Law enforcement in West Virginia needs to start "reading between the lines" to catch a new tech-savvy breed of criminals.
CHARLESTON, W.Va. - Law enforcement in West Virginia needs to start "reading between the lines" to catch a new tech-savvy breed of criminals.
Criminals can now conceal messages within digital images, audio or video files. The method is called steganography, literally meaning "covered writing."
Although most people won't be able to detect the hidden messages, the intended recipients can reverse the steganography process and gain access to the hidden information.
"By using digital steganography, any digital file can be hidden in any other digital file that makes the information literally invisible," said James Wingate, director of the Steganography Analysis and Research Center in Fairmont. He is also vice president of Backbone Security, an affiliate of DSD Laboratories Inc.
The Fairmont center's technical staff developed an approach to steganalysis (the detection of hidden files) based on detecting files associated with steganography applications. They also detect signatures, or fingerprints, of certain steganography applications that are left as a result of hiding information in the file, Wingate said.
Criminals can hide files in anything from an MP3 sound file to a DVD to a text file, he said.
"Anything can be hidden in something else [and] can't be found unless you're looking for it," Wingate said.
Many people will hide contraband images, such as child pornography, in seemingly innocent pictures in plain view on a public site, he said.
"If you didn't know what to look for, you would think it was just a picture of someone's vacation," Wingate said.
The person who posts the contraband images will use Internet messages or cell phones to communicate with people who want to see the images and will tell them when the images will be published, on what site and what steganalysis tool to use to extract the image, he said.
Wingate believes that law enforcement officers, along with probation and parole officers, would benefit by using steganography tools to keep an eye out for encrypted images.
Backbone Security donated some of SARC's software to the West Virginia State Police in 2006 and again in 2008, with the hopes that the digital-crime unit would be able to use steganalysis to catch criminals.
CHARLESTON, W.Va. - Law enforcement in West Virginia needs to start "reading between the lines" to catch a new tech-savvy breed of criminals.
Criminals can now conceal messages within digital images, audio or video files. The method is called steganography, literally meaning "covered writing."
Although most people won't be able to detect the hidden messages, the intended recipients can reverse the steganography process and gain access to the hidden information.
"By using digital steganography, any digital file can be hidden in any other digital file that makes the information literally invisible," said James Wingate, director of the Steganography Analysis and Research Center in Fairmont. He is also vice president of Backbone Security, an affiliate of DSD Laboratories Inc.
The Fairmont center's technical staff developed an approach to steganalysis (the detection of hidden files) based on detecting files associated with steganography applications. They also detect signatures, or fingerprints, of certain steganography applications that are left as a result of hiding information in the file, Wingate said.
Criminals can hide files in anything from an MP3 sound file to a DVD to a text file, he said.
"Anything can be hidden in something else [and] can't be found unless you're looking for it," Wingate said.
Many people will hide contraband images, such as child pornography, in seemingly innocent pictures in plain view on a public site, he said.
"If you didn't know what to look for, you would think it was just a picture of someone's vacation," Wingate said.
The person who posts the contraband images will use Internet messages or cell phones to communicate with people who want to see the images and will tell them when the images will be published, on what site and what steganalysis tool to use to extract the image, he said.
Wingate believes that law enforcement officers, along with probation and parole officers, would benefit by using steganography tools to keep an eye out for encrypted images.
Backbone Security donated some of SARC's software to the West Virginia State Police in 2006 and again in 2008, with the hopes that the digital-crime unit would be able to use steganalysis to catch criminals.
"We do have the software and we have used it in our labs. However, we have not come across any steganography to date," said Sgt. Chris Casto with the State Police. Casto's department routinely checks for the use of steganography in its forensic examinations and knows that it will find something one day.
"It is a good tool to use and steganography is something we are concerned about when conducting forensic examinations," Casto said.
Many sexual offenders are required to have their computer activity monitored by the state after they've been paroled.
"In many cases, they might be using steganography to conceal the images that got them into trouble in the first place," Wingate said.
"Over time, criminals evolve like every other life form," he said. "They get smarter in finding ways to conceal what they're doing and not get caught. Most will find more tech-savvy ways to hide the information that got them in trouble in the first place."
"It would not be prudent to assume that users are too stupid, too lazy, or both, to go to the trouble of using steganography to hide potentially incriminating evidence. Let's assume they've never heard the word 'steganography,' so they Google "information hiding" instead," Wingate wrote in an article for Digital Forensic Investigator News. "They would get over 600,000 links to sites where they could download steganography applications."
Law enforcement officers must assume that people who are determined to find a way to hide incriminating digital evidence will find a way to do it, he said.
Experts say the advancement in encryption technology is outpacing the authorities' abilities to monitor suspected terrorists and pedophiles, especially when they are not focusing their efforts on looking for encoded information.
"I'm concerned that lots of hidden digital images are being overlooked," he said. "There's a lot more evidence of criminal activity out there than anyone knows."
Reach Kathryn Gregory at kathr...@wvgazette.com
or 304-348-5119.
Post a comment