Interesting Facts About Steganography
An Ancient Form of Covert Communication
Steganography is commonly referred to as the practice of concealing messages and other data within non secret information; often in plain sight. According to John of The Security Alliance, “Steganography is an ancient practice. The term is Greek in origin, derived from the words στεγανός which means ‘to conceal’, and γράφω which means ‘to write.”
Types of Steganography
Steganography in Practice
This practice is a form of covert communication and its use can be traced back to 440 BC. There’s even rumor that Leonardo Da Vinci used steganography to embed a hidden message into the “Last Supper” art piece.
During World War II, photosensitive glass was used to exchange hidden images and words between allied armies. In the same war Germans introduced microdots, which were complete documents, pictures, and plans reduced in size to the size of a dot and were attached to normal paperwork.
Steganography, in today’s society, is more widely mentioned when describing cyber criminal activities i.e. tactics, techniques, and procedures (TTPs). Steganography also shares similarities with Cryptography in the ability to manipulate images and other files for covert communication but there are a few difference to be noted. Steganography is often used to communicate secretly while hiding the fact that a secret message is taking place whereas when using cryptography to examine the contents of data, the structure is altered to provide a layer of security in maintaining the integrity of the information.
Steganography in Cyber Crime
- Operation Shady RAT (2006) | This case involved the use of a stenographically hidden image to infect numerous organizations around the world including the Federal Government and United Nations.
- Duqu Malware (2011) | This is the first known use of steganography in cyber crime. Duqu Malware encrypted and embedded data into a JPEG file and sent it to a controlled server as an image; therefore going undetected.
- Lurk Malware (2014) | The use of an algorithm was implemented to embed encrypted downloader URLs into an image by manipulating individual pixels.
Safety & Security
Both steganography and cryptography are powerful techniques that are practiced in the field of Cyber Security; however, using them to commit a crime could be met with consequences. There are teams of experts that work together to prevent malicious attacks on the public. Cyber security is a growing field that is changing constantly so it’s important for security professionals to stay informed of the latest penetration techniques and preventative measures.
Software Tools to Perform Steganography by
Stegosuite is a free steganography tool which is written in Java. With Stegosuite you can easily hide confidential information in image files.
Steghide is an open source Steganography software that lets you hide a secret file in image or audio file.
Xiao Steganography is a free software that can be used to hide data in BMP images or in WAV files.
SSuite Picsel is another free portable application to hide text inside an image file but it takes a different approach when compared to other tools.
OpenPuff is a professional steganographic tool where you can store files in image, audio, video or flash files