Hidden Images, A New Challenge in the Fight Against Child Porn

“Progress always involves risk; you can’t steal second base and keep your foot on first,” Fredrick Wilcox observed. The technological progress of computer science and the Internet changed the way we lived in the 20 th century, and will continue to mold our way of life this century. However, this progress is not without risk. The law enforcement community is well aware of this, as the computer criminal seems to be one step ahead of investigators in terms of technical sophistication. For example, we only recently recognized that child pornography is available on the Internet in epidemic proportions. On-line investigators are doing their best to play “catch-up” to apprehend and prosecute these sexual predators. However, there is a tool, available both for sale commercially and for free via the Internet, which will make it exceedingly difficult to investigate these offenses. This tool is called Steganography .

The word steganography comes from the Greek steganos , meaning covered or secret, and graphy , meaning writing or drawing. Therefore, steganography literally means covered writing. “Steganography differs from encryption in that encryption disguises the content of a message, whereas steganography disguises the existence of a message.” Encryption takes a message and translates it using a code. An encrypted message appears to a viewer as a bunch of gibberish, thus making it clear to the viewer that he/she is looking at an encrypted message. One would need the code to return the encrypted message into its original form, much like a child would use a Dick Tracy decoder ring to decode a secret message given during the once popular radio program. However, if steganography has been used on a message, the viewer would not be able to tell that the message contains a hidden message within it. To use another childhood example, the writing of a message using invisible ink would constitute steganography. If you knew that a piece of paper had an invisible message on it, you could uncover the message using specific tools; otherwise, you would think you were looking at a blank piece of paper.

Steganography is many centuries old. In fact, one of the first documents describing steganography as well as one of the first uses of steganography comes from ancient Greece. In that time period, text was written on wax covered tablets. A Spartan general wanted to notify Sparta that an invasion of Greece was planned. To avoid being detected, he scraped the wax off of the tablets and wrote his message on the underlying wood. He then covered the tablets with wax again. The tablets thus appeared to be unused so they passed inspection by sentries without detection.

Perhaps the most famous use of steganography was the microdot, used by the Nazis in World War II. The microdot was a photograph that was reduced to the size of a typewritten period. This period could then be used at the end of an innocuous sentence. The person who received the message could enlarge the microdot back to full size to view its content.

Modern steganography techniques work in the same manner. The data to be concealed is compressed and hidden within another file. The hidden message may be placed inside the white space of text messages or the dark areas of a photographic image, or within the unused portions of a digital file format. The first item needed for steganography is called a carrier or a container. This can be a text file, graphic file or sound file which will host the message that is desired to be hidden. The carrier or container is innocent looking so that it does not arouse the suspicion of anyone viewing it. The next step is to embed the message one wants to hide within the carrier using a steganographic technique. One of the simpler techniques is to “replace the least significant bit of each byte in the [carrier] with a single bit for the hidden message.” Other more sophisticated methods include “selecting certain bytes in which to embed the message using a random number generator; resampling the bytes to pixel mapping to preserve color scheme, in the case of an image…; hiding information in the coefficients of the discrete cosine, fractal or wavelet transform of an image; and applying mimic functions that adapt bit pattern to a given statistical distribution.”

To those of you who now wish you had paid more attention in your calculus classes, don’t worry. All that you need to understand is that these methods make it possible to hide a text, image or sound file within the another text, image or sound file, thus rendering that message undetectable to the human eye. The carrier which contains a hidden file is often referred to as a “stego-medium.” It is also possible to encrypt the hidden message within a stego-medium to make it even more difficult for anyone to detect and intercept the secret message.

To use steganography to hide information, a person does not need to first obtain a Ph.D. in computer science. All one has to do is obtain one of the plethora of available steganography software tools and apply it to their files. These tools may be downloaded for free via the Internet or they may be purchased at any store which sells computer software.

