In particular, Virginians might want to take special note about using this method to pass secure communications. This is a repost of an article originally published in March 2019.
Given the current climate and direction of the United States, I believe all American Partisan readers would agree that knowing clandestine communication methods is a useful arrow to have in our quiver.
One method for clandestine communication that I don’t see talked about often is using steganography. Steganography, according to Wikipedia, is “the practice of concealing a file, message, image, or video within another file, message, image, or video.” Put simply, we can encode a message inside of something that looks innocuous on the outside, such as an image. There are a bunch of free programs that do such a thing, but my preference is SilentEye. There are other open source programs such as Steg (which as the added benefit of not needing to be installed on a computer, thus allowing you to run it off an encrypted flash drive) but for the purposes of teaching the concept, I will use SilentEye. SilentEye no longer receives updates, however, so you may want to choose another program depending on your particular needs.
SilentEye can be downloaded here (it redirects you to SourceForge, and as of 3/30/19, this download worked perfectly and was clean). Once you install the program, launch it. You will see Figure 1, below.
Navigate to File, Open, and then choose an image file. I downloaded a random photograph off of Google for the purposes of this test. SilentEye will open the photograph, as seen in Figure 2.
To encode a message, simply click the encode button in the lower right-hand corner of the program. The screen seen in Figure 3 then appears. We can see that, by default, the “Show Password” box is unchecked and the default password is SilentEye. From here, we can choose our own password. I suggest a mixture of numbers, letters (upper and lower case) and symbols. The important thing is that the person(s) who will be decoding the photograph know what the password is. This is why it is important to set up these systems and processes in place before you need them. You also need to choose where you want the file to be saved, and this file location needs to be different from where the original image is. You can easily set up a folder on the desktop called “Family Photos” and know that the folder contains those images transporting our hidden messages.
Once we choose our password, we can either type a message in the box provided or attach a file such as a Notepad .txt file. If attaching a file, keep the file short, simple, and very small. What should be in the message? Anything! It could be a location of a cache, a SALUTE report, a commo window, or even an One Time Pad (and OTP for short, which we learned how to create in my previous post). Of course, if including an OTP, you need to be sure that the party or parties receiving the image have both the password to decode the image AND the OTP pad to decode the message. Does it always need to be an OTP? Absolutely not. The sensitivity of the information and the specifics of your operation will dictate whether to use an OTP or not. My completed message is in Figure 4. You can even take it a step further and add encryption to the message using the checkbox at the bottom and setting your key.
Now, click Encode. Voila! The message has been encoded. You can now attach this image to an email, add a cover message (“Hey, here’s an updated family photo!”) and send it out. The person receiving the message can download the image and begin the decoding process. A very important point here: DO NOT RESIZE THE IMAGE. The message is stored within the image itself, so by resizing the image you will destroy the message.
For the decode, the process works in reverse. Open up SilentEye as before, and once again go to File, Open, and navigate to the file you just download. Now, click on Decode in the bottom left (see Figure 2 if needed). The default screen seen in Figure 5 appears, again with the default password.
Click on the box next to “show” and type the password in that we used to encode the image (AmericaNPartisaN1928$$). If the person had encrypted the data, you can check that box on the bottom and enter that key in as well. Then, click Decode.
After a few seconds (and if you entered the password correctly), the message will appear as seen in Figure 7.
Congratulations! You now know how to encode an image and pass clandestine messages in plain sight!
As the title suggested, a picture can truly be worth a thousand words!