentions government level detection software - but there is also open source software such as StegDetect (http://www.outguess.org/detection.php) which does a reasonable job of detecting steganography within images.


As you say, it is very possible to build or use detectors for systems such as this. The advantage in this case is that 300+ million new photos are uploaded to Facebook every day so scanning them all would be highly computationally intensive. Governments also do not have access to privately shared Facebook albums so the risk of steganography being detected in a walled garden such as Facebook is much lower than for images shared on public websites such as eBay in the case of Al Qaeda in the past. In the past walled gardens have always recompressed JPEGs rendering previous steganography tools unusable - that is the true innovation this extension brings.


"Governments also do not have access to privately shared Facebook albums" ... yet! But either way it's really useful tool, I think my GF will love it.


I have always assumed that the NSA have a firehose feed running from Facebook to Fort Meade.

I can't imagine a reason why in the interests of national security, why they wouldn't have already approached Facebook with a secret request to get full access to all Facebook data, regardless of the user's privacy settings.

I have already proved to myself that when you delete something on Facebook, it is not actually deleted, but simply marked as archived. My guess is that they now also move the images, rather than delete them, to satisfy the previous outcry at deleted photos that were still "cached on the CDN". cough bullshit.

Once your data is on Facebook, you can never remove it. I don't trust them as far as I can throw a $1 billion company.

I'll take my tin-foil hat off now.

http://arstechnica.com/uncategorized/2007/01/8701/


I don't think they'd need to scan the 300+ million new photos. They'd just need to scan the photos of individuals that governments and/or corporations would like to target.


To be fair, this is probably more of a cool toy and proof of concept than something you would use for industry- or military-grade security needs. According to Owen's pdf itself, complete undetectability was not the main goal of the project (page 33).


How much "computation" is Facebook doing already on those 300MM+ photos that are being uploaded every day? I'm sure they are already performing a number of actions when each photo is uploaded. Is running a quick check for hidden messages on those photos really going to add that much more "processing"?


the presence of steganography has long been detectable in images and audio. whether it can be decoded depends on the cipher (if any) that's used for the actual message, but this is a pretty poor way to hide your intent from anyone but the casual onlooker.


You're right, if provided a folder of 10 images, one of which contained a secret message then detecting it would be trivial. For Facebook to do the same with 300+ million photo uploads daily would be certainly a non-trivial process. And govt agencies don't yet have full access to non-public albums so the risk of them downloading and scanning all images is also mitigated.


If they can handle recompressing 300+ million photos a day they could proabably add a quick check for steganograpic markers and dump those images off to a separate queue for further processing, if they were so inclined.


The whole point of steganography is to not leave any markers. But yes, in theory they could scan them on upload but I'm not exactly sure what their prerogative to do so would be (unless the extension turns out to be used for terrorism that is). And plus, with that many photos to process the low false positive rate is going yo cause them huge problems.


That is kind of like saying, "cryptography has long been broken," because simple substitution ciphers are easily broken. It turns out steganography can be designed and analyzed using techniques borrowed to modern cryptography theory:

http://www.cs.cmu.edu/~biglou/PSS.pdf


I did my own undergrad project on JPEG steganography, and I was surprised that section 2.6 accurately represents popular algorithms being implemented today. At the time it seemed to me that you got significantly better results than the naive algorithm when measuring visible differences and statistical anomalies in two ways...

1) Consider the unquantised DCT coefficients. If the unquantised coefficient is 12, and the quantisation factor is 5, then the quantised value is round(12/5) = round(2.4) = 2. If you need to flip the LSB, then the F5 algorithm would change this to 1. My algorithm would have changed this to 3 instead as this was much closer to the unrounded 2.4.

2) Encode one bit into multiple quantised co-efficients. For example: If you only need to hide one bit in a block, xor together the LSB of all 64 quantised co-efficients and use that; if you need to flip it, then carefully choose the single co-efficient which produces the best result for your visual/statistical models. (I might have excluded the DC co-efficient, don't remember.) If you need to hide two bits, use half of the co-efficients for one bit, and half for the other, and so on. Conversely, this method could also be extended to so that one bit is encoded into multiple blocks.

Rather than a keyed shuffle, I simply required the secret message to be strongly encrypted. This appears to have the added advantage of a message with predictable statistical properties.

