The Technology Behind Spying

According to the FBI, the alleged Russian spies arrested earlier this week sent messages to each other that were hidden in seemingly ordinary image files. The technique they used is called steganography. Dartmouth computer scientist Hany Farid tells Melissa Block that freely available computer programs make it easy for anyone to embed messages in digital photos.

Copyright © 2010 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

MICHELE NORRIS, host:

From NPR News, this is ALL THINGS CONSIDERED. I'm Michele Norris.

MELISSA BLOCK, host:

And I'm Melissa Block.

Among the many fascinating facts we've learned about the 11 alleged Russian spies arrested earlier this week by the FBI, here's one that stood out. They sometimes communicated by embedding hidden messages in image files, which they posted on the Internet. This idea of hiding a message in something else is an ancient one. It's called steganography, from the Greek steganos meaning covered, so covered writing.

These days, computer programs can insert encrypted messages into seemingly ordinary text image or sound files, and here to explain is Dartmouth College computer scientist Hany Farid.

Welcome to the program.

Professor HANY FARID (Computer Science, Dartmouth College): Thank you.

BLOCK: And before we get to this modern-day application, why don't you talk a bit about the ancient ways people would use steganography?

Prof. FARID: Yes, what's great about this technology is, although there is this modern-day version that we have in the digital world, it dates back thousands of years. My favorite example of this is that the Greeks, when they wanted to send a message to their generals in the field, would tattoo a message into the back of the head of a messenger, allow the hair to grow back and then send the messenger along the way.

The idea being, of course, if they weren't intercepted, there will be nothing on their physical person that would reveal what the message was. But, of course, at the other end when they arrive, they would shave the head and there the message would be.

BLOCK: Okay, well, a bit of evolution from the Greeks to now. What allegedly did the Russian spies do? How would you do this if you wanted to get a text message inside, say, a picture?

Prof. FARID: It's actually a fairly easy thing to do because you can just download software. There are literally hundreds of freely available software packages, and the way the software works is very simple. You give it one image, which we call the cover. That's the innocuous image of the cat, your backyard, a birthday party and your message.

And the software simply combines them together, and then that image can be either posted on a webpage, sent over an email, and then, of course, at the other end, when it's received, the same software extracts the message out.

BLOCK: And according to the criminal complaint in this case, the images that they were looking at appear, as they say, wholly unremarkable to the naked eye. You really can't tell.

Prof. FARID: That's exactly right. So the beauty of this technology is you can take any digital image and because the Internet has so many images floating around, there's just no way that anybody by simple visual inspection could have determined that there was a message embedded within it.

BLOCK: And you're saying this is an easy thing to do?

Prof. FARID: Anybody can do it. So go onto your favorite Internet search engine, type steganography software download, open the software. It's as simple as using Word, really. It doesn't require any particularly high-tech technology or training of any sort.

BLOCK: What would the advantages be of using steganography, say, over, you know, sending an encoded email message or something like that?

Prof. FARID: If I'm somebody at my home and I encode a message or encrypt a message, which takes a normal message, whether it's text or an image, and scrambles it so that it's incomprehensible and I transmit that to somebody, it looks a little suspicious because the average person doesn't do that. The beauty of steganography is that it doesn't look suspicious. You're simply sending a photograph to somebody.

BLOCK: The way that this was discovered wasn't because the FBI happened to find these images and know to decode them. They found it in the physical search. They found the password for this program in the apartment of some of the defendants here, apparently.

Prof. FARID: That's exactly right. In fact, that's the very nature of steganography, is that even if they had found the images on the computer, they wouldn't have known that there was a message in it, unless they had actually found the software.

Now, there are scientists, such as myself, who are developing computer programs that can determine whether images or sound files contain an embedded message even when you can't see or hear it.

BLOCK: Aha, I would bet that's a growth industry right now.

Prof. FARID: Yeah, I mean, and cases like these actually highlight the need for this. The fact is we don't really know how prevalent this is, but we do know that some organizations and some individuals are using this technology. And because of its very nature, it's a fantastic covert technique that is very hard to detect.

BLOCK: Hany Farid, thanks so much.

Prof. FARID: Thank you.

BLOCK: Hany Farid is professor of computer science at Dartmouth. He was talking about the art and science of steganography.

Copyright © 2010 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.