Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

What is Steganography and Why Should Investigators Care?

A recent BBC article titled, “Industrial Espionage: How China Sneaks Out America’s Technology Secrets,” has introduced me to the term “steganography.

The article alludes to the recent sentencing of an ethnic Chinese, former GE employee for trade secrets theft.

U.S. Department of Justice (DOJ) January 3, 2023 Sentencing Announcement.

Here’s an excerpt from the BBC article:

“According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

“It was a technique called steganography, a means of hiding a data file within the code of another data file. Mr Zheng utilised it on multiple occasions to take sensitive files from GE.”

Here an excerpt from the initial 31-page DOJ indictment announced on April 23, 2019:

Background to the Investigation:

“19. From in or about November through in or about December 2017, GE Power discovered that a large number of encrypted files had been saved on ZHENG’s work computer. The files were encrypted using a program called AxCrypt, which is a program that is not provided by GE Power to its employees.

“Following GE Power’s discovery of the encrypted files on ZHENG’s GE-issued computer, GE Power installed monitoring software in an attempt to determine what information he was encrypting, and what he was doing with the information ( e.g., transferring it elsewhere).

“20. During the process of monitoring ZHENG’s activities on his computer(s), GE Power discovered that on or about July 5, 2018, ZHENG moved approximately 40 encrypted files to a “temp folder” on his company-issued desktop computer located in his dedicated workspace at GE Power.

“GE Power determined that the files related to sealing and optimizing turbine technology – information that GE considers to be proprietary and secret. ZHENG used 7 Case 1:19-cr-00156-MAD Document 25 Filed 04/18/19 Page 8 of 31 “steganography” (i.e., a means of hiding a data file within the code of another data file) to remove the files from GE Power’s facilities.

Through the steganography technique, ZHENG placed the aforementioned electronic files into the binary code of a separate electronic file on the computer an otherwise innocuous-looking digital photograph of a sunset. ZHENG then e-mailed the digital photograph file of the sunset, which secretly contained the hidden GE electronic files containing GE’s proprietary data, from his GE-provided email address (“ZHENG GE Email Account”) to his personal e-mail address at Hotmail (“ZHENG Hotmail Account”).

So, what is steganography?

Essentially, it’s the technique of secretly hiding data inside a non-secret file.

Hidden in plain sight, so to speak.

So, with this recently sentenced IP thief, he embedded GE’s IP into the photograph of a sunset.

What is also interesting is that although the term “steganography” is new to me and may be new to some of you, the concept of hiding messages or data within the body of another message or data is not.

Here’s a link to a video produced by the United States National Security Agency (NSA) which explains that the concept/strategy of steganography started as far back as the Greek and Roman era—long before arriving at the door of our current digital age.

And if you want to take a deep dive into the technique used to imbed stolen data into a harmless seeming photograph, see the following tutorial YouTube video produced by Edureka.

DisclaimerIPProbe.Global is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

0 comments on “What is Steganography and Why Should Investigators Care?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: