PHOTO CREDIT: Anna Utekhina/iStockphoto
Yesterday’s New York Times reported that the Justice Department had arrested a Russian spy ring in the United States. The articles read like chapters of a Ludlum book.
The whole story is tremendously weird, starting with the fact that there were Russian spies trawling for state secrets in Montclair, New Jersey (home to a Starbucks, a Talbots, and a Supercuts, but crucially bereft of a CIA, an FBI, or any other of the 16 intelligence agencies that pepper our nation).
The so-called “Illegals Program” was a decade-plus-long effort by the SVR (the Russian Foreign Intelligence Service, a descendant of the KGB) to create a deep-cover network of suburban spies. At least five couples made like Tim Robbins in Arlington Road, grilling burgers on the patio while they “gathered information on nuclear weapons, American policy toward Iran, CIA leadership, Congressional politics and many other topics.”
Over the next couple of months, many little political tales of spy-agency inside baseball will likely surface, but these stories will unfold in the New York Times, not in Spectrum.
No, what’s interesting is how these Cold War relics communicated with their contacts. They uploaded images--into which they had embedded secret messages--to certain websites, where their contacts could download and decode them. If the Illegals had used a better method to communicate, they might have evaded detection. Is it possible that these spies were thwarted at least in part by their reliance on out-dated steganography programs?
The idea behind steganography is this: instead of making your data unreadable with encryption, you’re hiding the fact that there’s data at all. So, for example, the classic example is the secret message hidden in a seemingly innocuous picture of a cat. The algorithms generally conceal the secret payload in pictures by altering the least significant bit of the pixels in the image.
And in fact, that’s pretty much the method the spies used. According to the UK Register, SVR provided the Illegals with a steganography software that was “not commercially available."
After they encoded their messages into pictures using this software, they uploaded the images to certain web sites from which their contacts could then download them, reverse the stego algorithm and retrieve the secret message. But, the same images that let them communicate freely, were what busted them in the end. According to the Register, “a New Jersey search uncovered a network of websites, from which the alleged spies had downloaded images. Some of the images have been revealed as containing readable text files.”
Here’s the thing. This isn’t some fancy new technology. Steganography algorithms for concealing data in images has been around since at least the early 1990s. According to Chet Hosmer, the chief scientist at digital forensics outfit WetStone Technology, the number of steganography programs has risen from a handful in the late nineties to about 250 today.
More importantly, using them to hide information is not some elite hacker skillset. In fact, Warsaw University of Technology professor Krzysztof Szczypiorski says it’s more akin to using Microsoft Word. Szczypiorski is one of the white hats behind stegano.net, a project that specifically seeks out new steganography algorithms with the objective of finding ways to crack them.
Steganography is becoming the tool of choice for a whole cadre of criminals a lot more daunting than these putative Borises and Natashas. It’s been used to exfiltrate sensitive data in corporate espionage, state sponsored espionage, and oddly enough--by gangs. Hosmer told me that gangs often use steganography to encode details into the pictures on their gang web sites. Right now you’re probably thinking, “gangs have web sites?” Me too.
What’s odd here is that the SVR went with such an old-school steganography method, one that leaves traceable evidence. Because there’s a lot better stuff out there. Steganography evolves alongside technology, and now you can choose ways of covertly smuggling information that leaves no trace.
Szczypiorski and his colleagues Józef Lubacz and Wojciech Mazurczyk wrote about the evolution of steganography in Spectrum a couple of months ago. The malevolent kitty picture might be the public face of steganography, but as technologies goes it’s actually old hat. Instead of leaving behind an artifact of your wrong-doing for the Justice Department to download, new stego programs use ephemeral channels that disappear when the communication has been completed. It’s called network steganography. You can do it in real time, you can transmit huge amounts of data, and you can do it without leaving behind any artifacts to implicate you.
If the Russian spies had known about these new protocols, they might not have gotten caught so handily. You can bet that the non-Russian spies in the United States (insert your own xenophobia here) are using more sophisticated methods to phone home.