In my previous blog posting, I mentioned how some people really do "get it" when it comes to digital manipulation and photo fakery. However, others like "photographer" Nicholas Routzen and BP's Marc Morrison still don't understand why representing modified photos as if they were "real" is nothing other than fraud.

BP was heavily criticized in the media for releasing edited photos. In fact on 22-July-2010, White House Press Secretary Robert Gibbs even commented that it was sheer stupidity:

"I think it's genuinely on the stupidity part of the transparency scale," Gibbs said this afternoon at the White House daily briefing. "I mean, if you want to show a picture of what the room looks like, just take a picture."

Upon the discovery of BP's digital manipulation, BP decided to come clean. Sort of. It was actually more of a "throw the photographer under the bus" than an actual correction:

BP cast the blame entirely on a hired photographer and claimed to have no part in the decision to alter the photos. "One of BP's contract photographers used Photoshop to edit images posted on the bp.com Gulf of Mexico Response web site," the company said, adding, "[W]e've instructed the photographer who created the images to refrain from cutting-and-pasting in the future and to adhere to standard photo journalistic best practices."

Too bad this isn't an isolated incident... and it still has not stopped.

As part of their corrections, BP created a special Flickr set where they show the before and after photos of the three pictures that America Blog and Gizmodo identified as modified. However, BP is only showing the three outed photos.

Standard is Better than Better

I really like that phrase, "Standard Photo Journalistic Best Practices". There is no such standard. As I detailed last year, different organizations have different rules about acceptable manipulation. However, there are some generalizations that can be made.

For Photographers

In general, if the photo is supposed to represent something real then the person providing the photo to the media should abide by these guidelines (a combination of rules from Reuters, Associated Press, Getty Images, and other photo providers including China's Xinhua news agency):

• No splicing, no drawing. Whether it is for removal or enhancement does not matter. You never splice images and you never alter content. If Billy blinked during the photo, then the photo must have Billy's eyes closed -- don't draw in eyes or splice them from a different photo.
  
• Minor cropping. A little cropping from an edge ("little" as in "up to 5% from an edge") is acceptable if it does not remove a subject from the image. Major cropping, such as Morrison's removal of the entire upper half of the photo, chairs, and two people (before and after) is not permitted.
  
• Minor dust and speck removal. Minor dust and speck removal from a non-critical section of the photo is generally permitted. However, this really depends on the photo provider. Some providers (like the AP) are more critical than others. In general, if there is a tiny speck of dust on the lens that ends up looking like a distant UFO in the sky, then you can remove it. But if there are lots of specks, then you must suffer with a dirty picture (next time, clean your lens!). And if the speck is located on the subject matter (like Hillary Clinton's shoulder), then don't touch it!
  
• Minor color enhancements. Color corrections that do not alter the subject are permitted. As the AP described:
  

  Minor adjustments in PhotoShop are acceptable. These include cropping, dodging and burning, conversion into grayscale, and normal toning and color adjustments that should be limited to those minimally necessary for clear and accurate reproduction (analogous to the burning and dodging often used in darkroom processing of images) and that restore the authentic nature of the photograph. Changes in density, contrast, color and saturation levels that substantially alter the original scene are not acceptable. Backgrounds should not be digitally blurred or eliminated by burning down or by aggressive toning.

  
  In general, any acceptable, minor color enhancements should be equally applied over the entire image and not isolated to a specific region. Highly focused or region-specific color alterations are no different than drawing. ("Select all" or "select none", but if you touch the selection tool or magic wand then you are drawing.)
  
• After effects. Blur, sharpen, smudge, liquify, rotate, blend, and other enhancements are not permitted. Basically, if it is not found in the real picture then this is considered "drawing".
  
• Acceptable drawing. There are only two situations where drawing, such as blurring or using a black censor box, are permitted: (1) to protect anonymity, and (2) to prevent advertising. A blurred face, blurred logo on a hat or shirt, or black box over a license plate is acceptable. However, the blurring/drawing must be blatant and obvious.

For Media Outlets

The photographers who provide the photos to the media must abide by much stricter rules than the media outlets. In contrast, outlets are permitted to perform manipulations that match their medium and format. These include:

• Scaling and cropping. While the photographer must provide the whole picture, the media is permitted to crop it to show a specific subject matter. For example, the photo may show President Obama surrounded by thirty people, but USA Today may crop it to just show his head.
  
• Color adjustment. The media, particularly printed media, are permitted to color correct an image. The photographer's picture may be too dark or not print well for a magazine. The media outlet can, and usually does, color correct the image. In this case, the pictures may actually be color corrected in specific regions or specific color bands, and not applied uniformly across the image.
  
• Acceptable drawing. The media may also choose to blur faces, censor logos, or annotate features with arrows or circles that highlight specific items. However, these modifications must be blatant. The subtle removal of a logo, when discovered, can lead to sharp criticism (or worse).

BP used to take photos and use them in their advertising campaigns; anything goes in advertisements. However, that role has changed. Since the Gulf disaster, BP has been providing photos that document recovery and cleanup efforts to the mass media. As someone who provides photos to the media, BP is expected to adhere to the higher standard. BP should not be making modifications reserved for media outlets.

BP: Best Practices

Unfortunately, BP seems to be making up their "Standard Photo Journalistic Best Practices" as they go. While I have not seen any splicing in the last few days, some of their photographers are still taking liberties with the crop tool and recoloring. Here are a few examples from BP's Flickr feed. (Click on the photo to see the full picture.)

Creative Cropping


This photo by Marc Morrison is dated 26-July-2010 but was last modified on 27-July-2010. The full picture is 3981x1496. The problem is, the Canon EOS-1Ds Mark II does not take photos at these dimensions. The closest it gets is 4992x3328. This means that Marc cropped nearly 20% from the horizontal and over 55% from the vertical. So what did Marc not want us to see?

A few years ago I was told a story about a photo from China. It appeared to show a government vehicle with people standing around it cheering. But the uncropped photo showed the crowd throwing stones; the people were not cheering, they were yelling. Creative cropping can alter the meaning of a picture. For this reason, "Standard Photo Journalistic Best Practices" requires the photographer to submit the whole picture and not something with creative cropping. For all we know, there could be a dead whale on the right, and that gray structure in the top-left could actually be pollution filling the sky. If the picture has too much sky, then BP needs to let the media outlets decide what to crop.

BP's True Colors
Here's a very colorful photo by BP:



This photo by Harrison McClary is dated 26-July-2010 and last modified a day later. The image itself measures 3600x2400. That is close to a native resolution for the Canon EOS-1D Mark III, which can take pictures at 3888x2592 (cropped or scaled 7% horizontal and 7% vertical). However, McClary over-applied the color correction. We can see this in the color histogram (graphing HSV).



There are two things that really stand out as abnormal: (1) the clusters of blue and yellow at the top shows a blown-out color space, and (2) the wide color blobs are too wide, too tall, and too blended for a natural picture. This is not a typical color space for a Canon EOS-1D Mark III.

For a comparison, consider this sample photo from the same model camera (and not provided by BP):




Notice how the unmodified photo does not blow out colors at the extreme intensities, and has less-blended color bands. This is very typical for a digital camera, including cameras made by Canon, Olympus, Nikon, Ricoh, and other manufacturers.

