Steganography Tools by Neil F. Johnson, Ph.D. JJTC.Com

Steganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information.

NOTICE: Some of the programs listed here contain strong encryption components, and the export of them from the US is restricted by the EAR regulations. In order to avoid violating these restrictions, the application are NOT hosted on this site. Binaries are not linked from this page - please refrain from linking directly to binary files for download when adding new tools.

Information Hiding: Steganography and Digital Watermarking by Neil F. Johnson

Other Links:

Guillermito classifications: (Ideas)

1. Adding data at the end of the carrier file (example: Camouflage, JpegX, SecurEngine for JPG, Safe&Quick Hide Files 2002, Steganography 1.50).
2. Inserting data in some junk or comment field in the header of the file structure (example: Invisible Secrets 2002 for JPG and PNG, Steganozorus for JPG).
3. Embedding data in the carrier byte stream, in a linear, sequential and fixed way (example: InPlainView, InThePicture, Invisible Secrets 2002 for BMP, ImageHide, JSteg).
4. Embedding data in the carrier byte stream, in a pseudo-random way depending on a password (CryptArkan, BMPSecrets, Steganos for BMP, TheThirdEye, JPHide).
5. Embedding data in the carrier byte stream, in a pseudo-random way depending on a password, and changing other bits of the carrier file to compensate for the modifications induced by the hidden data, to avoid modifying statistical properties of the carrier file (example: Outguess, F5).

Covert channels
File appending
Word substitution


Detecting Steganography: Stego Suite


Why Bother About BIOS Security? SANS InfoSec Whitepaper

OTP Vernam cipher
Cipher Machine Downloads

Metasploit Framework (Antiforensics):
SAM juicer

Anti-Forensics Class

Build your own botnet with open source software

Published in Wired How-to Wiki: This how-to article will take a closer look at using common open source components to create your very own botnet for the purposes for securing, protecting, load testing and managing your global internet infrastructure.

Also from Wired:

5 Easy Steps to Total Web Domination
Attack of the Bots

From eWeek: Is the Botnet Battle Already Lost?
Money Mules: The Hidden Side of Phishing

Permanent Denial-of -Service (Phlashing) Attack Sabotages Hardware

Experiences to Go: Teaching with Intelligence Case Studies by Thomas W. Shreeve

Long associated with teaching at the graduate level in business and public administration, the case method represents a structured approach to learning from the past. The method relies on the use of historically accurate, written descriptions of events or dilemmas that students read, analyze, and meet to discuss under the guidance of an instructor. Instructors use questions to guide the discussion toward a particular pedagogical destination rather than declarative statements that tell students how or what to think about a complex issue. Learning by the case method is active rather than passive, as students are explicitly made partners in the reduction of ambiguity surrounding complex, realistic issues.

Students who learn by the case method improve their analytic skills when instructors ask them to identify the problems at hand and they fortify their decisionmaking skills when instructors ask them to propose a plan of action to resolve the problems they have identified. Driven by the constructive conflict that typically results from a group’s examination of a complex issue, case-based discussions frequently also result in improved student ability to express individual convictions in the face of criticism from peers. Any description that provokes thoughtful reflection and is historically accurate may be considered for use in a case-based class. The term “case” refers to a description of a dilemma that stops short of the outcome. The term “case study” refers to a description of a past event that has an outcome included in the document and thus is known to the students. Both vehicles are equally useful; case studies tend to be longer, more detailed, and more historical in tone.

The use of case studies as a basis for teaching in the intelligence profession requires a body of well-crafted cases and case studies that are relevant to the needs of students and faculty. There are a number of prospective sources for such material. External sources include civilian academic institutions such as the John F. Kennedy School of Government at Harvard. The JFK School’s catalog includes several dozen cases and case studies that may be appropriate for classroom use. This is particularly true for courses that feature the relationship between intelligence and national security policy; about a dozen JFK School cases examine this relationship in detail. Most of this material was created under a contract between the JFK School and the Central Intelligence Agency (CIA)’s Center for the Study of Intelligence. JFK School cases and case studies explore strategic issues, whereas CIA material addresses the tactical or operational levels of war, where many if not most JMIC graduates will spend their intelligence careers.

