Hiding in Plain Sight
Software screens digital images for secret messages.
In the weeks after the September 11 terror attacks, reports surfaced that terrorists might have communicated with each other through messages embedded in images posted on the Web. So far, no such hidden communications have been confirmed publicly, but intelligence agencies are certainly keen on finding them if they exist. To aid in the search, a computer scientist at the State University of New York at Binghamton has developed a way to screen digital images for evidence of hidden content.
Binghamton’s Jessica Fridrich says her algorithms examine the numbers that encode color in pixels, the colored or gray dots that make up an image. When an image conceals information-say, a 15-page text file-the numbers that encode its pixel colors are changed slightly. While the human eye can’t see the resulting color changes, Fridrich’s algorithms can detect statistical anomalies in the underlying numbers. In most kinds of image files, Fridrich’s tool can detect the signatures of a number of concealment-or “steganography”-programs, all widely shared in the hacker subculture. Cryptographers must then decode any images that have been altered.
Fridrich delivered the first version of the software to her U.S. Air Force sponsors last year. “What they do with it, I’m not allowed to know. We can only assume the government is somehow using it,” she says.
“Her work is first rate,” says computer scientist Rafael Alonso, technical director of Web informatics at Princeton, NJ-based Sarnoff. But the software requires investigators to make preliminary guesses about which Web sites might harbor images with hidden messages. In the future, says Alonso, to narrow the range of images to scan, algorithms like Fridrich’s might be combined with search engine software capable of “shining a flashlight in the sewers of the Web”-dredging obscure sites like personal pages and classified ads that are presumably attractive for covert communications.
Fridrich predicts “sharp competition in the next few years” from other approaches to ferreting out hidden messages. Security won’t come easy, though. Information could be stashed in video and music files as well as photos, for example. Still, Fridrich’s tools mark an important first step toward finding pictures that contain thousands of words.