标签归档:attack

Investigation of Cyber-attacks among Asian Countries(China, Japan, Philippine and Vietnam)

Course: Security Management (IV2022) Year: 2011 Spring

Investigation of Cyber-attacks among Asian Countries

(China, Japan, Philippine and Vietnam)

Yuanjun Song, Jing Ba and Huan Meng

Abstract

With the fast development of internet and information technology cyber attacks such as website defacement has appeared all over the world. The internet resource about business, technology and even government has been targeted by hackers. And the purpose of cyber attack like defacement is changing from personal purpose to business competition and even political conflict. In this report we have described the situation of cyber attacks, in particular defacement, between Asian countries such as China, Japan, Vietnam and Philippine. And related articles, news and research statistics have been reviewed in the report.

Definition

Website defacement is a kind of attack which modifies the visual appearance of the website or a webpage in it. Attackers break into web servers and replace the hosted websites with their own. One of the most used methods to deface is the SQL Injection which can be utilized by attackers to obtain administrative access in order to change pages or more dangerous actions.
[Wikipedia 2012]

“A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.” [Wikipedia 2012]

Background

For the past years, website defacement is harmless and the purpose of attackers is only for fun. The action in defacement is page modification. But in recent years, website defacement has been used for business competition and even for political conflicts among countries. Especially in Asia, many attackers in different countries deface the websites of companies and government of other countries because of the international conflicts on sovereignty and territory.
Means of cyber attacks are not confined to website defacement, but more DoS and DDoS attacks were used. The BBC News reported in April of this year that an anonymous hacking group claimed to have defaced almost 500 websites in China. The websites affected included government sites, trade groups and many other sites. And attackers put messages on the defaced websites in order to protest against the Chinese government [BBC News 2012]. Besides China, many websites in other countries such as Japan, Philippine and Vietnam are also attacked by hackers because of different purposes. For example, the Atlanta IT Service reported in 2011 that a server in China was used to attack on the Japanese Lower House. Many emails and documents had been penetrated and some passwords and user IDs may have been stolen [Atlanta IT Service 2011].

Methods

The methods used in defacement are very similar which cover vulnerable servers scanning and uploading backdoors to report infected servers [David and Tim 2010]. These two analysts also indicated that attackers often utilize “Google Dorks” which is a specially crafted search query to identify vulnerable servers. The tools used by defacers to check vulnerable servers include LFI intruder, VopCrew IJO Scanner, SCT SQL scanner and Osirys SQL RFI LFI scanner etc.

Defacement Record

With the website defacement has been harmful to countries all over the world, some archives, documents and news started to record these defacements happening every day. One of the websites recording defacements around the world is the “Zone-h”. It archives defacements each day and classifies defacements into homepage defacement, mass defacement, re-defacement and special defacement, which is for important websites. And the analysts in Zone-h will verify these records in on-hold list to delete the fake notification. We have analyzed the record for 12th, October, 2012. In this daily record one defacement to Japanese website, one defacement to Vietnamese website and nine defacements to Chinese websites were recorded in the archive of this day. For the defacements to Japanese website and Vietnamese website, the two defacements were classified in homepage defacement and no special defacement to important website was notified. As some of the defacements to China covered all the three defacements, eight out of the nine are homepage defacements, two are mass defacements, three are re-defacements and four are special defacements, and all the special defacements are aiming at websites of Chinese government. Furthermore, in the 11 defacements, all the Chinese websites are built on servers with Win 2003, and the Japanese website and Vietnamese website are built with Linux.

Besides the general record, there is an archive for recording the special defacement provided by Zone-h. We have analyzed the special records from 1st October to 12th October. We found that 4 defacements to Vietnamese government websites and 105 defacements to Chinese government websites happened in this period. In the defacements to Vietnam, 2 are homepage defacements and two are mass defacement with multiple IP addresses. And in the defacements to China, 48 are homepage defacements, 35 are mass defacements and 25 are re-defacement by a single IP address. According to the origin countries of these defacements, the hack defaced the most Chinese websites is Barbaros-DZ from Algeria.

As we didn’t find defacement record about Philippine in Zone-h, we tried to find some articles mentioning information about website defacement to Philippine. [Adam 2012] described that because of conflict about Huangyan Island, Chinese hackers attacked the websites of Department of Budget and Management and the University of Philippines, and also posted Chinese flag on Philippines News Agency site.