Perhaps the most popular steganography tool is S-Tools. This program is Windows 95/98 compatible and has the ability to conceal files within BMP, GIF and WAV files. This program allows you to simply point and click your way to hiding files. It also has the ability to hide multiple files in one container. It was originally released and made available as shareware in 1994. It has been updated each year and can be easily downloaded by anyone.

The following is a list of some of the other available steganography software, who designed them and what they do: EZStego (Stego Online, Stego Shareware, Romana Machado), is a Java based software program which supports only GIF and PICT formats; Gif-It-Up v1.0 (Lee Nelson), is a stego program for Windows 95 that hides data in GIF files; Hide and Seek (Colin Maroney), can hide any data into GIF images; JPEG-JSTEG (Derek Upham), can hide data inside a JPEG file; MP3Stego (Fabien A.P. Petitcolas, Computer Laboratory, University of Cambridge), can hide data inside MP3 sound files; and Steganos (Demcom, Frankfurt, Germany) which encrypts files and then hides them within BMP, DIB, VOC, WAV, ASCII and HTML files. These programs are readily available and are very user friendly.

These programs make it very easy for anyone to conceal information within an innocuous carrier file. Law enforcement professionals won’t find it difficult to imagine the plethora of ways that a criminal may utilize this technology to hide information. In fact, there are thousands of web sites that provide information regarding the use of steganography. For example, an Alta Vista search using the term “steganography” identified 4,637 Web pages on the subject as of January, 2000. Many of these sites are anti-law enforcement and encourage the use of steganography to hide information from the Government. Therefore, it is quite possible that many law enforcement officers have come across steganography without knowing it.

The following are examples of anti-government language from various stegonagraphy related web sites: “If the government prohibits the use of cryptography for personal privacy purposes, you can still send encrypted messages by hiding the encrypted message in another innocuous file using steganographic techniques.”; “You might want to protect yourself against an oppressive government.”; “What is causing great concern for the military, counter-espionage, and law enforcement…? Modern Steganography….”; “How can anyone use illegal cryptography and get away with it? The concept is as old as the world. It is called steganography.”; and “More than cryptography, steganography is your secret weapon to communicate freely.”

The over 4,000 sites dedicated to steganography make it easy for individuals to hide an image of child pornography within an innocuous looking image, text file or sound file. This will allow those who traffic in or are aroused by this illicit material to transmit and receive images and possess this material without alerting the attention of investigators.

How can law enforcement combat this new weapon of the child pornographer? Can steganography be detected? The answers to these questions are: “with difficulty” and “sometimes.” Currently, there is no known software program that has the capability of scanning files to detect if an image is hidden within in. The development of such software is imperative to the battle against on-line child pornography. Without such a tool, the detection of steganography is extremely difficult.

Here are some tips for law enforcement to use in determining if steganography has been used by a suspect to hide his/her child porn:

  • Simpler steganographic techniques produce some discernible change in the file size, statistics or both. These changes can manifest themselves in color variations, loss of resolution and other distortions that are visible to the human eye. However, this form of detection requires that you know what the original carrier image or file should look like.
  • Look for and listen for key terms. If a suspect either in an interview or during an on-line undercover conversation uses the term “stego,” “s-tools,” “carrier,” or any other steganography related language, he/she may be utilizing steganography. The use of such terms combined with other actions may give rise to the probable cause needed to obtain a search warrant.
  • Look for steganography software during the forensic evaluation of a suspect’s computer. Examples of such software are listed in this article. However, the list contained within this article is not exhaustive. Be sure not to simply ignore any software program on the defendant’s computer that you are not familiar with. Do a web search to find out what it does.
  • During the forensic evaluation, be sure to pay attention to what web sites and newsgroups the defendant had visited. You may find that the defendant had frequented steganography related sites.

Until a steganography detection technique is developed, law enforcement will not be able to identify every file containing a hidden image of child pornography. However, armed with the knowledge of what steganography is, the key terms used in steganography and the names of the software used to hide images, a law enforcement officer may be able to successfully apprehend an individual whose possession and transmission of innocuous looking files would have gone unnoticed.