So why would BP's Harrison McClary over-correct the color space? Perhaps he is inexperienced with cameras. Or maybe he really wanted that brown water to look blue. By blowing out the color spectrum, he has given the image a "clean" look -- the sand is white, the sky and water are blue, the tractor does not look dirty, and even the brown grasses look green.

Here's another example from Harrison McClary:




Again, the blue and green are blown out (blobs at the upper intensities). Also, notice how the orange spike actually curves with intensity (vertical). That's why they call it a "color curve adjustment".

Of course, McClary isn't the only one tweaking colors. BP's Robert Seale also did some color corrections.




Notice how Robert's dark red, blue, and green all lean toward the left at the top? While he didn't blow out the color range, he did adjust the sky, grass, and maroon stripe on the bookmobile (the RV in the background-right that says "Vermilion Parish Public Library").

Seeing Red

Dear British Petroleum,

If you want to us to believe that the pictures are real, then please release real pictures. Don't crop out stuff you don't want us to see. Don't make the sky and water look bluer. And most importantly, don't think that we won't notice.

Having been caught splicing images, BP promised to adhere to "Standard Photo Journalistic Best Practices". However, this is clearly not the case. While BP claimed that the modifications were limited to one photographer, the actual problem is more systemic. BP's photographers may no longer be splicing, but they are still striving to literally show that the grass is always greener. This isn't a problem with BP's photographers; this is a problem with BP.

This week really gave me a thrill. Readers, models, and even large companies have taken steps against digital photo manipulation in the media.

The first big congrats goes to Domino's Pizza. They recently announced a promise to use real photos of real pizzas in their advertisements. No more cardboard, glue, and partially-cooked food that looks "better" when photographed.

Our Photo Promise
Here at Domino's, we don't think our inspired Domino's pizza needs the "extra" things typically done to food at photo shoots to look mouth watering. Our pizza is good enough to stand on its own. That's why we're making the following promises about how we photograph our pizzas from this day forward. Did we just buck the food photography trend? Oh yes we did.

1. We will only photograph real, honest-to-goodness pizzas.
That means fresh from our own ovens, with exactly the same ingredients we deliver to your doorstep. Nothing else added.

2. Our employees will make the pizza we shoot.
Not an art director or model maker or food stylist. A Domino's employee trained to make pizzas the only way they know how: by hand.

3. We will not artificially manipulate the food we shoot.
No tweezers, no steam guns, no model knives cutting perfect perforations in the cheese. The only thing that will touch the pizzas we shoot is the pizza-maker's hands and a standard Domino's pizza cutter.

Russell Weiner, Chief Marketing Officer

Bravo! I've looked at some of the pizza photos on their web site and I must say: no detectable manipulation (beyond scaling and cropping, which does not modify the look of the food). Moreover, the food actually looks good! (Good enough for me to now have a pizza craving.)

Pizza Photo by Makena B. from Houston, TX

Worth the Wait

Not to be outdone, plus-size model (and super hottie) Crystal Renn just went on the record saying that she is offended by some photoshopping done to her picture. As she said in her Today Show interview this morning, "When I first saw the photos, I would have to say I was absolutely shocked." The photographer turned this well-known size-10 into much thinner version. (But at least he didn't give her noodle arms, right Ralphie?)

The photographer, Nicholas Routzen, has this reply:

I want to reiterate that I feel Crystal looks amazing in both images and the minimal retouching that I did do - it's nothing you wouldn't see in any magazine today. There is nothing hidden about this.

This tells me three things: (1) he sways to peer pressure (everyone else is doing it...), (2) he does not listen to the models that he shoots (Renn has been a strong voice against the unhealthy, unrealistic anorexic female shape that most of the fashion companies strive for), and (3) he photoshops his pictures. It makes me want to take a much closer look and see if he also does splicing, smoothing, and other common forms of deceptive manipulation.

However, I would not recommend browsing Routzen's blog. Some of his photos could easily pass for child pornography. (Full frontal nudity of a minor.)

Feeling Pumped

But I am saving my largest applause for America Blog and Gizmodo. These people have been looking at the media photos released by British Petroleum (BP).

It isn't enough that BP's runaway deep-sea oil well poisoned the Gulf of Mexico, after they lied to the United States by claiming that they knew how to handle any deep-sea accidents. Or when they repeatedly underestimated the amount of oil and would not assist scientists in creating an accurate estimate (we still don't know how much oil was leaked). Or that they only provided low resolution video feeds to the public while they had high resolution footage available. Or that they tried to stop the media from documenting the disaster. No... they also have to doctor pictures. (Is anyone really surprised?)

One photo has the title "Aerials over Gulf of Mexico". With a name like "aerials", one would think it would be taken from the air...

The problem is, the view out the window has been photoshopped. I noticed many things in this picture, but the people on Reddit just shredded the photo. Some of the findings:

• The display clearly says that the door is open, ramp is open, rotor brake is on, and parking break is on. There is no way this helicopter is in the air.
  
  
• The radar shows something to the far left, but nothing in front of him. Thus, no boats.
  
• There is a light that says APU GEN ON. This is the alternate power unit. It provider power until the engines are started.
  
• The pilot is holding a pre-flight checklist. (Ironic that his fingers are crossed.)
  
• Neither pilot is holding the flight stick!
  
• There is a waterbottle resting in the handhold above the guy on the right. The water in the bottle is smooth and flat -- no vibrations at all.
  
• The pilot on the left is wearing glasses. The glasses are reflecting some type of straight-line object. This is likely a runway or edge for the helipad.
  
• The outside water goes from clear blue to smokey. You can clearly see the waves in the blue and smokey areas, but the waves are fuzzy/blended where the two meet.
  
• The water is also blurry around the pilot on the left and near the top of the right window.
  
• The edge of the boats on the left are precisely in the fuzzy section.
  
• The first boat in the right window has a very visible shadow. So all boats should have shadows. However, none of the boats in the left window have shadows.
  
• The boat with shadow indicates that the sun in in front of the helicopter. However, the entire copter is in shadow and so is the tower structure (top left).

This isn't even the entire list. It is suffice to say that this is not an "aerial" photo and it has been grossly modified.

Another photo shows people in front of some monitors. The problem is, the image shown in some of the monitors was changed. Technically, content from three screens was replicated into the three off-line screens. Oh, and the picture has an internal timestamp indicating that it was created in 2001 (2001-03-06 15:16:50.25) and not 2010 (EXIF data modified time 2010-07-19 18:54:04.25). In either case, the timestamps do not match the "HIVE at Houston Command Center 16 July 2010" as BP captioned the picture.

Modified

Allegedly Unmodified

The final picture (so far) shows people in a meeting room. However, the splicing of the content on the screen was done very poorly.

Here's a closeup of some of the splicing:

Frankly, I'm not sure what is more offensive -- the fact that the picture was modified, or the quality of the modification. In either case, this should be a firing offense.

Of course, I began to do what everyone else is probably doing -- poring over bp.com and looking for more doctored photos. That's when I noticed something. All of the modified photos appear to have something in common. The meta data and associated credits identify the photographer as "Marc Morrison".

Hello, Marc

According to his bio, Marc has been a photographer for 26 years and works for BP. A significant number of photos released by BP were taken by Marc.

