Page 2 of 2   <      

Arrests of alleged spies draws attention to long obscure field of steganography

"The steganography, that's pretty hot stuff," says Peter Earnest, executive director of the International Spy Museum and a veteran of the CIA's clandestine service.

Members of the rather small and obscure steganographic community are relishing the sudden attention to their overlooked discipline.

"I told someone I was going to write a paper on steganography, and he said, 'Now does steganography refer to the dinosaur or the thing that hangs down in a cave?' " says Gary C. Kessler, a computer forensics consultant based in Burlington, Vt.

Steganography has been a suspected technique of child pornographers and terrorists. After the Sept. 11, 2001, attacks, investigators probed whether al Qaeda dabbled in steganography. But this is one of the first high-profile prosecutions in which federal investigators have alleged the use of steganography to pass secret messages, according to steganography experts.

"From what's been disclosed, this is pretty much the way you would use steganography," says Chet Hosmer, chief scientist at WetStone Technologies in Conway, S.C., which develops tools to combat cyber-crime. "You have potentially thousands of people going to a Web site and looking at a picture. You have no idea who put it up, and no idea who of the thousands of people looking at it are receiving the message."

Steganography is like beaming a bat signal into the sky that only a person with special glasses can see. It's like a digital dead drop. In the old days, to transfer a packet of data to an agent, a handler would leave it hidden somewhere.

"It's the same thing done at the speed of the Internet, and your physical location can be anywhere on the planet, from which you can pick it up anytime," Hosmer says.

Steganography has been around for centuries. One of the first examples cited by spy scholars came during a war between the Persians and the Spartans in the fifth century B.C. A Spartan partisan who was exiled in Persia carved a message warning of an invasion in the wooden bowl of a wax tablet. He covered the wood with fresh melted wax and had the tablet sent to the Spartans, without the Persians knowing the innocuous object carried a message.

Another steganographic legend from ancient times features a prince who shaves the head of a servant, tattoos a message on the servant's head and, once the hair has grown back, sends the servant to deliver the message to another prince.

Opportunities evolved with technology. The tiny, almost invisible, microdots of secret film affixed to otherwise bland documents in the mid-20th-century heyday of espionage were a form of steganography.

The Internet and digital technology have opened vast new possibilities, and it could be inevitable that steganography will become more common. At least 1,000 software programs create and interpret steganographic images, Hosmer says. His company makes tools that can analyze a picture and detect anomalies that betray the presence of steganographic tampering.

Pictures aren't the only vehicle for secret information. The data can be embedded in, and later retrieved from, digital videos, audio files and even streaming voice communication over the Internet.

There are some legitimate uses of steganography. Presumably, freedom fighters in an oppressive regime could communicate using steganography, Kessler says. But given the potential nefarious uses, Kessler believes the attention the alleged Russian spy case is drawing to the practice is a good thing.

"I urge people who know of its use to talk a little bit more openly about it, because to the bad guys, it's not a secret, and I think many of the good guys aren't taking it seriously enough to do something about it," Kessler says.

<       2

© 2010 The Washington Post Company