Another external source is the Intelligence Community Case Method Program, which has about 200 cases and case studies, many of which may also be appropriate for classroom use. Almost all of these are classified and cover a wide variety of dilemmas and events drawn directly from the experience of personnel from CIA, the State Department, the Armed Forces, and other elements of the U.S. Intelligence Community. Several of the case studies focus exclusively on military intelligence and counterintelligence issues, chiefly at the tactical and operational levels of war.

Other sources offer long-term value as they can be tailored specifically for classroom needs. One possibility is to convert selected existing master’s theses into case studies by careful editing and revision. The theses are available immediately and at no cost; however, a considerable investment of time and effort is required to convert them to the form of a case study. Another internal source is through faculty and student research and publication. Research by students supervised by faculty is probably the best long-term source of prospective cases and case studies.

Instructors who are unfamiliar with the case method or who need to refine their skills may benefit from attending an instructor workshop on the technique. Two workshops are conducted by Harvard University faculty, one in Cambridge meeting one afternoon per week for nine weeks and the other conducted sporadically at conferences of the American Society for Training and Development. The third is the CIA’s three-and-a-half day Case Method Teaching Workshop (CMTW), which can be conducted onsite.

Advantages of the CMTW include its low cost and the speed with which it can be used to familiarize a sizable number of interested instructors; it is also tailored specifically to the U.S. Intelligence Community. More than 250 Community instructors, including several from the Armed Forces, have attended the CMTW. Special iterations have been conducted for the U.S. Naval War College, the Armed Forces Staff College, the Marine Corps Command and Staff College, and the Navy and Marine Corps Intelligence Training Center. Experience at several military educational institutions suggests that the use of cases and case studies can result in successful, engaging discussions.

Colonel Thomas W. Shreeve, USMCR, is the creator of the Community’s Case Method Program and was its director for several years. He learned the craft of case method teaching first as an MBA student at Harvard Business School from 1981 to 1983, and later as a research associate and casewriter. Tom has taught throughout the Intelligence Community using cases, and is the author of about one-third of the current catalog of cases and case studies. Colonel Shreeve is a former faculty member of the Master’s Program for Reserves at the Joint Military Intelligence College, and of the Adjunct Faculty at the Marine Corps Command and Staff College in Quantico, Virginia. For several years, Colonel Shreeve, in CIA’s Office of Training and Education, developed and refined the case-study method of teaching intelligence principles and procedures. His cases, including some used at Harvard University’s John F. Kennedy School of Government, are realistic and historically accurate. The validity of intelligence case studies presupposes the existence of academic theory or, alternatively, worldly practice that constitutes “theory-in-action.” The National Foreign Intelligence Community, of course, offers a quintessential example of the latter, making the case studies described here both valid and reliable for a variety of instructional environments. Colonel Shreeve’s advice and examples for writing a teaching note can guide a novice case-method instructor toward an effective classroom analysis of cases. He maintains a website on the Intelligence Community Case Method Program at and he may be contacted at

Readers should recognize that a good deal of difference exists between the teaching oriented case studies in this paper, on the one hand, and research papers using the case study design wherein sources are explicitly identified, the event context more fully explored, and the research questions carefully related to a theoretical superstructure through pertinent conclusions. Case studies generate important questions for student consideration, using the broad range of evidence derived from empirical observations by respective authors and other contributors to each case.

Teaching and the Case Method

The Case Method

How the Case Method Works
When students are presented with a case, they place themselves in the role of the decision-maker as they read through the situation and identify the problem they are faced with. The next step is to perform the necessary analysis—examining the causes, considering alternative courses of actions—to come to a set of recommendations.

