FRIDAY SEPTEMBER 14, 2007 Lloyd’s List Review 9
Secrets hidden in plain sight
An innocent looking
picture can conceal
enough data to present
a security threat
A PICTURE, they say, is worth a thousand
words. But businesses wanting to guard
against the threat of vital data being delib-
erately leaked to unauthorised people out-
side, or even inside, the organisation,
need to get to grips with the alarming real-
ity that a picture can also conceal a thou-
Or in some cases, even up to around
More than enough to betray all your
most precious and commercially sensitive
data — locations of newly-discovered oil
fields; formulae for synthesising newly-
discovered molecules of breakthrough
drugs costing millions or even billions to
develop; designs of revolutionary prod-
ucts you are planning on being the first to
bring to market; ultra-sensitive lists of
hard-won customers; you name it.
The idea of data concealed in pictures
might sound like the plot of the next Mis-
sion Impossible movie, but it is not.
And unless you are prepared to let any
Tom, Dick or Harry cruise around your
precious data, you need to be aware of the
threat it poses.
The technique used is called steganog-
raphy, from the ancient Greek meaning
hidden or covered writing — just as the
stegosaurus was named because its back
was covered in bony plates, whose real Now you don’t see it: although seemingly identical, the image on the left has a 5,000 word concealed message hidden within its coding.
purpose is a mystery even today.
But steganography was not a mystery to nographic writing does not tend to set By far the biggest type of threat is the In a computerised image whose size is The technique they use is known as ‘stega-
the Ancient Greeks, indeed they most alarm bells ringing. potential for concealing steganographic 256 by 256 pixels, making a total of 65,536 nalysis’.
likely invented it. It looks innocent, whereas a message writing within computerised images. In pixels, there would easily be room to con- Steganalysis is as much an art as a sci-
The Greek historian Herodotus records “BUY IBM” encrypted in a simple code Microsoft Windows you can literally drag ceal, say, about 5,000 words of data. ence. The detection tools need to be
that in 312 BC, Histaeus of Miletus com- that consisted, say, of substituting each and drop your hidden text onto a picture This method of concealment is known deployed so that the appropriate steganal-
manded the head of his most trusted slave letter for the next letter in the alphabet — and the deed is done. rather quaintly as ‘bit twiddling’. ysis resource is used in the appropriate sit-
to be shaved and tattooed with a vitally “CVZ JCN” — obviously looks suspect and Information remains the most valuable An obvious place to conceal a secret uation. Admittedly, this is not easy, when
important secret message on it. would be certain to awaken the suspicions commodity and it is precisely that which message would be within a computerised the range of steganography tools and the
Once the slave’s hair had grown, hiding of even the most credulous member of an can so easily be given away or sold using picture that does not show any apparent steganalysis counterparts have prolifer-
the message, Histaeus sent him as an industrial espionage prevention team. image-based steganographic techniques. changes. ated and are proliferating just as the threat
emissary to a friendly power via enemy The point is that any encrypted mes- What is actually happening when you Bit twiddling is the most common way from viruses did when they first emerged
territory to instigate a revolt against the sage will tend to raise suspicions because carry out what looks like a simple drag to conceal text within a computerised into the IT environment.
Persians. even though it cannot easily be read you and drop? image. Charteris began its own anti-steganog-
This example from history shows that will know it has been encrypted and will An electronic image is comprised of There are many more techniques, raphy work as a technical exercise but
steganographic writing can be a danger- instantly conclude that something fishy is thousands of ‘picture elements’ or ‘pixels’ . though, particularly when using image soon became alarmed at what its experi-
ous threat to security. Friends who betray going on. A pixel is a binary number that provides formats such as the now ubiquitous jpeg ments were showing: not just about the
us are always a more potent threat than In modern business, the threat of stega- information on the colour or the shade of which many will have encountered power of the steganography tools availa-
people we recognise as enemies from the nography has recently become a major grey that should be displayed in that par- through their digital cameras. ble, but also about the degree of care that
outset, and steganographic messages look issue in corporate life. It’s actually been a ticular pixel. So what is the best way to guard against needs to be applied to combat this potent
friendly and innocent. significant threat for several years as com- The binary number will look something image-based steganographic betrayal? security hazard.
