|
BOOT CAMP 474 (01/0/07)
Paranoia and Privacy part 3
The Internet is not private; it is a freely
accessible, global public network with little or no security and few
safeguards. Everything you do, see send or say can be monitored and intercepted
by anyone with a will to do so. Once you accept that fact then you can get on
with the job of making your involvement with it as secure as humanly possible.
The good news is that the chances of your
emails being read by anyone other than the intended recipient is quite small.
There are simply too many emails sloshing around the net for them to be
effectively scrutinised, though if you routinely pepper messages sent to
certain countries or recipients with keywords that might suggest involvement
with terrorism or other illegal activities then your jottings may well be
flagged up by one of a number of government agency’s computers, but the vast
majority of messages will arrive at their destination unopened.
Nevertheless, it is wise to assume that whilst
in transit your emails are about as private as a postcard. However, don’t
forget that the emails you send and receive remain on your PC and that is a far
greater threat to your privacy. A decent firewall should stop any external attempts
to hack into your machine, but if you choose to leave them there, then anyone
with access to your computer can read them, so it is up to you to protect or
delete them if they contain sensitive information.
If for any reason you need to send a private or
personal message by email then there ways and means to make sure it won’t be
read or understood. Encryption would seem to be the obvious solution but it has
one big disadvantage. Anyone intercepting the message will know straight away
from the jumble of numbers and characters that it contains scrambled
information and, depending on their level of expertise, resources and desire to
know what you’ve been saying, they will attempt to decrypt it and only a tiny
handful of powerful military-grade encryption systems can resist a determined
attempt to crack them open.
It is far better, therefore, to hide or
disguise your message inside an otherwise innocuous-looking email. Again there
are various techniques, including ciphers and codes but these can be clumsy and
time consuming, but there is another very effective method, an age-old trick
known as Steganography.
Steganography stems from an ancient Greek word
meaning hidden writing. The story goes that in 499 BC an exiled tyrant called
Histiaeus needed to send a secret message about a revolt he was planning to his
nephew Aristagoras. He shaved the head of a slave, tattooed the message on his
head, waited for his hair to grow back then sent the slave to Aristagoras, with
instructions to give him a haircut…
Things have moved on in the intervening 2,500
years and now it is possible to conceal documents and other types of files
inside photographs, sent as email attachments. To the untrained eye the images
look perfectly normal and the extra information makes relatively little
difference to the size of the file, so even under very close scrutiny they
shouldn’t raise any suspicion.
It sounds complicated but in practice it is
very simple. All you need to is a small piece of software on the PCs used to
send and receive the messages. There are several sophisticated Steganography
programs on the market but if you just want to try it out then I suggest a
small freeware utility called JPHS
For Windows.
Download the program (it is the form of a ‘zip’
file), extract the contents to a folder on your PC and double-click on the file
jphswin to install it. Double-click on the Jphswin file icon and you will be
asked accept the terms and conditions and the program opens.
Step one is to choose the image you want to use
to conceal the message or file. Use one that has plenty of fine detail as the
hidden information will have a smaller impact on file size, though since anyone
who sees it cannot know the size of the original picture file it is unlikely to
attract attention. Click on ‘Open Jpeg’ and an Explorer type dialogue box is
displayed. Navigate to the image, select the file and click OK; the window now
shows the maximum and suggested size of the file you can hide inside it (see
also this week’s Top Tip).
Next click Hide and you will be asked to enter
and confirm a passphase, which the recipient will also need in order to extract
the file. Click OK and another Explorer window opens and select the file you
want to hide. If it is too large you will be warned. All that remains is to
attach the modified image file to an email and send it.
The recipient receives the email and attachment
as normal. To extract the hidden file they have to open their copy of Jpshwin,
select the saved image file by clicking ‘open Jpeg’ then ‘Seek’ and they will
be asked to enter the passphrase. A dialog box opens asking them where to save
the extracted file and it can be opened and read as normal.
Next Week – Shareware and Freeware Top Tens
JARGON FILTER
ATTACHMENT
Data
file – usually containing a photograph or text document sent with an email
message
ENCRYPTION
Encryption or
scrambling renders files unreadable by any conventional means without the
correct decryption software and a unique 'key' code, which is needed to unlock
the data.
ZIP
Type of
compressed file, requires special program (Pkunzip, WinZip and a utility built
into Windows XP etc.) to expand or decompress the file
TIP OF THE WEEK
Ideally your hidden files should be less than
10 percent of the size of the picture file otherwise it may degrade the image,
or the process will not work. Since photo attachments are typically 300 to
500kb this means the hidden file can only be a few tens of kilobytes. In theory
you can send any type of file but the size limit poses a particular problem
with word processor documents. These contain a lot of extra formatting
information that may well push it over the limit. However, if the document is
saved as a plain text file it will be a fraction of the size of the original
document; a text file containing 1000 words typically amounts to less than
10kb.
---end---
© R. Maybury 2007, 1804
|