Marc prefers Canon cameras like the EOS-1Ds Mark II or EOS 5D. While these cameras usually take very good photos, Marc's pictures always have a large mount of sensor noise and discoloration. (I can actually pick out Marc's photos on BP's site just by looking for the sensor noise and grainy coloring. Not every picture has had content modifications, but all look grainy and noisy.)

When it comes to manipulation, Marc seems to rely on overlaying and blending. He primarily targets flat surfaces like monitors or windows. His non-grainy photos appear to have color enhancements to make bright colors pop -- look for things that are red or yellow (his favorite bright colors). I have not seen him advance to people splicing, reflections, or lighting. He also appears to be fond of image cropping; I have yet to see any of his photos that are anywhere near close to a native camera resolution size. Oh, and Marc likes to use something called Photoshelter. (Since I have no experience with it, I can't tell if it is a program for editing or only web creations and annotations... In either case, many of his photos were modified by it.)

Two photos by Morrison. The left is "AP Photo/BP, Marc Morrison". The right is "EPA/Marc Morrison/BP Handout". Both show the same room and same people but at slightly different times. Some monitors are the same, some are different. Is either unmodified?

Now, for clarity, there appears to be many photographers named "Marc Morrison". One lives in Steamboat Springs, Colorado -- I really don't think it is him. Another lives in Houston, Texas. The Houston guy seems to take some celebrity photos as well as plenty of oil rig and related industrial photos. However, I haven't seen anything that says the guy in Houston works for BP. (This Marc could be a different Marc.)

In any case, many of the photos provided by BP's Marc Morrison were credited as "AP Photos/BP, Marc Morrison" and "Marc Morrison - AP". (Example: Washington Post, look at the slide show.) However, I cannot find any of Marc's photos at AP's web site. I wonder if they already booted him for altering images...

(Thanks to the 11 people who sent me links to this BP story. Keep 'em coming!)

A couple of days ago I wrote about my need for wireless network capabilities when traveling, and my fear of becoming an early adopter of new peripherals. The feedback I got back was amazing. A few people posted comments but nearly a dozen people wrote to me directly with advice, suggestions, and horror stories.

The feedback identified three classes of solutions:

Standalone hubs. There is a class of 3G router that connects to the network and acts like a local WiFi hotspot. As long as your computer can talk regular 802.11 (a/b/g/i/whatever), it can connect to the hub. The hub connects to the 3G network, giving you Internet access. Dr. Silk recommended the MiFi 2200 from Verizon. I gotta agree with him -- this looks like an excellent solution, especially for residences that cannot get cable or DSL but with 3G coverage (like my friend who lives a few miles outside the city limits). The downsides are not too extreme: claimed 4 hour battery life (forums make it sound like 2 hours with heavy use) and tied to Verizon's 5GB limit for an expensive $60/month. Again, if you can keep it plugged in and have a couple of people at home using it, then $60/month isn't bad at all.

Tethered. A tethered solution is where you have a USB cable going from your computer to your cell phone. The cell phone provides the modem/router support and connectivity to the 3G/Edge/4G/etc. network. As long as your cell phone works, you should have network connectivity. This is a great solution for anyone with a smartphone (like the iPhone or Android) -- particularly since you are probably already paying for the bandwidth and you're just not using it.

Every now and then I looked into smartphones. Right now the battery life isn't acceptable for me. My current phone can go nearly a week with heavy use (well, heavy use for me) before needing a charge. It can go nearly 2 weeks if I rarely use it and leave it turned on. My EeePC gets about 7 hours per charge and that includes heavy use (programming and compiling and networking). In contrast, most smartphones last 4-8 hours at best.

In my case, I don't have a smartphone. While I do have a cell phone, it is almost always turned off. (I don't like cell phones and I only use it when traveling.) I'm actually on a pay-as-you-go plan and I usually spend about $100 a year on the phone. For my use model, the prepaid option is a great and inexpensive choice. For this reason, I cannot justify getting another phone (a smartphone to replace my Motorola v195) for the sole purpose of having network access when I travel.

Frankly, I'm griping about paying $10/day for Internet use at hotels. For the $60/month plan, then means I need to stay at hotels more than 6 days per month for this to be a viable option. And this doesn't take into account the $50-$200 price of the smartphone with a 2-year commitment. (Some smartphones are free with a 2-year contract, but they are either not iPhone/Android, or are running older operating system versions.)

USB Dongle. At first glance, these USB dongles seem perfect for me. The calling plans are usually not as expensive as a smartphone, there's no extra power supply (it runs off the USB power), and the use model is intended for laptops and travelers. However... these dongles are not just regular modems.

My Bad Experience

After a lot of soul searching, I finally settled on the T-Mobile webConnect USB dongle. As I understood it, there is a 200MB plan with overage fees and a 5GB plan with no overages for $40. And best yet, T-Mobile is having a sale, so the webConnect is only $20 instead of $45 (with 2 year contract). While the device only says that it supports Windows and Macs, there are plenty of people in the forums who say that have it working for Linux.

Well, spoiler alert: nothing is as it appears.

Remember the old days when modems spoke that Hayes "AT" control code stuff over a serial port? It didn't matter what kind of computer you had as long as you spoke RS232 and used the standard AT command sequences. That's not the case today. +++

Today, the USB dongles do speak the AT command set (with additional commands for broadband negotiation). However, there is nothing standard about how you access the modem. There are three types of devices on the market right now, and if you choose wrong, you'll get screwed.

Plain modem or NIC. There are a few USB dongles that plugin and look either like a serial modem or like a network interface card. These have out-of-the-box support by most Linux distributions. Unfortunately, these seem to be limited to the older devices. Some don't support 3G and most have no means for supporting the new 4G and HSPA+ networks.

Dual device and ZeroCD. The description from the usb-modeswitch package for Linux describes this very well:

Several new USB devices have their proprietary Windows drivers onboard, especially WAN dongles. When plugged in for the first time, they act like a flash storage and start installing the driver from there. If the driver is already installed, the storage device vanishes and a new device, such as an USB modem, shows up. This is called the "ZeroCD" feature.

Most versions of the T-Mobile webConnect device are in this category. If you put it in and it doesn't work as a serial modem, then install the usb-modeswitch package. This will temporarily turn off the ZeroCD feature and allow you to access the modem.

Total software solution. Beginning last December, a few manufacturers began to roll out "lite" versions of these USB modems. From what I can tell, they totally removed most of the firmware and do most things in software. I suspect that this was done more for cutting hardware costs than for any actual performance or flexibility gain. Unfortunately, there is unlikely to be any Linux support unless the manufacturers port their code to Linux.

Hear No Evil

At the time I was doing the purchase, I specifically asked about Linux support. The woman who was helping me at the T-Mobile store wanted to make sure too, so she called their technical support. The first two people she spoke with didn't know what Linux was. (OMG! Are you kidding me? It's 2010! My Grandmother knows what Linux is! Every sales person in the store knew about Linux! And this is the T-Mobile technical support?)

She finally reached one technical support person who basically said, "Does it work under Linux? I should know the answer to that, but I don't know and there really isn't anyone else if I escalate this." Since the Linux forums had many success stories with the webConnect (before I knew about the "lite" versions), I decided to risk it. Bad choice on my part.

