Wednesday, November 26, 2008

Secret Messages in Google's SearchWiki System???orthogonal terwilliger accordion

Sending Secret Messages Via Google's SearchWiki System
Greetings. I've previously written of some concerns associated with Google's new "SearchWiki" feature, a concept with considerable merit in theory, but as currently implemented appears to be easily abused.

Up to now I've noted the issues of "electronic graffiti" and similar problems associated with the current unmoderated SearchWiki environment, which also lacks site opt-outs, simple user opt-outs, or useful comment control mechanisms of the sort that do exist for Google's YouTube.

It appears that SearchWiki also provides an interesting platform for the global distribution of secret messages. By allowing users to attach publicly viewable, arbitrary comments to virtually any URLs returned in Google search results, SearchWiki can be used as a gigantic "spread-spectrum" secret message transmission medium.

Users need only associate individually innocuous message fragments (which may themselves be encoded in a wide variety of ways) as comments to the limited set of URLs returned by obscure Google search queries.

Without knowing the exact search query used to "aggregate" the comment set in any specific case, outside parties who might stumble across individual message fragments (as comments on arbitrary URLs) would be extremely unlikely to recognize them as parts of a coherent message, and would have no simple technique to locate the other parts of the message in any case. This is a key attribute of the described technique -- a message that is dispersed in this manner is unlikely to even be recognized as a message worthy of attention or log-based analysis.

Before I present an example, a few additional points of note.

Users must be logged in to Google with their Google accounts to attach or see SearchWiki comments. While for this example I created all message fragments with the generic nickname "Searcher" from a single account, in practical use it is likely that users would submit fragments from different accounts, and probably from different IP addresses. Google accounts can be easily created in just a few minutes, and using different accounts would not only help to defeat algorithmic methods that might be aimed at slowing comment submissions, but also could complicate associated forensic analysis of activity logs. By staging message fragment submissions in various ways over time, algorithmic detection of message creation patterns could also be made more difficult.

While Web pages and search results are typically ephemeral in nature, initial experiments suggest that they are stable enough over periods of time that would be useful for the sending of messages as described.

For this trivial example, I have created ten simple plaintext sentences that are attached to ten URLs. I cannot guarantee how long these comments will be present, and other comments may be added, since this query will now be widely publicly known (which wouldn't be the case in a practical use of this technique).

Each comment has been sequence numbered in an obvious fashion for demonstration purposes. Comments were individually created then the "promote" up-arrow was selected for each associated URL (this "promotion" step appears important to enable the rapid appearance of comments to other Google users).

In practical use, sequence information would most likely be kept more obscure. Keeping the actual comments in some form of plaintext would help avoid possibly being deleted as "unintelligible" text, though of course the actual meanings of the text words could be subject to code-based obscuring techniques. With a bit of effort, any data, including images, could probably be transmitted in this manner.

Only one word in each of the ten comment sentences for this basic example is part of the actual secret message. Your mission is to derive the complete secret message, which is currently dispersed across the space of Google's search database.

To aggregate the message fragments, you need to enter the appropriate search query into Google, while logged into a Google account. Then select the "See all notes for this SearchWiki" link at the bottom of the page. You should then be able to see comment links associated with a number of the associated URLs. Click on the links as necessary to view the actual comment texts, remember the encoding procedure I outlined above, and the secret message is yours.

One final thought before we begin. If I can use this technique, we can be sure that other parties can use it as well, including entities who would figure it out on their own without ever seeing this blog item. Forewarned is forearmed.

Special thanks to Lou Katz of Metron Computerware for his assistance in the testing of this technique.

OK, let's start. The secret message keyword search string is:

orthogonal terwilliger accordion

From-Lauren Weinstein's Blog

No comments:

Post a Comment