January 2002

Interest in Steganography Puts IT&E Center in Media Spotlight

By Robin Herron

Heightened interest in a computer security technique called steganography has kept Sushil Jajodia, director of the Center for Secure Information Systems in the School of Information Technology and Engineering, and Neil Johnson, associate director, busy with media calls and appearances over the past few months.

A live appearance on MSNBC, for which Jajodia and student Michael Jacobs were flown to New Jersey; a CNN interview with Johnson; and a New York Times article that quoted Johnson extensively are some of the most recent examples. Since Sept. 11 Jajodia and especially Johnson have been interviewed by nearly every major U.S. news organization and some international ones as well. Johnson’s extensive web page on steganography has led many reporters and even government officials to call him for comments and advice.

The technology that has piqued media interest has been suggested as a method terrorists use to communicate with one another. Steganography is derived from a Greek word meaning “covered writing.” The technique has been around in some form for hundreds of years, but today’s high-tech incarnation involves hiding digital images or messages within other innocuous files. “Information can be hidden in just about anything,” says Johnson.
Only those who know what they are looking for and have the software to find it will see the secret message. Users can also communicate electronically without leaving a trace because images can be posted anonymously to many Internet sites.

“Any person who needs concealment will use whatever method they can,” says Johnson, when asked whether he thinks terrorists are using steganography to communicate with one another. Terrorists may even be using very low-tech hidden methods to communicate, he adds. For example, the first videotapes shown of Osama bin Laden might not have had embedded messages but may have conveyed meaning by the clothes he was wearing. “Technology is only a tool,” Johnson says.

While willing to talk about steganography in general terms, Jajodia and Johnson are reluctant to provide any level of detail that could help terrorists or other malicious users of the technology. Johnson, who has been interested in steganography since 1995, condemns researchers who publish too much information under the guise of sharing global knowledge. He notes that the number of steganography tools has mushroomed from around 30 when he started his research to about 140 today, and many are available on the Internet.

Since Sept. 11 Johnson has become even more guarded about what he says and what information he posts on his web page. He defends his stance by drawing an analogy to a murder investigation. “A detective is not going to tell people what the police are finding,” he says. “You don’t want to give your adversary the upper hand.”

To find out more about Johnson’s work, see his web page at www.ise.gmu.edu/~njohnson.