Thursday, July 01, 2010

Captured Spies Used Steganography to Send Messages to the Russian Intelligence Service.

"Ten Alleged Secret Agents Arrested in the United States"---Department of Justice (6-28-10)

Complaint #1 (PDF)
Complaint #2 (PDF)--See especially Section III.

Some writers are depicting the captured Russian spies as bumblers who didn't manage to ferret out any political, technical, scientific, or commercial "secrets" that they couldn't have read on the Internet; but according to the FBI (See especially Complaint #2, Section III), the Russian spies used the cyber-version of steganography---concealed messages disguised as something else---to communicate with the Russian Foreign Intelligence Service, the SVR. (See also "Arrests of alleged spies draws attention to long obscure field of steganography" in the Washington Post, 6-30-10). The concealed messages were posted on the Internet. Perhaps the agents also communicated via steganography with other agents, but this is not mentioned in the FBI testimony.

It is being reported that U.K. officals are also investigating this case because some of the spies lived in the U.K. The father of the pretty young operative Anna Chapman, who was married to a U.K. citizen, seems to have been a KGB officer named Vasily Kushchenko.

According to the UK domestic intelligence and security service, MI5, Russian spies are interested in the U.K's energy policies and new technologies.

The U.K. Guardian (6-29-10) reports:

Russia is interested in particular in the energy policies of the west, given the importance of its own oil and natural gas reserves, and the Kremlin's determination to use them as an instrument of foreign policy, [counter-intelligence] officials said. Dmitry Medvedev, the Russian president, is a former chairman of Gazprom, Russia's giant energy company.

The Russian agents might have been trying to steal political, technical, scientific, and commercial secrets; but it is also possible that they have been orchestrating what the Russians call "active measures, " a form of political warfare/covert operations that may include media manipulation, propaganda, disinformation, counterfeiting documents, assassinations, and political repression. The goal of active measures is often to influence another government's policies by targeting and compromising individuals or organizations that interfere with the Kremlin's goals. This is called kompromat.

For example, in 1992, KGB chief Yevgeni Primakov admitted that the KGB had spread the lie that "crafty" Pentagon scientists had bioengineered the AIDS virus as an instrument of biological warfare.

Izvestiya (3-19-92) reported:

[KGB chief Yevgeni Primakov] mentioned the well known articles printed a few years ago in our central newspapers about AIDS supposedly originating from secret Pentagon laboratories. According to Yevgeni Primakov, the articles exposing US scientists' 'crafty' plots were fabricated in KGB offices.

The KGB's code name for their active measures campaign was Operation Infektion. The CIA believes that the KGB campaign actually was started by KGB officers stationed in the U.S. Read the CIA's unclassified report, "Operation INFEKTION: Soviet Bloc Intelligence and Its AIDS Disinformation Campaign."

The KGB and its post-Soviet successor, the SVR, don't only target political, technical, scientific, and commercial secrets; they also employ many people who orchestrate influence operations---"active measures"---in order to discredit and/or damage individuals or organizations that impede the Kremlin's goals. According to MI5, the Kremlin tries to use their fossil fuel industry offensively---to advance their foreign policy; but the Kremlin may also employ active measures defensively---to protect their fossil fuel industry. These days, people or organizations that the Kremlin perceives as a threat to the interests of Russia's fossil fuel industry may find themselves victimized by kompromat---"swiftboated" by political operatives who carry out the SVR's active measures operations.

The FBI has not yet revealed what the Russian agents were communicating via steganography, but the agents have not been charged with espionage. They have been charged with failing to register as agents of a foreign government and money-laundering. This suggests to me the possibility that the agents may have been orchestrating active measures operations, which can be very distressing and destructive to the targets who are victimized by kompromat. We will have to see what the authorities choose to reveal. Sometimes, governments don't want to embarrass the competition too much because they have other priorities that could be damaged.

Live Science (6-30-10) reports on the agents' use of steganography in an article titled "Russian Spies Hid Secret Codes in Online Photos":

The alleged Russian spies recently arrested by the FBI are accused of encoding messages into otherwise innocuous pictures, marking the first confirmed use of this high-tech form of data concealment in real life, experts say.

The accused spies posted the seemingly mundane photos on publicly accessible websites, but then extracted coded messages from the computer data of the pictures, according to the criminal complaint filed by the FBI. Although computer scientists have theorized about the existence of this communication technique for over a decade, this is the first publicly acknowledged use of the technique.

“There have been occasional claims in the press about al Qaeda using it, but never with any evidence or even attributed to specific government officials,” said Steven Bellovin, a professor in the Columbia University department of computer science. “Here, we have court papers filed by the FBI under penalty of perjury that says these folks were doing it. The threat, in other words, is no longer hypothetical.”

How it works

Although the exact details of what the supposed Russian agents embedded in the pictures, and how they did it, remains classified, the basic technique involves changing the numeric code that computers assign to colors, explained Tal Malkin, an assistant professor in Columbia University’s cryptography laboratory.

To generate the picture on a computer screen, the computer assigns every pixel three numeric values that correspond to the amount of red, green or blue in the color the pixel displays. By changing those values ever so slightly, the spies could hide the 1’s and 0’s of computer language in the picture’s pixel numbers, but without altering the picture’s appearance to the human eye, Bellovin said.

In doing so, the alleged spies were practicing a modern form of "steganography," which refers to the science of concealing messages within images. Early examples include Ancient Greek messages tattooed into the shaved scalps of slaves, and then hidden underneath the re-grown head of hair, according to the classical author Herodotus.

"The point of standard encryption is to hide the content of the message," Malkin said. "But even if you are detected sending a message no one can read, you will still be suspected by the authorities for sending a coded message.”

“With steganography, you try to hide the fact that communication is going on at all.”

The computerized, picture based, steganography alleged in the FBI criminal complaint dates back to the 1990s, Malkin said. But back then, it was only a theory.

Roots in porn?

After 9/11, rumors began circulating that al Qaeda hid messages inside of pornographic images, Malkin said, although those rumors were never confirmed.

Digital image steganography does have some drawbacks, though. Namely, the spies would need large files to hide even a small amount of information, significantly limiting the size of each message and expanding the time it takes to assemble each one, Malkin said.

But overall, this method provides excellent concealment for hidden messages. First off, the authorities don’t know to analyze a normal looking picture for secret data, said Malkin. And second, with so many pictures on the Internet, the photos containing hidden messages can hide with the safety of numbers.

“The first requirement for a spy's communications is that they not be noticed. In that sense, these methods are excellent,” Bellovin said. “I'm sure there are many billions of pictures on the Internet, and running a steganographic analysis program on all of them is impossible.”

And now, with this first case proving that Internet images with steganographically embedded messages are more than just theory or a rumor, the FBI can only wonder what other messages remain concealed amongst those billions of images.


Anonymous Ani said...

I am glad from what we've been told, this seems to be more along the lines of corporate espionage. Not as it was during the cold war. I kinda hope that the UK will be able to tie the kremlin in with climategate, just for convienience sake.

10:35 AM  
Blogger Snapple said...

I think the Soviets did a lot of corporate espionage, but often it was the military intelligence, not the KGB.

The KGB really did a lot of influence activities.

Climategate seems to have some Russian angles. Certainly Pravda and Russia Today sounded like Fox NEws. Andrei Illarionov works for Cato. The e-mails were posted on the Tomsk server.

Now they are investigating what those spies were up to in the U.K.

We will just have to wait and see if more is publicized.

10:15 PM  

Post a Comment

Links to this post:

Create a Link

<< Home