// Patrick Louis

Obscurity Of Communication

A theory on conspiracies, cabals, secret societies, and terrorists communication

A hot subject these days is privacy.
Since the Snowden’s leaks we have been getting headlines about privacy every two or three days. This post is not about something new but it’s to dwell into ways of thinking we haven’t been accustomed to. I don’t personally have any interest in conspiracy theories and secret societies but it’s still interesting to relate it with terrorism, as we are in an era of psychotic people.

pcweenies

Communication has become way easier & cheaper since the institution of the world wide web. You can’t find as much information at such cheap price anywhere else. Consequently, every organization is tempted to use it for their private/secret meeting and messages. However, the internet is wide open and is not the best place for secret information. To resolve this we use private networks and encryption.

Mathematicians have been working on encryption for centuries. We’ve reached a point where encrypted messages have such high entropy that they are virtually unbreakable. Adding to this salting, shared keys, private keys, etc.. We get a new layer of security. Unfortunately, there has been a lot of discussions going around lately revisiting the efficiency and flaws of certain encryption protocols we’ve been using for years.

Another thing that makes people shout is who controls the web. There are some big entities on the internet that have such power that they control a lot of end points and centralized services. In theory, or maybe for real, those big players should be able to trace back everything that happens online, to graph people, to create relation from all this mess. In some cases they do but the relations are graphed with reliable data and not some random mess. The concern is that even if messages are sent encrypted and cannot be deciphered people can still be mapped as related to each others, those big guys can still sniff end points. To solve this people have been using more untraceable networks like P2P. What is reliable data? I would say that people are connected if they directly communicate to each others, as in sending a message to a specific person, which filters out an immensity of noisy random data and makes it plausible to be stored.

img1

How to avoid being tangled in this graph?

To avoid it we might need to go back to more radical, human wise, and rustic ways of communication.
What if we could communicate this way, or at least appear to from a third party point of view:

img2

The main questions are:

How can (A) know that (B) uses this cloud of data to go have a look at it?

It’s true that the connection between (A) and (B) is completely indirect, (B) sends data to a group of people and not to (A), but is it enough to hide the fact that (A) is intimately related to (B)?

The answer to the first question is quite simple, (A) and (B) should meet in real life to agree on the first way of transmission, any type of steganography, supposing they are able to avoid suspicion while meeting. The first message sent and the snowball effect can take place. The cloud can be any list of random websites where people can submit text.

The advantage of this method is that the whole internet is full of public and non suspicious places where non harmful looking information can be shared. Also, if someone is caught or reveals information it doesn’t break the whole communication chain between members of the group. For example, if an unencrypted laptop is found with an undeleted internet history. This can be avoided by using an open network or an internet café to browse.

Let’s give a more elaborate scenario of this concept:

(A) & (B) are secretly part of some unknown organization
(A) & (B) discuss and prepare a plan related to country X
(A) gives to (B) a 24h email before leaving (IRL)
(B) sends to (A) an encrypted message (PGP) which contains the following:

 {
 delimiter_start: "Hello my good fellows",
delimiter_end: "Thanks for everything!!",
list_of_websites: "http://bloaa.com",
"http://forumsa.com",
"http://blogb.com",...
}

This represents their secret handshake.

(A) uses a specially made program which daily checks those websites and only returns the messages sent from (B)
if (A) finds some text he’ll know the special context of it. For example, (A) and (B) might use some keywords and codes like they do in the army to specify a certain turn of events or actions to take.
Furthermore, some websites allow hollow tags/links, Tags that don’t visually appear on the page but that can contain anything. (A) could communicate some encrypted (PGP) text to (B) using this method.

The conversation goes on and on from unrelated websites to other unrelated websites.

Now, about the second huge question: is it enough?
This takes in consideration that it’s not because individuals are not suspicious, unrelated, visits random webistes, and normal that the WWW giants won’t be interested in their behavior. It would be very improbable, or so I hope, that an organization would log every single visitors all over the internet and start relating them together, as in finding which people are close together and might know each other. To add a layer of obscurity one can always use P2P networks and proxies in the above scenario.

It can also be argued that proxies, and accessing things through the darknet isn’t always a new layer of privacy. There are many stories where people were traced back just because they were the only ones on their network to have used those means of communication to do what they did. Simply explained the packets sent while browsing through one of those networks might have a special fingerprint or might be going through a specific port.

For a little introduction watch this easy to understand video by Adrian Crenshaw.

This is all pretty theoretical and dumb but I still got excited about sharing what I had come up with. I’ll leave you with one question: How would those trusting rings be created in that sort of groups without rising suspicion?

Thanks for reading.

Update: This can be interestingly related and used in what I described in the article: Unicode Text Steganography

A nice and old form of steganography is the book cipher which uses commonly available books.

Update2: A cool project has been posted on HN about using Reddit as a file storage system. The comments are quite interesting, discussing all the unexpected ways of storing data.

Update3: I’ve found a website implementing the communication through spam.
It’s called spammimic and has an encoder to hide your message as if it was a spam and a decoder. Though It is still unsafe to use it directly from their website and to use the same encoding method, it shows how nice the idea is.




If you want to have a more in depth discussion I'm always available by email or irc. We can discuss and argue about what you like and dislike, about new ideas to consider, opinions, etc..
If you don't feel like "having a discussion" or are intimidated by emails then you can simply say something small in the comment sections below and/or share it with your friends.