Russian Spies Transmitted Messages Through Images
By Carlton Purvis
The group of Russian spies that was arrested last year after living undercover in the United States was using technology used by terrorist groups to pass covert information, according to FBI documents released on Monday.
Using false documents, the 10 spies lived and worked in the country leading normal lives on the outside, while gathering information and working to make connections with people in policymaking circles or sources with access to sensitive information.
The FBI released hundreds of documents relating to its surveillance of the group Monday morning in response to a FOIA request. The counter surveillance operation, dubbed Operation Ghost Stories, lasted for years while the FBI gathered information on the Russian Foreign Intelligence Service (SVR) operatives’ methods of information collection and distribution.
According to the FBI’s criminal complaint against “Donald Healthfield,” the alias of one of the operatives, a search of his house revealed evidence of steganography, using photographic images to hide text.
After searching the home of two other spies who had been living as a couple, authorities discovered an electronic storage device with a password-protected computer program on it. Along with the device they found a photographed piece of paper that said “alt,” “ctrl,” and “e” and a 27-character sequence. Using the 27 letters as a password, technicians were able to open a steganography program that was used to encrypt messages in images. Later after visiting Web sites found on one of the computer hard drives, they were able to find images that contained hidden messages.
“These images appear wholly unremarkable to the naked eye. But these images have been analyzed using the Steganography Program. As a result of this analysis, some of the images have been revealed as containing readable text files,” the FBI says in the complaint.
For example, there’s actually a secret image in the photo at the top of this post.
In 2001, USA Today reported that the FBI said Hamas, Hezbollah, and al Qaeda were using the same technique to outfox U.S. authorities. The paper said terrorists were using steganography to hide messages about upcoming targets in X-rated pictures on Web site forums and sports chat rooms and that jihadists had been using programs to hide data in images since as early as 1996.
In 2003, scientists were still scratching their heads over whether steganography was actually being used by anyone on the Internet. Some dismissed it as urban legend while others said the possibilities had yet to been seen.
The writer of the USA Today story, Jack Kelley, resigned in 2004 after admitting to plagiarizing and fabricating significant portions of his past stories, but that specific story may have contained some truths.
In April of 2006, the National Science and Technology Council published a federal plan for cybersecurity. Included in the plan was a section called “Detection of Hidden Information and Covert Information Flows” that addressed steganography. Its focus, however, was on the use of steganography to distribute malicious software rather than distribution of messages by terrorists noting that “the threat posed by steganography has been documented in numerous intelligence reports.”
“International interest in R&D for steganographic technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to U.S. national security. Because steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great,” the plan says.
A jihadist technical manual from 2007 talks about the best steganography software to use to avoid detection by programs designed to find algorithms in images. When the U.S. raided Osama Bin Laden’s Abbottabad, Pakistan compound in May, they reported finding a large cache of porn, however, no evidence of imminent threats came from the material taken from the compound, but it did show that bin Laden was still involved with al Qaeda in strategic and tactical levels. Reports didn’t say if steganography was used, but that would be a good explanation for all the porn.
The FBI documents on Operation Ghost Stories also include surveillance photos and videos of the Russian operatives.
To reveal the message in the photo, download the photo and use this online tool to decrypt the image.
Decrypt Tool: http://mozaiq.org/decrypt/