Hidden in plain sight
Image and audio files can hold tomes of secrets
- By Patience Wait
- May 13, 2005
Steganography literally means 'covered writing.' A Greek term, it refers to hiding one message inside another. While the concept has been around for centuries, the marriage of computers and the Internet has brought it to fruition.
'This whole concept was created in the Middle East, and that part of the world has been practicing the method for millennia,' said Chet Hosmer, the FLETC session's instructor and CEO of WetStone Technologies Inc., a software company in Cortland, N.Y.
Both picture and audio files are ideal for containing hidden messages, he explained; they tend to be very large, and software that substitutes single bits of data at the end of an eight-bit packet creates differences so subtle they can't be detected by the human eye or ear.
'The Old Testament, the New Testament and all the works of Shakespeare can be hidden in one six-minute song,' Hosmer said. 'This is not a small covert channel.'
In steganography, or stego for short, the visible or audible message is called the carrier, he said, while the hidden message is the payload. Together they form the covert message.
The method has a big advantage over encryption as a way of transmitting messages, Hosmer said. Encrypted messages are visible; while they are encoded, there is no question that somone is trying to hide something.
Stego, on the other hand, is a classic example of hiding something in plain sight; one has to know to look for the hidden message. For instance, a payload could be hidden in a digital photo of an item that is going to be sold on an online auction site, where hundreds or thousands of people may look at it or download it. 'That way, you can hide who you were delivering the message to,' he said.
Hosmer's company has created software tools agents can use to look for the small clues that indicate a data file has been turned into a covert message. For instance, looking at the color palette used in a digital photo can reveal manipulation; a picture with a message hidden inside will have a more limited palette, with 'blocks' of colors close together. Examining a photo for hues, edges and shadows is another way to turn up traces of stego embedded in a photo file.
In an audio file, stego messages are frequently hidden in the seeming silence at the beginning of each song. By comparing the wave signature of the suspect file to a known clean copy of the song, one can see if additional information has been inserted.
There are other forms of steganography, such as ap- pending data at the end of a file, after the standard end-of-file marker. There also is word substitution; there are Web-based tools, for instance, that will mimic spam, encoding the real message as a spam e-mail.
'There are over 300 stego programs now available. In 2000, there were only about 50''one indication of how popular this method has become for conveying secret information, Hosmer said. For instance, law enforcement agents are now finding the use of stego in gang Web sites.
'We are still catching up with the bad guys,' he said. 'We're worried about programs we haven't seen before. We're developing a mathematical model of 'normal' files' to improve the search process.