19. Anonymizers – JAP
Okay guys, the next thing we’re going to talk about is a free tool called Jap that gives us Internet anonymity. It does not offer any encryption and I’m going to go ahead and move right into the demo on this. Now while we’re right here and available, I want to explain anonymity to you and I want to make sure you understand there is a difference between anonymity security and privacy. And we’re going to kind of COVID each one of those as well. All right? So what I’m going to show you right now is anonymity. That means it’s difficult for the person who you connected to with your IP address to prove that was really your IP address. That’s probably the best definition that I can give you for anonymity.
So let’s go ahead and explain this. What I’ll do first is I’m going to go out and I’m going to pull up my favorite utility here, IP Chicken, and it’s going to show us our current public IP address. Now I’ll be masking a portion of this, but I’ll leave a good portion to where you can see it’s going to be totally different. The next thing I’m going to do is I’m going to go ahead and start up a utility called John Doe. Some people call it Jap. And as you can see, we have a number of different providers here. And what we’re going to try and find is the free provider. And usually that’s in the past. It’s always been dressed and dressed. Let me go ahead and pick that one right there.
Now what I’m going to need to do is I’m going to need to take my network interface for my browser out here, which is firefox, and set it to use that particular port on that proxy. So I’m just going to click on Tools. I’m going to click on Options. Come down in here to settings and manual configuration. And you can see right here where I said one hundred and twenty seven zero one and port 4001. Okay, great, I picked on that. Now I’m going to type in IP Chicken. And by rights we should have the same public IP address. But I want you to notice how much different it is because what’s happened here is we’ve created a tunnel to Dresden, Germany and picked up one of their IP addresses so that we’re able to now move forward into the Internet.
And this person right here gets the blame for any devil tree that we do. So if you have had utilities to say, oh, you can only come here five times a week, they’re looking at your IP address, well, just use something like this and change your IP address. It’s very, very simple to do. So, again, this right here, this concept right here is called anonymity. That does not mean it is secure. So I definitely would not want to use something like this and go to my bank. Who knows who these people are that are running these proxies. They could be siphoning up all of your information. We just simply don’t know that. But it does provide us a different IP address.
20. Steganography
Okay, guys, we’re just moving right along and it’s probably one of the more interesting chapters. The next thing we’re going to talk about is something called steganography. Now steganography takes one piece of information and hides it within another. In the field of information security, steganography means hiding information in a form that not only obscures its meaning, but obscures its existence. Oftentimes you’ll hear people say it means hiding something in plain sight. One of the first documents described steganography as being used is from the histories of heretus in ancient Greece. Text was written on wax covered tablets. In one story, Dedarimus wanted to notify Sparta that exorus intended to invade Greece.
To avoid capture, he scraped the wax off the tablets and wrote a message on the underlying wood. He then covered the tablets with wax. Again, the tablets appeared to be blank and so unused, they passed inspection by the sentries without a question. Another ingenious method was to shave the head of a messenger and then tattoo a message on the or an image on the messenger’s head after allowing his hair to grow back. The message would then be undetected until the head was shaved again. Like many tools, steganography can be used for a variety of reasons, some good, some not. In reality, in my opinion, there’s no legitimate business use for steganography.
If you’re in the business of espionage or you’re in the business of COVID signaling, well, then, of course it would have a business use. Legitimate purposes could include things like watermarking images for reasons such as copyright protection. Digital watermarks, also known as fingerprinting significant especially in copyrighted material, are similar to steganography and that they are overlaid in file, which appear to be part of the original file and are thus not easily detectable by the average person, or perhaps not able to be detectable at all. One disturbing note for those of you who are going into forensics, steganography, as well as alternate data streams, are the number one in two places that pedophiles hide child pornography.
That is unfortunate. Now, steganography is very hard to detect because there’s no established standard for it. And I’m going to give you a little demonstration here a couple of moments and we’re going to talk about that. There are various freeware and shareware utilities, of course, even commercial programs for hiding text and BMP JPGs wave or Mp3 files. Anytime you have what I like to refer to as, quote unquote, loss of media, you could possibly hide steganography inside it.I used to always talk about the old highlight magazines and this is maybe more of an American thing, but I remember when I was a boy going to the doctor’s office, we would have the highlights magazines and we would need to find the pale that was in the tree or the dog that was in the tree or maybe the cow in it.
To the naked eye, it looked like just a tree. But on closer inspection. Well, there is a dog in there or there is a cow in there. That would be a very good example of steganography. The data that’s inserted into the image can also be encrypted, making it much less detectable, often adding that the data does not increase the file size. And I’m going to explain that in a couple of moments in our demonstration. Here are some example steganography tools crypto Bola GIF shuffle. There are tools in the Stego archive that are available to detect if an image has been added data to it. Some example Steganography detection programs includes Stag detect which is part of the Steg suite.
