Ottawa PC Users' Group, Inc.
 Product Review 


Hide in plain sight
by
Chris Taylor


Everyone knows at least something about encryption. If you have something you don’t want others to know about, the best thing to do is encrypt the data. Very sophisticated encryption routines are available that would take very powerful computers a very long time to break.

But, just as banks attract bank robbers, the very existence of obviously encrypted data may draw attention to those holding or exchanging the encrypted data. Often, those who employ encryption are accused of shady or illegal activities, just because they are trying to hide something.
 

Original Water JPG Image

What if you could hide things in plain sight, such that nobody would even realize they are looking at your secret information? A systems administrator friend of mine used to use this technique to hide his many passwords. He had a chalk board that was always full of various pieces of information. Hidden amongst the directory names, planning concepts, product names, etc., were his passwords.  Of course I don't know what he would have done if someone had erased his chalk board!

 Water-with-steg JPG image
  Can you spot the difference - none!

While hiding information on a chalk board may work to keep some information readily accessible, yet hidden from the casual observer, it does have its limitations. If my friend wanted to communicate his secret information to a colleague half way around the world, he could hardly ship his chalk board. Enter the world of steganography.

Steganography is taking one piece of information and hiding it within another. The container object continues to appear and act as the original, unaltered object. As such, it does not raise any suspicions to the casual observer.

The objects that can be used as containers are almost endless, but there are some containers that lend themselves to the job better than others. Graphic and sound files seem to be the most commonly used containers. Due to their nature, the introduction of a small amount of “noise” spread throughout the image or sound is not likely to be detected, let alone interpreted. There are also steganographic tools available that will hide messages in plain text, unused space on floppy disks, slack space at the end of files, and more.

Often encryption and compression techniques are used along with steganography. That way, even if someone discovers that a file contains steganographic data, they still have to deal with the encryption before they can discover the hidden message.
Is steganography popular? It would appear so. An analysis of graphics of on E-Bay turned up a huge number that contained steganographic data. Think of it — you need to get a hidden message to someone, but you want absolutely no trail that you are communicating. You hide your message in a steganogaphic image and post it as an item for sale on E-Bay. The other person searches for your item for sale, finds the image and retrieves the hidden message.

There are lots of Steganography programs available on the Internet. A quick search at Goggle.com turned up one interesting resource site that listed dozens of programs; http://members.tripod.com/steganography/stego/software.html. 
I have placed a couple of interesting programs on PUB II for the convenience of members. They can all be found in file area 68 – Miscellaneous Utilities.

JPHS05.ZIP – JPHide and JPSeek, DOS and Windows programs that hide data in JPG images and uses encryption. These are very small programs that easily fit on a diskette.

MP3STEGO.ZIP – MP3Stego has Windows command-line and GUI programs to compress, encrypt, and hide information in an MP3 audio file.

PLAYMAKR.ZIP – Sam’s Big Play Maker takes text as input and creates a little play. Your message is hidden within the text of the play. This is truly a “hide in plain sight” method. There is no encryption and anyone who recognises the “plays” generated by this program could easily use the same program to obtain the secret message. But it is interesting.

S-TOOLS3.ZIP – S-Tools is a Windows program that can hide information in WAV audio files, BMP graphic files, or in unused space on a floppy disk.

I tried out a couple of these programs and was amazed at how easy they are to use and just how effective they can be. In one example, I used JPHide on a 60K Jpeg graphic. JPHide recommended a maximum of 6K of text to hide. I selected a 5K text file (to get a copy of this file send a message to listserve@opcug.ca and in the body of the message, put “get security” – without the quotes) and JPHide produced a 58K Jpeg file that I could not distinguish from the original.

So, if you want to hide information and easily transmit it to someone else without being accused of illegal activities, try out steganography. Fascinating stuff!


Bottom Line:

Product name
List of Steganography Programs 
Available from:  Internet
Web site: http://members.tripod.com/steganography/stego/software.html


Copyright and Usage
Ottawa Personal Computer Users' Group (OPCUG), Inc.
3 Thatcher Street, Ottawa, ON  K2G 1S6

The opinions expressed in these reviews may not necessarily
represent the views of the OPCUG or its members.