RJS Software

Hoaxicane Sandy

It’s that time again.

Whenever a major media event happens (like Hurricane Sandy), we are inundated with news. Sometimes that news is useful, but often it merely exists to create FUD… Fear, Uncertainty and Doubt. While I have not personally seen any malware campaigns capitalizing on the event yet, it is inevitable. The pattern is generally as follows:

  1. Event hits the news as media outlets try to one-up eachother to get the word out.
  2. People spread the warnings, making them just a little bit worse each time they are copied.
  3. Other people create hoaxes to ride the wave of popularity.
  4. Still other people create custom hoaxes to exploit the disaster financially.

A few minutes ago, at least in my little corner of the internet, we hit stage 3 when this image was posted:


( From here. )

Now, as someone who plays with photography, I was a bit suspicious, but as a security person, I can actually prove some things here.

The first tool I want to discuss is FotoForensics. Check out their analysis.

See how the statue of liberty and land on which she stands is much brighter than the background? That indicates that that image has been pasted on top of the other, so we know it’s fake.

Sometimes, though, this trick doesn’t work. If someone is making a good hoax, they can change the error levels to prevent easy detection. That’s where our next tool comes in. TinEye is awesome.

Look what happens when I do a reverse image search on the suspicious file here. (TinEye results expire after 72 hours, so if you’re slow to read this, just past the URL of the photo into their search box.)

TinEye, by default, is going to try to find the best match. But that’s not what we want. We want the original. Luckily, when people make hoaxes, they usually shrink the image to make it harder to find the signatures of a hoax. So we just click to sort by size and there we have what it likely the original:

ETA: Original can be found in this set by Mike Hollingshead.

Then it lists a bunch of sites that have stolen this image to use without credit. (That’s a different post.) You can then click on the “Compare” link for the likely original and see what they did. By flipping between the versions, you can see that they added the Statue of Liberty, the water and the boat. They also shrunk the image and made it darker… because darker is scarier, apparently.

The important thing to realize here is that the attacker is trying to manipulate you. By spreading fear, they are making you more susceptible to future attacks. By taking advantage of your uncertainty and doubt, they put you in a position where you will do unwise things to gain an element of certainty in your life. Does this matter that much in an image hoax? Probably not. But it does matter when you start getting fraudulent emails convincing you to “click here” to help victims of the hurricane.

Uncertainty and doubt can work against you, but it can also work for you. When the attacks come … likely in a few hours, approach them with suspicion. If you’re in the path of the storm, trust the names you recognize, like Google and The National Weather Service. If you’re not in the path of the storm and want to send aid, go with The Red Cross. If anyone else you don’t know asks for your money or your clicks, ask yourself what they have to gain.

Be Sociable, Share!

Date: Oct 29, 2012

Filed under: Security News, Security Rants

Tags: , ,

12 Comments

1.  Jim

"See how the statue of liberty and land on which she stands is much brighter than the background? That indicates that that image has been pasted on top of the other, so we know it’s fake." -- No, that's not true. Fotoforensics, and the techniques it uses, is a joke. You see the exact same thing if you use a _real_ image of the Statue of Liberty. For comparison: http://fotoforensics.com/analysis.php?id=0627df13b630acdd9eb580792ac86f2e5c8a33a5.70866

Posted October 29, 2012

2.  Danny

Image analysis is nice, but overthinking the problem. The simplest indicator that this image is a fake is the tiny little detail that hurricanes are always hundreds of miles wide and never, EVER look like a tornado. Or alien mothership.

Posted October 29, 2012

3.  Dan Kaminsky

There is very little evidence supporting Error Level Analysis. You'll note that in this particular example, anything with high frequency noise is light, and anything without it is dark. You could argue "everything pasted was high frequency, and everything not pasted was low frequency" but then you're measuring the combined result, not the individual sources.

Posted October 29, 2012

4.  Dan Kaminsky

For another example, see this photo. http://fotoforensics.com/analysis.php?id=ef26cc53030e649ebf3ea7b274f4f0ffdda67248.38147 We definitely have images from many sources...good luck separating them from this analysis.

Posted October 30, 2012

5.  Sam

Nice to know about that FotoForensics tool. Google reverse image search also finds the original photo as a "similar image". Sometimes google finds images that tineye can't, and vice versa. I tend to use google first.