Note also that robustness was not one of my criteria at the time.

Hope this is of some value (or at least interest). And my apologies if I have some of the terminology wrong - this was nearly twenty years ago and I don't have the work in front of me right now!


Just for clarity's sake, I use F5 to flip bits. Your suggestion in 1) makes sense to me, although I've not read of somebody trying this - if you have any more data on it I'd love to see it.

2) This general idea is a good one and the way it is used in steganography is Wet Paper Codes. These effectively provide options for how to encode short messages so you can select that which best matches the coefficients which already exist. A simple example:

Encode 00 as either 0000, 0001, 0010 or 0011 Encode 01 as either 0100, 0101, 0110 or 0111 And so on

Hence when we wish to send a 2-bit message we often only need to change a single bit in the coefficients to get to a correct code word.

Hence Wet Paper Codes are able to achieve a high ratio of bits transferred to bits flipped.

I'm sure a keyed shuffle is the right way to go, certainly also encrypting is helpful but I see no downside of more evenly spreading changes across an image using a shuffle.


RE: "These messages are hidden in photos so they cannot be detected by Facebook, Governments or prying friends."

I think this claim is overly broad and not particularly true. The NSA surely knows about steganography too. It's been around for a while.


I think everybody here would agree with your correction to that claim. Unless, however, we'd interpret that a bit differently. My take on this approach (coming from developing a similar extension to the one by Owen) - and what I believe Owen meant there - is that you might be relatively save as long as you 'fly under the radar'. It might be based on the naive believe if that if you aren't yet directly targeted, attempts like these can go unnoticed.


Good point. I've rephrased this sentence to be less strong. The gist is that although they could theoretically be detected it would be computationally infeasible for Facebook to do the scanning since they receive 300+ million new photos a day and with a database of about 250 billion photos even if the NSA could get access, they could never feasibly scan them all.


They don't have to scan them all. Only the ones uploaded by the people on their target list. As for access, I'm sure they have it. Regarding computational power, the NSA is generally reputed to have enough supercomputers to fill a football field. I'm sure their new data center in Utah will be greatly enlarging their capabilities.

I'd suggest you read James Bamford's three books on the NSA for further insight. (The Puzzle Palace, Body of Secrets, and The Shadow Factory.) http://en.wikipedia.org/wiki/James_Bamford#Books


Fundamentally you're correct. Honestly, if I thought this extension was going to be useful to terrorists I wouldn't have released it! In my write-up (linked at the bottom of the article) and also in the instructions it is clear that this is a toy application for hobbyists and is not appropriate for serious security uses.

Also, those books do look interesting, might go pick one up..!


"Never" is a long time, and it's plausible the NSA might be interested in a list of names of people who have gone to extremes to hide from them. Is the detection process so difficult that Facebook couldn't integrate it into the upload processing of all new images? There's obviously no need to retroactively check images that were uploaded before your algorithm was written.


The retrospective scanning is a great point - I hadn't considered that.

The detection process is certainly not going to be built into the Facebook upload process unless really serious (and seriously public) usage of these techniques takes off such as wide-spread use by terrorists.

But theoretically, yes detecting could be integrated with uploading. That said, steganography algorithms and detectors generally play a cat and mouse game so as long as extension providers can move faster than Facebook in implementing new algorithms this risk is mitigated.


You're relying on volume of photographic posts to hide encrypted content?

Could you perhaps include encrypted content in many more photographs to make the volume of encrypted content higher, thus increasing the work load of dealing with encrypted content?

I'm not sure how hard it is to detect this content. Try this experiment. Download a BBC tv programme (Horizon works) from a torrent. Edits out a short 3 minute clip. Upload the clip to Youtube. Youtube has very many videos uploaded every minute, yet they ban your clip almost instantly.


Finding such clips is vital to YouTube's business. Detecting use of steganography isn't vital to Facebook so unless it becomes a very public issue (e.g. is widely used by terrorists) they are highly unlikely to integrate detectors for it.

Either way, this is a marked improvement over sending private messages on the Facebook or unencrypted emails (and sending encrypted emails is a very fast way to get noticed).


