Using Blogs to Send Hidden Messages

Well, everyone will say: Isn't that obvious? We can write whatever we want, and click "add comment" or "submit post".

We are talking here about what you can do to send a different message than that in the text you write, other than the information clear in your post.

An example (feel free to add comments for more data carriers):

1. The exact hour:minute of posting your comment.
   
2. Number of posts per day
   
3. Number of letters in each post
   
4. Number of ".", "!", smileys, ... in each post.
   
   This might seem ridiculous, but notice how many statements we end with multiple full stops and the reader will just assume that it is a writing style (a bad one indeed).
   

hour:minute information

You can post the same message but in different times of day, so which minute you choose is an important piece of information:

You can send in any hour:minute out of the 60x60 possibilities. Take the logarithm to the base 2: you have (rounding down) 11 bits (11.813 bits to be exact). That's 2048 different options.

If you posted 3 posts a day (which is not strange for many). Then you have 33 bits, equivalent to 8,589,934,592 different options. Nice !! (I could have written it 'Nice !!!' and you wouldn't think it is strange, but I wanted to send some specific message :) )

I will discuss the rest in separate posts/comments.

Sending Secrets using IM applications (MSN, Yahoo, Skype, ICQ, etc)

Of course, as usual, I am not talking about writing down the secrets in a message and sending it :)

A simple sniffer program can be used to see everything you sent from another machine over the network (your dad can do this for example :) ) Or if you are connected over a wireless link at home or at work, this is clearly easy.

I am thinking more of a normal behavior, that we can make, well, a little bit useful !

Anyone on your list can see your state, right ?

If you are using MSN at work, it is very normal to change your availability every few minutes (your boss is with you in the room, going out for lunch, for a meeting, leaving work and will be unavailable, or off-line, etc). So, this is our media: your online status.

Let's say you are online 10 hours. In MSN, for example, there are 7 states: Online, Busy, Away, ...

You can change the state every 30 mins, and it will not look strange (Just don't make it exactly 30 minutes, 30 +/- 5 minutes). So there are 20 slots in all (10 hrs*2).

How many combinations you can say in a single day: 7 to the power 20 !

That's: 7²⁰ = 79,792,266,297,612,001 (google for this number, you will find many hits ! Weird!).

So, simply, you can send, for example, a credit card, with expiry and code. Or your SSN (of course this might be your boss's SSN that you peeked at, but that will be plain wrong, right?).


Working example:
The credit card number is: 1234-5678-9012-3456

Write it in base 7: = 521020405131521400 (see below on how to do that)

Let's take the following mapping: Online = 6, Busy = 5, Be right back = 4, Away = 3, On the phone = 2, Out for Lunch = 1, Offline = 0

Therefore, in the first 30 minutes: "Busy", next 30 minutes "On the phone", then "Lunch", then "offline", then "Phone", ... got it?

Your friend at home, or whatever, will write down every state he sees, all day, then he has the list of numbers (in base 7), he will convert it back to decimal, and voila, here is the secret transferred :)

Base Conversion:
Changing things from base to base is easy (specially if they are binary, hexadecimal, or of course decimal: Windows calculator can do it for you). But for our case, 7 is a little boring, and it will need the calculator beside you, and you will do it in a minute.

I am not sure if anyone wants to see how to do the conversion, if so, tell me and I will post it in another post here.

Brief example: convert 123 from decimal to base 7:

123 divided by 7 = 17 remainder 4 (then 4 is the first number on the right)
17 divided by 7 = 2 remainder 3
2 divided by 7 = 0 remainder 2
Then the result is 234

Converting it back:
2*7^2 + 3*7^1 + 4*7^0 = 123 (easy...)


Enjoy Instant Messaging :)

External Resources, links, and articles

This post is dedicated to collect others' opinion on this subject.

Everyone finds an article about secret communication, hidden signals, cheating a test, etc. Please post it here. We want to know what others are doing, is this totally useless, or it can prove to be a huge issue that has been long neglected.


Of course adding a link and a couple of lines explaining what are they doing will be more than enough.

Don't bother with technical papers, there is a lot of them, and they are already collected and archived in many places. Just focus on informal stuff, ideas, other blogs, ...

Chatting during a Test !?!

Chatting during a Test !!! How is that possible?

It is very simple. First, let's find out what can you do that will not bother the proctor, (or warden !!). Then, we will have to find how we can agree on the meaning of these signals in an easy way (if it is very hard, it could have been easier studying).

An important note first. This is for proving to ourselves we can cheat if we want to, but we don't. It is totally different than not cheating because we can't, right ?

