Canary Trap
- Tanha Patel
- Jun 20, 2019
- 3 min read
It’s a type of information security. It is strategy of identifying the means of information leak. The information is circulated having multiple versions, like having little changes to different entities. So, when information is leaked then it became easy to identify the source of information leakage but distinguishing the version of data circulated.
For example, if any of the author wants to check that which publisher can leak his manuscript then he/she will give different manuscripts to different publishers. And will wait for the information to be leaked. And by analysing the version of manuscript leaked, the author can easily get that which publisher is source to such information leak.
Actually, this method is referred as BARIUM MEAL TEST (it is referred such because barium meal test is test which makes digestive system visible during x-ray by some specific drink. And this is also the method to search for the hidden things using some kind of information. So, canary trap is compared with barium meal test.) Which is used for years by some agencies like MI5 and many more, according to the book Spycatcher by Peter Wright.
If we are doing some confidential work and want to know that whether any type of information leak happens or not then canary trap is used. Different versions are created from the original document and are given to different peoples or sometimes some organizations. This act is termed as Canary trap by Tom Clancy in his novel Patriot Games. Although he has not invented it. The suspect who revealed the information is identified on basis of given unique samples.
One of the known canary trap case has been noticed in 2008, at Tesla Motors. As the new series of Tesla Motors has been leaked, Elon Musk (CEO of Tesla Motors) used this trap to catch the suspect. He sent emails to all his employees having the information about new non-disclosure agreement, all having little changes. After the distribution of such information, the suspect caught was company’s general counsel.
Also NBA has fined $500,000 to Joe Dumars, who plays for Detroit Pistons in 2010. He is fined due to leaking many confidential information to Yahoo! Sports NBA insider Adrian Wojnarowski. This is NBA’s months-long sting operation. In which NBA distributed memos to each team having some data change in every sent version. And as result, Joe Dumars caught red-handed for such information leak, according to Kevin Draper of NewRepublic.com.
Examples of Canary Trap:
It is done by embedding some digital information in each version so, below I have stated some ways of Canary trap.
Watermark: Each version can be embedded with different watermarks.
Coded Anti-Piracy: If we are adding any kind of videos in the circulated data, then encode the video clips with patterns of dots, which should be different in each version.
Serial No.: Traceable serial numbers may be embedded in each prototype.
Design Specification: Each distributed copy can have a unique false specification which is distinguished easily.
Stenography: Any kind of secret message is embedded inside other text or in most of case in images.
Zero-width Spaces: Most widely used method. In this method, some invisible Unicode characters are inserted between two words. Generally they are invisible but when copied or pasted, they will create persistence (invisible fingerprints in digital text).
Want to know more about ZERO-WIDTH SPACES???
My next post will be about hiding secret messages in plain sight with Zero-Width characters.
Comments