InfoSec Commentary - Stegonagraphy

What: Steganography encompasses methods of transmitting secret messages through innocuous cover carriers in such a manner that the very existence of the embedded messages is undetectable. (Well at least extremely difficult to detect without the proper software).

Information can be hidden in images, audio, video, text, or some other digitally representative code.

It requires two files:

The first is the innocent-looking image that will hold the hidden information, called the cover image.

The second file is the message—the information to be hidden.

cover medium + embedded message +

stegokey = stego medium

How: Common approaches include:

Least significant bit insertion

Masking and Filtering

Algorithms and Transformations

Why:

Defense

Businesses

Spies

Education

Terrorists

Why is it interesting?

A – Steganogrpahy allows many different combinations: Documents in pictures, pictures in documents, documents in wave files, wave files in documents, etc., etc.

B – Steganography software is easily available via the Internet. Much of it is open source and free. All that is needed is that sender and receiver have same program in order to hide and unhide the embedded element.

C – Firewalls will not catch this; some Anti-Virus s/w “may” catch some stego techniques but not all.

D – Makes it extremely easy for individuals to communicate via a public forum eg: “The Internet” and post what looks like innocuous documents or pictures that hide more than meets the eye.

E – There are variations of stego techniques that you can do with simply only a Windows or Linux command line without the need for specialized s/w.