As it turns out, the $20 "on sale" device from T-Mobile is actually a Huawei UMG1691 (also called the E1691). The 1690 and 1692 are ZeroCD devices and appear to be supported by usb-modeswitch. The 1691 is a lite version and only has software for Windows and Mac. After a few days of fighting with it, doing much more homework, and even calling tech support, I finally learned about the UMG1691 -- it is a total software solution and will never work under Linux (without additional software that doesn't exist today).

See No Evil

At this point, I had two options: return it or exchange it for a different version. As long as your CPU isn't running at a full load, the performance between the ZeroCD and Lite devices should be similar. I gave it a quick try in my Mac desktop system to see if it was worth exchanging. I ended up noticing two things.

First, the bandwidth was limited to 200MB. Huh? I paid for the 5GB and no overages for more than the advertised $40 price. Well, the offer on the web site doesn't match the offer in the store. In the store, it is 200MB with or without overages. The store does not offer an Internet-only plan for $40 with 5GB and no overages.

After you go over your monthly limit, they either charge you $0.05 per MB or nothing (no overages). In the latter case, they simply reduce your bandwidth.

So how fast is the bandwidth? My Mac's benchmark reported at about 400KB per second down, and much less up. Uh, I deal with computer forensics. I'm usually transferring very large files -- CDs or DVDs or on some occasions, multiple DVDs. For me, 1MB per second is slow and 400KB/sec is unacceptable.

T-Mobile is Evil

The upside is that I was allowed to return it to T-Mobile within the 2-week window for a refund. (I was 3 days into the contract.) No connection fee, reimbursed for the hardware, and they waved the 1MB of bandwidth I used (no prorating service since I couldn't get it to work on the desired system). However, they did keep a $10 "restocking fee" that was buried in the fine print. (Had I known that there was a chance of failure and a $10 restocking fee, I would have passed on this experiment.)

So to summarize: (1) Stay away from the UMG1691 like the plague -- it is the 3C501 of the USB wireless broadband world, (2) watch what they are selling and make sure it matches their offers on the web site, (3) if you have the option to use a hub or tethered solution, do that instead of the USB dongles, and (4) ask about any restocking fees -- even if they tell you that you will get a full refund within a 14 day grace period.

Finally, I have to think that there is something seriously wrong with the mobile phone market. Every store I went into (T-Mobile, Verizon, AT&T, and Sprint) had a huge number of customers hanging around. T-Mobile, Sprint, and AT&T each had a person adding names to a waiting list. In each case, the majority of customers were not there to buy -- they were there seeking returns, refunds, or corrections. The last time we saw something like this, the housing market collapsed and huge numbers of people defaulted on loans. Are we heading toward a communication breakdown since the phone companies are investing in an acceptable level of service?

The hardest parts of forensic analysis isn't the tools; it's the training. Anyone can buy rubber gloves, swabs for collecting blood samples, and plastic evidence bags. But if you are not trained to properly collect, handle, and evaluate evidence, then the tools and methods are meaningless.

The learning curve is the hardest part. To address this, I've been working on documentation and worksheets for digital image analysis and photo forensics. While there is still a steep learning curve, the investigator can review the worksheets as a checklist for common things to evaluate. The associated documentation provides details regarding the checklist items, in case the investigator needs to review how a particular system works.

An Eye For Details

While luminance gradient and error level analysis draw pretty pictures, the most important tool is basic observation. It is one thing to see the big and obvious signs of manipulation. It is something else to remember all of the fine details.

The folks at Photoshop Disasters recently posted a couple of amazingly bad shopped pictures that clearly illustrate the power of observation for detecting image modifications.

The first picture comes from an ad campaign for fingernail polish. The picture is supposed to show a model and some nail polish. The magical stars that go from her elbow to the picture frame are just artistic. However, it is the fine details that make this such an obvious disaster... Just using your eyes, what stands out as abnormal and not intentionally artistic? Give yourself a minute to look over it, then scroll down and see how many things you noticed.



If you only saw the disconnected leg, then give yourself one point. (If you didn't notice the leg, then go back and try again. As Thall commented at PsD, "That women could birth a horse or two with those hips!") Other oddities include:

• Her waist is out of proportion.
  
• There is a black triangle between her torso and floating leg. The artist forgot to cut out this area.
  
• Her left forearm (photo right) is significantly longer than her right forearm.
  
• She has two thumbs on her lower hand. (One thumb could be her foot showing through a strap in the shoe, but it is actually blended into the hand.) Oh, and don't mind the "S" on her finger; other photos show it as a tattoo or something.
  
• Her neck is showing a tendon, indicating that her head is turned. However, her head is looking straight and is not centered on the neck. Yes, they cut off her head and pasted on a different head.
  
• She is missing a clavicle (shoulder bone) -- one is there, but the other was erased.
  
• Her boobs are different sizes, and not in a natural way (unless the left one is half as long and deflated...).
  
• The shadow under her head indicates a bright light to the upper right. But the floating leg isn't casting the same shadow onto the other leg. And the shadow from the sleeve onto her straight arm has a shadow going the other direction. Inconsistent lighting means splices.
  
• Of course, all of these are issues with the woman. Over at PsD, ZaphodQB noticed that the reflection of the black polish does not meet the bottom of the black bottle.

This isn't the full list. What else do you see? No wonder their product is called "Oops!"

The Perfect Model

I'm always looking for good sample images that demonstrate specific points. Ideally, I want one picture that only demonstrates one thing, then another that demonstrates the same thing with more complexity, and finally an example that brings everything together.

From the Oops! example, we know to look for different classes of manipulation. These attributes become our checklist:

• Limbs: Are all of them accounted for? Are all connected? Are they the right proportions?
  
• Reflections: Do items line up properly?
  
• Shadows and lighting: Are they consistent?

Now we can apply this to a new set of pictures.

At Photoshop Disasters, they featured a picture from the French fashion house, Louis Vuitton. However, the web page at Fashion Gone Rogue contains many pictures from the "Louis Vuitton Fall 2010 Campaign" (also available at Fashionologie). It is an homage to digital distortions.

Starting at the top is the banner for Fashion Gone Rogue. Her upper arms are very different lengths. It is also faint (better seen with luminance gradient), but it looks like there is a strap or something going across her shoulder and down her cleavage. (This could be where the artist stopped altering the skin.)

Mirror Mirror On The Wall

The various photos from Louis Vuitton have been equally mangled. Let's use our new checklist...

The picture claims to show three women in a dressing room. Each has different color hair: red, blonde, and brunette.

Limbs
Every person has two arms? Check! Extra fingers? Nope. Legs and feet? Uh... the brunette on the right has an ankle but is missing toes.

Reflections
The right-most mirror (behind the toe-less brunette) is not reflecting anyone in the room. The blonde has her hand up in the room but her hand is down in the mirror. That same mirror also shows a light bulb in the reflection, but the bulb does not exist in the room.

The second mirror from the right shows bulbs but they don't align with the bulbs in the room.

The mirror on the far left shows red's head from the back. However, red's head is not turned to show her back to that mirror. And the mirror's reflection shows the lamp on the wrong side. The reflection does not match the room.

Lights and Shadows
When an item sits next to a illuminated light, it is made brighter. And when items are facing away from the light, they are in shadow. Complex lighting, such as floods, reflectors, and bright ambient lighting, can mitigate shadows.

