A group of hacker activists known as Hacktivismo is unveiling a new tool designed to help human rights proponents and political dissidents view censored information over the Web without fear of reprisal.
The steganography tool, to be released on Saturday at the H2K2 hacker convention in New York City, will let users hide encrypted text within any gif image placed on a Web page. But critics say the tool can also be used by criminals and terrorists to disguise communication or plans for illegal activity.
Simple Secrecy
The tool, called Camera/Shy, works with Windows and Internet Explorer and lets users share censored or sensitive information buried within an ordinary gif image.
Although other steganography tools exist, Camera/Shy is designed for non-technical users–such as political dissidents who might ordinarily not know how to use such a tool.
The 1.21MB program lets users encrypt text with a click of the mouse and bury the text in an image. The files can be password-protected for further security. After posting an embedded image on a Web site, an activist can notify intended recipients by e-mail with code words such as “Go to this URL to see pictures from my birthday party.”
Viewers who open the page with the Camera/Shy browser tool can then decrypt the embedded text on the fly by double clicking on the image and supplying a password.
The program is aimed at users who reside behind country firewalls, such as those in China, which censor Internet access to specific sites or content. It temporarily turns off the browser history and deletes all data in cache once a user closes the program so no one can trace where they’ve been. Users can download the program to a diskette to run on their computer or run it directly from the Web, leaving no footprints on their system.
Hacktivismo is releasing Camera/Shy as open source software, allowing anyone to tweak it for different languages or adapt it to other operating systems such as Linux.
Hackers Turn Activist
Hacktivismo is an offshoot of the famed hacking group Cult of the Dead Cow, creators of a Trojan horse called Back Orifice that lets hackers commandeer a machine infected with the program from across the Internet.
The subgroup was founded by a hacker activist named Oxblood Ruffin and has 35 members around the world. The creator of the program is a member called The Pull, who works for eEye Digital Security Inc., a security firm in California.
Ruffin says Pull got the idea for the program in a flash in May and then wrote the code in a day. After polishing it for a couple of weeks, he sent it off to a group of high-end security experts for bug testing.
But some criticize Hacktivismo for releasing a program that could easily be used by pornographers or terrorists to hide data. In February 2001, the U.S. Federal Bureau of Investigation claimed that Osama bin Laden was using steganography to hide maps and post instructions on terrorist targets for Al Qaeda cells around the world.
Ruffin says the program shouldn’t be judged by possible misuse.
“We’re certainly aware that people could take our technology and do nasty things with it. But what is the upside for democracy or human rights activists finally having some technology they can use?”
“Every technology can be corrupted,” he adds. “The same hammer that Jimmy Carter uses to build a home for the homeless can be used by someone else to drive through the back of someone’s head.”
He says that to ban technology that could be used in nefarious ways would mean that few technologies could ever be released. “We’d have to ban cell phones and pagers and even cocktail napkins, because people write bomb instructions even on those.”
He also points out that steganography has already been around for a long time. “There are far more robust systems out there. Ours just happens to be fairly easy to use.”