Permissible acts and signals:

There is a lot of things we can do here (and you will add a lot also):

• Coughing or sneezing (which one you did is another piece of information)
  
• Dropping a pen
  
• Stretching your arms
  
• Go to the restroom
  
• Tap with the pen, how many times??
  
• Finish early and leave! (obviously, helping others, not yourself anymore!)
  
• At what time will you do any of the above, and how many times.
  

Agreeing on the code:

Let's take coughing as an example.

You can cough once every 4 minutes. Which minute, indicates your answer to one of the multiple choice questions (assuming 4 answers).

So in a 2-hour exam, you can send 120 min/4 = 30 questions (not bad, huh !!)

Can we do better? Sure we can :)

Using simple binary coding, we can send much more (twice in our case).
Every two minutes are for a single question (instead of 4).
If you didn't cough: Answer A
If you coughed once in the 1st minute: Answer B
If you coughed once in the 2nd minute: Answer C
If you coughed twice: Answer D
We have 60 questions in the 2hr exam.
quite simple... But lots of coughing is not good... Might raise suspicions. :)

So, let's use another signal. "Stretching your arms" for example:
Now, we can use coughing 0 times, or once every 4 minutes (as before): 4(+1 don't know the answer) options.
Also, you can, during the same 4 minutes, stretch your arms to the side, or above you, or both, or simply don't stretch them. Another 4 options.
Multiply these together. You have 16 options in all !!! That's 2 MC questions (with all of their 16 combinations, if each have 4 choices).
The same as before: in our 2-hour exam, 60 questions can be answered... That's quite great. With much less coughing and a little bit of stretching :)

Of course essay questions is a mess to do. But what do you think..we can a lot of other signals, you can literally dictate an essay this way :)

What can we do? Tools and Media Description

We need first to identify what is our raw material? What can we use? What is our channel ?
Formally: What is the communication channel, what is the capacity and bandwidth, and what are suitable codes to use?

Well, actual formulation of the problem has been studied a long time ago. From the early starts, there has been the Morse Code, Nyquist and his work in telegraph capacity, etc. But we can go even further in history: Take for example the English language, short words are more common to be used (or the other way around, they have been chosen to be shorter because they will be used more often); like I, am, is, are, us, we, cat, dog. And on the other hand there is: umbrella, discriminate, cognitive, ... (Mostly, I will dedicate another post just for this)

The first main formulation was, of course, by Shannon and Kolomogorov (late 1940's 50's, and 60's). And since then, tons of theoretical work, and heavy applications have been developed (e.g., digital phone lines, cell phones, data compression as in images: jpeg, gifs, ... movies: mpeg, ... archive formats: zip, arj, ... and well, computer networks in general).

So, let's take it simple.
If we stand in front of each other what might be our tools:
Then, it depends on what are the different actions I can make, and what are the corresponding responses. I can wave, close/open my eyes, yawn, stick my tongue out, stand on one leg, ... or any combinations of them.

If we are over the phone?
I can start with a hello, or hi, or just "is this Bob?", ...
And you can answer back with anything similar.

We can go like this for every possible situation.
The information we want to communicate has to be translated to some sort of code (something we agreed on: if I waved my hand then the meeting is canceled, if I yawn, then just delayed, ...)

The important question is how much information I can send you with these naive ways?
How to measure/evaluate this: The way to measure it is to take the whole number of possible signals I can do. If it covers the different choices I want to send you then, we are done. For example, I can do 10 different things over the phone (as we mentioned before), and I want to tell you what hour of day we will be meeting (from 9am to 5pm). Then it is enough. We can keep the extra choice to say: "No way I am going out, got lots of home work to do, or my dad won't give me the car".

Formally: You would take the log (base 2) to find the number of bits you can use. And do the same with your original information. (or base 10 and it will be digits, ...)


Believe it or not, you will find we can say a lot without anyone noticing.
And of course this is our goal, otherwise why not say it loud and clear: "I will lower the bid on the contract by 100,000". You need to cough twice, sneeze once, and close the phone call exactly after 15 minutes in order to tell me it is a 100,000 not 90,000 and not 110,000.

Welcome All

As a start, this blog is mainly for investigating techniques where two parties can communicate over elementary communication channels without anyone noticing.

A basic example: cheating in a test. How to do it without the proctor noticing? Of course, personally, I do not like that (being the 'proctor' in many cases :) ). But, this can have quite a high research value.

Many techniques exist with complicated schemes, and high throughput. However, we are here concerned with the simplest of forms; two people waving at each other, opening your web browser or not, is your cell phone working or in flight mode, ...

So, if you are not familiar with what is going on in the hard-core research community regarding these techniques, don't panic, you are still welcomed, and you can still heavily contribute (or not, who will know :) )