Accused spies used obscure, high-tech method of messaging
WASHINGTON — A year ago in April, the accused operative known as “Richard Murphy” and his supposed wife, “Cynthia Murphy,” booted up a computer in their Montclair, N.J., home. They visited a publicly available website and clicked on a picture. It looked innocent enough. It could have been a rabbit, say, or a sunset, anything at all.
Applying special software, they coaxed words from the innocuous imagery, a text file. Moscow was calling. A secret meeting in a suburban New York train station was proposed: “C plans to conduct a flash meeting w/ A to pass him $300K from our experienced field station rep (R). Half of it is for you. Another half is to be passed to young colleague (known to you) in fall ‘09-winter ‘10. ...
“Place: North White Plains train station (Harlem Line), quiet and deserted on weekends. No surveillance cameras. ...
“A and R meet in lower part of staircase, in dead zone. R hands over and A gets pack w/ money (A’s BN (Barnes and Noble) bag stays in your hands, A hides pack w/ money into his tote).”
Pictures used to be worth a thousand words. Now in the new world of espionage, they are a thousand words.
As the Justice Department’s case unfolds against 11 alleged Russian clandestine operatives, steganography is in the spotlight. Steganography is the practice of hiding information in otherwise unremarkable media. It is different from cryptography, the encoding of messages to protect them from prying eyes. The art of steganography is to fool prying eyes into thinking no message is being passed at all.
According to the FBI’s complaint against nine of the defendants, investigators recovered more than 100 text files that had been embedded in steganographic images and exchanged between the Murphys and their controllers in Moscow. Another pair of alleged conspirators, operating out of Boston, communicated the same way with headquarters, as did a third pair, in Seattle.
The FBI hasn’t described the pictures that cloaked the messages, except to say that they “appear wholly unremarkable to the naked eye.”
“From what’s been disclosed, this is pretty much the way you would use steganography,” said Chet Hosmer, chief scientist at WetStone Technologies in Conway, S.C., which develops tools to combat cyber crime. “You have potentially thousands of people going to a website and looking at a picture. You have no idea who put it up and no idea who of the thousands of people looking at it are receiving the message.”
There are at least 1,000 software programs to create and interpret steganographic images, Hosmer said. His company makes tools that can analyze a picture and detect anomalies that betray the presence of steganographic tampering. Yet pictures aren’t the only vehicle for secret information. Data can be embedded in videos, audio files, even streaming voice communication over the Internet.
Some of the tradecraft of the alleged agents reads like a bad spy novel, and some analysts are snickering at the furtive handoffs of shopping bags, the writing in invisible ink, the goofy dialogue to verify identities (“Could we have met in Malta?” “Yes indeed, I was in La Valetta.”)
But the extensive use of steganography is drawing more respectful notice.
“The steganography, that’s pretty hot stuff,” says Peter Earnest, executive director of Washington’s International Spy Museum and a veteran of the CIA clandestine service.