Security

What are the business risks of digital image forgery? Part 1of 2

This is the first in a two-part digital facsimile forgery series. In this installment, I discuss business risk and look at three common document alteration methods.

Accepting digital images of official documents is common practice. It's a convenient and quick way to exchange contracts, photographs, or identity verification documents (e.g. birth certificate, utility bill, etc.). Customers don’t need a traditional fax machine. For less than $300, anyone can purchase a multi-function device that prints, scans, faxes, and copies everything needed. However, many organizations that receive and process scanned or faxed documents are either unaware of--or are ignoring--the risk involved.

Technology today makes it easy for anyone with a PC to modify official documents, including photos, changing material content. Receivers of this material might process these digital forgeries unless they have controls in place to verify key information.

So what is digital image forgery?

What is digital image forgery?

First, let’s define what we mean by a digital image. For the purpose of this article, a digital image is any photograph, agreement, letter, or other written instrument, which as been scanned or faxed, creating an image of the original. And we’re also making an assumption: any image can be modified. Cleanup of these documents is not forgery. Digital image forgery is the process of changing material elements of a document and representing the changes as true copies of the original.

Modifying digital images is not difficult. Simple applications can be purchased for under $100 that do a reasonable job of changing key elements. The following are a few examples of what can be done with photographs. As we’ll see later in this article, criminals can use these same techniques to alter document images.

Tampering

Tampering is manipulation of an image to achieve a specific result. Figure 1 is a good example. In the photo on the left, Lenin and Trotsky stand side-by-side. On the right, Trotsky seems to have disappeared.

Figure 1: Image Tampering

Figure 1: Image Tampering (Farid)

Compositing

Sometimes changing the meaning of a document or attempting to make a point requires combining images from different documents. This is known as compositing. The original image on the left in Figure 2 shows John Kerry without Jane Fonda. She appears alone in another original image on the right. However, the composite image in the center brings these two images together into a message-telling composite.

Figure 2: Compositing

Figure 2: Compositing (Summers and Wahl, 2006)

Copy-move

Copying background or other features from one part to hide or alter other areas of the original is another approach to document forgery. Figure 3 is an example of this copy-move process, as is the written document alteration example that follows. Notice the truck has disappeared, “covered” by foliage copied from higher and to the left in the same photo.

Figure 3: Copy-Move

Figure 3: Copy-Move (Summers and Wahl)

Example of copy-move and compositing in written document images

Using these techniques to alter written documents is not difficult. I proved this to myself by using Adobe Photoshop Elements, my Canon MP530 multi-function printer, and Microsoft Office 2007 (Professional). It’s important to note that my abilities with imaging technology is very limited, bordering on non-existent. So if I can achieve these simple results, more experienced users can accomplish much, much more.

The objective of the test was to determine how easy it would be to alter a scanned notarized document for the purpose of emailing or faxing falsified information. The best document I had available for this was my Kansas birth certificate. Kansas stopped using raised seals and went to a standard stamp and signature for certifying authenticity. They coupled this with a multi-colored form that is supposed to prevent forgeries.

Figure 4 is an image of the back of my certificate, as scanned into Photoshop Elements (PE) from my Canon printer. The red arrows point to the text I altered in a copy-move during the test. I intentionally blurred the last name in the signature.

Figure 4: Back of my unaltered birth certificate

Figure 4: The back of my unaltered birth certificate

Figure 5 depicts the altered certificate. The first change is the removal of “true and correct” from the first line. The second change was the removal of the stamped date near the center. Finally, I blanked out the last name in the registrar’s signature. This was all done to a PE image by copying background pixels and overlaying them on top of the original pixels. I could have easily replaced the original text with “adjusted” text if needed. (The white box at the top of the form was intentional. Copying the background as an overlay leaves no trace.)

Figure 5: Altered birth certificate

Figure 5: Altered birth certificate

This process would produce a “good enough” forgery of any document, resulting in most organizations accepting it as authentic.

Next, I tested how easy it would be to remove the registrar’s information from the document for use on something else. For this test, I used the Microsoft Office Document Imaging (MODI) utility. This application comes with Microsoft Office 2007, although it isn’t installed unless you choose a custom installation. I hadn’t, so I installed it using Add Programs from the Control Panel.

MODI performs two useful tasks. First, it performs an OCR analysis of the scanned document. All text is then available to be copied to Word. It also provides an easy way to select and create high-quality copies of images contained in the document. These capabilities allowed me to create the document shown in Figure 6. A forger could potentially copy the registrar’s information, seal, and signature onto any other document to make it appear authentic.

Figure 6: Compositing test

Figure 6: Compositing test

But suppose a criminal isn’t inclined to spend the time to forge his or her own documents. Well, there is a solution for the time-deprived or lazy criminal—scanlab.name. For the right price, ScanLab can produce just about any forgery required. But don’t forget to use the English translation. The original is in---wait for it---Russian. Go figure.

In Part 2 , we’ll look at ways organizations can combat digital forgery.

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

3 comments
OldER Mycroft
OldER Mycroft

The right-hand image is the original. The left-hand image is the doctored one! The left-hand image also has [i]fake[/i] depth of field. Trotsky was put into the image, along with the other THREE characters, NOT taken out. I'd bet my print trade background on it. Prior to 1944, the silver-halide emulsion in conventional black and white photographic film was incapable of accurately depicting any appreciable depth of field, being effectively a LITH coating with sharp contrast and little in-between. By 1944, and with the increasing need for accuracy in aerial photography (due to the necessity of war), better and faster emulsions were developed for use in night-time aerial reconnaisance, and the depth of field was enhanced too. Trotsky snuffed it in 1940. The source material used for this image, Dartmouth College - Computer Science, have clearly perpetuated this error from the start. Oops, eh?! ;)

Delboy03
Delboy03

There is nothing new about altering images or documents. I have been altering photo's etc for years using the simplest of programs such as arcsofts photoshop. In the UK even the DVLC is now using the technology to lift the photograph used on your passport to imbed onto a new photo driving licence which makes one wonder with the current government losses of electronic data, who else could be using your passport image and details for other purposes.

Michael Kassner
Michael Kassner

Thanks for the excellent article about a subject that's needing to be discussed.

Editor's Picks