NCPA - National Center for Policy Analysis

Secret Code in Web Images?

September 26, 2001

Terrorists are probably not hiding messages in web images according to research from the University of Michigan. The FBI has suggested recent terrorist atrocities could even have been coordinated using steganography -- the science of obfuscating communications -- in images uploaded to ordinary internet sites.

There are several methods available for hiding messages in Internet images:

  • Messages can be hidden within redundant parts of the digital information used to generate images in formats such as JPEG.
  • Because the message itself disappears, this offers advantages over encryption, which only hides the meaning of a message.
  • More advanced methods involve using active, as well as redundant parts, of the underlying code.
  • As an extra layer of security, a message might also be encrypted before hiding.

Writing in their paper, "Detecting Steganographic Content on the Internet," Provos and Honeyman employed a bank of distributed computers to check millions of images. They also ran computer programs to analyze image alterations and verify if changes could be explained by normal copying errors. Yet, weeks of analysis revealed no hidden messages.

The technique may not be infallible. Sushil Jajodia of the Center for Secure Information Systems at George Mason University in Virginia stresses that there are far simpler methods for hiding communications such as using a code word in a telephone conversation or a radio broadcast would be far easier to communicate in secret.

Another expert, Magnus Ranstorp, agrees that groups do use encryption, but often the most important information is relayed by human couriers using non-technologically means.

Source: Will Knight "Massive search reveals no secret code in web images," New Scientist, September 25, 2001.


Browse more articles on Government Issues