Arrests of alleged spies draws attention to long obscure field of steganography

By David Montgomery
Washington Post Staff Writer
Wednesday, June 30, 2010; 11:49 PM

A year ago in April, the government says, the accused operative known as Richard Murphy and his supposed wife, "Cynthia Murphy," booted up a computer in their comfy suburban Montclair, N.J., home. They visited a publicly available Web site and clicked on a picture. It looked innocent enough. It could have been a bunny rabbit, say, or a sunset. Anything at all.

Applying special software, the government says, they coaxed words from the innocuous imagery, a text file. Moscow was calling. A secret meeting in a suburban New York train station was proposed:

"C plans to conduct a flash meeting w/A to pass him $300K from our experienced field station rep (R). Half of it is for you. Another half is to be passed to young colleague (known to you) in fall '09-winter '10. . . .

"Place: North White Plains train station (Harlem Line), quiet and deserted on weekends. No surveillance cameras. . . .

"A and R meet in lower part of staircase, in dead zone. R hands over and A gets pack w/money (A's BN [Barnes and Noble] bag stays in your hands, A hides pack w/money into his tote)."

Pictures used to be worth a thousand words. Now, in the new world of espionage, they are a thousand words. The medium is the message.

And, as the Justice Department's case unfolds against 11 alleged Russian clandestine operatives, we all are learning a fancy new word: steganography.

It's the practice of hiding information in otherwise unremarkable objects or media. It's not to be confused with cryptography, the practice of encoding messages to protect them from prying eyes. The art of steganography is to fool the prying eyes into thinking no message is being passed at all.

According to the FBI's complaint against nine of the defendants, investigators recovered more than 100 text files that had been embedded in steganographic images and exchanged between the Murphys and their alleged controllers in the Moscow headquarters of a Russian intelligence agency. Another pair of alleged conspirators, working out of Boston, are said to have communicated the same way with headquarters, as did a third pair, in Seattle.

The FBI has not described the pictures that cloaked the messages, except to say that they "appear wholly unremarkable to the naked eye."

Some of the suspects' tradecraft reads like a bad le Carré parody. Analysts are snickering at the furtive handoffs of shopping bags, the invisible ink, the buried loot, the contrived dialogue to verify identities ("Could we have met in Malta?" "Yes, indeed, I was in La Valetta").

But the extensive use of steganography is drawing more respectful notice.

"The steganography, that's pretty hot stuff," says Peter Earnest, executive director of the International Spy Museum and a veteran of the CIA's clandestine service.

Members of the rather small and obscure steganographic community are relishing the sudden attention to their overlooked discipline.

"I told someone I was going to write a paper on steganography, and he said, 'Now does steganography refer to the dinosaur or the thing that hangs down in a cave?' " says Gary C. Kessler, a computer forensics consultant based in Burlington, Vt.

Steganography has been a suspected technique of child pornographers and terrorists. After the Sept. 11, 2001, attacks, investigators probed whether al Qaeda dabbled in steganography. But this is one of the first high-profile prosecutions in which federal investigators have alleged the use of steganography to pass secret messages, according to steganography experts.

"From what's been disclosed, this is pretty much the way you would use steganography," says Chet Hosmer, chief scientist at WetStone Technologies in Conway, S.C., which develops tools to combat cyber-crime. "You have potentially thousands of people going to a Web site and looking at a picture. You have no idea who put it up, and no idea who of the thousands of people looking at it are receiving the message."

Steganography is like beaming a bat signal into the sky that only a person with special glasses can see. It's like a digital dead drop. In the old days, to transfer a packet of data to an agent, a handler would leave it hidden somewhere.

"It's the same thing done at the speed of the Internet, and your physical location can be anywhere on the planet, from which you can pick it up anytime," Hosmer says.

Steganography has been around for centuries. One of the first examples cited by spy scholars came during a war between the Persians and the Spartans in the fifth century B.C. A Spartan partisan who was exiled in Persia carved a message warning of an invasion in the wooden bowl of a wax tablet. He covered the wood with fresh melted wax and had the tablet sent to the Spartans, without the Persians knowing the innocuous object carried a message.

Another steganographic legend from ancient times features a prince who shaves the head of a servant, tattoos a message on the servant's head and, once the hair has grown back, sends the servant to deliver the message to another prince.

Opportunities evolved with technology. The tiny, almost invisible, microdots of secret film affixed to otherwise bland documents in the mid-20th-century heyday of espionage were a form of steganography.

The Internet and digital technology have opened vast new possibilities, and it could be inevitable that steganography will become more common. At least 1,000 software programs create and interpret steganographic images, Hosmer says. His company makes tools that can analyze a picture and detect anomalies that betray the presence of steganographic tampering.

Pictures aren't the only vehicle for secret information. The data can be embedded in, and later retrieved from, digital videos, audio files and even streaming voice communication over the Internet.

There are some legitimate uses of steganography. Presumably, freedom fighters in an oppressive regime could communicate using steganography, Kessler says. But given the potential nefarious uses, Kessler believes the attention the alleged Russian spy case is drawing to the practice is a good thing.

"I urge people who know of its use to talk a little bit more openly about it, because to the bad guys, it's not a secret, and I think many of the good guys aren't taking it seriously enough to do something about it," Kessler says.

© 2010 The Washington Post Company