How to spot the Russian spies in your company

The newspapers have been full of headlines about an alleged Russian spy ring after authorities swooped and arrested individuals in the United States.

The news has been reverberating internationally, with many in the British media focusing on one of those arrested – Russian glamourpuss and potential Bond-style villainess Anna Chapman, who helpfully left a number of comely pictures on her Facebook profile ready for the tabloids to scoop up.

Anna Chapman

One of the claims is that members of the spy ring exchanged information by hiding communications inside digital images – a technique known as steganography. A graphic image containing a message hidden using steganography isn’t something you’ll be able to spot with the naked eye – indeed, that’s why some people use the technique to exchange data that they would prefer remained unnoticed, requiring the recipient to run a program that extracts the hidden text.

Sign up to our free newsletter.
Security news, advice, and tips.

Mona Lisa binary
In other words, steganography is a modern day equivalent to “invisible ink”. The human eye can’t tell that there is a message hidden in the digital photograph – but a recipient in-the-know can “unlock” the code for all to be revealed.

Although the hard drive of a suspect’s computer seized by the authorities was encrypted with a 27 character password the gang member had written their password down on a piece of paper left lying around on a desk. Thus it was child’s play, as ars technica reports, for the law enforcement agencies to stumble across bookmarks linking to websites containing images.

These images, according to the authorities, were analysed using steganography tools and were found to contain “readable text files”. Voila!

So, how can Sophos help you root out the potential Russian spies inside your organisation?

Well, we can’t work miracles but the application control functionality built into Sophos’s products can detect encryption and steganography tools that your users may be resorting to sneak information out of your company or communicate secretly. For us, these types of program are just as easy for us to control as computer games, P2P file-sharing clients, unauthorised instant messaging software, etc etc.

Here’s a list of the steganography apps we can currently detect and (if you like) can block from running on your firm’s computers: Digital Invisible Ink Toolkit, Hide in Picture, HideAndReveal, MP3Stego, mp3stegz, OpenStego, Steganopic, Steghide, StegoMagic, StegoShare, Virtual Steganographic Lab, and wbStego.

And, by the way, Sophos Application Control works with secret agents of any nationality.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.