Steganographic Slips

If you have a decent quality colour laser printer, you may have noticed that it tends to use yellow toner cartridges slightly more quickly than other colours, apart from black.

One reason for this might be that every page printed contains concealed information about the printer’s make and serial number, coded into tiny yellow dots. Suspicious patterns of dots have been observed on pages output by many popular quality printers, and in the case of Xerox, the Electronic Frontier Foundation has here unravelled the hidden signatures left by its DocuColor models, and obtained hundreds of US Government documents about these codes.

This is an interesting example of steganography, widely considered the intellectually inferior sibling of cryptography. Whilst cryptographers such as Bruce Schneier, who obscure the content of their messages, are often celebrated as geniuses, steganographers, who endeavour to conceal the whole message, themselves remain obscure.

If you want to experiment with steganography, the free Outguess will hide one document inside an image file.

Wartime triumphs in breaking encryption, as in Bletchley Park’s Enigma crack, and using it for clandestine operations in occupied France, have formed the basis of many exciting books and movies, in which the brilliance of the code makers and breakers has been matched by the bravery of the operators. Hiding messages and maps in microdots, and other forms of steganography, has in contrast been depicted as the work of anonymous artisans.

Yet some of our everyday applications employ steganography, usually behind our backs, and without our knowledge or consent.

Microsoft Word has long been known for its propensity to retain long-forgotten chunks of content in its files, particularly when documents have been written out using the ‘fast save’ option and have never been ‘saved as’ a fresh document. If you use Word’s feature to track changes in a document, and run through many revisions before ‘fixing’ your changes, do not forget that others who obtain even legitimate copies of that file may be able to read much of what was in those earlier drafts.

Although the organisation is now defunct, many of the Word documents published by the Iraq Coalition Provisional Authority (formerly at contained copious quantities of intelligence reports and other sensitive material. These came to light when those routine reports were being used for study purposes, but you do not even need a copy of Word to see that hidden content: simply open the document using a plain text editor, and it is there for all to see.

Whilst Word may be the most common culprit, it is by no means the only application capable of leaving potentially embarrassing hidden content in documents. Some applications may save clipboard contents and other scratch materials in files, unprotected iTunes tracks contain information about the purchaser, and there can be similar surprises in PDF. Mark-up languages such as HTML, and programming source code, offer ample scope and varied means of leaving comments and other inactive text too.

Before publishing any document, particularly in a format known for retaining previous content, authors must fix changes if using an option to track them, then save the document as a fresh file to cleanse it as thoroughly as possible. It is also worth taking a quick look at text content of binary files using a plain text editor before uploading them for all to pore through.

Despite early speculation that the terrorists involved in the 9/11 attacks had used steganography to conceal maps and other documents in widely-accessible images on websites, no evidence has been found so far. However there remain many spam email messages that cannot be explained in terms of payloads worth delivering or malware origin, and some have speculated that these could easily be steganographic broadcasts. These might perhaps be in the vein of ‘number stations’ – espionage-associated radio transmissions consisting of recitations of numbers, presumably encrypted messages intended for agents in the field.

We don’t hear much about steganography, and it lacks the glamorous Bondian image of cryptography. But out in the real world, I reckon it is just as important.

Updated from the original, which was first published in MacUser volume 23 issue 16, 2007.