Posted October 30, 2012

6.  Phil K

Here's another version of the fake photo ahown above. Much better than the original fake! http://instagram.com/p/RY5MdCmV19

Posted October 30, 2012

7.  Aaron

If anything the original photo looks more fake according to the fotoforensics. http://fotoforensics.com/analysis.php?id=652bd9f908354f67273b227b2d8e2fb6220554cd.67641

Posted November 1, 2012

8.  Phil S

As Danny said, before data analysis, there are factual clues that this image is a fake. Using google map and free astronomical tools, you can also quickly figure that the setting sun is not at the right place for this location at this time of the year.

Posted November 1, 2012

9.  Stay Curious – #InfoSec Roundup | I Tech, Therefore I Am

[...] You can avoid being (easily) tricked by fake photos with these tools. [...]

Posted November 3, 2012

10.  Bob

How many times have you seen a television reporter on a beach repeating "Even though Hurricaine X is still 300 miles away, the waves here are 12 feet..." But in the photo there is barely a chop in the harbor- and the boat merely ascertains it by adding scale. Worse, the boat draws the eye to that area of the photo. Immediately above it we note that there is a large crowd on Liberty Island. The forger didn't even try very hard.

Posted November 6, 2012

11.  Snorri Thor

Has anyone noticed that the shades appear on the sunny side??? Very obviously two images with different light direction, especially appearant on the statue itself. It´s lit from the front, but the "sun" is behind it.

Posted November 6, 2012

12.  Dr. Neal Krawetz

@Dan Kaminsky "There is very little evidence supporting Error Level Analysis." Just because you don't understand how it works and most people use it wrong (by ignoring the impact from image quality) does not mean it doesn't work. Other researchers have already published variations of the work in peer-reviewed journals. A few examples: http://www.cs.dartmouth.edu/~farid/dfd/index.php/attachments/single/259 http://asp.eurasipjournals.com/content/pdf/1687-6180-2012-190.pdf http://www.mva-org.jp/Proceedings/2009CD/papers/03-10.pdf Remember a few years ago when you asked to review my code? You exact words were "throw me a bone" because you wanted in on the sudden craze that the media was hyping. As I told you then, you are not known for your knowledge in digital photo forensics, so I declined your offer. Regardless of what you might have found, your opinion would not carry weight since this isn't your field. Instead, my tools were being evaluated by the DC3 -- the worlds larged computer forensics lab. They found that it does what it claims.

Posted November 19, 2012

Leave a Comment








6 − one =

RJS Lean Security. The Smarter Way

The idea of perfect security is a trap.

Unlike you, attackers are not limited by resources, budgets, laws or ethics. They can launch any number of attacks from anytime or anywhere. This means you have to maintain a strategic balance between defense and response. Learn More

Always stay a move ahead of your opponent.

If you are constantly focused on reacting, you are not taking the time to learn and adjust your security strategy based on your experiences. Your attackers are constantly evolving, so you must, too … just a little faster. Learn More

Make better use of what you already have.

Before you invest in yet another expensive security project, fine-tune the security products you have in place. Are your defense systems fully-patched? Have you turned on all the necessary bells and whistles that came with your original product? Learn More

The right security strategy for right now.

The days of defining and executing a rigid multi-year security plan are over. Since attackers are incentivized for rapid change, you must also adapt to the always-evolving threat landscape. An inflexible security plan will create holes quicker than you can fill them. Learn More

Part of your team, not instead of your team.

Without a highly-skilled and experienced staff of security experts, it is extremely difficult to remain unscathed from the many possible attacks waged against your organization each day. Thus, it is sometimes necessary to leverage the knowledge of others. Learn More

A smart investment for smart growth.

Once your internal operations are working well and you are effectively using what you have, it's time to grow. But before you purchase another layer of protection, first identify what really matters to your business and create goals you can measure to see if your next project will indeed be a success. Learn More

About RJS Security

RJS Software provides information management solutions that allow businesses to improve productivity, make better decisions and save money. Our software helps organizations streamline data collection, digitize and manage documents, automate work processes and optimize data delivery.

Learn more at RJS Security

What We Do

How We Help

RJS Software 1-888-RJS-SOFT 2970 Judicial Road, Suite 100, Burnsville, MN 55337

Contact  |  Privacy Policy  |  Site Map

© 2010 RJS Software