Cyber-attacks events

“In September 2012 at least 19 Japanese governmental and other websites has been attacked. Out of these 19 sites, 11 are a victim of DDoS attacks, and include some really important sites like banking, power utility, and other private-sector companies–on the public side include government agencies such as the Defense Ministry and the Internal Affairs and Communications Ministry. The remaining 8 websites were vandalized, including those of the Supreme Court and the Tokyo Institute of Technology, leading them to display pictures of the Chinese national flag. Continuing the list, Tokyo Institute of Technology’s site was defaced, and further endured an attack that saw names and telephone numbers of over 1,000 members of staff leaked.” Japanese National Police Agency originated these attacks in China.

“Japan’s top weapons maker Mitsubishi Heavy Industries (MHI) has confirmed it was the victim of a cyber attack reportedly targeting data on missiles, submarines and nuclear power plants. Viruses were found on more than 80 of its servers and computers. They have been described as spear phishing attacks – when hackers send highly customized and specifically targeted messages aimed at tricking people into visiting a fake webpage and giving away login details. A plant in Nagoya, where the company designs and builds guidance and propulsion systems for rockets and missiles, was also reportedly compromised. A second defense contractor, IHI, which supplies engine parts for military aircraft, said it had also been targeted. IHI said it had been receiving emails containing viruses for months, but its security systems had prevented infection. There are also reports that Japanese government websites, including the cabinet office and a video distribution service, have been hit by distributed denial-of-service attacks. Neither the Japanese government nor MHI have said who may be responsible. A report in one Japanese newspaper said Chinese language script was detected in the attack against MHI. But China rebuffed suggestions it could be behind the attacks.”

On Apr 20, 2012 Chinese hackers attacked the University of Philippines” website. They defaced the UP website (up.edu.ph) with a map, labeled with Chinese characters, showing the Huangyan Island.

On Apr 21, 2012 Filipino hacktivists quickly stroke back at Chinese websites (star.chinaumu.org, v.cyol.com, ploft.cn, sanxinsudi.com, gh.rc.gov.cn, ryjzw.com, lanseyinxiang.com)

On Apr 23, 2012 some Philippines’ official websites (pcdspo.gov.ph, malacanang.gov.ph) were attacked with a DDOS attack by hackers whose IP addresses are assigned to Chinese networks.

On Apr 24, 2012 Filipino hacktivists took down more Chinese websites in response of attack made by Chinese hackers.

On Apr 25, 2012 an online forum of Chinese hacker posted usernames and passwords of Bulacan provincial government website administrators. A member of the ‘Honker Union’ published on Facebook the alleged usernames and passwords of administrators of websites belonging to Philippines’ government (rmn.ph, kal.upd.edu.ph, pmap.org.ph).

On Apr 25, 2012 the website of Filipino Department of Budget and Management was defaced, and quickly taken down for a “security audit”. Meanwhile, at least three other government websites were taken down for DDoS attacks.

From Apr 26 to 30, 2012 Filipino hacktivists took down 5 Chinese government sites.

On May 4, 2012 the website of National newspaper Philippine Star was defaced with a message “Warning. Philippines, China inviolable state sovereignty”

“The Vietnamese media has also been reporting on those cyber attacks. According to Thanh Nien News, 200 Vietnamese websites were attacked in June, and 10 percent of those websites were managed by government agencies. For example, 20 websites under the Ministry of Agriculture and Rural Development were hacked. A source from the ministry’s network security supporter said that they have identified that the Internet protocols (IP) of computers attacking the portal were from China. According to some Chinese bloggers, they believe the attacks started by Honker Union, a mysterious hacker organization in China formed by young people with sophisticated computer skills. However, the Vietnamese also began their retaliation. Several Chinese websites were also under attacks by Vietnamese hackers.”

Severe Situation in the Asian-Pacific Region

In 2012 first quarter, the broadband connection speed increases 25%, especially in Asian-Pacific region. The cyber attacks are more severe with the spread and higher speed of the network. The top 10 countries which have most frequent cyber attacks are reponsible for 77% of all the cyber attacks in the world. Almost 42% of worldwide cyber attacks are from the Asian-Pacific region according to the report from Akamai Company. China and Japan both have a high rate in this case. The cyber attacks between Asian countries increase together with the complicated political situation and recent Island dispute.

The island dispute between Japan and China is moved to cyber realm. Japan Police Department (JEM) and the Japanese government have been hit by public organizations and internet sites in the middle of September. The Japanese Safety is often attacked and its content has been changed and becomes online site. JEM thinks those hacker attacks seem to be from China, which cause double Japanese attacks.

