By now, you've no doubt heard of the Russian spy ring that was recently busted in the US, and you've also probably heard that they apparently weren't very bright. The complaint filed in their case documents a litany of unprofessionalism and carelessness, from leaving written passwords out in the open to asking a federal agent posing as a fellow spy to troubleshoot a laptop without even bothering to check back with HQ to see if the "spy" was legit.

But as incompetent as these spies were, they were bright enough to at least partially outwit the large-scale e-mail snooping efforts of the NSA's backbone taps and multibillion-dollar datacenters. How? By using steganography to encode secret text messages in image files, which they then placed on websites.

After searching one spy's apartment, law enforcement agents found a computer and made a copy of its hard drive for later analysis. On the hard drive they found an address book containing website links, which the agents visited and downloaded images from.

The complaint notes that "these images appear wholly unremarkable to the naked eye. But these images (and others) have been analyzed using the Steganography Program. As a result of this analysis, some of the images have been revealed as containing readable text files."

The steganography program used to decode the images was also on one of the hard drives copied in the search; it was this hard drive which was password protected, and which the agents were able to unlock because the 27-character password was written down on a piece of paper and left lying out in the open on a desk. Clearly, the spies would have been better off with a much shorter password that could have been memorized versus a too-long one that they had to write down and keep nearby.

But "don't write down your passwords" and "don't pick passwords that you have to write down" are the two least interesting lessons to draw from the spies' comical ineptitude. The deeper lesson is that, however dumb these spies were, the real joke here is on US taxpayers.

This technique of using steganography to hide messages in images published online isn't particularly brilliant, and it's simple enough to execute that these apparent nincompoops could manage it. Yet our government spends tens of billions of dollars on networking monitoring hardware and data-mining efforts that are aimed at vacuuming up our electronic communications and automatically parsing them for terrorist-speak. All of this technology would fail to detect the messages that these spies sent—either their contents or the simple fact of their existence. The Russian spies' online messaging activity would look to any automated system like perfectly normal HTTP traffic.

The ultimate point here is one that I've made again and again: it's very, very hard for data mining techniques to extract truly reliable signals from even a relatively high-quality, carefully curated dataset. But when a tiny fraction of a giant dataset has been maliciously and stealthily manipulated by humans who, even at their most incompetent, are still smarter than computers, then the GIGO rule kicks in and you're getting garbage without knowing it.

As this Christian Science Monitor story points out, it's not yet known how these spies were caught. But unless they were dumb enough talk spy stuff via regular e-mail, despite having access to a far superior means of message passing, then we can be fairly certain about how they were not caught: by the NSA's expensive, constitution-busting data-mining efforts.