The Hogwarts approach to hiding content in the web

There are several reasons why bad guys might want to make information available on the web, but not have it be accessibe to everyone, especially to those who are looking for them. For example, they may want to disseminate propaganda, do recruitment, or provide training.

I’ve written before about ways to do this: passwords, unusual protocols, virtual worlds, and so on.

Another interesting possibility is to exploit the ability to dynamically serve web pages to provide different versions of web pages,both at different times, and to requests arriving from different parts of world (geolocation now being reasonably well established, good enough that e.g. I can’t access Pandora from Canada).

The essence of the idea is that the link target of a hyperlink can change without the anchor text, and so the appearance, changing. So, for example, a link may point to a completely innocuous page for 59 minutes in the hour, but between 13 and 14 minutes past, may point somewhere else. The exact time is now readily available, and connection speeds on the internet in most parts of the world are good enough that it is possible to visit a particular web page within a given minute. So, if you know in which minute the ‘gate’ is open, you can arrange to go through it.

Of course, there’s still the possibility (a 1 in 60 chance) that a random visitor will go through the ‘gate’ so the basic scheme needs some extension. First the concealed target should look exactly like the regular (59 minutes) target, so that it’s not obvious to an accidental visitor that anything unusual has happened. Second, the scheme can be chained so that a secret link from the second page opens up during some other minute, making it much less likely that an accidental visitor will go through two gates. And the chain can be made as long as necessary to reduce the probability of an accidental passage.

It’s important that the url for each of the pages involved is dynamic so that the final destination (or any of the intermediate steps) can’t be bookmarked. Then each visitor must follow the path on each visit.

Of course, the knowledge required is the minutes when the window is open on each page, and not the exact path. Thus it is possible to open other possible paths during other minutes, and so provide red-herring paths for anyone who becomes suspicious and starts reloading a page every minute and seeing whether and how the source changes.

Of course, the pattern of minutes that the gates open can be made data dependent or changing in other ways that are computable by those who are in the know, but hard for others to figure out.

Since the key is a sequence of numbers in the range 1-60, it can be displayed fairly openly as long as its significance is not appreciated, for example, coded in the publication date and time of some otherwise innocuous and public document.

It’s possible that the length of the window can be reduced below a minute with some experience.


0 Responses to “The Hogwarts approach to hiding content in the web”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: