Linux Format

Encryption Outguess...........................

How to hide your secret informatio­n in plain sight

-

Hide your private data in ordinary files with this most excellent steganogra­phy program and the curiously named Nate Drake.

Hide your private data in ordinary files with this most excellent steganogra­phy program and the curiously named Nate Drake.

Back in 440BC, the tyrant Histiaeus, knowing his messages were being intercepte­d, shaved the head of his most trusted slave (an oxymoron [sharp dull–Ed] if there ever was one) and tattooed a message to his vassal Aristagora­s. Time was clearly abundant as the slave was allowed to wait until his hair regrew, then duly sent off with a harmless-looking letter in hand. He asked Aristagora­s to shave his head and read the real message on arrival, which instructed the vassal to revolt against the Persians.

If we overlook momentaril­y the fact that it would have been far easier to give the slave the secret message to deliver orally [not that trusted?–Ed], this is the first recorded use of steganogra­phy, where a secret message is hidden inside an ordinary looking one.

In our modern wired world where we don’t have time to sit and watch the bristles regrow, steganogra­phy (often shortened to ‘stego') is accomplish­ed through various computer programs. While there are many stego programs available, all work on roughly the same principle. First a secret file is created, such as a text document with a message. This is then placed inside a harmless looking container file such as a picture of your pet kitten.

Certain files such as images contain seemingly random digital ‘noise’ caused by outside factors such as a camera sensor or through some compressio­n technique. Stego tools exploit this noise by hiding the images inside it. It’s extremely difficult through analysis of the data alone to tell the difference between a file with garden variety ‘noise’ and a stego file containing hidden data.

Sneaky steganalys­is

As promising as stego looks on paper, in the past it has been something of a digital arms race, with tools being developed to hide images just as fast as other programs are created to detect the use of steganogra­phy in files.

There was a brief flurry of worry about this in 2001 when various news sites such as USA Today reported that terrorists were communicat­ing through images posted online in sports chat rooms, adult websites and bulletin boards.

Researcher­s have devoted months of tireless study to this subject. In brief, it’s extremely difficult to prove a negative, ie, that any given file categorica­lly does not contain some form of secret message.

This of course works both ways. With the right tools and some common sense you can use steganogra­phy to protect your darkest secrets while seemingly sharing harmless media files around the internet.

You may wonder why you would choose this over using regular encryption programs to protect your data. The reason is that each time you send a password-protected file or email to your contact, although it may not be possible to tell what you’re sending, anyone who intercepts your message will know you’re hiding something and investigat­e further.

During the Cold War, spies used to drop off and pick up packages at designated ‘dead drops’ which they’d agree with a contact. Any discrete location was suitable and there was no requiremen­t for the spy and their handler to visit the dead drop at the same time.

Steganogra­phy can operate as a form of digital dead drop. If, for instance, you hide your files inside an image and then upload that image to a website, you don’t even need to be

 ??  ?? Nate Drake is a freelance technology journalist who specialise­s in cybersecur­ity and retro tech.
Nate Drake is a freelance technology journalist who specialise­s in cybersecur­ity and retro tech.
 ??  ?? The USA Today article claiming Bin Laden used stego. Niels Provos, creator of Outguess, searched thousands of images online and found no evidence of this.
The USA Today article claiming Bin Laden used stego. Niels Provos, creator of Outguess, searched thousands of images online and found no evidence of this.
 ??  ?? The Tails OS being used to install Outguess. Visit http://tails.boum.org to install it to a USB or DVD.
The Tails OS being used to install Outguess. Visit http://tails.boum.org to install it to a USB or DVD.

Newspapers in English

Newspapers from Australia