Spy tools: Hide private data in other files on Linux
Hide your private data in ordinary files with this most excellent steganography program and the curiously named Nate Drake.
Back in 440BC, the tyrant Histiaeus, knowing his messages were being intercepted, shaved the head of his most trusted slave (an oxymoron if there ever was one) and tattooed a message to his vassal Aristagoras. Time was clearly abundant as the slave was allowed to wait until his hair regrew, then duly sent off with a harmless-looking letter in hand. He asked Aristagoras to shave his head and read the real message on arrival, which instructed the vassal to revolt against the Persians.
If we overlook momentarily the fact that it would have been far easier to give the slave the secret message to deliver orally, this is the first recorded use of steganography, where a secret message is hidden inside an ordinary looking one.
In our modern wired world, where we don’t have time to sit and watch the bristles regrow, steganography (often shortened to ‘stego’) is accomplished through various computer programs. While there are many stego programs available, all work on roughly the same principle. First, a secret file is created, such as a text document with a message. This is then placed inside a harmless-looking container file such as a picture of your pet kitten.
Certain files such as images contain seemingly random digital ‘noise’ caused by outside factors such as a camera sensor or through some compression technique. Stego tools exploit this noise by hiding the images inside it. It’s extremely difficult through analysis of the data alone to tell the difference between a file with garden variety ‘noise’ and a stego file containing hidden data.
SNEAKY STEGANALYSIS
As promising as stego looks on paper, in the past, it has been something of a digital arms race, with tools being developed to hide images just as fast as other programs are created to detect the use of steganography in files.
There was a brief flurry of worry about this in 2001 when various news sites such as USA Today reported that terrorists were communicating through images posted online in sports chat rooms, adult websites and bulletin boards.
Researchers have devoted months of tireless study to this subject. In brief, it’s extremely difficult to prove a negative — i.e. that any given file categorically does not contain some form of secret message.
This, of course, works both ways. With the right tools and some common sense, you can use steganography to protect your darkest secrets while seemingly sharing harmless media files around the internet.
You may wonder why you would choose this over using regular encryption programs to protect your data. The reason is that, each time you send a password-protected file or email to your contact, although it may not be possible to tell what you’re sending, anyone who intercepts your message will know you’re hiding something and investigate further.
During the Cold War, spies used to drop off and pick up packages at designated ‘dead drops’ which they’d agree with a contact. Any discrete location was suitable and there was
no requirement for the spy and their handler to visit the dead drop at the same time.
Steganography can operate as a form of digital dead drop. If, for instance, you hide your files inside an image and then upload that image to a website, you don’t even need to be online at the same time as your contact, nor do you even need to know one another.
TAILS OF OUTGUESS
Niels Provos’ excellent command line utility Outguess is the chosen stego tool for this tutorial. This is firstly because it is available to install from Ubuntu/Debian repositories and also because it’s very simple to use.
Although the tool hasn’t been updated for a while, it is futureproofed by allowing you to hide two messages inside a container file with separate passwords. This works in a similar way to the plausible deniability feature in encryption programs such as VeraCrypt. If ever a way is found to detect the use of stego in your files, you can use the decoy password to reveal some pre-prepared fake information.
One way that your use of stego can be detected is by analysing your hard drive for the presence of Outguess or checking your internet history to see if you’ve downloaded it. For this reason, we recommend using the TAILS operating system for this project.
TAILS loads entirely into your RAM memory so all traces of activity are lost a few minutes after you shut down the machine, including the files you used and the Outguess program itself.
Another advantage of TAILS is that it routes all connections through the Tor network. This makes it virtually impossible for anyone monitoring your connection to tell that you’ve downloaded TAILS, nor where you have uploaded your container file with the hidden message.
BEGIN YOUR BOGUS JOURNEY
For the purposes of this project, imagine that you have been able to purchase the coveted Bill and Ted’s Most Excellent Collection on DVD, which comes complete with both films and the extras disc with the instruction video on how to play air guitar professionally.
You are rightly concerned about this prized possession being stolen so decide to bury the DVD box set, so you can dig it up and sell it 20 years from now.
After hiding the box set, you decide you want to share the location with a trusted relative in case you’re unable to retrieve it. You meet with them privately to agree on a password to use and that you’ll hide the location inside the image of an antique Chippendale cabinet.
As you both live in a police state where the government has a hankering for ‘90s classics, you also agree on a decoy password that either of you can enter under duress to reveal a false location.
You both also agree to use a Live DVD to install Outguess and encode/decode files to make sure there’s no trace of the tool on your respective machines.
You decide to use a QR code to store the GPS coordinates of both the real location of the DVD box set and a fake location, as these are easy to scan into a phone and open in apps such as Google Maps.
Once the stego file has been prepared, your friend can retrieve it at any time to work out where the Bill
and Ted film offering is hidden.
STEGO THE DUMP
Although using Outguess from a bootable version of Linux such as TAILS will remove all traces of tools and any files you worked on, it won’t delete the original secret and container files. Ideally, you should create these while in the ‘Live’ system, but if not use the shred command on relevant data once you’re finished.
One important point: whether you use an image, sound file or video, remember to record it yourself. If a copy of the original ‘un-stegged’ file is available online, it can be compared to yours and the use of steganography can be detected. If you decide to upload a series of photos of the same item such as an antique cabinet, remember that these should all be roughly the same size.
When agreeing the password with your contacts, work out a system whereby they’ll know where to find the container files. For instance, you might agree to post a classified advert at a set time each week or you might list a certain phone number alongside each image containing hidden files.
Many sites compress or otherwise alter media files after upload. Try to find one that allows you to upload files unaltered or post a link where the original can be downloaded.
If you live in a jurisdiction with compulsory key disclosure laws, such as the UK, then technically, you must surrender all keys in your possession when ordered. This includes both the bogus password and the real one. Take time to check the legality of using stego and withholding the real password where you live.