Hiding Messages: The You-Will-Not-Pay-Attention Tactic
December 9, 2024
This blog post flowed from the sluggish and infertile mind of a real live dinobaby. If there is art, smart software of some type was probably involved.
I worked on a project in Bogota, Columbia. One of the individuals with whom I interacted talked about steganography. This is a method for placing “content” inside of images. At the time which was probably a decade ago, the law enforcement officials in Columbia had encountered certain bad actors passing messages using steganography within images of a day at the beach with kids, beach balls, and happy gringos.
“Square Zero: Hide Silly Messages in Decorative Borders” explains how an innocuous graphic element in an image or any content object can convey information about a drug deal, a weapons pick up point, or a money laundering contact location. The write up says:
So how successful was the card [containing the swizzled border]? Well, we sent out about 40 of them; almost no one realized there was a puzzle on the card. Once nudged, most folks realized it was the border, and quite a few guessed binary was involved. At this point I’d suggest decoding it. The most common reply? “I think I’ll go on living my life, but thanks”
That’s the purpose of steganography: Making the message invisible or “secret.” Steganography, according to the online ad vendor Google, is “the practice of concealing information within another message or physical object to avoid detection.” The example described in the cited blog post works.
If you want to fiddle around with the technology, the cited article contains code and some technical explanation. I want to call your attention to what might be accomplished in an activity involving big money and real life-and-death circumstances. Consider this border which I downloaded from Free Clipart:
Let’s assume that a bad actor has encoded a message in this clip art.
To make the challenge more interesting, the bad actor has included additional information is an image embedded in the manipulated clip art frame:
How can this double up message embedding be accomplished? The answer is, “Use the sample code provided and some odds and ends from GitHub, and you are good to go.”
Does this application of “borders” and embedded images pose challenges to analysts, investigators, and law enforcement professionals? Some information, as I have stated before, should not be out and about, providing bad actors with ideas and enablers.
Stephen E Arnold, December 9, 2024
Comments
Got something to say?