However, those mirrors have a lot of bright lights. The women should have brightly lit backs. But this isn't what we're seeing. The brunette has bright reflections off her chest but not her back. The blonde has a bright clavicle but an under-lit neck. The pile of junk in the back has a brown fabric thing above the handbag; it is lying next to a light bulb and not lit up.

This isn't a comprehensive list and there are other oddities that are not in our checklist. For example, the blonde's dress seems to have a layering issue with red's chair. The dress fabric suddenly becomes semi-transparent and you can see the chair through it.

Frankly, I kind of doubt that these three women even posed together for this picture.

Some of the pictures in this series are much worse than others...


Dear Louis: While fabrics may be diaphanous, people are not. And while models may be vamps, they are not vampires. Please fix the left mirrors. You know, the ones with the time-delay reflections that show the brunette in two alternate positions and don't reflect the blonde.

Dress For Success

While I can criticize these ads for pasting in people, changing reflections, and digitally altering lighting, I have to give Vuitton one piece of credit:

Beyond expected color enhancements (applied to the entire picture) and spicing blends (expected from a composite image), I have not detected any modifications to the clothing. Well done. Unlike Ralph Lauren and Victoria's Secret, Vuitton's pictures do not appear to be a product bait-and-switch.

A little over a week ago a US intelligence analyst was arrested for submitting classified documents to Wikileaks. I have some serious issues about this arrest. While the analyst may have thought he was doing something ethically right, he went about it by doing something legally wrong. For example, while some of his wikileaked materials probably did need to be exposed (like the mistaken killing of two journalists and the subsequent cover up), how many operations and soldiers lives were put in danger by the leak?

I can hear some people right now saying "Huh? What?" Think about it. With the exception of leaked videos, the general public do not know our full, technical capabilities. As I recently heard on an NCIS repeat: the schematics for Air Force One are a secret. Hollywood just guesses at the layout. But here is SPC Bradley Manning, showing how things are really done. This is information that the enemy can use against us. By leaking an uncensored video with audio, Manning may have done far more harm than good; he exposed a cover up, as well as processes, procedures, and technologies that the United States and its allies use against real terrorists and threats to our nation.

There were also better ways to expose a cover-up. For example, he could have anonymously contacted a congressman. This would make the information public without releasing the video. Any anti-war congressman would have been a good choice.

While Manning may have thought that he was ethically correct in releasing the video, I cannot think of anything that would make leaking "an entire repository of classified foreign policy" documents, "260,000 classified U.S. diplomatic cables", or "a classified Army document evaluating Wikileaks as a security threat" ethically correct. Manning's actions look like treason to me.

From Bad to Worse

Wikileaks is intended as a forum for anonymous whistle blowers. If you are going to do something anonymously, then do it anonymously. Don't go around telling people that you were actually behind it. And if you're going to tell someone it was you, then don't tell it to a reporter. And of all the reporters you could talk to, don't choose one who has a history of unethical behavior!

That's right: Manning chatted with Wired's Adrian Lamo. When people create lists of hackers, they always include the notorious ones: Kevin Mitnick, Jonathan James (aka c0mrade), Max Ray Butler (aka Max Vision), Kevin Poulsen (aka Dark Dante), and others -- including Adrian Lamo (aka The Homeless Hacker). Even lists that don't list the "most notorious" include Lamo. (Thanks Adam for the link.)

Is there any reason to think that Lamo would not turn in Manning? I think not. Frankly, there are few reporters that I trust (very few). Most are more interested in sensationalism than accuracy. That, along with Lamo's established ethical lapses makes me distrust him more than most reporters. Manning put his trust in a reporter with a criminal record, and the reporter exposed his source for notoriety.

Looking for the Good

Every list of "hackers" that I found online mentioned the evil ones. The lawbreakers, criminals, and socially deviant ones. However, not all hackers are evil. I've recently had conversations about identifying good hackers. (Thanks to Mike, Bill, R., and the Internet Storm Center's handlers for the great insight.)

When it comes to naming hackers, people immediately recall the bad guys. I mean, everyone has heard of Kevin Mitnick, but who can remember the name of the guy who caught him -- without consulting Wikipedia or Google? (answer: Tsutomu Shimomura; half credit if you remembered John Markoff.)

Perhaps one reason is the postage stamp mentality. The US Post Office won't put someone on a stamp until they are dead. The reason: Bad people may continue to do bad things without harming their reputation. However, a good person may screw up at the end and tarnish everything they have previously done. So someone who is an awesome, positive role model and hacker today could be tomorrow's villain.

The other problem comes from the large number of good hackers who are better known by their software than their own actions. For example, Snort is an awesome piece of software, but who can remember that Martin Roesch created it? Roesch is a good guy hacker, but his software is better known than him. The same goes for Tatu Ylonen and Bjorn Gronvall (SSHv1 and SSHv2), Giorgio Maone (NoScript), and many other people.

The real question is: What sets a notable good guy apart from the rest? If writing good code is good enough, then certainly Flash, HTML, and Photoshop could also be included. (Their developers were not intentionally evil...) But can you actually say that someone changed how we act (or react) in a positive way?

I guess what I'm really wondering...
If you had one team of evil villains (Mitnick, Lamo, Poulsen, etc.) on one side, who would you stack against them as memorable good guys on the other side? (Mitnick vs Frank Abagnale Jr. -- after Frank turned good; Poulsen vs Mudge? Lamo vs ?)

Here's my short list of good guy hackers who's influence is far more than just code.

• Jim Christy and Clifford Stoll. They cracked the Hannover Hackers and brought international awareness to hacking as cyber espionage. Before that point, nobody realized the threat and all discussions were theoretical. Jim went on to found the Pentagon's first digital forensic lab and was the director of the Defense Cyber Crime Center (DC3) -- the first and largest computer forensics lab. (It just goes to show that a $0.75 accounting error can lead to more than a few pennies.)
  
  
• Mark Rasch. He spent nine years as the head of the United States Department of Justice computer crime unit. During that time, he was responsible for investigating the Hannover Hackers, Kevin Mitnick, and Robert T. Morris. He also helped the FBI and Treasury Department develop their procedures on handling electronic evidence.
  
  
• Phil Zimmermann. Without Phil, public crypto would probably still be nothing but underground software and munitions. Phil is more than just PGP -- today's PGP was created by a slew of developers. The remarkable element is how Phil paved the way for the world to use cryptography.
  
  
• Marcus Sachs. A voice of reason, advising Presidents and helping set national policies on cyber threats. He's a hacker who's influence is more than just a piece of code. Marcus also heads the Internet Storm Center -- the ISC handlers are like the Super Friends or Justice League. (Is Swa Frantzen the Belgium equivalent of Gleek?)
  
  
• Jeff Moss (aka Dark Tangent). While not known for code or exploits, this geek has put together a world-renowned set of hacker conferences: Defcon and Black Hat. More earth shattering updates come from one week of these conferences than an entire year of Patch Tuesdays.
  
  
• Bruce Schneier. This cryptography guru continually exposes security theater, where peddlers use snake-oil and provably inaccurate beliefs to influence and set policies.

