Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. It includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet. The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change.
Steganography software is readily available and usually free. So is software for extracting the hidden files. But, as Mr. Zheng found out, software for detecting the presence of hidden files is readily available.
The Justice Department announced yesterday that a criminal complaint was filed and an arrest made in connection with a steganography case. According to the complaint, Mr Xiaoqing Zheng, an engineer employed by General Electric, used steganographic tools to remove files containing GE trade secrets involving its turbine technologies. Specifically, Zheng hid these data files into innocuous looking digital picture of a sunset and then emailed the digital picture, which contained the GE files, to himself at his private email account.
Mr. Zheng, if convicted of these crimes, faces up to 10 years prison, fines, and supervised releases. Of course sentencing is rarely meted out at maximums. He certainly lost his job and is probably not employable in any position of trust it the future.
The Justice Department did not disclose how the hidden file was detected but it doesn't take too much imagination to think that GE utilizes steganography detection tools on incoming and outgoing email traffic.