Steganography

(a secretly hidden coding that dates back to ancient Greece and is used even in this modern era)


Steganography is a different concept of cryptography

Steganography works by replacing bits of useless or unused data in regular computer files; such as, graphics, sound, text, HTML, or even floppy disks with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.

Unlike encryption, steganography cannot be detected. Therefore, it is used when encryption is not permitted; or, more commonly, steganography is used to supplement encryption.

An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.

Steganography (literally, "covered writing") dates back to ancient Greece, where some writers say common practices consisted of etching messages in wooden tablets and covering them with wax, and/or tattooing a shaved messenger's head, letting his hair grow back, then shaving it again when he arrived at his contact point.

As stated earlier, some dictionaries say steganography is synonymous with cryptography; however, those in the spy business make a careful distinction between the techniques of cryptography and steganography, although both are aspects of the art of secret communication.

Cryptography is the technique of scrambling a message in a systematic way so that (hopefully) it can be read only by its intended recipient. Steganography, on the other hand, keeps the message secret by hiding the fact that it exists at all.

So the microdot of the Cold War spy novels—in which a document is photographically reduced to the size of a pinhead and stuck to an otherwise innocuous typescript or under a postage stamp—is an example of steganography. Invisible ink is another example.

There is no doubt that some cryptographers/steganographers combine both of the two techniques.

How steganography is utilized

Like many security tools, steganography can be used for a variety of reasons, some good, some not so good. Legitimate purposes can include such things as watermarking images for copyright protection.

Digital watermarks (also known as "fingerprinting", significant especially in copyrighting material) are similar to steganography in that they are overlaid in files, which appear to be part of the original file and therefore are not easily detectable by the average person.

Further, steganography can be used to tag notes to online images (like post-it notes attached to paper files).

The history of cryptography consists of many famous names. Shifting the whole alphabet forward or backward by one or more letters, so that, for example, "A" becomes "B", "B" becomes "C", etc, is known as a "Caesar shift", and is considered to be one of the simplest kinds of cipher or letter-substitution code.

Julius Caesar also used a system of writing a Latin message in Greek characters so it would be unreadable by the Gauls if they were able to catch it.

Finally, steganography can be used to maintain the confidentiality of valuable information, to protect data from possible sabotage, theft, or unauthorized viewing.

Unfortunately, steganography can also be used for illegitimate purposes

  • If someone is trying to steal data, he or she could conceal it in another file or files and send it out in an innocent looking e-mail or file transfer.
  • Someone with a hobby of saving pornography, or worse, to their hard drive, may choose to hide the evidence through the use of steganography.
  • Steganography can be used as a means of covert (secret) communication by terrorists.

A new steganographic method called RSTEG or Retransmission Steganography

According to a group of steganographers at the Institute of Telecommunications in Warsaw, Poland, current internet technology can be utilized so people can exchange secret messages; perhaps, even making it possible for free speech to exist in oppressive regimes.

A system titled "Retransmission Steganography, or RSTEG, depends on the sender and the receiver using software that deliberately asks for retransmission even when e-mail data packets are received successfully.

The receiver intentionally signals that a loss has occurred. The sender then retransmits the packet but with some secret data inserted in it.

The retransmitted packet carries a steganogram instead of user data in the payload field.

—Excerpts in this last section were compiled from
"Secret messages can be buried in fake internet traffic" by Paul Marks;
New Scientist; May 23, 2009; page 20.

Accused Russian spies said to use steganography on the internet

According to the FBI, the alleged Russian spies arrested earlier this week in the United States sent messages to each other that were hidden in what appeared to be ordinary image files in the form of steganography.

Dartmouth computer scientist, Hany Farid, told Melissa Block of NPR that freely available computer programs make it easy for anyone to embed secret messages in digital photos.

—As discussed on a segment of NPR (National Public Radio);
July 1, 2010, titled "The Technology Behind Spying".

What is new about the network of illegals rolled up by the F.B.I. this week is the hi-tech methods they used to communicate with Yasenevo, the supersecret S.V.R. headquarters on the Moscow ring road.

These illegals used laptops and set up private wireless networks to communicate with Russian officials parked in a van near a coffee shop on Eighth Avenue, a bookstore in Tribeca, and a restaurant in Washington.

They also used steganography, the technique of using highly secret software to insert coded messages into images on ordinary Web sites.

The messages could be read only by S.V.R. experts in Moscow using the same software. As it turns out, today's spies, like everybody else, use the Internet.

—Quotes from "The spy who came out to the suburbs";
by David Wise; Editorial Opinion, International Herald Tribune;
July 1, 2010; page 6.

Details about stego words The stego-, stegano unit of words.

Secret, hidden words in the crypto unit. For other "secret" words", see: crypto-.