Steganography: How Antonopoulos hid a US$100m transaction in a picture of kittens

At the beginning of 2015 the British Prime Minister, David Cameron, asked Barack Obama, the US President, to encourage American Internet companies to work closely with British intelligence agencies. Under a proposed agreement, companies such as Whatsapp and Snapchat would be expected to provide a “backdoor” for access to data, or face a possible ban within the United Kingdom.

Cameron attempted to justify his request in a speech: "Do we want to allow a means of communication between people, which even in extremis, with a signed warrant from the home secretary personally, that we cannot read?" he questioned. "Up until now, governments of this country have said no, we must not have such a means of communication."

Later in the year, in June, the US based organizations ITI (Information Technology Industry Council) and SIIA (Software & Information Industry Association) wrote a letter asking Obama to work with the technology industry, and find a way forward that “preserves security, privacy, and innovation.”

“We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool. As you know, encryption helps to secure many aspects of our daily lives. Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected.”
— – Information Technology Industry Council and Software & Information Industry Association letter to Barack Obama

According to a Forbes article, the CEO of Apple weighed in on the conversation last month, Tim Cook stated “I don’t know a way to protect people without encrypting.”

“You can’t have a backdoor that’s only for the good guys.”
— – Tim Cook, Apple CEO

The recent attacks in Paris have re-opened the encryption debate. "When individuals choose to move from open means of communication to those that are encrypted, it can cause a disruption in our ability to use lawful legal process to intercept those communications and does give us concern about being able to gather the evidence that we need to continue in our mission for the protection of the American people," stated Attorney General Loretta Lynch before the “lawyer for the House of Representatives,” the US House Judiciary Committee,.

In a statement released only a few days ago, ITI President and CEO Dean Garfield responded to the calls to weaken encryption security tools. “Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety.”

“We deeply appreciate law enforcement’s and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”
— – Dean Garfield, Information Technology Industry Council President and CEO

The ongoing debate sparked a myriad of conversations in online forums, some of which discussed alternative means to keep information private. Aside from cryptography, there is a lesser known option, steganography. It’s been around for a while, and certainly has its place in the digital realm.

“Steganography is the science of hiding information. Whereas the goal of cryptography is to make data unreadable by a third party, the goal of steganography is to hide the data from a third party.”
— – Gary Kessler, Professor of Cybersecurity at Embry-Riddle Aeronautical University

Steganography can been traced back to 440 BC, with examples described by Greek historian Herodotus. Demaratus, a King of Sparta, wrote a message on the wooden backing of a tablet, prior to applying a beeswax surface for a second message.

The idea was developed further over time. During and after World War II espionage agents used photographically produced microdots to communicate, which were typically smaller than the full stop produced by a typewriter, and hidden in plain sight.

In a 1966 Rear Admiral and Naval Aviator, Jeremiah Denton, communicated a message by repeatedly blinking his eyes in Morse Code, spelling out "T-O-R-T-U-R-E." He was captured during the Vietnamese war and forced to participate in a carefully choreographed press conference.

A more recent example of hiding information are the tweets sent out by Bitcoin and security expert Andreas Antonopoulos. The image consisted of five kittens posing in a garden. In May this year he claimed it contained a transaction worth $12m USD and at the time of the second tweet in mid-November the transaction was worth more than $100m USD.

Steganography was introduced to the Bitcointalk forum in 2011, in the form of a proof of concept paper. The author, claiming to be a computer scientist with some knowledge in cryptography, describes a method in which the science could be implemented by storing hidden messages inside the Bitcoin network, “available only to those who knew where (and how) to look.”

The abstract of the paper outlines how the Bitcoin peer-to-peer network created a distributed, anonymous virtual currency, and a means to store information in a secure manner. “We propose a very simple steganographic scheme as a proof of concept. That scheme is related a difficult graph theory problem (finding a maximal clique of a graph) and as such, provides good guaranties if properly implemented.”

The remainder of the paper can be downloaded for 1 BTC, which was approximately US$0.31 at the time. Gavin Andresen, Chief Scientist at the Bitcoin Foundation, purchased the document and credited it with being a “nice little paper.”

Projects have since evolved in the bitcoin industry, including SonicVortex, which launched in August 2014. “You take a picture, author a transaction, then SonicVortex embeds the encrypted transaction in a picture.”

The platform uses the f5 steganography algorithm, which implements matrix encoding to hide information in a picture, “making it almost impossible to detect that any hidden communication is present.” The creators claim it’s even suitable for banks and governments.

“Even in the highly unlikely event that any communication becomes suspected, it is impossible for an adversary to ascertain the nature of the communication. Thus, your transaction is hidden and protected from even the most powerful adversaries.”
— – SonicVortex

There are dozens of apps and programmes that can perform steganography, but Antonopoulos was clear about the technique replacing cryptography. “Stego is almost always encrypted first (as is the case in my kitten photo).”