A couple of people mentioned Dan Kaminsky. Dan's a nice guy and has done oodles of good things by making vulnerabilities public -- and I am still in awe of how he handled that world-wide DNS update. However, he likes to get drunk while giving presentations at Defcon and other conferences... While Dan is fun to watch, public drunkenness doesn't exactly scream "role model".

There are plenty of other people I could add to this list. I'm curious who other people think should be listed here. Remember the requirements: good guy, computer security or computer forensics, hackers, and most of all, influence beyond their immediate field or software.

In my blog entry on random thoughts, I mentioned that Google plans to offer SSL for web searches (HTTPS instead of HTTP) and that SSL was a placebo. A couple of people asked for more information about my claim. The problem is, most criticisms about SSL don't cover everything. (And it would be egotistical for me to mention that all of these points are covered in my first book, Introduction to Network Security.)

Here's a quick summary of the problems with HTTP over SSL (aka HTTPS).

Strengths

Let me start by covering what SSL really does. Secure Socket Layer (SSL) is not a cryptographic algorithm. Instead, it is a framework. There are a wide variety of algorithms for data encryption (e.g., AES, DES, Triple-DES, Blowfish), encoding (8-bit, 256-bit, 64-byte), chaining (e.g., CBC), checksums (e.g., MD5 or SHA1), and key exchange systems (Diffie-Hellman, RSA, etc.).

These different algorithms can be combined. For example, ADH-AES256-SHA says to use an Anonymous Diffie-Hellman key exchange with 256-bit AES encryption and a SHA1 checksum. Since some combinations don't really make sense or are cryptographically weak, there are some pre-defined combinations. SSLv1 defines a set of combinations that work well, SSLv2, SSLv3, and TLS offer revisions to the "good enough" cipher sets. (And I'm not going down the weak SSL cipher options in this blog. Let the cipher punks argue the fine details.)

So what does SSL do? It provides a framework for an SSL client to negotiate ciphers with an SSL server. In effect, the client says "I support the following ciphers" and the server says "I'll choose this combination!" SSL also permits the client and server to renegotiate ciphers during the communications.

This is a huge strength for SSL; it allows clients and servers to negotiate algorithms and talk the same cryptographic language. However, like most tools, SSL can be applied incorrectly. And that's the problem with HTTP over SSL.

HTTPS

HTTPS uses certificates for authentication. Basically, there is a trusted third-party who can validate the certificate. The connection dialog looks like this:

1. The web browser connects to the server using SSL.
   
2. The server sends a server-side public certificate to the client.
   
3. The client connects to the certificate authority and says "Yo! I got this server information. Is it valid and authentic?"
   
4. The trusted third-party checks the data and sends back a yes or no.

If the challenge succeeds, then the rest of the SSL negotiation is performed (e.g., let's use RSA with AES256 and SHA1) and they start using the agreed ciphers for encoding the HTTP traffic. (The crypto is a little more significant, but this generalization gets the point across.)

There's a few problems with this system and they lead to the placebo effect.

SSL Hijacking and Client-Side Certs
After establishing the SSL connection, the network traffic is secure enough. You're not going to worry about someone taking over your session or seeing your data transfer.

However, the initial negotiation can be compromised. One example is the "man in the middle" attack (MitM). Your initial SSL connection is intercepted by a hostile system. (Rather than connecting to your bank, another server sees the request and responds before the bank can respond.) It issues the server challenge using a valid certificate. The third-party says "yes, its authentic" even though it is for a different server. Then, your browser is securely connected to the MitM and the MitM forwards all requests to the bank. In this attack, your traffic is encrypted... but the attacker is part of the encrypted path and can see everything!

Part of the server-side information is the name of the trusted third-party. Thus, the attacker can control both the server and the "trusted" party who does the authentication. Of course, why even need a third party? Some servers self-verify (I am the server AND you can trust me) -- that's bad because there is no "third-party" to trust.

Relying on the Human
The biggest problem with HTTPS comes from the web browser. Browsers don't just reject bad certificates. Instead, they prompt the user. (As if the user knows better...) Sample prompts include:

• Self-signed alert: The server is using a self-signed certificate. Accept? (Yes/No)
  
• Unknown certificate authority: The server has specified a trusted third-party server that the browser has never seen before. Accept? (Yes/No)
  
• Expired: The server's certificate has expired. Accept? (Yes/No)
  
• Failed: The server's certificate could not be validated. Accept anyway? (Yes/No)

With humans, we know what we want to do. You want to go to your bank. You want to visit that web site. You know that if you do not accept the bad/invalid/unauthenticated certificate, then your browser will block your access. So you accept it -- since that is the only way to continue. And by accepting, you are approving a no-security option.

For real security, the browser should reject the connection without prompting the user. I mean, seriously, if the server certificate is bad (invalid, unverifiable, or expired) then there is no way a human can safely say "use it anyway". An invalid certificate should generate an error, and the error should say that the server is not acceptable.

Little Locks
As if prompting the user was not bad enough, SSL connections are associated with a small picture of a lock (or key) in the web browser. This gives the impression that SSL is secure, when it really isn't. For example, one of the available ciphers is the "null" cipher -- it does not encrypt data. Even though the data is transmitted in plain text, you will still get the little lock... because the lock means "SSL" and not "secure".

There are also issues around when the lock appears. For example, "https://www.paypal.com/" links to a bunch of different servers (paypal.com, paypalobjects.com, ebaystatic.com, and paypal.112.2o7.net). However, clicking on Firefox's lock icon (bottom right corner) will only show you the details for the main web page's SSL connection and not for the connections to subsequent servers. Also, the little lock will only appear if the first/main URL uses https, even if the dependent links on the page use SSL.

Client-Side Certificates
The common HTTPS configuration only uses server-side certificates. This allows the client to authenticate the server (assuming you trust the third-party authentication server). However, this does not authenticate the client with the server.

The best security method uses server certificates to authenticate the server and server-assigned client-side certificates to authenticate the clients. Now, a MitM cannot intercept traffic because it cannot authenticate or validate the client-side certificate. This is a very secure method.

Unfortunately, (AFAIK) no online banks provide client-side certificates. This is probably because the browser's user interface makes client-side certificate installation difficult. Supporting these means a whole new level of Help Desk Hell.

Leaving the Tunnel
Assuming no MitM and a validated connection, SSL creates a secure tunnel for passing traffic between the web browser and server. This makes you safe, right? Well, yes... as long as the developers of the web site don't switch you from SSL to non-SSL. Unfortunately, this is very common. You may login to Yahoo! Mail using SSL, but pictures, ads, and text may still be sent to you from outside the SSL tunnel.

Here's a fun experiment for Firefox users: Connect to a site using SSL. View the page information (Tools -> Page Info). Does every URL used by this page begin with "https" and use the same server? Every instance of a non-SSL connection or a different server means that you could be passing information outside of the SSL tunnel.

Misunderstood Security
Between marketing, magazines, and bad online advice, regular users have learned to equate "SSL" with "Security". But seriously, where is the security in SSL? It's in the name: Secure Socket Layer. (Kind of like the confusion created by calling the web programming language "JavaScript" -- it isn't Java and isn't a script. Thank you marketing.) Remember: SSL is a framework for negotiating secure communications; it is not secure communications.

