Spam, Carnivore and Cryptography.
(Seems rather interesting)
Is it spam or Spammimic?
By Peter Rojas
Red Herring, February 15, 2001
This article is from the March 6, 2001, issue of Red Herring magazine.
Before hastily deleting that next piece of unsolicited spam in your email, you might want to check whether it contains a secret message. Visitors to Spammimic.com can now hide a cryptic message in what appears to be (depending on one's point of view) a seemingly innocuous piece of spam.
The site is the brainchild of David McKellar, a freelance programmer in Toronto and a self-described cypherpunk who created the site in response to email surveillance programs like the U. S. Federal Bureau of Investigation's controversial Carnivore. While secret messages could be encoded in any type of email, Mr. McKellar deliberately chose the spam format to circumvent Carnivore, which works by sifting through millions of email messages to find those sent by or directed to persons who are under FBI surveillance. To expedite this process, the software automatically filters out emails that appear to be spam.
SECRET SPAM
Mr. McKellar was inspired by Peter Wayner's book Disappearing Cryptography: Being and Nothingness on the Net (Morgan Kaufman Publishers, 1996), which describes encoding hidden messages in sportscasters' commentary about a baseball game. Spammimic.com uses a mimic engine, a program that conceals secret text in the underlying code of a message.
Of course, the recipient has to know in advance that he or she is supposed to go to Spammimic.com to decode the message -- currently the only way to decode a message is to visit the site. There are plans to develop a plug-in for email programs like Microsoft (Nasdaq: MSFT) Outlook and Qualcomm (Nasdaq: QCOM)'s Eudora so the fake spam can be detected and decoded automatically.
Why use Spammimic.com instead of just sending an encrypted email? An unbreakable encryption program does not guarantee complete secrecy. Using Carnivore, the FBI can still monitor people with whom you're communicating, even if it's unable to decipher the messages. Mr. McKellar hopes Spammimic.com can make Carnivore surveillance less effective by forcing the FBI to root through the billions of spam emails that are sent daily. (The site has already logged visitors from the FBI's server.)
But Mr. McKellar is realistic about the importance of his Web site: "This isn't going to beat the NSA [National Security Agency], but it just might beat the systems administrator at work who has access to your email."
ADDITIONAL RESOURCES
Steganography archive.
Link to OutGuess, a steganography program.
Home page of Ross Anderson, steganography and cryptography expert.
redherring.com
--
spammimic
--snip
There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible. This site gives you access to a program that will encrypt a short message into spam. Basically, the sentences it outputs vary depending on the message you are encoding. Real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article.
It's widely believed that Western governments read (and decrypt) a great deal of Internet mail through systems called Echelon, Carnivore and others. Presumably they have filters which discard spam. Possibly, due to the existence of this little website, they can no longer ignore spam. Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a little less time on other mails
snip
spammimic.com |
