I ran across this security link a few days ago and I thought it would be worth sharing with my readers. It’s a way to steganographically encode spam with text. This is actually one of the more ingenious ways that I’ve seen to encode messages. I mean, we all get insane amounts of spam, so what better way to send information than by spam. One of the key ways to tell that there is a covert channel is by looking for anomalous traffic, but spam is so common and it is so common that it comes from everywhere that it is very difficult to detect.

That said, there are a few obvious problems with this. The first being you have to either set up an agreement with the other party to know which messages are spam, or that party has to run all of their mail through the steganographic filter. Using a resource on the web, is the same thing as sending it plaintext (unless you use the SSL connection). But now you are risking that the website itself isn’t under federal wiretap or something else. Also, you have to worry about the spam that you are expecting actually making it through your spam filters. So unless you have an account that simply sits out in the middle of the DMZ with no protection there is a high liklihood of loosing the spam entirely.

You also cannot use the spammimic tool as an API (as far as I can tell) meaning you have to send all your traffic over HTTP/HTTPS to that website which sets off huge alarms for anyone who was eavesdropping. And last but not least, as with any steganographic system, once you tell people that it exists, it is almost completely useless. That’s the problem with staganography, you can never tell anyone about the best ways to hide data, or it’s a broken system.

Still, interesting idea though!

This entry was posted on Tuesday, August 1st, 2006 at 8:35 am and is filed under spam, Random Security. You can leave a response as well.