On and off for the past two years, I have been investigating anti-counterfeiting measures in banknotes, in particular the Counterfeit Detection Systems (CDS). At the request of the Central Banks Counterfeit Deterrence Group (CBCDG), this software was added to scanner and printer drivers, as well as to image manipulation packages, in order to detect images of currency and prevent them from being processed.
I wrote a webpage on some experiments I ran on the CDS and gave a talk presenting the results of reverse engineering. Unsurprisingly this drew the attention of the involved parties, and while none of them contacted me directly, I was able to see them in my web logs. In September 2005, I first noticed Digimarc, who developed the CDS, followed a few hours later by the European Central Bank and the US Treasury (both CBCDG members), suggesting Digimarc tipped them off.
However none of these paid as much attention as the Bank of England (also a CBCDG member) who were looking at my pages several times a week. I didn’t notice them for a while due to their lack of reverse DNS, but in December I started paying attention. Not only was their persistence intriguing, but based on referrer logs their search queries indicated a particular interest in me, e.g.
Project Dendros Steven Murdoch (Dendros is one of my research projects).
Perhaps they just found my work of interest, but in case they had concerns about my research (or me), I wanted to find out more. I didn’t know how to get in contact with the right person there, so instead I rigged my webpage to show visitors from either of the Bank of England’s two IP ranges a personalised message. On 9 February they found it, and here is what happened…