Unfortunately, regular users are under the impression that using SSL will stop their connections from being hijacked, safely transmit data, stop phishing, and prevent them from downloading viruses. The truth is, SSL without certificates can be easily hijacked, users may still transmit data in plain text, users may (and usually do) choose to bypass the available security, and SSL does nothing to block harmful sites. A server infected with a virus can easily pass the virus to browsers via HTTP or HTTPS -- but with HTTPS the virus will be transmitted more securely. (Yippee! Nobody hijacked your session that downloaded a virus!) Some phishing sites even use registered server-side certificates -- they can impersonate your bank and use SSL without a problem.

Why Bother?

These are not the only problems with SSL, but these are some of the big ones. With all of these issues, why do we even use SSL?

I refer to SSL as "better than nothing" security. It isn't ideal, does not mean you are safe, and does not stop malicious sites from sending you hostile information. (For servers, SSL also does not stop anyone from attacking your server.) However if you have no other option, then SSL is better than sending data in plain text. You may not know who received your data and may still be using a MitM, but at least other people won't be able to see your traffic. And frankly, until a better solution is developed and becomes widely adopted, SSL is the only realistic option right now.

Consider SSL to be on par with WEP security for wireless networks. WEP is easy to crack, uses a weak password, and is not the recommended solution. But, it is better than nothing.

My friend Bob G. recently told me about a column on page 12 of National Geographic Magazine's June 2010 issue. The column titled "Getting Real" is a rant about how a photographer supplied the magazine with a digitally altered photo. (A shorter version of the article is available online under the title "Your Shot Digital Manipulation".)

Basically, "photographer" William Lascelles submitted a photo to National Geographic and claimed that it was real. The magazine asked Lascelles to verify the photo, and he submitted a second fake photo. National Geographic then printed the image, only to learn that Lascelles lied to them twice; they were duped into printing a fake photo.

Whenever I post blog entries about photo manipulation, there is always someone who asks "what's the harm?" and "what about artistic freedom?" In this case, the harm directly impacts National Geographic's reputation. The photo contest is restricted to real photos for a reason: the magazine strives to use photos based on reality and not fake or doctored or modified situations that are fictitious.

In response to being duped, National Geographic published a full column identifying the fraud by William Lascelles and repeatedly naming him. The printed column also names another fake, by Dobrev and published in December 2009. This is more than just posting a small correction. This is a full outing.

Told You So

Like National Geographic, Smithsonian Magazine holds an annual photo contest. In March 2009, I wrote to the Smithsonian and informed them that some of their finalists used digital modifications that appeared to be outside the permitted amount of allowed manipulations. The Smithsonian responded a few days later. They had investigated the images and queried the photographers. In the end, three of the five modified photos were disqualified from the contest. The remaining two were determined to have an acceptable amount of digital modification.

I was thrilled with the Smithsonian's reply. They listened to the concern, investigated the situation, and took appropriate action.

I sent a similar letter to National Geographic on Tue, 24 Nov 2009 21:36:10 -0700. I had noticed that at least one of their contest submissions was digitally modified. Here's the reply they sent me:

Subject: Re: Digital Manipulation in the Photo Contest
To: "Dr. Neal Krawetz"
Sender: [redacted]@ngs.org
Date: Tue, 8 Dec 2009 13:48:19 -0500

Dear Dr. Neal Krawetz:

Thank you for contacting the National Geographic Society.

Your comments regarding photos submitted to the 2009 International Photo Contest are very much appreciated. While we provide information on photo manipulation and what is and is not accepted in the contest rules <http://ngm.nationalgeographic.com/photo-contest/manipulation>, all the photos in the contest are submitted by the individual photographers. We do not go through each one of them and remove them, even if we feel they have been manipulated. We simply do not have the time or staff to do that. You can view the winning photos on our website at http://ngm.nationalgeographic.com/photo-contest/past-winners

Best wishes,

[Name redacted]
National Geographic Society

That's right: National Geographic does not review each of the images that they accept for publication on their web pages, and they do not remove images that they know or believe are digitally modified. As seen with William Lascelles, their "verification" consists of asking the photographer -- who has already lied and won't mind lying again. I can understand that they don't have a big budget or staff for image analysis. However, this is their reputation. One would think that they would be interested in protecting it.

In the fraud exposure column, National Geographic wrote that they have changed their policy: "Now we're looking more closely at all Your Shot pictures." It's about time!

Frankly, if you are going to hold a photo contest and require original photos (not digitally altered), then you should take the time to verify every finalist. I'm not saying that you should police every submission. Rather, attempt to evaluate every finalist or semifinalist -- probably a dozen or so pictures. You usually don't even need special tools; a critical eye is usually good enough. If you don't have the time or resources to validate potential winners, then perhaps you shouldn't hold the contest.

And I'm sure that someone is going to ask "Where can they get my tools?" It isn't so much the tools as the training. If you are not trained to spot photo manipulation, then the best tools in the world won't help you. And as my friend Cynthia Baron has repeatedly demonstrated to me: people with the right training and experience can do this without any specialized tools.

Going Deeper

The dog picture by Lascelles is available online at http://s.ngm.com/your-shot/img/faked-blue-dog-615.jpg. Let's see what can be found with real image analysis...



Disclaimer
Please keep in mind: I'm not analyzing the original submission that National Geographic received. I'm analyzing a resave that National Geographic likely scaled for use on their web page. I seriously doubt that this is the original submission. In effect, I'm looking at a bad photocopy of the original submission. As with any bad photocopies, some results may be inaccurate due to artifacts introduced during the reproduction process and some evidence of modification may be completely wiped out. And more importantly: the original submission was fake, so it also includes modifications and artificial artifacts.

Photo Ballistics
Lascelles' file was saved as a JPEG and includes a JPEG APP12 section labeled "Ducky". (If you search for strings in the image, you will see "Ducky".) What is Ducky? It is a section added by Photoshop's "Save For Web" and includes the saved quality level. In this case, someone used Photoshop's Save For Web and selected 83% quality. (The "someone" was probably National Geographic.)

However, the quantization tables do not match the stated quality level. Instead, the Quantization tables match 94% compression. The discrepancy is due to the saved settings. Specifically, the last save used Save For Web with "JPEG", "Very High" and 83% quality. (The "Very High" setting selected the 94% quantization tables. Photoshop's quality level does not represent the quantization tables.)

Principal Component Analysis
PCA is great at identifying JPEG artifacts from resaves. These appear as rectangular blocks that are either 16x16, 16x8, 8x16, or 8x8. The more extreme the blocks, the lower the JPEG quality. High quality or original images should have very few visible artifacts.



In this case, the PCA shows severe blocking in the sky -- this is a low quality image from multiple resaves. But there is a problem... The blocks are not 8x8; they are smaller. In this case, the big squares appear to be 7x7 and small squares appear to be about 3x3. This means that the image was low quality and then scaled smaller. (I wouldn't be surprised if National Geographic scaled the final image for presenting on their web page.) The final image is probably about 40% smaller than the previous version. Since this image is 201x134, the previous image was somewhere around 500x335 (or larger with multiple resaves that scaled it smaller).

The other thing to notice is the block quality. The sky has big chunks indicating a low quality image. The front of the house has small blotches with no visible grid. The dog shows grid-like blocks on his ear and face that match the sky but not the house. And the jets have no visible blocky artifacts. So while the dog may go with the sky, it does not match the house or the jets. The mottled pattern on the front of the house actually matches what I would expect from a picture of this quality. (I even ran a few tests with other pictures using Save For Web and "Very High" and 83% -- the tests generated the same blotchy pattern seen on the house.) This means that the dog, jets, and sky are wrong for this picture.