To get the most out of cases, students read and reflect on the case and then often meet in small study groups before class to "warm up" and discuss their findings with other classmates. In class—under the questioning and guidance of the professor—students probe underlying issues, compare different alternatives, and finally, suggest courses of action in light of the company's objectives.

As a case study unfolds in class, students do 85% of the talking, as the professor steers the conversation by making occasional observations and asking questions. This classroom interaction is enriched by the 80-90 individuals from diverse industries, functions, countries, and experiences.

During their time at Harvard Business School, students study and prepare over 500 cases—a transforming experience that helps them to recognize the unique aspects of different situations, define problems, suggest further avenues of analysis, and devise and implement action plans. Once they finish the program, HBS graduates have the confidence they need to go off and tackle the many business challenges they will face in their careers.

The Second Cold War and Corporate Security by Fred Burton and Scott Stewart


A lot has been written about last month's conflict between Russia and Georgia, and the continuing tensions in the region. Certainly, there were many important lessons to be gleaned from the conflict relating to the Russian military, Russian foreign policy and the broader geopolitical balance of power.

One facet of the Russian operations in Georgia that has been somewhat overlooked is the intelligence aspect. Clearly, the speed with which the Russian military responded to the Georgian invasion of South Ossetia indicates that they were not caught off guard. They knew in advance what the Georgians were planning and had time to prepare their troops for a quick response to the Georgian offensive.

It is important to remember that the Russian operation in Georgia did not happen in a vacuum or without warning. It was a foreseeable outcome of the resurgence of Russian power that began in 1999 when Vladimir Putin came to power, and an outward demonstration of Russia's increasing assertiveness. One important element of Russia's ascendancy under Putin has been a resurgence of the Russian intelligence agencies. The excellent intelligence Russia had regarding Georgian intentions in South Ossetia is proof that the Russian intelligence agencies are indeed back in force. But Putin's rise to power clearly demonstrates that while these intelligence elements may have been weakened, they were never totally gone.

As pressure continues to build between Russia and the West -- and as we perhaps slip closer to a second Cold War -- it is worth remembering that an actual armed conflict between NATO and the Warsaw Pact never took place despite military tension and some warfare between proxies. Rather, the Cold War was fought largely with intelligence services. Certainly, the Cold War led to the birth and rapid growth of huge intelligence agencies on both sides of the Iron Curtain. These intelligence agencies will also play a significant role in the current strain between Russia and the West.

The world has changed dramatically since the fall of the Soviet Union in 1991. In this age of globalization, e-commerce and outsourcing, there are many more Western companies with interests in Russia than during the Cold War. This means that an escalation of Cold War-type intelligence activity will have profound effects on multinational corporations.

Historical Context

The time period following the fall of the Soviet Union was catastrophic for Russia -- workers went unpaid, social services collapsed and poverty was epidemic. The oligarchs seemingly stole everything that was not nailed down and organized crime groups became extremely powerful. Public corruption, which had been endemic (though somewhat predictable) in the old Soviet system, worsened dramatically. Many Russians were ashamed of what their country had become; others feared it would implode entirely.

Into this chaos came Vladimir Putin, a former Soviet intelligence officer who ascended in Russian politics due in part to his significant connections. But Putin's rise was also largely aided by his firm handling of the second Chechen war in 1999 and the fact that he offered the Russian people hope that their national greatness could somehow be restored. While Putin left the Russian presidency in May 2008 and is now the prime minister again (as he was in the final months of the Yeltsin presidency), he continues to be immensely powerful and extremely popular. Most Russians believe Putin saved Russia from sure destruction.

A major part of Putin's strategy to regain control over the government, economy, oligarchs and organized crime groups was his program to reorganize and strengthen the Russian intelligence agencies, which had been severely atrophied since the fall of the Soviet Union. During the 1990s, politicians such as Mikhail Gorbachev and Boris Yeltsin saw a powerful intelligence agency as a potential threat -- with good reason. Because of this threat, laws were enacted to fracture and weaken the once-powerful agency. In 1991, the KGB was dismantled after a failed coup against Gorbachev in which some KGB units participated and tanks rolled onto Red Square.