The Japanese Defense Officials revealed the details for cyber attacks between Japan and China and indicated that the recent series of cyber attacks originated in China were viewed as a possible prelude to millitary action in Island dispute event.

Japan’s National Police Agency showed that dozens of Japanese websites were hit by cyber attacks, which increases the tensions between Tokyo and Beijing.

The defacement attack often takes place related to politics matters. In order to responde the attacks in University of the Philippines (UP). Chinese University Media Union (UMU) is attacked by a group of Philippine hackers. The main page of the website is defaced by a picture and screming music played in the background: “Scarborough Shoal is ours”.

Reference

http://www.atlantaitservice.com/cms/technews/japan-under-heavy-cyber-attack

http://www.securelist.com/en/analysis/204792127/Mass_Defacements_the_tools_and_tricks

http://www.zone-h.org

http://www.theregister.co.uk/2012/09/21/japan_china_attack_sites_senkaku/

http://www.bbc.co.uk/news/world-asia-pacific-14982906

http://hackmageddon.com/2012/05/01/philippines-and-china-on-the-edge-of-a-new-cyber-conflict/

http://talk.onevietnam.org/cyber-war-started-between-china-and-vietnam-over-spratly-islands/

http://www.akamai.com/html/about/press/releases/2012/press_080912.html

http://www.habermonitor.com/en/haber/detay/cyber-attack-from-china-to-japan/237323/

http://glblgeopolitics.wordpress.com/tag/chinese-origin-cyber-attacks/

http://www.broowaha.com/articles/13319/filipino-hackers-retaliates-defaces-chinese-websites

E-Passport System

Index  
Chapter 1 Introduction……………………………………………………………… 3
Chapter 2 Benefits……………………………………………………………………… 5
2.1   Problem with Paper Passport……………………………………………. 5
2.2   Benefits of ePassport…………………………………………………………. 5
Chapter 3 Mechanism……………………………………………………………….. 6
3.1   Characteristics of ePassport System………………………………… 7
Chapter 4 Issues………………………………………………………………………… 8
4.1   Performance issues……………………………………………………………. 8
4.2   Security issues………………………………………………………………….. 8
4.3   Privacy Issues…………………………………………………………………… 9
4.4   Cultural issues………………………………………………………………….. 9
Chapter 5 Applying System Theory……………………………………….. 10
5.1   ePassport under Churchman’s model……………………………… 10
        5.1.1 Objective…………………………………………………………………. 10
        5.1.2 Environment…………………………………………………………… 10
5.1.3 Resource………………………………………………………………………… 11
5.1.4 Component……………………………………………………………………. 11
5.1.5 Management…………………………………………………………………. 11
5.2   The Systemic Holistic Model…………………………………………….. 11
5.2.2 Content subject areas……………………………………………………. 12
5.2.2 Levels of abstraction……………………………………………………. 12
5.2.2 Context orientation………………………………………………………. 12
5.3   Cost and benefits of e-passport………………………………………… 13
5.4 Boulding’s classification……………………………………………………… 14
5.5   Shannon Weaver Model…………………………………………………. 15
Chapter 6 Security……………………………………………………………………. 16
6.1   Main attacks to ePassport…………………………………………….. 16
6.2   Main Solutions for ePassport……………………………………………. 17
6.3   Attacks and Solutions reciprocal diagram……………………… 18
6.4   security scheme for ePassport in different countries…….. 19
Chapter 7 Conclusion…………………………………………………………… 20
Chapter 8 References…………………………………………………………… 21

Abstract

In this era of Information Technology, we try to maintain information technically. The attempt which is made to maintain is not always efficient or effective. Information is always prone to some risk. Person’s identity, passwords, secrets are very tedious to maintain. Personal identity indicates a set of attributes which are related with a person e.g. Family name, Personal number, Birth Date etc… Now a day, one of the toughest tasks is to manage the identity of a human being because most of the time it needs person authentication, where the main purpose is to either verify or identify person’s identity claim. From the very beginning of the human history, we have seen many evidences where human tried to develop many techniques to serve the above purpose.

