Tuesday, April 24, 2018

Canary Trap with Zero-Width Characters


Someone within your team is leaking confidential information but you don’t know who. Simply send each team member some classified text with their name encoded in it. Wait for it to be leaked, then extract the name from the text - the classic canary trap.

Unlike various other ways of text fingerprinting, zero width characters are not removed if the formatting is stripped, making them nearly impossible to get rid of without re-typing the text or using a special tool. In fact you’ll have a hard time detecting them at all - even terminals and code editors won’t display them.

This JavaScript example lets you test out the claim that you can paste the text without losing the hidden data. Try pasting it into Notepad - which would normally strip out formatting - and then into a newly opened version of the demo site.

Countermeasures for journalists or others engaged with leakers, in decreasing order of effectiveness:
  • Avoid releasing excerpts and raw documents.
  • Get the same documents from multiple leakers to ensure they have the exact same content on a byte-by-byte level.
  • Manually retype excerpts to avoid invisible characters and homoglyphs.
  • Keep excerpts short to limit the amount of information shared.
  • Use a tool that strips non-whitelisted characters from text before sharing it with others.
You may also be interested in reading "Protecting Your Sources When Releasing Sensitive Documents".

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.