Sidestep the NSA’s Encryption Dragnet

by

0

A lot of discussion has picked up around the role of OpSec and Obfuscation.  BlogsOfWar interviewed the grugq concerning the role and limits of OpSec and the local DefCon meetings have brushed on the need for Obfuscation.  I’m glad the conversation is picking up, but there needs to be more attention brought to it.

It needs to be stated clearly that: whatever your role – corporate pentester or malicious hacker, journalist or privacy conscious citizen – it is not enough to hide your activity, you must also create noise to obfuscate your activity.

So! Leaving theory for another day, let’s go into a very simple and practical application of obfuscation – Steganography.  Wikipedia, in all of its wisdom, defines Steganography as the art and science of encoding hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.  Now that’s fine, but we don’t have to take it to that degree.  Obfuscation, unlike OpSec, does not have to be perfect.  All we need to do is muddy the water a bit; make it harder or more costly for those that surveil or monitor to keep accurate tabs on us.

For our example, let’s take the current case of the NSA as it relates to encrypted messaging. No matter what country you reside in, if you communicate in encrypted messages, the NSA red flags you and stores those encrypted messages for later analysis (damn you, quantum computers of the future! or now!). As it stands, if we are sending encrypted messages, we can reasonably believe that our messages are safe, but the fact that we are hiding our messages is now known.  So how might we hide the fact that we are sending encrypted messages without adding too much overhead to our workflow?

First let’s look at how the NSA might be detecting encrypted messages.  Not much is known here, but we can assume that its not a human reading our emails. Since we are only concerned about staying out of the dragnet for this example (unlike if we were a direct target), let’s assume that all of the world’s email traffic passes through some sort of software detection. With that in mind, how might software look at our messages?  As an encrypted message looks like a constant stream of random characters we can immediately notice that the pattern is different from an actual message.  The first thing that jumps out is that there are no spaces (or if there are, they show up with the same frequency as any other character and a lot less than in normal messages).  So I could write a python script that starts at the first character of an email and looks for a space within a short handful of characters, or perhaps I count the entire amount of spaces in a message block and compare it to non spaces, etc.  I could, within a reasonable amount of doubt, segregate encrypted messages from unencrypted, plain text, messages.

With that in mind, we just need to hide the encrypted cipher text from plain view.  Here is where steganography comes into play.  We can take the encrypted message and hide it in a jpeg image, for example.  Steganography by itself, that is – hiding a clear plain text in an image, might be enough to escape detection from the NSA dragnet, but that relies on security through obscurity.  If we hide the encrypted message in a jpeg, we escape detection from the dragnet AND hide the message’s meaning in case the specific email is targeted.

Furthermore! We can send simple instructions, in clear plain text, within the body of the email instructing the recipient on where and how to look for the message within the jpeg.  To state that again, we don’t need to hide the fact that we are hiding a message in a jpeg image.  Hiding it in the image is just a way to get the encrypted message away from the software dragnet.  If a human attacker is reading the email, they will easily know that the encrypted message is hiding in the jpeg, and, upon discovering it, will still be unable to decrypt it. This method covers both human interception and software detection!

Here’s how you do it:

In Windows:

  1. Select the JPG/JPEG file you want to use (tip: pick a small file) (ex: photo.jpg)
  2. Create a text file (.txt) and copy/save your encrypted text into it.  (ex: message.txt)
  3. Put “====Begin Encrypted Text==== before your message and ====End Encrypted Text==== after your message for ease of finding the message later on.
  4. Put both files in the same directory, (i.e. “C:/hide”)
  5. Next, open command prompt (Go to “Start” and select “Run”. Enter “cmd” and press “OK”. You’ll now see a black box which is the command prompt).
  6. Navigate to your folder (i.e. cd C:/hide)
  7. Now enter the next line to combine the files and press “Enter”.(Note: “photo.jpg” needs to be replaced with the name of your JPG file and “message.txt” needs to be replaced with the name of your text file.) 
    copy /b photo.jpg+message.txt secretimage.jpg
  8. Here, “secretimage.jpg” is the output file, or the new image with the hidden message inside.
  9. Go to the directory in your explorer to find “secretimage.jpg”. When you open it, you’ll see the normal picture.
  10. You can either right click on the new image and select Open with Notepad or change the extension from .jpg to .txt
  11. Once the image is opened in a text reader, scroll all the way to the bottom, and you will see your encrypted text!

In Linux:

  1. Do all of the above, but change [copy /b photo.jpg+message.txt secretimage.jpg] to [cat photo.jpg message.txt > secretimage.jpg]

Once you have your new image with your encrypted message embedded into it.  Attach the file to an email.  Within the body of the email, plainly explain that you have hidden a secret encrypted message in the jpeg.  Instruct the recipient to download the image and open the image in Notepad (or similar program – Linux, you can just cat secretimage.jpg in the command line).

For the NSA:

How would the NSA, or any other monitorer of emails, defeat this on a large, streamlined scale? They’d have to download every image linked to an email and scan through each and every one of them.  But you can do this with .mov file, .mp3’s, etc.  Now the NSA has to scan every attachment looking for encryption.  This goes well beyond the computing power that they’re putting out now.  It’s all about slowing down the process / increasing time and computing power.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s