You could devise a simple stegano- puting power available on the desktop has like 10011011, depending on the pixel in The first step is to recognise that it is a Taking the threat of betrayal by appar-
graphic message by agreeing with your increased. question. potential problem and get help to under- ently innocuous pixels seriously will lead
recipient that your real message will con- But users have been distracted by pub- The individual numbers (the 1 or the 0) stand what tools are likely to be available you to put into practice the measures nec-
sist of the first letter of every word of your licity about cryptography, and steganogra- are known as ‘bits’ and the further along to a malicious team member. You also essary to defend against it. And you do
apparent message. phy has rather remained in the back- you go to the right, the less significant the need to know the manner in which these need to take this threat very seriously
“Bring us your invoice by Monday” for , ground. bits become in defining the precise colour tools can be used because they often leave indeed.
example, would really mean “BUY IBM” In . It is a particularly worrying threat now of the pixel. little trace of their presence. Some are The stegosaurus may be long extinct,
steganographic writing the apparent mes- because of the the massive volume of elec- Why does the opportunity for steganog- even termed ‘zero footprint’ by those who but steganographic treachery is, unfortu-
sage is known as the cover text and the tronic communications, and the number raphy exist? Because while each pixel is develop them. nately, here to stay.
real message is called the plain text. of freely available tools that allow even a defined by a series of bits, some of these But help is at hand because dedicated Alan Woodward is chief technology
The innocuous appearance of the cover routine user to employ steganographic bits can be changed without affecting the teams of experts have been making availa- officer at the business and information
text in the example illustrates why stega- techniques. resulting pixel to any discernible extent. ble tools to help detect steganography. technology consultancy Charteris.
A Tudor tale of cunning, Unsung heroes of Admiralty salvage
greed and dastardly plots finally awarded due recognition
Terry Sutton to that of Drake’s previous expedition,” Sandra Speares they did so because of the dangers of the opposed by the Chamber of Shipping at
Wilson says. Walsingham knew his mis- job. An early, and ultimately unsuccessful, the time, who argued that a fair deal on
tress well enough to be sure that she salvage operation in 1906 was that of the salvage awards would not be possible if
IN MORE dangerous times, England’s would be dazzled by the gold once it was ADMIRALTY salvage, both in war and in Montague, which the author describes as the Admiralty had an effective state
principal secretary to the Queen financed seized. But at the last minute, Elizabeth peacetime, has never received the recog- a good example of what happens when a monopoly on salvage. The Admiralty’s
pirate raids from his own pocket just to ordered the project to be put on hold, by nition it deserves, with tales of heroism by senior naval officer with no understanding relationship with commercial salvage
provoke foreign owners. which time, as Drake pointed out, it was salvage crews often going unacknowl- of salvage is in control. companies was equally strained, particu-
That was more than 400 years ago, too late, anyway. edged by the authorities and the public. “Throughout the next hundred years, larly as far as compensation payments in
when Protestant England was threatened The treasure fleet had safely reached Author Tony Booth, whose previous this familiar pattern would unfold all too the event of salvors’ deaths during opera-
by a dangerously Catholic Spain. Spain and Drake had to pay off his men book documented the mammoth task of regularly as the salvage section and the tions were concerned.
The courtier trying to provoke trouble and sell all his provisions. salving the German fleet scuttled in Scapa rigid naval command structure at the time Skilled salvage operators were at a pre-
was Sir Francis Walsingham, born in Kent He may have been thwarted in this par- Flow at the end of the First World War, has clashed over how best to save ships,” mium and over-stretched during the war
around 1532, and who died in 1590. ticular escapade, but Walsingham still set out to remedy the omission with a look Booth says. years. It was not uncommon for a senior
Author Derek Wilson, an authority on proved to be an expert intelligence chief behind the scene of some the most daring A more successful war time salvage was salvage master to have more than 12 oper-
the Tudor period, paints a picture of the and top spycatcher for his Queen. salvage operations of the last century. that of the hospital ship Asturias, with a ations in progress at the same time.
