Imagine your computer is infected. The virus that has infiltrated your machine commands it to perform tasks and open applications that you would normally use–except you’re not there to run them. At the same time every day, it launches Twitter, then generates user handles and hunts through tweets. It searches and waits until, bingo—it finds a recently tweeted link that leads to a photo of a flower.
But, this is no ordinary photo. Laced into the Github image file’s long string of code are secret instructions that it needs to extract and upload information from your compromised computer to an internet cloud service set up by a hacker.
This is how the virus known as Hammertoss, purportedly created by a Russian government-supported group called APT29, obtained information from a few oblivious high-value companies. In early 2015, the United States cybersecurity company, FireEye, was able to follow the malware’s digital trail as it hopped between three websites: Twitter, GitHub, and internet cloud storage services. Hammertoss was able to hack into computers after it collected and pieced together instructions concealed in the guise of innocent pictures—an information-hiding technique known as steganography.
Today, criminals, hackers, terrorists and spies rely on these kinds of of information-hiding techniques. The more layers and steps it takes to send a secret message, the easier it is to shake security experts off the trail. These techniques are not limited to breaking into computers. A whole new form of communication is stewing in the depths of the internet, permitting people to send anything from a leaked Beyoncé song or a PDF of a banned book, to a file filled with child pornography and instructions to bomb a building, all hidden inside the files of innocuous-seeming photos, videos, or audio.
Steganography has been used for communication since long before computers or the Internet ever existed. The ancient Greek historian Herodotus documented the earliest known example of the information-hiding method in 440 BC, when a man carved an urgent war message onto a wooden tablet. He coated the tablet in wax so he could easily smuggle the unsuspecting item past enemy lines. Herodotus also described how Greek generals would tattoo messages on a slave’s scalp. When the slave reached their comrades, they would shave the regrown hair and read the next plan of attack.
The modern incarnation of this stealthy communication mechanism works along similar lines—a message piggybacking on digital carriers, or seemingly innocent data. “If you don’t see it, and you don’t know whether something is hidden, you do not have any signs that something suspicious might be going on,” says Wojciech Mazurczyk, a computer scientist at the Warsaw University of Technology in Poland, who has been developing and researching digital information-hiding techniques for over 10 years.
Johannes Trithemius, a German abbot, invented the term “steganography” and wrote one of the earliest publications on secret information hiding, Steganographia written in in the late 1490s. This is a replication of a chart from the text by John Dee, a philosopher for Queen Elizabeth I. (Photo: National Library of Wales/Public Domain)
Mazurczyk and his colleagues define steganography in the digital realm as a method of hiding and sending messages (both innocent and nefarious) in the long codes of digital files or in the sea of network data.
The array of file carriers and routes make it tricky for steganalysts—21st century hidden message detectives—to find these transactions. Mazurczyk and Berry are two detectives among a class of highly specialized computer scientists who have the important job of thinking like cybercriminals in order to catch their deviant messages. They build advanced steganography programs to understand how to track them down in the real digital world.
To put a stop to Hammertoss, Berry explained that they had to reverse engineer the malware, or unpack the code to figure out how it behaved. Viruses like Hammertoss are a concern because they take advantage of services that many use every day. “This is sort of like the cusp of sophistication—the best well thought out sample of malware. We view this as where malware is going, which is going to be difficult for organizations to detect this kind of activity.”
Some steganalysts create programs to solve crimes, while others create them to give internet users a means of privacy in an age when all your digital behavior is harnessed online. Meanwhile, criminals continue to sharpen their own information-hiding skills. While there are no tools out in the dark net as sophisticated as the programs developed by academics, cybersecurity specialists around the world continue to create these programs in order to learn how to detect and eliminate the threat of the next terror plot or dangerous computer and network virus.