This week, the FBI arrested 11 alleged Russian spies living in New Jersey. How did they catch them? By digging through their photos. These weren't snapshots of covert meetings or secret handshakes, but--more likely--the quotidian: kittens and ice cream cones. They weren't hidden in some obscure drop location, but viewable to the public, online. The pictures' real importance was tucked inside, in encoded messages detailing secret meetings. We aren't talking Magic Eye--no mater how long you cross your eyes, staring at these pictures wouldn't tell you where to drop off money or who to call. The alleged spies reportedly encoded the messages at the pixel level. Every color on your computer screen is a combination of red, blue, and green--digitally represented as three numeric values. By making subtle changes to these numbers, the Russians hid binary code that someone--with the right software--could recombine into a message.
Applying special software, the government says, they coaxed words from the innocuous imagery, a text file. Moscow was calling. A secret meeting in a suburban New York train station was proposed: ... "A and R meet in lower part of staircase, in dead zone. R hands over and A gets pack w/money (A's BN [Barnes and Noble] bag stays in your hands, A hides pack w/money into his tote)." [Washington Post]
It's an example of steganography, a field distinct from its better-known cousin cryptography. If cryptography is a hermit, steganography is overly social--to appear like an average (and unimportant) guy. Tal Malkin, an assistant professor in Columbia University’s cryptography laboratory, explains:
"The point of standard encryption is to hide the content of the message.... But even if you are detected sending a message no one can read, you will still be suspected by the authorities for sending a coded message. With steganography, you try to hide the fact that communication is going on at all.” [Live Science]
But hold on a second. Russian spies? Living in New Jersey? Apparently, though the Cold War is long over, there is still a lot of spying going on. According to New York Times op-ed contributor and espionage expert David Wise, Russia likes to send over "illegals"--Russian citizens posing as living or dead Americans to keep tabs on what's happening. The FBI used the messages hidden in the photos to intertwine American agents into the Russian group's workings. They arrested the Russians after one of the illegals caught on.
The criminal complaint reveals that on Saturday, a Russian-speaking F.B.I. undercover agent met with Anna Chapman, one of the illegals, and instructed her to hand a fake passport to another supposed illegal the next day, using this password exchange: “Excuse me, but haven’t we met in California last summer?”; “No, I think it was the Hamptons.” (The Hamptons!) But Anna Chapman, it seems, smelled a rat. [New York Times]
But if Russian espionage seems old school, steganography is older still. Legend has it that some princes shaved their servants' heads and tattooed notes on their scalps, and sent the servants off once their hair had grown back to conceal their messages. Fortunately for the FBI, the Russians themselves used a relatively old version of steganography. Though no one's head got inked, the version of the software the Russians used, according to IEEE Spectrum, left traces of the hidden messages. New versions--called network steganography--can erase any signs of wrongdoing after the receiver gets her message. The Russians used a 1990s version of the software, and the experts aren't too impressed.
According to Chet Hosmer, the chief scientist at digital forensics outfit WetStone Technology, the number of steganography programs has risen from a handful in the late nineties to about 250 today. More importantly, using them to hide information is not some elite hacker skillset. In fact, Warsaw University of Technology professor Krzysztof Szczypiorski says it’s more akin to using Microsoft Word. [IEEE Spectrum]
Related content: 80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid
80beats: Is the U.S. Government Losing the Battle Against Hackers?
80beats: Computer Virus Travels Into Orbit, Lands on the Space Station
80beats: Russian Invasion Included the First Real Use of “Cyber Warfare”
Image: flickr / Steven Depolo
