How to spot the Russian spies in your company

The newspapers have been full of headlines about an alleged Russian spy ring after authorities swooped and arrested individuals in the United States.

The news has been reverberating internationally, with many in the British media focusing on one of those arrested – Russian glamourpuss and potential Bond-style villainess Anna Chapman, who helpfully left a number of comely pictures on her Facebook profile ready for the tabloids to scoop up.

Anna Chapman

One of the claims is that members of the spy ring exchanged information by hiding communications inside digital images – a technique known as steganography. A graphic image containing a message hidden using steganography isn’t something you’ll be able to spot with the naked eye – indeed, that’s why some people use the technique to exchange data that they would prefer remained unnoticed, requiring the recipient to run a program that extracts the hidden text.

Mona Lisa binary
In other words, steganography is a modern day equivalent to “invisible ink”. The human eye can’t tell that there is a message hidden in the digital photograph – but a recipient in-the-know can “unlock” the code for all to be revealed.

Although the hard drive of a suspect’s computer seized by the authorities was encrypted with a 27 character password the gang member had written their password down on a piece of paper left lying around on a desk. Thus it was child’s play, as ars technica reports, for the law enforcement agencies to stumble across bookmarks linking to websites containing images.

These images, according to the authorities, were analysed using steganography tools and were found to contain “readable text files”. Voila!

So, how can Sophos help you root out the potential Russian spies inside your organisation?

Well, we can’t work miracles but the application control functionality built into Sophos’s products can detect encryption and steganography tools that your users may be resorting to sneak information out of your company or communicate secretly. For us, these types of program are just as easy for us to control as computer games, P2P file-sharing clients, unauthorised instant messaging software, etc etc.

Here’s a list of the steganography apps we can currently detect and (if you like) can block from running on your firm’s computers: Digital Invisible Ink Toolkit, Hide in Picture, HideAndReveal, MP3Stego, mp3stegz, OpenStego, Steganopic, Steghide, StegoMagic, StegoShare, Virtual Steganographic Lab, and wbStego.

And, by the way, Sophos Application Control works with secret agents of any nationality.