The Mason Spirit

Digital Detective: Technology-Terrorist Link Puts Neil Johnson In Spotlight

By Robin Herron

Heightened interest in a computer security technique called steganography and its possible link to terrorists has made Neil Johnson (M.A. '97, Ph.D. '00) an incredibly sought-after expert. As associate director of the Center for Secure Information Systems (CSIS) in George Mason's School of Information Technology and Engineering, Johnson is in the forefront of a security area that is of great interest to law enforcement agencies and the military, and, since the Sept. 11 terrorist attacks, the media as well.

When Johnson arrived at his office on Sept. 12, still shaken by the previous day's events, the phone messages were already waiting. Since then, he says, "I've gotten a phone call from the government or media nearly every day."

Johnson has been interviewed by most major U.S. news organizations, including CNN, the Voice of America, the New York Times, the Washington Post, Time, National Public Radio, U.S.News & World Report, the Associated Press, and C-SPAN. He's also known internationally through interviews with the French Le Monde and Italian La Repubblica newspapers, the German news magazine Der Spiegel, and Austrian National Radio.

The technology that has piqued media and government interest has been suggested as a method terrorists may use to communicate with one another. In fact, reports suggested well over a year ago that Osama bin Laden was using steganography.

Steganography is derived from a Greek word meaning "covered writing." The technique has been around in some form for hundreds of years, but today's high-tech incarnation involves hiding digital images or messages within other innocuous files. "Information can be hidden in just about anything," says Johnson.

Only someone who knows what to look for and has the software to find it will see the secret message. Users can also communicate electronically without leaving a trace because images can be posted anonymously to many Internet sites.

Johnson's interest in the technology developed in 1995 when he was a graduate student at George Mason taking a security course under Sushil Jajodia, director of CSIS. "He challenged us to find a topic he didn't know much about," Johnson says. "I ran across steganography on the Internet and thought, this sounds really neat. There wasn't a whole lot published on it, and only a handful of researchers were involved, so I started corresponding with them."

When he finished his resulting paper, Johnson posted it on the web. The next thing he knew, Jajodia was calling, saying some people from the government wanted to talk with him about his steganography research.

Soon after, Johnson joined CSIS and began doing research for U.S. Department of Defense agencies and Army and Navy research offices with which the center is affiliated.

While Johnson does work in other security areas, steganography continues to receive most of his attention. Links to his original paper have shown up all over the world.

While willing to talk about steganography in general terms in his interviews, Johnson is reluctant to provide a level of detail that could help terrorists or other malicious users of the technology, and he condemns researchers who publish too much information under the guise of sharing global knowledge. He notes that the number of steganography tools has mushroomed from around 30 when he started his research to more than 140 today, and many are available on the Internet.

Since Sept. 11, Johnson has become even more guarded about what he says and what information he puts on his web page. He defends his stance by drawing an analogy to a murder investigation. "The police are not going to tell people what they are finding," he says. "You don't want to give your adversary the upper hand."

For more information about steganography and Johnson's work, see