Click here to download (NB: You should register first)

[download id=”1″]

Face Recognition Attack

        在KTH做的第一个比较有意思的实验,虽然个人觉得有点无聊,不过老师们貌似都挺感兴趣,和大家分享下,欢迎点评。

Keywords: Face Recognition,Masquerading, Filch, Counterfeit
Date: 2010-10-11
Status: Complete
Prerequisites: Computers with windows system, Ability of Image editing, Face recognition system, Camera, Printer
Person hours: To complete: 48 person-hours
To repeat: 30 person-hours
Educational value: *****_____
Booked by: Huan Meng ( huanm@kth.se ) & Jing Ba ( jingb@kth.se )

  Copyright: Huan Meng ( huanm@kth.se ) & Jing Ba ( jingb@kth.se )

Autumn Term 2010 Proposal

 

FaceRecognitionAttack

 

Summary

Now the face identification has been used in many security areas. We can get the pictures of victims from video chat, a photo and so on, then use these information to have a unauthorized access to a system with face identification mechanism.

Goals

Try to Invade a system with ASUS Smartlogon face identification by using a counterfeit of face recognition and analyze some feasible solutions.

Method

1.analyze the principle of operation about the face identification and ASUS Smartlogon system

2.filch the pictures of a familiar person’s(the victim) face(from video chat, photos or some samples from his computer).

3. process the images and make some facial image samples of victim.

4.access the victim’s system with a counterfeit face identification.

5.analyze the attack and some solutions to deal with the attack.

Introduction and Smartlogon analysis

Facial recognition is a digital application used to identify and verify the identity through digital images or videos.

In our this assignment,the target is the software called Smartlogon.In this software,it has used the feature-based recognition algorithms and appearance-based recognition algorithms.So the method of facial recognition it uses is mainly the method with geometrical character.Because of this method,the identification application has its deficiency,we can just use the image replacement to cheat it when we need to log on.According to this point,we can attack the identification application through stealing photos in victim’s PC and printing screen[1].

After checking the documents about the software,we can find a database in this software to reserve the users’ images.The database saved hundreds of the user’s images.And we find that it takes dozens of photos from user everytime,then the algorithm synthesizes these photos and makes a integrative image to be the identification standard.So we can intromit some our own images in order to diluting the standard.But there is one thing very important,it’s that we have to intromit enough images.

Traditional techniques

 

 The basic method:

1.Face recognition using geometrical character

This method uses the geometrical relationship between the facial organs such as the interval.

2.Method based on eigenface(PCA) [2]

This method is based on KL transformation which is the optimal orthogonal transformation about image compression.

3.Neural network method

This method uses the study capacity and classification ability of neural network.

4.Elastic graph matching method [2]

This method uses zeniths in topological diagram to express facial eigenvector,then records the information around the zeniths.

5.LHD method

This method uses distance of the line sets extracted from the facial grayscale images.It’s a better choise in some different light conditions.

The algorithms used in the facial recognition:

1.Feature-based recognition algorithms

2.Appearance-based recognition algorithms

3.Template-based recognition algorithms

4.Recognition algorithms using neural network

5.Illumination pretreatment based on Gammar gray-level registration[3]

3D-method:

This method uses not only the distance of the specific facial organs,but also the individual features of one organ such as the height and depth.So it could avoid the affection from the lighting.And it could finish the identification within different angles. [9]

ASUS Smartlogon Setup:

Click the link below to download ASUS Smartlogon:

http://asus-smartlogon.software.informer.com/

ASUS Smartlogon analysis:

 

Principles of Face recognition

1. Select a user name and enter a password. Your password is used when for some reason your face fail to logon to Windows.

2. You can change the security level using the slider in order to better protect your Notebook PC You can change the security level using the slider in order to better protect your Notebook PC from others logging on but may also block yourself if you change your appearance. (Your typed password can still be used to logon.)

3. Before a face is registered, question marks will appear above the head. The number 1 or 2 in the top right of the camera screen is the number of faces detected. This face recognition can capture several people’s faces simultaneously and identify the user.

4. After you registered a face, the user’s name (here is Darren Meng) will appear above the head.

Principles of Logon Process

 1. Users can view this log to check when someone tried to login with face detection on your computer.

2. There are three results “Success”, “Fail”, and “Learning”. Learning is gained when a user inputs a password to login and face captures are imported (red circle above).

Options

Camera Devices: The built-in camera is selected as default. Change if necessary.

Desktop Control: Check box and set timer to enable. See previous “Menu Items” for descriptions.

ASUS Smartlogon database

C:\Program Files (x86)\ASUS\SmartLogon\log\image

This file records the every image which is successful to logon Windows.

