Protecting sources and methods

2007-10-20

in Geek stuff, Internet matters, Security

Rusty metal wall

By now, most people will have read about the Canadian pedophile from Maple Ridge who is being sought in Thailand. The story is a shocking and lamentable one, but I want to concentrate here on the technical aspect. INTERPOL released images of the man, claiming they had undone the Photoshop ‘twirl’ effect that had been used to disguise him initially in compromising photos. While this claim has been widely reported in the media, there is at least some reason to question it. It is also possible that INTERPOL is concealing the fact that it received unaltered photos from another source, which could have been anything from intercepted emails to files recovered from an improperly erased camera memory card. It could even have been recovered from the EXIF metadata thumbnails many cameras produce. It is also possible this particular effect is so easy to reverse (and that the technique is so widely known to exist) that INTERPOL saw no value in keeping their methods secret. A quick Google search suggests that the ‘twist’ effect is a plausible candidate for easy reversal.

Providing an alternative story to explain the source of information is an ancient intelligence tactic. For instance, during the Second World War an imaginary spy ring was created by the British and used to justify how they had some of the information that had actually been obtained through cracked ENIGMA transmissions at Bletchley Park. Some have argued that the Coventry Bombing was known about in advance by British intelligence due to deciphered messages, but they decided not to evacuate the city because they did not want to reveal to the enemy that their ciphers had been compromised. While this particular example may or may not be historically accurate, it illustrates the dilemma of somebody in possession of important intelligence acquired in a sensitive manner.

Cover stories can conceal sources and methods in other ways. A few years ago, it was claimed that Pervez Musharraf had escaped having his motorcade bombed, due to a radio jammer. While that is certainly possible, it seems unlikely that his guards would have reported the existence of the system if it had played such a crucial role. More likely, they got tipped off from an informant in the group responsible, an agent they had implanted in it, or some sort of communication intercept. Given how it is now widely known that email messages and phone calls worldwide are regularly intercepted by governments, I imagine a lot of spies and informants are being protected by false stories about communication intercepts.

In short, it is fair to say that any organization concerned with intelligence gathering will work diligently to protect their sources and methods. After all, these are what ensure their future access to privileged information in the future. While there is a slim chance INTERPOL intentionally revealed their ability to unscramble photographs as some sort of deterrent, it seems unlikely. This situation will simply encourage people to use more aggressive techniques to conceal their faces in the future. It is also possible that, in this case, they felt that getting the man’s image out was more important than protecting their methods. In my opinion, it seems most likely that ‘twist’ really is easy to unscramble and that they saw little value in not publicizing this fact. That said, it remains possible that a more complex collection of tactics and calculations has been applied.

Report a typo or inaccuracy

{ 11 comments… read them below or add one }

Neal October 20, 2007 at 6:19 pm

When I first heard about this, I wasn’t aware that the unswirled photo had been released, but I knew that it would be easy to do. All that is necessary is to reverse the transform that produced the swirl. Relatively little information is destroyed by this process. The image is just distorted.

This Metafilter thread may be relevant.

Tristan Laing October 20, 2007 at 7:04 pm

This isn’t really related to this post, but I’m asking it anyway. My keyboard is old, dirty and tattered. Often keys go wonky and I have to fix them. Can I get a new one for free, without sending my ibook away?

Milan October 20, 2007 at 7:11 pm

All that is necessary is to reverse the transform that produced the swirl. Relatively little information is destroyed by this process. The image is just distorted.

Even if reversing the operation is simple and this is well known among Photoshop users, it seems likely that it is a lot more widely known to be ineffective now. INTERPOL has paid some intelligence cost in exchange for the manhunt, though it may very well have been justified in choosing as it did.

Can I get a new one for free, without sending my ibook away?

I doubt you can get a new one for free at all, unless you want to steal one. Keyboards accumulating dirt is ‘normal wear and tear’ and thus quite legitimately not covered by warranties.

Neal October 20, 2007 at 7:34 pm

I figure INTERPOL decided that this wasn’t likely to happen again anyway, and they could gain more from revealing it than not. It just so happened that this inept (alleged) pedophile decided to use what he probably thought was a funny or unusual way to disguise his face, not knowing that this particular method is reversible. Besides, if they didn’t release a reversed swirl image, someone else surely would have.

