Hide your crypto like a real spy

Hide your crypto like a real spy

Summary: The German government employee recently arrested for spying for the US hid his encryption software using a kind of steganography.

SHARE:
4

Not many of us have good reasons to go to a lot of trouble to hide our software or content. But some people do need to hide things, and there are good ways and bad ways to do it. A current news event reminds of one of my favorites.

It's part of the story of a German employee of the country's foreign intelligence service (BND) being arrested for spying for the United States. According to the German magazine Der Spiegel, the employee had a special encryption program hidden in another program (warning, the English translation is not very good).

The employee's computer had a weather app on it. When you asked for the weather for New York, it opened a secret crypto program. It's not clear whether this computer is a full desktop or a phone or whatever. Nor is it clear whether the secret crypto program was found by the German authorities or given up by the employee. (If the authorities found it, then it's not so clever after all.)

This, it seems to me, is a form of steganography, the art and science of hiding things inside other things. The classic example of steganography is to hide a secret message inside a JPG file. JPGs can be large without arousing suspicion. If every 500th bit in the JPG were really the content of the message, the JPG would be visually indistinguishable from the original, but the message could be extracted by another party that had a shared key. Search for "Steganography software" and you'll find several examples of programs to do this.

By contrast, if you have clearly encrypted files on your system and it's searched, those files will arouse suspicion. In some places, if you refuse to turn the password over the police they can lock you up.

The idea of hiding programs inside other programs is also really clever, although I can think of general ways to defeat it. Assuming the "app" in question is a hacked version of a well-known app, the hack would break a digital signature or CRC on the file. A good whitelisting system works by checking these values for files against known-good ones, so it would likely detect a hacked program. If it's not a well-known app, that too might look suspicious.

It's always been a general rule that steganography is best used for small amounts of data, but the rule doesn't work quite as well as it used to. It doesn't look fishy anymore for you to have a folder on Google Drive with 50GB of shared family photos and videos, but you can hide a lot in those files.

(via Bruce Schneier)

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • double agent, tripple agent, multiple agent

    First accused of spying for Russia he confessed to spying for the US... but was he spying for Russia and China too??? only the shadow knows for now...
    greywolf7
    • The article

      says he tried to offer his services to Russia, but was intercepted by the BND.
      wright_is
  • Technically...

    ... this used to be called an Easter-egg, still a fine tradition in the gaming world today. Without a completely accurate whitelist of all applications available on the device in all versions available, the detection probability rapidly trends to zero. Which is almost certainly a factor in the choice of methodology. And which leads me to conclude that the agent likely gave it up.
    Brian J. Bartlett
  • The neat thing about stenography

    is that police agencies intent on arresting innocent suspects for the purpose of intimidating them into betraying others, or intimidating the general populace, can use very creative ways to "find" bogus "evidence." The "Bible code" books come to mind, along with the numerous attempts to "find" codes in Shakespeare with hidden messages saying someone else wrote the Shakespearean plays.

    An old underground joke from East Germany tells about a musician arrested by the Stasi (secret police) on a train as he studied a music score. After many hours of interrogation, during which he was beaten, kept awake, deprived of water, etc. as they asked him over and over, what was that secret message he was reading, he continued to tell the truth: it was a fugue by Bach that he planned to perform soon.

    Finally, another agent came in and handed a "note" to the interrogator, who then said, "You might as well come clean. Your friend Bach just confessed."
    jallan32