C:\Program Files (x86)\ASUS\SmartCore\gallery\d98cd74f-2f8a-44c1-b8ee-e5dde17ea6d2\imageThis file is used to store the captured images.

It is the Smartlogon database of all the user’s face images which are combined and analyzed with an algorism in order to provide the logon standard for a legitimate user.

Attack Details

 

Used Tools:

1. Photopaper and Camera FinePix HS11

We choose to use digital camera because of its excellent imaging and high resolution, which makes it possible to obtain photos with good quality and also makes it easier to extract clear face pictures from a photo. [5]

2. Laser Printer

Altough a laser printer has the advantages in speed and economy, we choose to use it mainly because of its precision. A printed picture is very different from developing the photos and the former one has low glossiness and definition. But if we use a high resolution picture with photopaper, the result of using a laser printer will change a lot. Make sure that your samples are enough to obtain a clear picture. [6]

Step1: Try to obtain a familiar victim’s face photos

Because the face recognition of Smart logon is based on the database of gallery and the rate of success logon depends on the light and PCA (Principle Components Analysis), we should use different ways to get victim’s different face samples to increase the rate matching the database and pass the logon detection. Here we adopt three methods to get picture samples in order to get proper counterfeit pictures, these methods are as below:

1. Obtain pictures from video chat with victim

We use an IM with video chat function to try to convince the victim using video chat. Then we capture several face pictures of victim during video chat. The image definition is based on the victim’s camera. The advantage of this method is that we can get the victim’s face picture directly, because we often use our head portrait during the process of video chat. Although the image definition may be low most of the time, we can edit and make them look better.

2. Obtain pictures from some victim’s life photos.

It is relatively easy to get a familiar victim’s life photos. When we go to travel or take some photos in daily life, we can get those pictures from camera. A digital camera and DSLR (Digital Single Lens Reflex) can make high quality photos, but they are usually not single face pictures, so we must extract the face pictures from those photos and the editing is also important.

3. Obtain some samples from the familiar victim’s computer

When we have the opportunity to use a familiar victim’s computer, we may find some samples of his or her face pictures (especially the picture database of SmartLogon). But the fact is that these pictures are always in small sizes and not clear enough to make a counterfeit photo. However we can refer to contrast level, brightness level and tones of pictures when we edit those face pictures.

Step2: Choose some good pictures and edit those victim’s face pictures

We will choose some face pictures from the three methods, combine them and edit them. By using Photoshop CS4, we can adjust the size, contrast level, brightness level, tones of pictures and so on, these are the most important elements for a picture, hence they also determine the rate of success logon. These are the most important elements for a picture, hence they also determine the rate of success logon.

So we give an editing scheme to those obtained pictures in order to cover more aspects of face pictures. By using this way, we can use the least samples to reach our goal. In consideration of the definition of the third method, we can not use these pictures to make a sample, but we can know some information about the database of the gallery which will help us make better samples. These are the editing methods we choose:

Editing for life photos

We cut the extra part of the photo first, what we need is just the head portrait. Notice that you should leave more space around the face rather than cut them all.

Because the picture from a digital camera has a good exposure and color, we mainly focus on changing the tone of the face picture.

As we know, the environment and the tone are very important for this kind of face recognition technique, so we should try to match the general situation considering of the different tones.

 

Editing for video chat photos

These photos are obtained from screenshots during video chat, so the quality is relatively low compared with a digital photo, but they have a more effective performance in the outline of face because of the direct captures on face. In this way, we may gain a higher rate of success logon when the face recognition system identifies the picture.

For these pictures, we should change the contrast, brightness and color saturation to make the captured pictures clearer and easier to be identified.

Step3: make some samples with these edited face pictures

After editing the obtained pictures, we need to print them by using a laser printer.

Note that the quality of a photo paper is very important to get verisimilar samples of face pictures, if you use a common paper to print those samples, the rate of success logon will be reduced much. One side of a photo paper is smooth and using a good photo paper will increase the brightness and color saturation of a picture, and it can gain the sense of layers, which makes those pictures more vivid. [4]

In the meantime, choose an advanced laser printer is also crucial.

Step4: invade the victim’s computer with a counterfeit face identification

Try to access the victim’s computer with those printed samples. This process is to cheat the Smartlogon and let it recognize our counterfeit face portrait. Use your samples carefully, when you pick up your samples, leave some space around the face pictures. If the computer can not identify the pictures quickly, don’t worry and just try to change the angles with patience. You should try to use every sample one by one to check which one can match most.