Litty October 20, 2007 at 9:03 pm

INTERPOL may also have thought the technique would inevitably be publicized at the time of trial.

This makes it a lot more likely that there will be one.

Milan October 26, 2007 at 12:06 pm

Schneier on Security
A blog covering security and security technology.

Untwirling a Photoshopped Photo

Milan October 26, 2007 at 12:09 pm

“You know they were sitting on these photos for three years before they figured out how to “undoctor” them. There is no sophisticated techno-gummery involved: it’s simply the swirl filter in Photoshop. All they had to do was find the centre of the swirl (which is as simple as looking), drag an elliptical marquee round the area of the swirl and use the swirl slider to unswirl it. Why did it take three years to figure that out?
And here’s the really stupid part: why reveal that they’d undoctored the image at all? They should have just released the clear image and said nothing about how they managed to reveal the face. Now other paedophiles who might have used the same technique to obscure their own identities will use different methods. Investigators should NEVER reveal methodologies in these cases.

Posted by: Green Ink at October 26, 2007 08:09 AM”

. April 4, 2008 at 2:39 pm

In the years following Mata Hari’s death, the dancer-turned-courtesan and just barely turned-spy became a legend. She has been portrayed onscreen by Greta Garbo, Marlene Dietrich, Sylvia Kristel, and Jeanne Moreau. Some, usually the uninformed, take seriously the prosecutor’s flamboyant description of her as “the greatest woman spy.”

However, Mata Hari’s career as a spy was short-lived and unproductive. Whether or not she was ever the double agent she was thought to be is highly debatable. Her execution by the French may well have been a serious miscarriage of justice. Yet she is one of the most famous spies in history, largely because she was already famous as an entertainer before she entered the shadowy world of espionage. However, her true talents, for which she was justly famous, were not in espionage but in exotic dancing and pleasing men.

. November 9, 2010 at 11:30 am

David Kahn, “How the Allies Suppressed the Second Greatest Secret of World War II,” The Journal of Military History 74 #4 (October 2010): 1229-1241.

In 1945, the British and American chiefs of staff ordered that information about the Allied solution of German cryptosystems be excluded from their official histories of World War II in order to preserve an intelligence advantage. This left the world with an incomplete but not an erroneous account of that struggle. Despite a few leaks, not until Group Captain F. W. Winterbotham revealed those solutions in 1974 did that story begin to emerge fully. An unexpected consequence was to bolster British pride.

. February 22, 2011 at 10:31 pm

However, CSIS has argued vehemently against uncensored release of the information. In an affidavit, the agency’s access-to-information co-ordinator, Nicole Jalbert, has maintained full disclosure could risk the lives of confidential informants and compromise the agency’s ability to conduct secret surveillance.

She has said secrecy is vital for any files containing names of sources or intelligence agents, even if they’re long dead, or offering a glimpse of how security agencies conduct their business. She has said such files should remain secret ”maybe longer” than 100 years, although ”perhaps not forever.”

”The requirement for secrecy with respect to past and current activities of a security intelligence agency is essential,” according to Jalbert. ”The origin of information, its extent and the methods by which it was obtained must remain secret.”

However, Champ said such indefinite secrecy is antithetical to democracy.

”Intelligence agencies see their work as somehow exceptional, that only they should ever be allowed to see what they do. I don’t think they understand or truly grasp that secrecy is the exception in a democracy,” Champ said.

. May 26, 2013 at 12:32 pm

CSIS knew of navy spy’s activity but held file back from RCMP: CP

OTTAWA — Canada’s spy agency clandestinely watched a navy officer pass top secret information to Russia for months without briefing the RCMP — a previously unknown operation that raises questions about whether Jeffrey Delisle could have been arrested sooner.

The Canadian Press has learned that the U.S. Federal Bureau of Investigation alerted the Canadian Security Intelligence Service to Delisle’s illicit dealings with Moscow well before the Mounties took on the file in December 2011 and later brought him into custody.

CSIS ultimately decided not to transfer its thick Delisle dossier to the RCMP.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

{ 2 trackbacks }

Previous post:

Next post: