Secrets Hidden In Plain Sight

Review

FRIDAY SEPTEMBER 14, 2007 Lloyd’s List

9

Secrets hidden in plain sight An innocent looking picture can conceal enough data to present a security threat Alan Woodward A PICTURE, they say, is worth a thousand words. But businesses wanting to guard against the threat of vital data being deliberately leaked to unauthorised people outside, or even inside, the organisation, need to get to grips with the alarming reality that a picture can also conceal a thousand words. Or in some cases, even up to around 5,000 words. More than enough to betray all your most precious and commercially sensitive data — locations of newly-discovered oil fields; formulae for synthesising newlydiscovered molecules of breakthrough drugs costing millions or even billions to develop; designs of revolutionary products you are planning on being the first to bring to market; ultra-sensitive lists of hard-won customers; you name it. The idea of data concealed in pictures might sound like the plot of the next Mission Impossible movie, but it is not. And unless you are prepared to let any Tom, Dick or Harry cruise around your precious data, you need to be aware of the threat it poses. The technique used is called steganography, from the ancient Greek meaning hidden or covered writing — just as the stegosaurus was named because its back was covered in bony plates, whose real purpose is a mystery even today. But steganography was not a mystery to the Ancient Greeks, indeed they most likely invented it. The Greek historian Herodotus records that in 312 BC, Histaeus of Miletus commanded the head of his most trusted slave to be shaved and tattooed with a vitally important secret message on it. Once the slave’s hair had grown, hiding the message, Histaeus sent him as an emissary to a friendly power via enemy territory to instigate a revolt against the Persians. This example from history shows that steganographic writing can be a dangerous threat to security. Friends who betray us are always a more potent threat than people we recognise as enemies from the outset, and steganographic messages look friendly and innocent. You could devise a simple steganographic message by agreeing with your recipient that your real message will consist of the first letter of every word of your apparent message. “Bring us your invoice by Monday”, for example, would really mean “BUY IBM”. In steganographic writing the apparent message is known as the cover text and the real message is called the plain text. The innocuous appearance of the cover text in the example illustrates why stega-

Now you don’t see it: although seemingly identical, the image on the left has a 5,000 word concealed message hidden within its coding. nographic writing does not tend to set alarm bells ringing. It looks innocent, whereas a message “BUY IBM” encrypted in a simple code that consisted, say, of substituting each letter for the next letter in the alphabet — “CVZ JCN” — obviously looks suspect and would be certain to awaken the suspicions of even the most credulous member of an industrial espionage prevention team. The point is that any encrypted message will tend to raise suspicions because even though it cannot easily be read you will know it has been encrypted and will instantly conclude that something fishy is going on. In modern business, the threat of steganography has recently become a major issue in corporate life. It’s actually been a significant threat for several years as computing power available on the desktop has increased. But users have been distracted by publicity about cryptography, and steganography has rather remained in the background. It is a particularly worrying threat now because of the the massive volume of electronic communications, and the number of freely available tools that allow even a routine user to employ steganographic techniques.

By far the biggest type of threat is the potential for concealing steganographic writing within computerised images. In Microsoft Windows you can literally drag and drop your hidden text onto a picture and the deed is done. Information remains the most valuable commodity and it is precisely that which can so easily be given away or sold using image-based steganographic techniques. What is actually happening when you carry out what looks like a simple drag and drop? An electronic image is comprised of thousands of ‘picture elements’ or ‘pixels’. A pixel is a binary number that provides information on the colour or the shade of grey that should be displayed in that particular pixel. The binary number will look something like 10011011, depending on the pixel in question. The individual numbers (the 1 or the 0) are known as ‘bits’ and the further along you go to the right, the less significant the bits become in defining the precise colour of the pixel. Why does the opportunity for steganography exist? Because while each pixel is defined by a series of bits, some of these bits can be changed without affecting the resulting pixel to any discernible extent.

In a computerised image whose size is 256 by 256 pixels, making a total of 65,536 pixels, there would easily be room to conceal, say, about 5,000 words of data. This method of concealment is known rather quaintly as ‘bit twiddling’. An obvious place to conceal a secret message would be within a computerised picture that does not show any apparent changes. Bit twiddling is the most common way to conceal text within a computerised image. There are many more techniques, though, particularly when using image formats such as the now ubiquitous jpeg which many will have encountered through their digital cameras. So what is the best way to guard against image-based steganographic betrayal? The first step is to recognise that it is a potential problem and get help to understand what tools are likely to be available to a malicious team member. You also need to know the manner in which these tools can be used because they often leave little trace of their presence. Some are even termed ‘zero footprint’ by those who develop them. But help is at hand because dedicated teams of experts have been making available tools to help detect steganography.

The technique they use is known as ‘steganalysis’. Steganalysis is as much an art as a science. The detection tools need to be deployed so that the appropriate steganalysis resource is used in the appropriate situation. Admittedly, this is not easy, when the range of steganography tools and the steganalysis counterparts have proliferated and are proliferating just as the threat from viruses did when they first emerged into the IT environment. Charteris began its own anti-steganography work as a technical exercise but soon became alarmed at what its experiments were showing: not just about the power of the steganography tools available, but also about the degree of care that needs to be applied to combat this potent security hazard. Taking the threat of betrayal by apparently innocuous pixels seriously will lead you to put into practice the measures necessary to defend against it. And you do need to take this threat very seriously indeed. The stegosaurus may be long extinct, but steganographic treachery is, unfortunately, here to stay. Alan Woodward is chief technology officer at the business and information technology consultancy Charteris.

A Tudor tale of cunning, Unsung heroes of Admiralty salvage greed and dastardly plots finally awarded due recognition Terry Sutton IN MORE dangerous times, England’s principal secretary to the Queen financed pirate raids from his own pocket just to provoke foreign owners. That was more than 400 years ago, when Protestant England was threatened by a dangerously Catholic Spain. The courtier trying to provoke trouble was Sir Francis Walsingham, born in Kent around 1532, and who died in 1590. Author Derek Wilson, an authority on the Tudor period, paints a picture of the Kent-born Walsingham as a venture capitalist who relished a spot of risk-taking. He a d m i re d t h e e x p l o i t s o f b o l d mariners like Sir Francis Drake and the mercantile explorers so much that he used his ow n w ealth to sp ons or Drake’s 1577-1580 voyage around the world. But Walsingham took a further step, and one that put his career in jeopardy, when he re-invested a substantial chunk of profits from Drake’s earlier circumnavigational voyage in the Golden Hind in a venture to attack Spain’s home-returning fleet carrying silver. The scheme was for Drake to take a small fleet to Terceira in the Azores and use it as a base to attack the Spanish silver fleet returning from the New World. Drake’s ships would be flying under another flag to preserve the fiction of Elizabeth’s lack of involvement in the affair. “In reality the Queen and Walsingham were to be major backers in the venture, and hoped for a pecuniary return similar

to that of Drake’s previous expedition,” Wilson says. Walsingham knew his mistress well enough to be sure that she would be dazzled by the gold once it was seized. But at the last minute, Elizabeth ordered the project to be put on hold, by which time, as Drake pointed out, it was too late, anyway. The treasure fleet had safely reached Spain and Drake had to pay off his men and sell all his provisions. He may have been thwarted in this particular escapade, but Walsingham still proved to be an expert intelligence chief and top spycatcher for his Queen. Jesuits were secretly putting ashore Catholic priests and spies in inlets and coves in Kent and Essex, whose nefarious task was to covertly ferment unrest among the English population in advance of an invasion by the foreign enemy. But Walsingham, with his army of spies and agents in foreign capitals, was able to hunt down the interlopers. Several were tortured into giving information that could be used against English Catholic nobles who were plotting against the Queen in the hope of returning England to the religion of Rome. As Wilson points out, this was an era of spin-doctors, state-sponsored terrorism, with hit men hired to eliminate heads of state and religious fanatics invoking holy war and willing to die a martyr’s death. How little some things have changed. Sir Francis Walsingham, a Courtier in an age of Terror, by Derek Wilson. Published by Constable in hardback £18.99

Sandra Speares ADMIRALTY salvage, both in war and in peacetime, has never received the recognition it deserves, with tales of heroism by salvage crews often going unacknowledged by the authorities and the public. Author Tony Booth, whose previous book documented the mammoth task of salving the German fleet scuttled in Scapa Flow at the end of the First World War, has set out to remedy the omission with a look behind the scene of some the most daring salvage operations of the last century. If Admiralty salvage really came to the fore during the First World War, the concept was pioneered more than 200 years ago when HMS Victory’s sister ship, the Royal George, sank with the loss of nearly 1,000 lives. The casualty was officially blamed on rotten timbers, although it is suggested here that one of the ship’s officers was to blame. Some historians claim the Navy Board was not keen to see the ship salved, because it might prove that there was nothing structurally wrong. Early innovators in the world of salvage were the Deane brothers, who recovered material from the Royal George and also discovered the wreck of the Mary Rose. The Royal Navy salvage divers’ somewhat bizarre motto: “Grope, Grub & Tremble”, was in fact a reflection of the difficulties the early divers encountered. Those working on underwater wrecks had to grope their way through them in the dark, search for and pull up (or ‘grub’) material by hand, trembling with fear as

they did so because of the dangers of the job. An early, and ultimately unsuccessful, salvage operation in 1906 was that of the Montague, which the author describes as a good example of what happens when a senior naval officer with no understanding of salvage is in control. “Throughout the next hundred years, this familiar pattern would unfold all too regularly as the salvage section and the rigid naval command structure at the time clashed over how best to save ships,” Booth says. A more successful war time salvage was that of the hospital ship Asturias, with a good account here of the difficulties encountered by the successful salvors, not to mention the courage of the divers. The war years also saw amendments made to the 1894 Merchant Shipping Act to enable the Admiralty to claim salvage. An early controversial Admiralty salvage of a general cargo vessel was that of the Clan Southerland, which was looted by some of the crew of HMS Bittern during the course of the operation. As the crew of the HMS Bittern was subsequently lost in a collision, they were punished posthumously by Mr Justice Hill, by having their salvage award withdrawn. If the incident was of considerable embarrassment to the Navy at the time, it is counterbalanced by many moving accounts in the book of the courage and self-sacrifice of crews and salvors alike. At the outbreak of the Second World War, further changes were proposed to legislation which would effectively give the Admiralty full salvage rights, a move

opposed by the Chamber of Shipping at the time, who argued that a fair deal on salvage awards would not be possible if the Admiralty had an effective state monopoly on salvage. The Admiralty’s relationship with commercial salvage companies was equally strained, particularly as far as compensation payments in the event of salvors’ deaths during operations were concerned. Skilled salvage operators were at a premium and over-stretched during the war years. It was not uncommon for a senior salvage master to have more than 12 operations in progress at the same time. Remuneration appears to have been impressive — one salvor was apparently earning more than Winston Churchill during the war years — although perhaps not when you consider the risks involved. Although much of the book is devoted to the two world wars, the author explores some of the major postwar salvage operations, including those of tonnage sunk in the Suez Canal during the Suez Crisis. Peacetime salvage operations mentioned here include the salvage of the BOAC de Havilland Comet Yoke Peter, an operation to have far reaching implications on aircraft design, the Derbyshire and the Al Salaam Boccaccio 98 during which the MOD’s Salvage and Mooring Operations division assisted in locating the black box. The book is a fitting tribute both to the salvage industry and Merchant and Royal Navy crews. Admiralty Salvage in Peace & War 1906-2006 by Tony Booth is published in hardback by Pen & Sword, £19.99.