We have already uploaded the whole process to Youtube:

http://www.youtube.com/watch?v=Y6eKNV9foTo [8]

Conclusion

In this experiment, we attack the facial recognition software with counterfeit face pictures successfully. Finally, the optimum picture is the one edited from video chat. It shows that the video chat picture is more proper because the user adopts this way to set the logon. The key of the process is the image samples. If the attackers can easily get the images of a victim, they can use the photos to make counterfeit pictures to access the system unauthorized. And also, with a good design or editing ability, an attacker may create your samples more like yourself. ASUS Smartlogon uses the compound information of these photos set by a user in database and it also has an algorithm to identify the face when we try to access the system. Because of the limitation in the algorithm in plane identification and the technique Smartlogon adopts, it’s possible to invade the system by this way.Through this experiment, we can find that there are following keys in this kind of facial recognition.

1. Similarity: The faces and the facial organs of different people have similar structure, so software sometimes is hard to distinguishing the faces in details, which makes it possible to forge a face pictures.

2. Mutability: The lighting, expression and angles could affect the images of faces, so it can’t ensure that every time we log on the system, there are the totally same images appearing in front of the camera. The environment around a face can make a big difference.

Now with the fast development of the science, there have been some effectual methods approved. For example, the 3D method uses the depth and height of the facial organs to increase the characters for identification. So it can increase the security level of the facial recognition. Some more advanced methods include the elastic graph matching method which provides the treatment about the elastic deformation caused by expression change and the multiple light source method based on infrared ray which could deal with the affection from lighting and angles. [8]

Difficulties we face:

1. The lighting and angles

In the experiment, we can’t access the system protected by facial recognition just by the original photos because of the differences on lighting and angles between these photos and the source reserved in database. So we have to edit the photos to match the images, but how we edit is very crucial to determine the result.

2. Matching probability

In these attacks, although we invade the system successfully, we just used several photos. Because of the affection from the lightness, angles and expressions, the success rate is a little low. In fact, we are against our low matching probability by making more efforts on pictures editing in order to get a good result. However, if possible, we should consider of comprehensive factors.

Shortages in our attack

1. High level mechanism

In this experiment, we just attacked some lower security level recognition. If the system is protected by higher levels, the face identification will be strict. Generally, a user will not choose to use a high level security, because with that level, the user himself may hard to logon with the different logon environment. But if it does, we may need to use some techniques such as the three-dimensions and thermal imagery.

2. Sample space

Theoretically, we’d better use victim’s photos as many as possible in this method. Compared with a handful of photos we use a large number of samples will get a good result. Few pictures can’ not match the characters of the face enough because the application uses the compound results to identify. We think a large number samples should be made if possible.

Other possible improvement

Our attack is based on the face recognition detection when an attacker login. So our method is to make a counterfeit photo. But indeed, the logon identification is just one aspect of face recognition. There is an assumption and possible improvement we give to make further attack, which we think is supposed to be more exact. We can attack the database and find the short of algorithm in identification process. E.g. we can add an unauthorized people’s pictures into the Smartlogon’s gallery database so that the unauthorized people may access the system with Smartlgon by using his own face. If we do so, we should intromit the photos to the database of the identification application and this method needs enough images of attackers[9]. In the meantime, if we can find the algorithm of Smartlogon, we can also analyze the algorithm about how the Smartlogon identify these photos. However, this method has a shortage that victims can check the picture’s information in the database of the software, so the attacks can be found.

JPEGsnoop can identify a picture’s information, if we change or edit the picture, these elements of the picture will change so that we can use it to know if this picture is an original one. For a defender, this tool will help him know more about his pictures whether they are counterfeited, edited, modified or not.

Reference

[1]http://forums.whirlpool.net.au/archive/1127492

[2]http://en.wikipedia.org/wiki/Facial_recognition_system

[3]http://baike.baidu.com/view/246859.htm

[4]http://www.enet.com.cn/eschool/zhuanti/photo/

[5]http://electronics.howstuffworks.com/cameras-photography/digital/digital-camera.htm

[6]http://computer.howstuffworks.com/laser-printer.htm

[7]http://www.webopedia.com/TERM/L/laser_printer.html

Video

[8]http://www.youtube.com/watch?gl=AU&hl=en-GB&v=W_Qdag5FdE8

Paper

[9]http://www.biometrics.gov/Documents/FaceRec.pdf