The Message Must Get Through
The year is 300A.D., and you're part of a war machine unlike anything the world has ever seen. You are a field General for the Roman Empire and charged with assimilating yet another non-Roman culture. Your current mission; get tactical information you've collected in the field to an outpost one hundred miles away. The land between you and the outpost is treacherous and filled with enemy. The information you've collected is critical to the success of the current campaign and must reach the remote outpost intact. This will call for ingenious deception.
You send for a messenger, who is in reality a Roman slave. The messenger's head is shaved clean, and the message for the outpost is tattooed on his head. Several weeks later, the messengers hair has grown in and completely concealed the secret information. The messenger departs and one week later reaches the outpost. A quick head shave and the outpost has the information needed to ensure yet another victory for Rome.
This is one of the earliest forms of Steganography on record. The art of hiding messages within another medium and avoiding detection.
The Ancient Technology Of Deception
A Modern Day Threat
Take a look at the following two images at http://www.defendingthenet.com/stgpic.htm. The first picture is quite normal. The second picture looks exactly like the first. However, the second picture is not a normal picture at all. It contains a portion of the article you are currently reading in the form of a Microsoft Word document. It has been embedded in the image using a Steganography program and is nearly undetectable. Not only can you not see a visual difference in the picture, the file size of the original and the Stego Medium (image with the hidden text) is exactly the same.
There are several programs on the Internet that may be able to detect a small anomaly in the picture, like "stegdetect", but the method used to embed the secret document is protected by a key, or password, as well.
The technology behind effective Steganography is quite complex and involves serious mathematical computations. Computers and technology make this a trivial task and make this art of deception a serious threat to the security of information. Company's that regard their information proprietary, and rely on the security and integrity of their intellectual property, could be at significant risk.
A Real World Example Of Steganography
Many organizations protect their internal network resources and information by using sophisticated security measures, such as firewalls. Many firewalls can block e-mail attachments such as executables, spreadsheets, and documents, and do so by looking for file extensions. Some security measures, or content filters, can actually determine if the particular file or attachment is actually the type to be blocked, a spreadsheet for instance, by analyzing the contents of the file. This helps prevent the transmission of file attachments that have had their extensions altered or removed.
But how many organizations block the sending of image files like, .jpg or .bmp images.
Imagine having someone on the inside of a company who secures a proprietary document. This person then embeds the document into a picture and sends it to an e-mail address on the Internet. The company's defense systems block many types of file attachments, but image files are not considered a risk, so they are allowed through. The sender and receiver previously agreed on the method and type of deception. Using a Steganography package freely available on the Internet the task was easily and securely executed. The company was completely unaware of the fact that important information was leaked.
Conclusion
There are so many components to this form of deception, I could write ten pages on the subject alone. The purpose for this article is to make people aware of this form of deception and the threat it poses to digital security.
Steganography also has an impact on non-digital information as well. And, pictures are not the only medium that can be used. Sound files are another favorite host for embedding secret information. If you would like to see Steganography in action you can download "The Third Eye" from the following link http://www.defendingthenet.com/downloads/steg.zip. It is a freely distributable Steganography program and was used to create the two image examples referenced above. This download contains the two images above and you will be able to open the image with the hidden text and extract it. The zip file contains a README.TXT file that will give you full instructions on how to extract the hidden text in the image.
But first, you will need the password! Can you guess it? I'll give you a clue: What form of deception did the Roman General use to send his message?**
*The story "The message must get through" although based on documented information about a Roman General performing such an act of deception, is fictional and was written as illustration of such an event strictly for use in this article.
**You should be able to easily guess the password however I must point out that the password should be entered all "lower-case".
About The Author
Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at darren.miller@paralogic.net or team@defendingthenet.com or trydefendthenet@paralogic.net. If you would like to know more about computer security please visit our website. If someone you know has sent you this article, please take a moment to visit our site and register for the free newsletter at http://www.defendingthenet.com/subscribe.htm
Original URL
http://www.defendingthenet.com/N
ewsletters/Steganography.htm
The Message Must Get Through The year is 300A.D.,... Read More
Spyware symptoms happen when your computer gets bogged down with... Read More
Much has been said on the theory of password protection... Read More
One evening, during the graveyard shift, an AOL technical support... Read More
First the basic definition of Spyware: It is a type... Read More
What is Phishing? In a typical Phishing attack, a criminal... Read More
On December 8, 2004 Webroot, an award winning anti-spyware solution... Read More
The 1998 Data Protection Act was not an extension to,... Read More
There are folks out there who use their powers for... Read More
If you know what is the 'Fishing' then it's very... Read More
Before you enter your name, address or any other data... Read More
What is Phishing? Phishing is a relatively newly coined term... Read More
At this point, if you've got the whole "turning the... Read More
File sharing on p2p is soaring despite the music and... Read More
Chris Simpson, head of Scotland Yard's computer crime unit was... Read More
According to the Anti-Phishing Working Group (APWG) email scams also... Read More
Can you protect your computer from all possible viruses and... Read More
When you signed up for that ultra-fast DSL or Cable... Read More
During the release of a new software product specialized to... Read More
Today the internet is a mine field of malicious code... Read More
If you run any type of Internet business, Adware and... Read More
Monday morning, 6am; the electric rooster is telling you it's... Read More
First off I should explain what phishing is. Phishing is... Read More
For many, the daily walk to the mailbox evokes mixed... Read More
I got a virus the other day, Thursday I believe... Read More
Computer security for most can be described in 2 words,... Read More
Imagine my surprise when I received a phone call from... Read More
Since its birth, the Internet has grown and expanded to... Read More
These six ways to prevent identity theft offer you valuable... Read More
Spyware is the most troublesome software to appear on the... Read More
It has been said that with the wealth of information,... Read More
Phishing is the act of some individual sending an email... Read More
Many of us have run into an annoying and time-consuming... Read More
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
I am in the midst of Oscar Wilde's The Picture... Read More
1)Spyware is on your system. Like it or not, statistically... Read More
The words Corporate Security may conjure up images of a... Read More
WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More
"Phishing," the latest craze among online evil-doers, has nothing to... Read More
It seems that nowadays cybercriminals prefer cash to fun. That... Read More
If you use emails actively in your communication, you must... Read More
Many of us have run into an annoying and time-consuming... Read More
Did you know...? 1 in 5 children who use computer... Read More
Over £5 billion pounds was spent on online shopping in... Read More
Your computer is as slow as molasses. Your mouse freezes... Read More
Everyone should eliminate spyware and adware from your hard drive... Read More
IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More
Abstract Homogeneous symmetries and congestion control have garnered limited interest... Read More
There has not been a time in the history of... Read More
Since its birth, the Internet has grown and expanded to... Read More
You'd better learn news from media, not from emails, security... Read More
Computer security for most can be described in 2 words,... Read More
Watching how the traditional media covers the latest virus or... Read More
Airport Menace: The Wireless Peeping Tom As a network... Read More
Monday morning, 6am; the electric rooster is telling you it's... Read More
The menacing campaigns that drive the corporate spyware and adware... Read More
Huge number of spyware software applications are available in the... Read More
In the past I've never really paid much attention to... Read More
I Challenge You To Crack The Code ------------------------------------- I had... Read More
Nobody wants to pay to remove spyware. At the very... Read More
This is the second in a series of articles highlighting... Read More
Despite the current wave of identity theft and corporate security... Read More
The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More
Electronic Fraud and Identity Theft Human beings are pretty... Read More
Never before with Instant Messaging (IM) has a more vital... Read More
It's late. You've been scouring the web for that perfect... Read More
Internet Security |