Now you’re going to see in the next slide or so that that’s not necessarily a hard and fast rule because you don’t know what algorithm they use to put it in. So how could you possibly know how to get it out here? And I believe this is a picture of the Brooklyn Bridge in New York. And what I’m going to do is I’m going to zoom in real quick and I’m just simply going to select an area of this bridge. We all know that a pixel or which stands for Picture Element starts at an X and it also has a Y coordinate. Now this one right here happens to be a 256 bit grayscale image. If we had all ones it would be completely black. If we had all zeros, this pixel would be completely white. Now I’m also going to describe that we have a Z coordinate and that Z coordinate is indeed for the color.
That means that we have eight bits. Recognizing the whiteness or blackness if you will, of this picture. All ones would be, would color this pixel completely black, all zeros, completely white. But what if we took the least significant bit, the one all the way to the right and used it for our own purpose? That would mean that for every eight pixels we would be able to store one byte of data. Well, surely we’d be able to see this, wouldn’t we? Well, don’t be so quick. On our demo. I have a picture of my data center and this is just simply a BMP picture. We’ll use a tool called Image Hide to put in and take out the Colonel’s secret recipe. I just thought that was kind of funny. I got that out of Wikipedia for a picture of my data center.
Let’s go ahead and move right into the demo. Okay, so here we are here in our demo and what I’m going to do for you here is I’m going to see if I can describe a little bit about steganography. Now what I’ve got, as I mentioned before, kind of give you a little bit of a teaser here is I got off of Wikipedia the Kfc’s Colonel secret recipe. And as you can see it consists of eleven herbs and spices and so on. I just thought it’d be a little funny. I’m also going to show you a picture of my data center. Now, this picture is a BMP picture and have a number of computers that are in here. So we’re just going to utilize this and see if we can hide the kernel secret recipe. In this picture, I’m going to utilize a tool called Image Hide.
I’m going to go ahead and open up Image Hide, and I’m going to go ahead and load our image. When I load our image, I want you to notice down here at the bottom, it says that we have 39,324 bytes available for us to add information to. It’s kind of interesting. So taking our pixel based steganography as we talked about before, we would have to have at least that number of pixels times eight to really be able to hide it effectively. And I’m sure there’s probably a little bit of overhead that’s involved there as well. So let’s get right to it. Let’s open up our kernel secret recipe. Let’s press Control A, select all of it by Control C. Let’s go ahead and get out of here. I’m just going to go ahead and paste it right in here.
Now I’m going to tell it I want to write the data to this image file. And you can see it’s taking just a little bit of time to write this. I could encrypt the data and then decrypt it when I come back out, but for this purpose right here, I’m just simply going to write the data. Now I’m going to go ahead and save the image right here, but this time I’m going to save the image. I’m actually going to save it as data center number two. So I’m going to just simply press Enter on here. Go ahead and get out of Image Hide. And you’ll notice that I have two images now. I’ve got my data center BMP and data center two BMP. Let’s go ahead and just open them up. This is Data Center one. This is data center two. Data center one. Data center two.
I don’t know about you guys, but I can’t really tell. Too much difference there. Data center one. Data center two. Data center one. Data center two. Okay, so let’s go ahead and get out of this and let’s really see if Steganography is still there. But before we do that, let’s check a couple of things. Let’s check to see the properties of each one of the files. So this right here is our data center, the very first one. And this one right here is Data center number Two. Okay, so let’s just kind of compare these side by side. And boy, I tell you, it hasn’t changed one single bite. As you can see right here, we’ve got 943,830 bytes. Also in data center number two, we have 943,830 bytes that matches.
Now you can see that the time is just a little bit off, but boy, that’s going to be really hard to track something like that. Let’s go ahead and open up a little MD five hash utility. Now the hash is going to be able to tell us if any of the bits are different from file to file. So let’s go ahead and just drag in number one. And you can see that we have a hash that ends in B. One one five. Let’s go ahead and drag in number two. Oh my gosh. Not only did it change the last couple of bits, every single one of these numbers and or letters in this hexadecimal number was completely changed as part of this hash. Wow. So you can see that steganography would be very difficult to detect. So with that, let’s go ahead and go back to the slides.
It never ceases to amaze me. Whenever I do this demonstration in classes, I always get the same question. Well, if I were to click on a file that’s laden with malware in the steganography file, would I get that malware in actuality steganography is actually benign? In most cases, you would actually have to have the application or the algorithm that was used in an application used to put it in to get it back out. So the quick and easy answer is actually really no. But the truth is really a little bit more complex. In reality. I myself am working on a technique which I’ve applied for a patent on. What it does is it utilizes the DRM or the distributed Rights Management handler in some videos and images. Basically what it does is it redirects a victim to a malware laden site, hopefully to infect that victim.
You can probably imagine this is still a proof of concept. It just simply remains a valid theory that I need to prove. Again, why should we care? Now, some people may ask, what’s the reason? Why do I even need to know about this? If it’s in there and it’s very little chance of harming me, why would I even need to know about it? Steganography itself can be used for anywhere from COVID to completely evil, evil purposes. Bad guys a lot of times will use steganography to hide messages that they want to send to their operatives. As you can see, we’ve got one here. Boss said we should blow up the bridge at midnight, encrypted with some particular password. Sometimes it’s just better to know what can happen. And maybe we’ll our guard a little bit more.