Kent-born Walsingham as a venture capi- Jesuits were secretly putting ashore If Admiralty salvage really came to the good account here of the difficulties Remuneration appears to have been
talist who relished a spot of risk-taking. Catholic priests and spies in inlets and fore during the First World War, the con- encountered by the successful salvors, not impressive — one salvor was apparently
He a d m i re d t h e e x p l o i t s o f b o l d coves in Kent and Essex, whose nefarious cept was pioneered more than 200 years to mention the courage of the divers. earning more than Winston Churchill dur-
mariners like Sir Francis Drake and the task was to covertly ferment unrest among ago when HMS Victory’s sister ship, the The war years also saw amendments ing the war years — although perhaps not
mercantile explorers so much that he used the English population in advance of an Royal George, sank with the loss of nearly made to the 1894 Merchant Shipping Act when you consider the risks involved.
his ow n w ealth to sp ons or Drake’s invasion by the foreign enemy. 1,000 lives. The casualty was officially to enable the Admiralty to claim salvage. Although much of the book is devoted
1577-1580 voyage around the world. But Walsingham, with his army of spies blamed on rotten timbers, although it is An early controversial Admiralty salvage to the two world wars, the author explores
But Walsingham took a further step, and agents in foreign capitals, was able to suggested here that one of the ship’s offic- of a general cargo vessel was that of the some of the major postwar salvage opera-
and one that put his career in jeopardy, hunt down the interlopers. ers was to blame. Some historians claim Clan Southerland, which was looted by tions, including those of tonnage sunk in
when he re-invested a substantial chunk Several were tortured into giving infor- the Navy Board was not keen to see the some of the crew of HMS Bittern during the Suez Canal during the Suez Crisis.
of profits from Drake’s earlier circumnavi- mation that could be used against English ship salved, because it might prove that the course of the operation. As the crew of Peacetime salvage operations men-
gational voyage in the Golden Hind in a Catholic nobles who were plotting against there was nothing structurally wrong. the HMS Bittern was subsequently lost in a tioned here include the salvage of the
venture to attack Spain’s home-returning the Queen in the hope of returning Eng- Early innovators in the world of salvage collision, they were punished posthu- BOAC de Havilland Comet Yoke Peter, an
fleet carrying silver. land to the religion of Rome. were the Deane brothers, who recovered mously by Mr Justice Hill, by having their operation to have far reaching implica-
The scheme was for Drake to take a As Wilson points out, this was an material from the Royal George and also salvage award withdrawn. tions on aircraft design, the Derbyshire
small fleet to Terceira in the Azores and era of spin-doctors, state-sponsored ter- discovered the wreck of the Mary Rose. If the incident was of considerable and the Al Salaam Boccaccio 98 during
use it as a base to attack the Spanish silver rorism, with hit men hired to eliminate The Royal Navy salvage divers’ some- embarrassment to the Navy at the time, it which the MOD’s Salvage and Mooring
fleet returning from the New World. heads of state and religious fanatics invok- what bizarre motto: “Grope, Grub & Trem- is counterbalanced by many moving Operations division assisted in locating
Drake’s ships would be flying under ing holy war and willing to die a martyr’s ,
ble” was in fact a reflection of the difficul- accounts in the book of the courage and the black box. The book is a fitting tribute
another flag to preserve the fiction of Eliz- death. How little some things have ties the early divers encountered. self-sacrifice of crews and salvors alike. both to the salvage industry and Merchant
abeth’s lack of involvement in the affair. changed. Those working on underwater wrecks At the outbreak of the Second World and Royal Navy crews.
“In reality the Queen and Walsingham Sir Francis Walsingham, a Courtier in had to grope their way through them in War, further changes were proposed to Admiralty Salvage in Peace & War
were to be major backers in the venture, an age of Terror, by Derek Wilson. Pub- the dark, search for and pull up (or ‘grub’) legislation which would effectively give 1906-2006 by Tony Booth is published in
and hoped for a pecuniary return similar lished by Constable in hardback £18.99 material by hand, trembling with fear as the Admiralty full salvage rights, a move hardback by Pen & Sword, £19.99.