> MMO's are packed with possible communication channels in addition to chat. Ever wonder if that annoying gnome in the auction hall is jumping in morse code? Could signals be sent with bids? Could a character's inventory contents be arranged to leave a message to someone else who shares the login info? Is that nonsense coming from what you presume to be a bot-controlled gold-farming crew really nonsense?
Precisely. WOW itself is the first level of steganography ("I'm not communicating, I'm gaming"), but one can think of many more, inside and outside of MMOs.
Given proper use of steganography, small groups will always be able to communicate with low risk of detection. But for obvious reasons, you will always have to roll your own scheme, and may end up overlooking aspects that render it insecure.
Funny that you mention steganography and WoW. Turns out that Blizzard watermarks your screen as you play with information like your server, user info, etc.
Not adding to the discussion in any way, but I really enjoyed scanning through this, knowing the information had already been decoded, and seeing people post 'you're all morons, it's just a jpg artifact!'
Of course you can use online gaming as an avenue of steganography.
The whole point of steganography is that you're supposed to transmit information while simultaneously concealing the fact that information even exists in the first place.
As long as you have a premeditated code, you can use practically anything to facilitate such communication, and the chances of it being uncovered are dubious.
This does not justify such ridiculous intelligence operations.
Is anyone aware of articles or books that deal with the creation of these types of systems? I'm guessing some sort of cryptography text would lead to it, but the last sentence of your post has me particularly interested. What kind of considerations need to be made when creating such a system, especially in today's age?
Nope, cryptography != steganography. The situation with stego, currently, is much the same as the situation with crypto was before the invention of public key encryption: truly high-grade stego is only available to governments, mostly because nobody knows how to do it in a secure way. In other words, stego is an art, not a science, just like crypto was before PKE. There are no good texts as far as I'm aware.
Passing information through channels not explicitly intended to carry that information is called a covert channel attack. Lots of links from the wikipedia page:
It's important to realize that any system of any size will be packed with covert channels; the thing to do is try to identify them all and drive their bandwidth down to an acceptable level.
If you have organized group you can probably use methods like codebook with Huffman coding to reduce message length a lot. Plain text is very sparse form of communication, compared to good codebook which suits the needs.
Btw. This is over 20 years old stuff. MUDs in very early 90s were used for all kind of communication. - Nuff said.
Also utilizing chaffing and winnowing allows you to use almost any kind of service to transfer your data. You'll just hide it in the junk. Only receiver will know what's meaningful and what's not.
One must be careful with it. IIRC, Anna Chapman was a pro among Russian spies, but at one point she got so confused by the steganography software on her laptop that she asked another known spy for help in using it ... before she realized she was talking to a CIA agent trying to figure her out.
There was a sad time where one (or more) of the gold sellers was suiciding their characters such that the bodies on the ground formed the letters for a URL. It was a very strange thing to see but if you were flying above the dead bodies you could pretty clearly see the URL.
Precisely. WOW itself is the first level of steganography ("I'm not communicating, I'm gaming"), but one can think of many more, inside and outside of MMOs.
Given proper use of steganography, small groups will always be able to communicate with low risk of detection. But for obvious reasons, you will always have to roll your own scheme, and may end up overlooking aspects that render it insecure.