Since the attacks on the World Trade Center and the Pentagon on September 11th, 2001, there have been a number of articles written about the possibility of Osama bin Laden using steganography to pass messages and coordinate plans. Most of these articles have alluded to the possibility of using steganography, which in reality is ideally suited, but the articles have also provided little tangible proof.
Motivated by these articles, Niels Provos, a doctoral candidate at the University of Michigan working with his advisor, Peter Honeyman, at the Center for Information Technology Integration, developed a steganography detection framework, which he used to analyze two million images from the Internet auction site eBay. The framework consists of three tools:
Crawl: A Web crawler that downloads images from the Web, used primarily because it is a fast and open source
Stegdetect/Stegbreak: Tools that identify images that might contain hidden messages, and then guess the secret key required to retrieve a hidden message if it exists
Disconcert: A distributed computing framework that assists Stegbreak by running it on a cluster of workstations
Following the guidance of an article that mentioned that Amazon and eBay were sites that carried steganographic content, Provos implemented his steganography detection framework and ultimately found nothing.
In October 2001, the American Broadcasting Corporation did a news piece on steganography and produced a stegoed image that was found "in the wild." The picture was called sovereigntime.jpg, as shown in Figure 8.3. After this, Provos and Honeyman decided to look a little further and began looking at USENET. They analyzed roughly 1 million images, going through an impressive 370,000 a day, and ultimately still found nothing.