Dos Monday by Mick Cunningham respond in our forums
The Steganography FAQ
Or: the less bleedin' obvious. Michael Cunningham on the apparent rise of secret hidden messages
There's been a major upsurge of interest in digital steganography since the attacks in the US, with Osama bin Laden suspected of having used steganography software to hide messages.
Q: What's steganography? Is it something to do with encryption? A: Not necessarily. Literally it means "covered writing" - hiding messages in other messages, embedding them in such a way that casual observers won't notice that anything unusual is taking place. With encryption, at least an eavesdropper knows that Person A is sending Person B a secret message, which has been scrambled by ciphers or codes and needs to be decoded. With steganography the eavesdropper doesn't even know the secret message exists.
Q: Is steganography new then? A: No, it's as old as the ancient Greeks. They'd send secret warnings of an invasion by scrawling them on the wood underneath a wax tablet - so the tablet itself would appear to be blank. Or if the message wasn't too time-critical, they'd tattoo it onto a messenger's shaved head, then wait for his hair to grow back. He'd be dispatched, and on reaching the destination his head would be shaved again to reveal the message.
In more recent times, it also refers to the world of invisible inks - such as milk, fruit juice or urine which darken when heated - or tiny punctures above key characters in a document that form a message when combined.
Q: What's digital steganography then? A: It's where you use special software to embed your message into a digital file (e.g. audio, video or still images). To everyone else, the picture looks like a plain picture, the soundfile is still just a piece of music or whatever. But a hidden message (a piece of text, or even a map or a diagram) is lurking in there somewhere.
Usually it's tucked away in the least significant bits, which aren't dramatic enough for human eyes or ears to detect. A few changed pixels in a jpeg here, or a tiny bit of imperceptible "noise" in a soundfile there.
Q: How does the recipient unravel the message? A: They have to know where to look, obviously, and they need the right tools and codes to reveal the hidden message. Someone could go to a public website and upload some seemingly innocuous images and information that only associates know is meaningful. Or they might set up their own website for the purpose. Or - less likely again - they might hack into a site, hide messages within photos or MP3s and tell accomplices where to look.
Q: OK, but what has all this to do with bin Laden? A: Check out an article earlier this year by Declan McCullagh in Wired.com ("Bin Laden: Steganography Master?", February 7th, 2001). He wrote that "the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement".
And USA Today reported on June 19th that "Through weeks of interviews with U.S. law-enforcement officials and experts, USA Today has learned new details of how extremists hide maps and photographs of terrorist targets - and post instructions for terrorist activities - on sports chat rooms, pornographic bulletin boards and other popular Web sites."
And Charlotte.com noted on October 11th: "The FBI has not said it has determined terrorists used steganography in plotting the attacks, but the bin Laden network has used the technique in the past."
And according to Europemedia.net, the UK communications firm Iomart "has been using sophisticated software in search of steganography on the Internet to help US terrorist investigators", and it "has cracked coded messages on the Internet that could possibly be linked to Osama bin Laden." It also noted that "apparently, terrorists seem to favour pornographic images in which to hide their encrypted text."
Similarly, Neil McAllister, writing in SF Gate (September 20th, 2001): "Bin Laden is rumored to be fond of concealing his transmissions inside some of the very same 'anti-Islamic' content that prompted the Taliban to ban Internet use in Afghanistan: pornography."
Stands to reason too. Where's the least likely place to look for hidden messages between fundamentalists? In, er, hotafghanchicks.com
Yes, it's the Internet's equivalent of the near-perfect "dead drop", the terrorists never communicating directly with each other, just looking for a pre-arranged signal such as a timestamp or an unusual name in the subject line or filename.
Q: Who's saying all this? A: They're variously described as nameless "US officials and experts" and "US and foreign officials", all predictably anonymous sources. The complacent media love it because they can combine porn, espionage, the Internet, terrorism and sport all into the same article.
More wary commentators see it as an example of "perception management", or manipulating perceptions in your favour. Example: "For the past three years the NSA and FBI have been involved in perception management by telling anyone who'd listen that terrorists are using encryption - and Congress should approve restrictions on domestic use."
But the bottom line is that we've yet to see any real evidence of widespread distribution on the Web of steganographic material, and much of this scaremongering probably has ulterior motives.
Q: So it's all about espionage and international terrorism and counter-terrorism then? A: Not quite. Until the mid-1990s, steganography received far less attention from researchers and big business than cryptography, but the first academic conference on the subject was organised in 1996, and the fifth international workshop "on information hiding" will be held in Noordwijkerhout in October 2002. Their main concern isn't state security - it's about copyright protection in the age of digital capitalism.
Q: I don't get... A: They believe steganography could become a sort of "motor" of copyright enforcement. As more and more audio, video and other works are circulated as digital commodities, it's easier than ever to make a perfect copy of these pieces of music, films, books, computer programs and so on.
So the big publishing, software and media industries are worried about being undermined by large-scale unauthorised copying. Either they make the digital products less copyable or crackable, or they could go the steganography route.
Q: How? A: They've been researching forms of copyright protection such as "watermarking" (adding a hidden copyright message) and "fingerprinting" (adding a hidden serial number or some other set of characteristics in order to distinguish this particular copy from all other copies).
Q: So they must be a bit pissed off at all them terrorist stories then? A: Yes, putting it mildly. Take the Frankfurt-based Steganos GmbH. It claims to be "the world leader in the field of steganography". Steganos (formerly DEMCOM) was also the first company to incorporate the new AES (Advanced Encryption Standard) encryption algorithm into its products, and it claims more than a million users worldwide. Its managing director, Fabian Hansmann, issued a public statement disassociating the company from "each and every criminal misuse of our software", and condemning the terrorist attacks. "Our software is conceived as a tool for protecting such basic rights as privacy and freedom of speech," he says.
Q: What's the difference between "copyright protection" and "copy protection"? A: Copy protection is about attempting to limit access to the material or inhibit the actual copying process (e.g. encrypted digital TV broadcasts, the copy protection mechanism on DVDs, access controls to copyrighted software through the use of licence servers).
But copy protection could be difficult to implement, so the media giants are turning their attention to copyright protection protocols - based on watermarking and strong cryptography. With copyright protection, specific copyright information is inserted into the digital object without a loss of quality. If the copyright of the object is in question, this information can be extracted to identify the rightful owner - or even the "fingerprint" or identity of the original buyer, to track any unauthorised copies.
News 
Market Data 
Discover 
AI