Following additional failed coup attempts, the Federal Counterintelligence Service (FSK), the KGB's immediate successor, was split into several smaller agencies in 1995 under the perception that it remained too powerful. By creating competition among the smaller intelligence services, higher-ups hoped that additional coup attempts could be avoided. Following this shattering of the FSK, the counterintelligence core of the former KGB and FSK became known as the Federal Security Bureau (FSB). The foreign intelligence portion of the FSK became the Foreign Intelligence Service (SVR).

When Putin came into power, he instituted an ambitious plan to reconstitute the FSB. He has steadily worked to reconsolidate most of the splinter intelligence agencies back under the FSB, correcting much of the inefficiency that existed among the separate agencies and making the new combined agency stronger and more integrated. Moreover, since 1999, Putin has ensured that the FSB receive large funding increases to train, recruit and modernize after years of disregard. Currently, the SVR remains separate from the FSB, but other crucial components such as the Federal Border Service and Federal Guard Service have been reintegrated, as has the Federal Agency of Government Communications and Information (FAPSI), Russia's equivalent of the U.S. National Security Agency.

Additionally, Putin has tapped many former KGB and current FSB members to fill positions within Russian big business, the Duma and other political posts. Putin's initial reasoning was that those within the intelligence community thought of Russia the same way he did -- as a great state domestically and internationally. Putin also knew that those within the intelligence community would not flinch at his sometimes brutal means of consolidating Russia politically, economically, socially and in other ways. It could be reasonably argued that Russia has become an "intelligence state" under Putin.

Since assuming power, Putin has also worked to strengthen the Russian military and the GRU, Russia's military intelligence agency. The GRU was undoubtedly very involved in the operation in Georgia, as was the SVR. There are some who suggest that Russian agents of influence may have played a part in convincing Georgian President Mikhail Saakashvili to attack South Ossetia and spring a trap the Russians had set.

Implications for Business

Since the fall of the Soviet Union, foreign corporations have been very busy in Russia as they scramble for market share, attempt to profit from Russia's massive natural resources and seek to meet growing demand for consumer products. For these companies, growing Russian nationalism and tension with the West increases both the chance of regulatory and legal hassles and the possibility that Russian intelligence activity might be directed their way. In other words, as tensions rise, so could the risk for Western corporations.

Not all these problems are new. As a young KGB officer, Putin earned his living by stealing technology from the West. And he has since encouraged Russian intelligence agencies to expand their collection programs with the awareness that such information can assist the Russian economy and specifically the revival of the defense sector. While the Russians have an advanced weapons research and development infrastructure, they are very pragmatic. They do not see the need to spend the money to develop a technology from scratch when they can steal or buy it for a fraction of the cost and effort. This pragmatism was clearly demonstrated in their early nuclear weapons program.

Just as Russia's reinvigorated intelligence collection efforts were gaining steam, the United States was hit by the 9/11 attacks. As a result, domestic intelligence agencies in the United States and many other Western nations focused on the counterterrorism mission and diverted counterintelligence resources to help in that fight. It would take several years for the domestic counterintelligence efforts to get back to their pre-9/11 levels, and like the Chinese, the Russian intelligence services took broad advantage of that window of opportunity to recruit sources and obtain critical information from foreign companies. Additionally, the Russians have gone to great lengths to steal intellectual property from foreign firms operating inside Russia, either by infiltrating their companies with agents or by recruiting employees.

The Russians are not only drawn to companies that produce sophisticated military equipment. Like the Chinese and others, they are interested in collecting information on emerging technology that is not yet classified but has potential military application. These sectors include materials research, nanotechnology, advanced electronics and information technology. Ultimately, however, they will not turn their backs on the opportunity to obtain sophisticated current weapons system data.

