Section 3.8. Is It Really Spam?

3.8. Is It Really Spam?

The amount of spam that I receive everyday is absurd. All spam is stupid, but some is more stupid than others, and it amazes me how many emails I get from the widows of Sonny Abacha, Yassir Arafat, and various oil company executives, all offering a piece of the action if I help them transfer their millions out of their respective countries. These are the so-called 419 advance payment scams that we are all familiar with. At this point almost everyone on the planet must know about the scam and so you would think this type of email would be on the decline. But I seem to get more of them every day. Perhaps there is more to it than meets the eye.

One theory is that some of these are not spam at all. Embedded within their usual colorful prose are hidden messages that will only be noticed by those who know where to look. The rest of us will treat the emails as spam and ignore them.

In principle, it's a simple and effective way to broadcast secret messages to members of a criminal gang or terrorist group. Anyone monitoring Internet traffic, even if they focused on emails received by a single address, would find it difficult to distinguish one piece of fake spam from the torrent of real spam that many of us receive every day. Even having achieved that, it would be impossible to identify the intended recipient among the thousands of other people who received the same message.

Spy novels from the Cold War era were full of agents passing messages to one another via cryptic classified ads in the back pages of the Times. Fake spam could well be the modern equivalent.

The ways in which a secret message could be embedded in an email are countless. The message ID string could represent a phone number. The first letters of each line could form a sentence. The pixels of a photograph could contain hidden text. These are all examples of steganography , an approach to hiding information in plain sight that has been used since the days of ancient Greece. Whereas encryption makes the content of a message unreadable to everyone but the sender and the recipient, steganography hides the message within a larger block of information. The two approaches are complementary. Steganography has received a lot of attention in recent years as a way to embed information within photographs or audio tracks. For example, it is possible to change the low order bits of pixels in a photograph with no noticeable impact on the image quality. Algorithms exist that embed a message throughout the image and that can extract the message at a later date from a copy of the image, or even a fragment thereof in certain cases. The hidden message can represent a copyright statement and be used to track the illegal copying of images.

Text is a poor substrate for steganography compared to images. If you mess with the bits of any character, then you get a different character and the text will not make any sense. Instead you need to define sets of equivalent words and phrases and use the information content of the hidden message to direct the selection from those alternatives. This might appear overly complicated, but you can experiment with the concept courtesy of the web site http://www.spammimic.com . SpamMimic is based on an idea by Peter Wayner and uses a grammar derived from sentences typically found in spam. On their web site, you can enter the text of your secret message and their algorithm will use it to assemble a realistic looking piece of spam. The bits of information from your message are embedded throughout the resulting spam in such a way that it can be decoded by pasting the text back into the web site. The system has a very low capacity for embedded informationin contrast to a photograph, for exampleso it works best with short messages. Here is an example of the spam it generates, giving the message "Meet me at 8":

     Dear Friend , This letter was specially selected to     be sent to you ! We will comply with all removal requests     ! This mail is being sent in compliance with Senate     bill 1621 ; Title 5 ; Section 303 ! Do NOT confuse     us with Internet scam artists . Why work for somebody     else when you can become rich within 38 days ! Have     you ever noticed people are much more likely to BUY     with a credit card than cash & nearly every commercial     on television has a .com on in it ! Well, now is your     chance to capitalize on this ! We will help you sell     more & SELL MORE ! You can begin at absolutely no cost     to you . But don't believe us . Ms Anderson of New     Mexico tried us and says "Now I'm rich many more things     are possible" . We assure you that we operate within     all applicable laws . DO NOT DELAY - order today .     Sign up a friend and your friend will be rich too !     Best regards .

If this message arrived in my Inbox, I would definitely treat it as spam and delete it, unless I knew to look out for it.

It is a fascinating area of technology, but is there any evidence that the technique has actually been used? If you search Google, you will find plenty of people suggesting that it can and does occur, but no hard evidence as yet. In the era of global terrorism, this must be a growing concern for those at the National Security Agency and others tasked with monitoring electronic communication.