One major disadvantage of cryptography is that an encrypted channel sticks out like a sore thumb to an experienced digital sleuth. Enter the world of steganography, the art of hiding messages in plain sight and the advances in covert communication channels.
Using Photographs
The most rudimentary and widely known definition of steganography is hiding textual messages inside of photographs. If you think about today’s digital cameras, it isn’t uncommon for the average photographer to have inexpensive access to a 10, 12, or even 14 megapixel camera. An iPhone 4 uses a 5.0 megapixel camera that yields a .jpg measuring 2592 x 1936.
What if every 31,363 pixels were replaced with the byte equivalent of a character? That would yield a message about the same length of an SMS message, 160 characters. How many people would be able to visually detect the degradation of the photograph if 160 pixels out of 5 million were changed?
1s and 0s
Consider this: a bit is either a 0 or a 1 in the digital realm. A collection of just 6 bits provides 64 different combinations–enough space to include the upper-case English alphabet, numerals 0 through 10, and 28 open spots for punctuation; including a comma, period, colon, space, and carriage return.
Now consider an innocuous twitter account, where the posting includes an extra space after the last period to represent a 1, and no space to represent a 0. Every six tweets can effectively be mapped to a character. Sure, message delivery is slow in this arbitrary example, but the point remains. Even tweets and Facebook posts can carry secret messages!
Steganography Applications
If you’re interested in something along the lines of free, that doesn’t require an app, check out Mozaiq to encrypt any image on your hard drive and even assign it a password. To decrypt an image, simply visit this link.
The reality is that modern steganography techniques are far more superior to replacing every n bytes with a character, or ending a sentence with or without an extra space. Each pixel is comprised of RGB values, or red-green-blue. In graphics circles, we describe them as bit planes. In effect, every picture can be reduced to its red plane, green plane, and blue plane–and there are other ways distill a photograph beyond this rudimentary example.
Imagine bouncing around, seemingly randomly, across the bit planes, changing a bit here and a bit there when encoding a secret message into a photograph. Detecting bit plane manipulation in an automated fashion is more difficult than detecting outlying pixel values–but steganalysis is possible.
Steganalysis
Consider this ultra-simplified example of steganalysis. Histograms are two-dimensional graphs that show how many pixels in an image contain a certain value. Knowing that the range of a byte is 0 to 254, inclusive, a histogram iterates over every pixel in the image and looks at pixel brightness.
The resulting bar graph is typically used by photographers to determine the distribution of tones inside of the photograph, from the darkest on the right to the lightest on the left. Randomly changing n pixels to a character value could (theoretically) stand out in a histogram.
Steganography and Terrorism
While irrefutable proof of modern terrorists using steganography is hard to come by, the reality is steganography isn’t new. In his excellent book The Codebreakers, David Kahn describes how German spies in World War II used steganography on a wide basis.
So, the next time you see a photo on Flickr–maybe, just maybe, the photograph isn’t really a photograph!
Editor-in-Chief’s Note: Be sure to check out our article main images from here on out on itstactical.com. We won’t be using passwords, but you’ll definitely want to give decrypting them a shot with Mozaiq. I’ve already said too much!