Russian collection and recruitment efforts will also not be confined to Russia or the United States. The Russians can gain as much information by recruiting an American businessman in Tokyo, Vienna or Mexico City as they can from one they recruit in New York or Seattle, if they choose their target wisely. The Soviets and Russians have long enjoyed operating out of third countries. During the Cold War, their primary platform for collecting intelligence against the United States was Mexico City, and their preferred platform to collect against European targets was Vienna.

Former KGB officers are also heavily involved in trafficking Russian and Eastern European women for prostitution in Tokyo, Dubai and Miami. These former KGB officers could easily utilize their positions of access to identify potential recruits for friends at their old agency, perhaps for a profit -- consider how many former intelligence officers now are working as contractors for U.S. intelligence. The FSB/SVR might not be the KGB in name, but they clearly are the KGB in spirit and will not hesitate to use sexual or other blackmail if that is more effective than money, ideology or ego as a recruiting hook.

For Western companies operating inside Russia, an increase in tensions will, in all likelihood, mean an increased scrutiny of the companies' activities as well as an increased focus on their expatriate employees in an effort to recruit sources and to locate Western intelligence officers. Like it or not, all intelligence agencies use nonofficial cover to get their officers into hostile countries -- and corporate cover is widely used. Indeed, the Russians have long claimed that the United States and other countries have been using businesses and nongovernmental organizations to provide cover to intelligence officers seeking to undermine Russian influence in the former Soviet Union and to operate inside Russia itself.

Nonofficial cover officers (referred to as NOCs in intelligence parlance) are intelligence officers without visible links to their government and therefore not protected by diplomatic immunity. For this reason, NOC operations are somewhat riskier. Harder to identify as intelligence officers, NOCs are frequently assigned to sensitive tasks -- those that a host country counterintelligence service would dearly love to learn about.

Keeping this in mind, Russian counterintelligence services will be carefully looking over the business visa applications of Western companies. Surveillance activities on expatriate employees will also likely increase as the Russians work to identify any potential undercover intelligence officers. They will also seek to recruit expatriate and local employees who can act as spotters to identify any potential intelligence officers.

This surveillance of Western businesses may apply to both corporate offices and employees' residences. Businessmen may be physically surveilled and their residences subjected to technical surveillance and mail/garbage covers. Domestic workers may also be recruited in an effort to collect information on their employers. Known or suspected NOCs will be carefully watched and will likely even be overtly harassed.

So far, we have not heard of the Russians directing this type of aggressive surveillance activity against U.S. companies, or of U.S. companies having problems obtaining visas for their employees. But as the tensions increase between Russia and the United States, and as intelligence operations become increasingly hostile, it is only a matter of time before they do.

This report may be forwarded or republished on your website with attribution to

Copyright 2008 Stratfor.

Traders, Guns & Money: knowns and unknowns in the dazzling world of derivatives by Satyajit Das

Warren Buffet once memorably described derivatives as “financial weapons of mass destruction”. Read this sensational and controversial account of the often dazzling business of derivatives trading, and see if you agree.

No money is ever really made in financial markets. Markets merely transfer wealth. As to how to make money? Well, it is basically theft, misrepresentation, lies, cheating, deception or force. It is impossible to make the staggering amounts made in derivatives in good years honestly.

Traders, Guns & Money is a wry and wickedly comic exposé of the culture, games, and pure deceptions played out every day in trading rooms around the world, usually with other people’s money. Whether you move in the financial world yourself, know people who do, or have money invested in stocks, shares or derivatives, this is a fascinating read guaranteed to make you think.

Satyajit Das is a leading international authority in the area of financial derivatives and treasury management. He was the treasurer for the TNT Group on Australia for six years. Prior to this he worked in the Commonwealth Bank of Australia, Citicorp Investment Bank and Merrill Lynch Capital Markets. He is the author of Swap Financing and has published widely on financial derivatives, corporate finance, treasury and risk management. He has presented seminars on financial derivatives and treasury management/corporate finance all over the world.