Every Monday morning, the leader of a Toronto terrorist cell puts a different Persian rug for sale on eBay and posts a corresponding photograph. Bids commence, money is collected and items are shipped. So far, so good.

But at a set time on Tuesdays, the photo is swapped for a version that contains a hidden message. By prearrangement, the cell members know when to download, and the weekly message is delivered.

While this scenario is fictitious, the stealth itself is real enough, and it even has a name. Hiding information by embedding messages within other, seemingly harmless, messages is called steganography. And while it’s as old as the Greeks, in the digital age it lets someone hide any type of binary file inside any other binary file. Image and audio files are the most common carriers.

Steganography is drawing more and more attention, not because geeks are passing around exam answers embedded in centerfolds, but because it’s believed to be one of the ways al-Qaida leaders communicate with terrorists around the world.

After 9/11, several efforts were made to determine whether and to what extent steganographic images were present on the Internet. Using special detection programs, University of Michigan researchers were unable to find a single hidden message in more than 2 million eBay images. Another group examined several hundred thousand random images from various Web sites, with similar negative results.

But in case steganography abuse is more pervasive than anyone is currently aware, federal law enforcement agencies remain eager to develop solid stego detection techniques. “Stego tools have been found in the forensic analysis of computers belonging to some criminals and terrorists,” notes Hany Farid, a computer science professor at Dartmouth College.

Though finding steganographic messages has been equated to finding a needle in a county of haystacks, Farid believes that disabling steganography in a controlled environment like eBay could be easy: “Forget trying to find the needle in the haystack. Just turn the needle into a piece of straw by adding to each image a low-level noise pattern. The noise will be imperceptible to the user, but will destroy the stego messages, which, unlike digital watermarks, are highly sensitive to even the simplest attack.”

While it’s impossible to know how widespread the current use of stegano­graphy is by criminals and terrorists, some experts believe it’s safe to assume the worst. “The use of steganography is certain to increase and will be a growing hurdle for law enforcement and ­counter­terrorism,” predicts Gary C. Kessler, an associate professor in the Computer and Digital Forensics Program at Champlain College.

Ignoring the significance of steganography because of the lack of statistics is “security through denial,” he says, and not a very good strategy.