Spy case shines light on steganography

One of the spy technologies that's come to light in the recently-exposed alleged Russian spy ring is steganography, a word that comes from the Greek for “covered writing.” It’s a way to hide information in plain sight, and has been around since ancient times, in one form or another.

In one example cited by NetworkWorld, a Greek named Histaiaeus shaved the head of a slave, tattooed a message on his scalp, and then waited until his hair grew back to send him on his way. The recipients of the message shaved the slave’s head again to see the message. Conspiracy theorists maintain that crop circles are a similar trick—an encoded message from aliens (or pranksters) that disappears once the barley grows back.

Related:

Were alleged Russian spies done in by technology problems?

Other low-tech steganography methods include knitting encoded messages into sweaters, or encoding messages in print so small that it takes a magnifying glass to read it. Even invisible ink, also used by the accused Russian spy ring, is a form of steganography.

But the digital age has opened up whole new avenues for the practice. The 11 people accused of being part of a Russian espionage ring reportedly inserted text into digital images. Investigators searched the suspects’ hard drives and found drafts of messages embedded in the images.

Former GCN reporter Patience Wait reported on steganography back in 2005. Wait talked with Chet Hosmer, CEO of software company WetStone Technologies, which makes software tools that agents can use to find the clues to these hidden messages.

Because image and audio files tend to be large, they make great hiding places for messages, Hosmer said. In an audio file, steganographic messages are often hidden in the brief silence at the beginning of a song. By comparing the wave signature of a suspected file to a clean copy of the song, you can tell if a message has been inserted.

A message could be hidden in a digital photo on an online auction site, where thousands of people would see it. Analysts could examine the color palette in a digital photo, looking for clues that the file had been manipulated. A photo with a hidden message will have a more limited palette, with blocks of color spaced more closely together.

In 2005, there were 300 steganography programs available to hide secret data within image, sound and text files; today there are more than 1,000. The one that the Russian espionage ring used, however, was not commercially available.

The Washington Post demonstrated steganography in an article that shows what looks like an ordinary photo of a tropical fish. Steganography expert Gary C. Kessler used steganography software to embed within the fish image a map of the Burlington, Vt., airport. The alteration is invisible to the naked eye.