Error Level Analysis
Taken without any context, the ELA for this image identifies the dog and jets as being at a higher error level potential (newer) than the rest of the image. However, this difference could be explained due to a combination of Photoshop and scaling. Photoshop attempts to counteract the JPEG losslessness by over-emphasizing high frequency areas. (See my Alyson Hannigan write-up.) This image does have a large amount of rainbowing (the red/blue/purple coloring), so this certainly matches the meta data that identified Photoshop. With scaling, every pixel is modified and high frequency areas (like the dog's fur) can have pixel values altered more than the rest of the image.



However, there are two issues that really stand out. First, the jet planes appear to be uniform in color (low frequency) yet have a high error level. So this is a modification.

Second, ELA should identify similar 8x8, 16x16, etc. blocks as PCA; for low quality images, ELA identifies the chrominance subsampling. And this is a problem. The subsampling should be the same across the entire image. However, the sky clearly shows 16x8 subsampling (scaled to fit 7x3 grids). However, the house only has square subsampling (either 8x8 or 16x16 scaled to 7x7; you can easily see them on the roof). With the dog and the jets, I don't see the subsampling grid. This means that the image must be made from four separate components: sky, house, jets, and dog.

Blur Detection
Blur detection identifies subtle, high frequency edges created from artificial blurs. Ideally, each edge should either consist on one thin line, or two parallel lines that are one pixel apart (1 pixel wide double line). Anything else indicates an artificial blur.



In this picture, the dog has 1-pixel wide double lined edges -- it is real. However, the house and jets both have wide double edges; the jets and house have artificial blurs.

Color Distance
A new algorithm that I've been working on is based on color distances. Basically, real pictures blend colors along edges. When pictures are spliced (one pasted onto another), there is no blending. This algorithm measures the amount of blend. If you see a thin black line outlining anything, then it was spliced.



In this case, the dog has a thin, black outline against the sky. He was spliced into the picture. It is a little more difficult to see, but the upper 4 jets also have thin black lines. They were pasted into the picture.

Observation

Alright, so it really looks like the dog and jets were spliced into the image. How many jets were there originally?



In this example, I have shifted the picture down and to the left a little. This allows me to overlay the top three jets onto the bottom three jets. Guess what? Two of them are perfect matches. Let's number the jets for clarity:

4

 2

5 1

 3

6

From what I can tell jets 2, 3, 4, and 5 are all the same plane and all uniformly spaced. Similarly, jets 1, 3, and 6 are the same plane. That is a total of two unique planes.

In real life, jets flying in formation will not be perfectly at the same angle to the viewer and they will not be perfectly spaced. Instead, they will all be ever so slightly different.


DoD photo by Airman 1st Class Gul Crockett, U.S. Air Force/Released


Same image, shifted to align the top plane on the middle plane, and overlaid to show differences.

This uniqueness factor even holds when the image is scaled smaller, like when the wingspan is only 20 pixels across. They may be small, but they should all be different. I think Lascelles cloned some jets.

Also, notice how none of Lascelles' vapor trails look the same. If they are about the same thickness and same color and the sun is in the same place, then they should all look similar. Jet #3 has a much whiter vapor trail -- likely two trails pasted next to each other. Jet #5 has a dark edge, probably from blending an overlapping paste.

National Disaster

Even without specialized tools, National Geographic should have noticed the cloning of the jets, varying vapor trails, and the artificial blur. Since they have the original submission, they could have checked the meta data and quantization tables to see if it matched the digital camera. This alone would have identified the fraud. And most importantly: don't just accept the word of a photographer; it may be significantly altered even if they claim that it is "100% real".

There's a couple of random thoughts rumbling around my head... Rather than writing a blog entry on each, I decided to just mention them here.

Oiling The Machinery

Everyone is complaining about the oil gusher in the Gulf of Mexico. And everyone seems to have their own solutions. Use hair, use hay, construct a man-made barrier island, send down sludge, and more. British Petroleum has a couple of solutions lined up -- if one fails, then they will try the next. One of their solutions won't be ready until August! Some people think the government should take over the capping processes, but our government can't even pave roads without months of debate.

A few people are blaming Obama for this problem. (These are probably the same people who are upset that the Republicans lost the election and still watch Glenn Beck.) Frankly, we can't blame Obama for this one. Blame Bush? Sure -- he caused it by easing governmental regulatory oversight between 2006 and 2008. Obama only inherited this mess. And given other messes like Health Reform, Financial Reform, Immigration Reform, and Lobbying Reform... Regulatory Oversight Reform is just another item in the to-do list.

Anyway, I think I know the solution to quickly stopping the oil gusher. Congress should pass a resolution preventing BP from collecting any revenue until the gusher is capped and the cleanup is completed. Until both of those happen, any revenue received by BP should either go toward capping and cleanup, or be forfeited to the government and impacted states. If we cut off their revenue, then they will have an incentive for achieving a faster solution.

Google and SSL

Google recently released a beta of an SSL solution for their search engine. (https://www.google.com) They claim that this will improve privacy:

This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.

There's a few problems here. First, SSL is a placebo. From a security perspective, it does not add very much security or privacy. To gain security and privacy, you really need SSL with client-side certificates -- but Google isn't offering that.

Second, I find it ironic that Google is offering a security and privacy solution. I mean, they store every search, associate searches with user accounts, and cache personal information. So for them to be concerned about search privacy is just... funny.

Summer's Here

Summer vacation has clearly started. The number of malware and attackers scanning my web site for vulnerabilities has increased 10x compared to last month. Looks like the k1dd13z are out of school.

The uptick includes a significant increase in scans for WordPress vulnerabilities. Sample initial scans look like this:

2010-05-03 11:10:10 | 72.46.136.130 | GET /wp-login.php

2010-05-09 17:43:28 | 188.40.73.239 | POST /wp-admin

2010-05-24 17:52:37 | 213.231.27.46 | GET /blog/wp-includes/js/tinymce/wp-mce-help.php

2010-05-24 17:52:40 | 213.231.27.46 | GET /blog/wp-admin/upgrade.php

2010-05-24 23:24:35 | 69.245.165.224 | GET /blog/wp-login.php

Of these scans, it is the tinymce one that bothers me the most. This is a WYSIWYG editor and it has a history of remote access vulnerabilities. If you don't need it, consider removing it or locking down your htaccess file and web pages.

Arizona State Lottery

Arizona recently passed Senate Bill 1070. The law basically says that people suspected of being illegal aliens will be asked to provide proof that they are permitted to be in the USA. Failure to provide proof can lead to incarceration and/or deportation.

I'm not going take a side on whether this law is racial profiling or justified. (Let's leave that debate to the pundits and citizens of Arizona.) Rather, I'm looking at this from the hacker point of view. The first US Citizen that is arrested and/or deported under this law will have a heck of a lawsuit. Most likely, the victim will receive an out-of-court settlement as an apology because the case won't have legs to stand on if a provable citizen goes to court. Anyway, this law should be called the Arizona State Lottery because you too can become a millionaire overnight!