Everyone knows at least something
about encryption. If you have something you don’t want others to know about,
the best thing to do is encrypt the data. Very sophisticated encryption
routines are available that would take very powerful computers a very long
time to break.
But, just as banks attract bank robbers,
the very existence of obviously encrypted data may draw attention to those
holding or exchanging the encrypted data. Often, those who employ encryption
are accused of shady or illegal activities, just because they are trying
to hide something.
What if you could hide things in plain
sight, such that nobody would even realize they are looking at your secret
information? A systems administrator friend of mine used to use this technique
to hide his many passwords. He had a chalk board that was always full of
various pieces of information. Hidden amongst the directory names, planning
concepts, product names, etc., were his passwords. Of course I don't
know what he would have done if someone had erased his chalk board!
While hiding information on a chalk board
may work to keep some information readily accessible, yet hidden from the
casual observer, it does have its limitations. If my friend wanted to communicate
his secret information to a colleague half way around the world, he could
hardly ship his chalk board. Enter the world of steganography.
Original Water JPG Image
Water-with-steg JPG image
Can you spot the difference? - none!
Steganography is taking one piece of information
and hiding it within another. The container object continues to appear
and act as the original, unaltered object. As such, it does not raise any
suspicions to the casual observer.
The objects that can be used as containers
are almost endless, but there are some containers that lend themselves
to the job better than others. Graphic and sound files seem to be the most
commonly used containers. Due to their nature, the introduction of a small
amount of “noise” spread throughout the image or sound is not likely to
be detected, let alone interpreted. There are also steganographic tools
available that will hide messages in plain text, unused space on floppy
disks, slack space at the end of files, and more.
Often encryption and compression techniques
are used along with steganography. That way, even if someone discovers
that a file contains steganographic data, they still have to deal with
the encryption before they can discover the hidden message.
Is steganography popular? It would appear
so. An analysis of graphics of on E-Bay turned up a huge number that contained
steganographic data. Think of it — you need to get a hidden message to
someone, but you want absolutely no trail that you are communicating. You
hide your message in a steganogaphic image and post it as an item for sale
on E-Bay. The other person searches for your item for sale, finds the image
and retrieves the hidden message.
There are lots of Steganography programs
available on the Internet. A quick search at Goggle.com turned up one interesting
resource site that listed dozens of programs:
I have placed a couple of interesting
programs on PUB II for the convenience of members. They can all be found
in file area 68 – Miscellaneous Utilities.
JPHS05.ZIP – JPHide and JPSeek,
DOS and Windows programs that hide data in JPG images and uses encryption.
These are very small programs that easily fit on a diskette.
MP3STEGO.ZIP – MP3Stego has Windows
command-line and GUI programs to compress, encrypt, and hide information
in an MP3 audio file.
PLAYMAKR.ZIP – Sam’s Big Play Maker
takes text as input and creates a little play. Your message is hidden within
the text of the play. This is truly a “hide in plain sight” method. There
is no encryption and anyone who recognises the “plays” generated by this
program could easily use the same program to obtain the secret message.
But it is interesting.
S-TOOLS3.ZIP – S-Tools is a Windows
program that can hide information in WAV audio files, BMP graphic files,
or in unused space on a floppy disk.
I tried out a couple of these programs
and was amazed at how easy they are to use and just how effective they
can be. In one example, I used JPHide on a 60K Jpeg graphic. JPHide recommended
a maximum of 6K of text to hide. I selected a 5K text file (to get a copy
of this file send a message to firstname.lastname@example.org and in the body of the
message, put “get security” – without the quotes) and JPHide produced a
58K Jpeg file that I could not distinguish from the original.
So, if you want to hide information and
easily transmit it to someone else without being accused of illegal activities,
try out steganography. Fascinating stuff!
List of steganography programs
Originally published: December, 2001