Owen, I love your concept. And readers, forget being detected by ant-terrorist organizations, as long as you're not into that stuff! Worse=case scenario, even if some govt. agency inquires you, I'm sure you will pass their lie detector tests with ease since you're not really a terrorist :)

Congrats Owen, I can imagine some brilliant use cases for this already - Like surprising your girlfriend on her birthday, etc. :)

Thank you for this wonderful extension :)


Very cool, I'm surprised this hasn't had more upvotes. Many years ago I wrote a CLI image steganography tool (with a PHP web interface at http://incoherency.co.uk/tools/hideimage.php ) but it didn't support JPEG re-compression and isn't nearly as awesome as yours.


That's awesome! I had this idea for a while and I'm glad someone implemented it. Initially I thought about it being used for teens wanting to share secret messages among closed nit friends.


Anyone else getting a 'Package is invalid. Details: 'Could not decode image: '128.png''.' when trying to install the extension from the Chrome Web Store?


I've uploaded a new version with that image replaced just in case. Try again now.


Yep, Chrome Version 26.0.1410.43 / Mac


Why did you build this for Facebook as opposed to other messaging clients or even email? It's pretty cool btw :)


Hundreds of steganography tools already exist for making images which can be shared on any medium where recompression is not an issue (http://www.jjtc.com/Steganography/tools.html). In this case I wanted to provide a simple user experience and also handle Facebook's recompression specifically.

In the future this tool could be extended to other sites which recompress images when they're uploaded although it would certainly be a more confusing user experience.


I suspect it was the technical challenge involved. If he did it for other clients or email, he may not have had to support JPEG re-compression which is both technically difficult and necessary for Facebook compatibility.


Why not make it proper open source so it's not necessary to extract code from the PDF?

I'd like to use this from the command-line.

Thanks.


Excellent reference implementation of a covert communication channel. Well done.


What problem does this solve?


Encryption provides the ability to communicate without any intercepter being able to read the content. In many cases this is fine, but in some cases using encryption software is enough to incriminate you (e.g. spies).

Hence steganography means that not only can your messages not be decoded, they can't be detected.

Specifically, this extension's innovation is allowing steganography on walled gardens such as Facebook which recompress images after uploading them.


I understand what steganography is, but what does this solve? Why would you want to send encrypted messages in a photo across facebook?

It just seems really inefficient way of sending an encrypted message.


The way I answered the same question when developing a similar extension (http://umshade.it) is that these proof-of-concept cryptography-related attempts might result in paving new paradigms for user-friendly flows for securing messages. If there were tools readily available for the layperson, maybe one would reconsider what they submit online (or so I hope)


I don't see a message in the Before or After picture examples. Where is it?


The message is hidden secretly by making very slight changes to the image. When used on Facebook you can receive the secret messages while looking at an image by pressing ctrl+alt+a. That example is just to show approximately how the new image will look compared to the old one.


The whole point is that the message isn't visible, and it's impossible to be able to tell if there even is a message.

The message is encoded in the image by very slightly changing the values of pixels (or some similar method). The message is only revealed with the browser extension


It's not necessarily impossible to detect that there is a message - there are plenty of ways to detect them. The challenge is being able to extract the message without access to the steganography algorithme used, and the passphrase (which could be bruce forced once you have access to the method used to hide/extract - which is a whole other challenge).


The whole point of steganography is to make it impossible to detect that a message is included.

Some people can encrypt their messages and send that encrypted message.

But for some people, in some oppressive regime, encrypting a message and sending it will result in torture. Those people not only have to encrypt the message, they have to hide the encrypted message.

Unfortunately there are very many proof of concept steganography sysems which demonstrate a concept. ("Let's alter the least significant bits in this gif image to hide a message.") These are usually trivially easy to detect, and often easy to disrupt.

This PoC is nice in that it avoids a common disruption - recompression of images - but it's still a proof of concept.

Since it's from Oxford I would have liked to see some kind of Chaffinch integration, and some discussion of how much cover text you need to make the steganographic text hard to find.

EDIT: Whoops! Sorry about Oxford / Cambridge mixup. I've left my mistake in place.


OP here. You're precisely correct, the goal of this project was to demonstrate a PoC of a steganography algorithm which can avoid JPEG recompression and is hence suitable for use in walled gardens such as Facebook.

Also, Chaffinch is a Cambridge project so <sarcasm>naturally not worth integrating with.</sarcasm> But really, this was a single term's undergraduate research project so scope for such integration was thoroughly out of the question.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: