April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Under the cover of bright sunlight
Editor's Note: When GSN learned that the alleged Russian spy ring in the United States was using deception techniques such as "steganography," we decided to turn to a true expert in steganography for a description of this little-understood field.
As many of us working in the field of steganography have known for well over a decade, criminals and worse are using steg to communicate and/or conceal vital information. However, much of steganography is still a bit misunderstood, as some compare this dark art to just another form of encryption. The difference may seem subtle at first, but once you study the field, you quickly realize the clear difference between encryption and steganography, and that difference is intent.
The core intent of encryption is to keep information private, everything from our bank records, personal information, health records and intellectual property by using a cipher to scramble the information and then only allowing those with the proper key to that cipher the ability to unscramble the data. However, the core intent of steganography is to conceal the mere existence of the information or communication. This intent is what makes steganography potentially more dangerous when used to engage in criminal or espionage based activities.
When working in cyber-security, we typically focus on vulnerabilities, risks and to some extent threats in order to develop mitigating strategies. Steganography, used to exfiltrate information or covertly communicate, typically falls into data leak protection and the associated risks. One point that is not often talked about is the fact that the weakness or vulnerability that is exploited by steganography is, in fact, a human weakness not only a technical one. The whole point of steganography is to conceal information in plain view by exploiting the weaknesses in our vision and hearing to mask the hidden content or communications (assuming image- or multimedia-based steganography is used.)
Today, over a thousand steganography software variants exist and are available free, via download, from both public and private sites on the Internet. More importantly, open source versions of such software are also available that allow those who would like to develop their own variants a quick jump start. Most of these downloadable programs deal with the hiding of information inside images, audio files and other multimedia-based content or carriers. As these digital carriers evolve, so do the steganography tools that perform the embedding. This includes new methods that not only evade detection from our faulty human senses, but also new methods that attempt evade detection from deep analysis of the multimedia files by sophisticated statistical methods. We continue this cat-and-mouse game on an almost daily basis.
The future of covered writing as a method to covertly communicate, however, will not only evolve based on new methods for existing or new multimedia files, but is also evolving in other streaming protocols like Voice Over Internet Protocol (VOIP). These methods provide the ability to continually communicate covertly through these channels if they are not monitored and/or disrupted.
With the advent of devices like the Android phone and other open architecture mobile devices, the ability to build software that includes streaming steganography in a mobile handset is quite trivial. If the analysis of such downloaded apps is not complete and thorough, these otherwise useful apps could be used to perform this type of streaming steganography to unwitting users. Finally, payloads that are embedded in stego’d images or other multimedia files are not limited to covert messages or concealed contraband, they could also include malicious code or other cyber weapons.