“UNCOVER aims to detect and extract hidden information in digital media”

 As Head of Research at the Royal Military Academy, Helena Bruyninckx is coordinating an ongoing research project, called UNCOVER. Its goal is to develop an efficient steganalysis framework for uncovering hidden data in digital media, to enhance the fight against cybercrime and terrorism. “We are in the final year of our three years of research, and we are proud of what we have found so far and how we have been working on the topic,” Helena says.

Hidden data in digital media

In recent years, cybercrime has increased rapidly: not only cyber and ransomware attacks, but also the use of hidden messages in digital media, most commonly in images. Another term for this is ‘steganography’. “The hidden data in the image is not detectable by the naked eye; you need a means to reveal it,” Helena explains. “Unfortunately, many steganographic tools have been made available as programme source code packages. Consequently, anyone can easily access information-hiding tools to use for criminal activities.”

Before applying for funding for the project, Helena’s team wanted to make sure it was relevant research: “An initial survey of the Criminal Use of Information Hiding (CUIng) initiative on the Europol Platform for Experts (EPE) revealed that evidence of steganography has been found in a wide variety of types of crime, including child pornography and terrorist communication. The scary thing is that they used basic tools. We feared we would detect more advanced technologies, which is why we aimed to develop tools that could reveal all hidden information.”

Project status

Steganographic technologies are a major challenge for Law Enforcement Agencies (LEAs), due to a lack of resources for investigating the increasing amount of digital evidence. UNCOVER therefore seeks to develop a tailored steganographic toolkit for LEAs. “The UNCOVER tools will improve processing time and reliability, and contribute to the reduction of threats from criminals and terrorists using steganography,” according to Helena.

The team began sweeping the internet and by November 2022, they found over 3,000 steganographic tools. “It is impossible to get into the details of every single tool. So, we tried to reveal – with the help of our Law Enforcement Partners – which of the freely available steganographic tools are suspected to have been used in the past.” By narrowing the scope and creating classifications, a manageable number of tools were identified.

“Next, we had skilled people examine suspicious data, mostly images. They received help from police investigators investigating criminal cases. When we detected hidden information (note: for the sake of the project, we also created data containing hidden information by ourselves), we used the developed tools to reveal it.” Achieving all this – research, tool development, communication, police investigation, etc. – required much more than technical profiles (the ‘coding nerds’).

Multidisciplinary and diverse

UNCOVER comprises 22 multidisciplinary partners: LEAs, leading researchers from universities and research institutions, and partners from private and industrial sectors. “It has been a great opportunity for me to follow a project from the proposal to the end – including hiring people to carry out the research with me. Even though it is a technical project, not all members of this cyber security research team are technical profiles,” the Head of the Research explains.

36% of the research team is female. “Most of the technical jobs are still mainly done by men, but many young women are interested to work for us. We attract these ambitious women because they see projects being led by women. They like being part of a team headed by a role model. Every cyber security team needs people who complement each other. That is why we try to create teams that are as diverse as possible,” Helena concludes.