Steganography Secret Messages
Steganography is an interesting piece of tech, but it can be used for malicious purposes. Here’s one story of just how interesting it can be and how it can be used to hide everything!
On the morning of the 1st of august 2018….FBI agents were seen in Niskayuna (Nisk-Kah-Yunah) New York walking, Xiaoqing Zheng (‘She-Ow-Jhing-Jhen’) a principal engineer at General Electric, to a car in handcuffs, the charge…theft. Zheng was smart man, he had a degree from the Sloan School of Management, a PHD in Aeronautical Engineering with 29 patents.
So a smart man means a smart crime and smart this mans crime was economic espionage and theft of General Electric’s trade secrets. To be specific Zheng had just been charged on 14 counts of Economic Espionage and Theft of General Electrics’s Trade Secrets. He had been caught after stealing nearly 20,000 electronic files detailing design models, engineering drawings, configuration files, and material specifications for gas and steam turbines.
He was alleged to be sending the information to an aviation com in Nanjing China. So, this was a company which he started up, allegedly he started up with funding the government of china. He did it inside photographs.Yes he hid the information inside pictures, like sunsets. So, he emailed the images to himself with the title “Nice view to keep.”
The technique in it’s basic form is something that has been around for over two thousand year and that is Steganography.
Steganography
The word Steganography comes from the Greek steganós, meaning “covered or concealed,” and graphia meaning “writing.”
It’s like cryptography but slightly different. So cryptography is writing in code that is hard to decipher. So like morse code or the code that baseball players throw up to ask for different types of pitches. However, in steganography we’re trying to hide the fact that we’ve sent a message at all.
Like if I wrote you a letter with regular ink like, “whats up..fancy going to that nice new healthy restaurant in London?”. Yet wrote a secret message between the lines in, invisible ink that said “Let’s get a dirty takeaway tonight…”
THAT is Steganography and it’s been used for YEARS!
Some good examples are:
- Greek ruler Histiaeus – who shaved a servants head, tattood a message on the top of the shaved servant….let the hair grown back then sent them on their way with instructions to tell the person they were going to to shave em down and read the message.
- Leonadro Di Vinchis Monal Lisa and Michelangelo’s contribution to the Sistine Chapel have got Steganography in them.
- In 1941 – British army officer Major Alexis Casdagli was captured and imprisoned by the German forces in the early days of WW2. To pass the time he began stitching what would become known as The Casdagli Sampler. Along the border of the embroidered canvas, which features German swastikas, American eagles, British lions and Soviet hammer and sickles, are a series of irregular lines and dots. Those irregular lines and dots were Morse code for “Fuck Hitler.”
- 1968 – The crew of the USS Pueblo were captured by North Koreans and brutally tortured. In propaganda photos aimed at showing how well the captives were being treated, the POWs snuck in their middle fingers in what became known as The Digit Affair.
Funny all these old school serious photos of people who are looking dead into the camera with their hand poking up with a middle finger, sort of thing a kid would do when they are getting class photos done!
Steganography How It’s Done.
Fast forward to now and we have got digital images. While digital images images can be megabytes or more and with steganography you can hide files of megabytes or more in them.
One way they do this is Least Significant Bit Substitution (LSB)
Least Significant Bit Substitution (LSB)
Changing the least significant bit of something to send a message
FIRST WE NEED A CODE using numbers…the simplest code I can think of is
1= yes
0 =no
SET THE SCENE – I WORK IN A BANK…I WANT TO GIVE YOU A SIGNAL TO TELL YOU THE BANK IS READY TO BE HEISTED and its full of cash by using our code.
If I change the last penny of your balance to a 1 = we are good to go!
If I change the last penny of your a zero we are not good to go….
No why the last penny because it is the least significant bit
But opening an account every time is long
Where else can we find numbers?
Change the last digit of my bank account to a zero if
Explain how you could hide a code in a three digit numberwitu last no code
1 = yes
2 = no
Now what if we did it with
Odd = yes
Even = no
Then what if we messed with the last 2 digits?
Last two numbers = a letter in the alphabet
Bit more obvious so maybe it would be better if we took a 4 digit number and changed the last 2 digits
01 = a
02 = b
Pixels…
Pixels are numbers so by adjusting the data that makes the pixels in an image. Bit by bit. The pixels are the little coloured dots that make up images you see. So the megapixel cameras, so a million pixels in an image. Therefore if you change one or two slightly there is no way you can notice right!?
They do it by adjusting the lowest bits in the image, without getting into megabits and bytes. The best way of explaining this is:
Imagine each bit is a 3 digit number…
So one bit of info in the image is the number 100
If I only change the last digit of the number then it doesn’t make much difference..like lets change the last number to 1…..so that would make 101
The difference between those two numbers is minor.
If you were to change the first number in the digit that would make a massive difference!
If you changed the first digit in 100 to 2 that would make 200…which is almost twice the number..
Make sense?
Well each byte of data is 8 numbers which means we have a lot to play with.
If I can change the last digit of that number like 12345677 then there is only a little difference between the numbers right?
Imagine every byte of data is 8 bits….lets call those numbers…
So now every byte of data is like like an 8 digit number 12345678 which would be 12,345,678
If I only change the last digit of the number then it doesn’t make much difference..like lets change the last number to 9…..so that would make 12345679.
The difference between those two numbers is minor.
If you were to change the first number in the digit that would make a massive difference!
If I can change the last digit of that number like 12345677 then there is only a little difference between the numbers right?
Hidden messages
While the amount of data you can pack in is significant. I saw a demo on youtube where someone put the entire works of Shakespeare in an image of a tree that was 1 and a half megabytes.
This technique has been used for malicious purposes in the past USA Today ran a story in 2001 reporting that Bin Laden and his associates had been hiding information crucial to terrorist plots in images on pornographic websites as early as 1996.
Future of Steganography
So in Zhengs picture that he emailed to himself with the words “Nice view to keep.” there was a lot more than than a nice sunset. There were top secret docs and before you go trying to use steganography to commit your own flavour of fraud please remember that he got caught there are algorithms that can find images which have been tampered with!
I will say this though…if you want to make it harder for someone to workout if you have tampered with a pic – use a picture that you have taken and delete the original. Then there is nothing to compare it with! I mean if you see two images on a drive and one is 30 mb big. Then the other is 1 then it’s obviously that big for a reason!
The future of steganography obviously will develop as we use 3d images and VR more. More visual data means more places to hide messages. In fact it doesn’t have to be an image, it could be a social media post, some audio even a podcast.
If you want to hear the guys chat about it in detail head on over to our Patreon and sign up!
Main Sources for this episode are Motherboard, Youtube channel Computerphile and Okta.com
