In
this case, the spies were embedding messages in images that were then uploaded to
public websites. The messages weren’t encrypted – just invisible to the
naked eye; lost in the endless stream of communications transmitted daily
through the web.
Advertisement
Here’s
the thing about steganography: it doesn’t take much to implement it in almost
any signal you can imagine – and doing so is surprisingly trivial. There
are over 600 different known steganography programs, according to digital
forensics firm WetStone Technologies, and the one the Russian spies used was
custom-made.
This story is only available to subscribers.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.
But
this is just the beginning: the principles of steganography can be applied even to continuous communications, such as
conventional wireless networks. Using this approach, Krzysztof Szczypiorski and
Wojciech Mazurczyk figured out how to pour up to a megabyte per
second into an open wireless network.
Steganography
can also be implemented in sound files and VoIP protocols. Here’s a scenario
from Stegano.net, the leading site on steganography: “An
employee of an electronic equipment factory uploads a music file to an online
file-sharing site. Hidden in the MP3 file (Michael Jackson’s album Thriller)
are schematics of a new mobile phone that will carry the brand of a large
American company. Once the employee’s Taiwanese collaborators download the
file, they start manufacturing counterfeit mobile phones essentially identical
to the original–even before the American company can get its version into
stores.”
Steganography works because it’s possible to hide secret data in all the wasted or less-essential bits in any communication. All
files have what are known as least significant bits – they’re the part
of any binary number that, when lost, does the least to change the value of the value it
represents. (By analogy, the least significant digit of decimal
integer 43.218 is 8, and if you lose it you’ve hardly changed the value of that
number for most purposes.)
These
bits are especially disposable when you’re dealing with files that only have to
be perceived by a human – throwing out or messing with these bits is the
basis of much of the compression technology we rely on to make it easier to
transmit multimedia, because we simply don’t notice that they’ve gone missing.
In a way, then, a lot of
the best hiding places for secret information on our networks are a product of
our imperfect – or too-perfect – sensory systems: either we aren’t noticing an awful lot, or we’re very good at filtering out noise, depending on how you look at it. If we were all automatons with absolutely
perfect perception, it would be much tougher to find any least significant bits
into which to dump coded messages.