How to spot the Russian spies in your company

Filed Under: Data loss, Law & order

The newspapers have been full of headlines about an alleged Russian spy ring after authorities swooped and arrested individuals in the United States.

The news has been reverberating internationally, with many in the British media focusing on one of those arrested - Russian glamourpuss and potential Bond-style villainess Anna Chapman, who helpfully left a number of comely pictures on her Facebook profile ready for the tabloids to scoop up.

Anna Chapman

One of the claims is that members of the spy ring exchanged information by hiding communications inside digital images - a technique known as steganography. A graphic image containing a message hidden using steganography isn't something you'll be able to spot with the naked eye - indeed, that's why some people use the technique to exchange data that they would prefer remained unnoticed, requiring the recipient to run a program that extracts the hidden text.

Mona Lisa binary
In other words, steganography is a modern day equivalent to "invisible ink". The human eye can't tell that there is a message hidden in the digital photograph - but a recipient in-the-know can "unlock" the code for all to be revealed.

Although the hard drive of a suspect's computer seized by the authorities was encrypted with a 27 character password the gang member had written their password down on a piece of paper left lying around on a desk. Thus it was child's play, as ars technica reports, for the law enforcement agencies to stumble across bookmarks linking to websites containing images.

These images, according to the authorities, were analysed using steganography tools and were found to contain "readable text files". Voila!

So, how can Sophos help you root out the potential Russian spies inside your organisation?

Well, we can't work miracles but the application control functionality built into Sophos's products can detect encryption and steganography tools that your users may be resorting to sneak information out of your company or communicate secretly. For us, these types of program are just as easy for us to control as computer games, P2P file-sharing clients, unauthorised instant messaging software, etc etc.

Here's a list of the steganography apps we can currently detect and (if you like) can block from running on your firm's computers: Digital Invisible Ink Toolkit, Hide in Picture, HideAndReveal, MP3Stego, mp3stegz, OpenStego, Steganopic, Steghide, StegoMagic, StegoShare, Virtual Steganographic Lab, and wbStego.

And, by the way, Sophos Application Control works with secret agents of any nationality.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley