Hiding in Plain Sight — Steganography 101

Steganography. The art of hiding something right under your nose. For as long as humans have been alive, we’ve been trying to hide things — whether it’s our last slice of pizza, or the location to buried treasure. Steganography was a means to an end, allowing humans to easily conceal messages, without making it obvious there was one in the first place.

The earliest examples were not so well thought out. Slaves, for example, were often used to transport sensitive information through their scalps — tattoo the message on the slave’s scalp, and your decoder would receive it once he shaved the slave’s scalp. Of course, there was a little issue with this whole setup — the message had to be delayed to allow time for hair regrowth, and, well, also…

…there’s that whole thing about tattoos being permanent.

The second attempt was better received — morse code was stitched into a sweater or jacket, which was worn by a postal messenger. Two messages, for the price of one — and hand-delivered, too!

The most famous one that we all known and love is lemon juice; write a message with your favourite citrus flavour, let it dry, and then heat it up — your message shows. It’s the DIY-er’s version of invisible ink, only with more Vitamin D and less, well, Vitamin I(nk).

All of these are classic, early examples of steganography. But as we moved into the digital age, so did our methods.

Photo steganography allows files or messages to be embedded in photograph. It’s the most common form, and the easiest to use. On a technical level, it’s rather simple, too: each pixel in an image is assigned a colour, with an RGB colour code. The last part of these codes is overwritten with encoded data. Take this, for example.

#FFCDo1 is ‘Pantone 109C’.

#FFCD00 is… ‘Pantone 116C’.

That’s pretty hard to tell the difference, in a decently sized image. Now imagine seeing it in as one tiny pixel, and trying to guess whether it really was that particular shade of chartreuse your spy agency told you to look out for. Using this method, we can put 1 byte of encoded information in 8 adjacent pixels, with 8 lightly adjusted colours.

Audio steganography follows the same principle — human beings can’t easily tell the difference between 400hz, and 401hz, so you can alter each frame of audio with 1 bit of encoded information.

The last example — that’s been used from World War II all the way up until recent times — is text steganography. This is where a seemingly innocuous capitalization, spelling mistake, or predefined code spells out a secret message. The most famous example is a cipher text by a Germany Spy in World War II, which read:

“Apparently neutral’s protest is thoroughly discounted And ignored. Isman hard hit. Blockade issue affects Pretext for embargo on by products, ejecting suets and Vegetable oils.”

Take the second letter in each word, and a message appears:

Pershing sails from NY June 1.”

Now, if you’ve gotten this far, well done! You’re excited, right? Yeah, steganography is pretty dang cool.

To celebrate our 3rd Anniversary (and Easter), we decided to hide a secret surprise in this image. This surprise will be valid until Monday 17th (12:00 UTC). And if you need a hint as to how to crack that egg, well, let’s just say it’s time to use what you’ve learned.

Happy hunting, miners!