April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Under the cover of bright sunlight

Chet Hosmer

Editor's Note: When GSN learned that the alleged Russian spy ring in the United States was using deception techniques such as "steganography," we decided to turn to a true expert in steganography for a description of this little-understood field.


As many of us working in the field of steganography have known for well over a decade, criminals and worse are using steg to communicate and/or conceal vital information. However, much of steganography is still a bit misunderstood, as some compare this dark art to just another form of encryption. The difference may seem subtle at first, but once you study the field, you quickly realize the clear difference between encryption and steganography, and that difference is intent.

The core intent of encryption is to keep information private, everything from our bank records, personal information, health records and intellectual property by using a cipher to scramble the information and then only allowing those with the proper key to that cipher the ability to unscramble the data. However, the core intent of steganography is to conceal the mere existence of the information or communication. This intent is what makes steganography potentially more dangerous when used to engage in criminal or espionage based activities. 

When working in cyber-security, we typically focus on vulnerabilities, risks and to some extent threats in order to develop mitigating strategies. Steganography, used to exfiltrate information or covertly communicate, typically falls into data leak protection and the associated risks. One point that is not often talked about is the fact that the weakness or vulnerability that is exploited by steganography is, in fact, a human weakness not only a technical one. The whole point of steganography is to conceal information in plain view by exploiting the weaknesses in our vision and hearing to mask the hidden content or communications (assuming image- or multimedia-based steganography is used.)

Today, over a thousand steganography software variants exist and are available free, via download, from both public and private sites on the Internet. More importantly, open source versions of such software are also available that allow those who would like to develop their own variants a quick jump start. Most of these downloadable programs deal with the hiding of information inside images, audio files and other multimedia-based content or carriers. As these digital carriers evolve, so do the steganography tools that perform the embedding. This includes new methods that not only evade detection from our faulty human senses, but also new methods that attempt evade detection from deep analysis of the multimedia files by sophisticated statistical methods. We continue this cat-and-mouse game on an almost daily basis. 

The future of covered writing as a method to covertly communicate, however, will not only evolve based on new methods for existing or new multimedia files, but is also evolving in other streaming protocols like Voice Over Internet Protocol (VOIP). These methods provide the ability to continually communicate covertly through these channels if they are not monitored and/or disrupted.

With the advent of devices like the Android phone and other open architecture mobile devices, the ability to build software that includes streaming steganography in a mobile handset is quite trivial. If the analysis of such downloaded apps is not complete and thorough, these otherwise useful apps could be used to perform this type of streaming steganography to unwitting users. Finally, payloads that are embedded in stego’d images or other multimedia files are not limited to covert messages or concealed contraband, they could also include malicious code or other cyber weapons.


Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...