Welcome to Bob & Eileen's web site. Bob generally blogs here while Eileen blogs over at her site. You can see our photos from here or click the little camera in the upper right corner.

Calendar

November 2024
S M T W T F S
 12
3456789
10111213141516
17181920212223
24252627282930

July 2, 2006

Spam As A Secret Communications Method?

Filed under: Software,World Wide Web — Bob @ 3:19 pm

I had an interesting thought this morning while shaving: could spam be used as a communication method for a large, distributed secret organization?

There are two variants possible: hide your message inside plain text using typical cryptographic means or inside images using techniques such as stenography, or send your message as an encrypted blob of data that is otherwise unintelligible.

I received a curious message that got this thought process rolling. The SMTP mail header contains a bunch of HTML strings that got stuffed into Message-id lines. Normally I’d think this was just incompetent message formatting – spam generators often screw up like this. However the body text contains 17,776 characters like this:

WRzFXjk2HB+rXQtUYc0nZoVXaHhfB2HoehrfNI1Rp2qsQoLMcADJJrtLfaGbwtGuMH

This is a very curious message indeed. It originated from IP address 24.60.64.32 which is part of the Comcast network. The owner (I don’t know who it is specifically) is running a web server that claims to be Apache and serves up blank pages. There is no SSH server and no telnet server. The mail server claims to be a Microsoft server but I doubt it.

So continues my conspiracy thinking: its apparently easy enough to send spam; a seemingly endless stream of offers of Viagra and Rolex watches and such in my mailbox demonstrates that. Its even easier to receive spam; do you know anyone who doesn’t get it?

Let’s pretend you are a secret agent in the field, working under cover. I’m headquarters, wanting to relay important information to you. I create the secret message, embed it in an offer for a hot new stock pick, and send it off to millions of people. Only you would know how to decode the secret message, everyone else would simply delete it. Anyone observing the message traffic might not see a one-to-one communication method, they’d see a broadcast of junk to nobody in particular.

If you wanted to communicate covertly at a distance, wouldn’t this be a good way to do it? It’s sort of like hiding in plain sight.

More likely, its just spam. But maybe not. :^)

4 Comments

  1. Hmmm… I received a piece of spam while reading your post. The plot thickens?

    Comment by JayZ — July 3, 2006 @ 2:34 pm
  2. I also have received a lot of emails with bogus headers, no body text and no subject. These I attribute to incompetent spammers, but maybe I am too hasty in pressing delete?

    Gotta run, going down to the store to pick up a roll of aluminum foil to fashion a toque.

    Comment by Bob — July 3, 2006 @ 6:27 pm
  3. I kept one of the investment spams open long enough to notice the image blipped…the ad was actually an *animated* GIF and not just a static one. One could easily overlook that fact. The blip took a while to happen and as far as I can tell all it said was “Buy buy buy!” but it does point to the idea that these messages could be more than meets the eye.

    Lately I’ve been looking at the colors. The one thing that seems to change consistently in the investment spam-with-image I get daily is the color of the ad and the colors of the text. Certain lines are called out, with quotes in one color like: “WBRS is set to explode on Tuesday!”. Then it will say in black a bunch of gobbledygook like “World Barometric Radial Systems is the nation’s top leader in making Radial Barometers, and their stock is currently worth $0.00012 and set to go to $0.00013 on Tuesday.”

    Is there some countdown sequence going here, and anyone in the know can tell that what bit is gibberish and the important line is that something’s going to be bombed on Tuesday? Does it only happen if all the colors are lined up and confirmed? I don’t know. But one thing I do know is that the filters between email services are rapidly evolving into becoming no different from censorship.

    Comment by T. Binary Universe — September 4, 2006 @ 5:27 pm
  4. Fascinating. This link shows up today and here someone posts essentially a similar concept. However the blog link is bogus and the root domain is essentially advertising for a product well known as spam fodder. Additionally, the post origin is from Invine, CA and comes via a blog search for the words spam and conspiracy. Coincidence? A new form of automated blog-spamming? Is it for real? No idea, I’ll leave it posted for further amusement.

    Comment by Bob — September 4, 2006 @ 7:42 pm

Comments RSS

Sorry, the comment form is closed at this time.

Powered by: WordPress