Steganography ? The Art Of Deception & Concealment

The Message Must Get Through

The year is 300A.D., and you're part of a war machine unlike anything the world has ever seen. You are a field General for the Roman Empire and charged with assimilating yet another non-Roman culture. Your current mission; get tactical information you've collected in the field to an outpost one hundred miles away. The land between you and the outpost is treacherous and filled with enemy. The information you've collected is critical to the success of the current campaign and must reach the remote outpost intact. This will call for ingenious deception.

You send for a messenger, who is in reality a Roman slave. The messenger's head is shaved clean, and the message for the outpost is tattooed on his head. Several weeks later, the messengers hair has grown in and completely concealed the secret information. The messenger departs and one week later reaches the outpost. A quick head shave and the outpost has the information needed to ensure yet another victory for Rome.

This is one of the earliest forms of Steganography on record. The art of hiding messages within another medium and avoiding detection.

The Ancient Technology Of Deception
A Modern Day Threat

Take a look at the following two images at http://www.defendingthenet.com/stgpic.htm. The first picture is quite normal. The second picture looks exactly like the first. However, the second picture is not a normal picture at all. It contains a portion of the article you are currently reading in the form of a Microsoft Word document. It has been embedded in the image using a Steganography program and is nearly undetectable. Not only can you not see a visual difference in the picture, the file size of the original and the Stego Medium (image with the hidden text) is exactly the same.

There are several programs on the Internet that may be able to detect a small anomaly in the picture, like "stegdetect", but the method used to embed the secret document is protected by a key, or password, as well.

The technology behind effective Steganography is quite complex and involves serious mathematical computations. Computers and technology make this a trivial task and make this art of deception a serious threat to the security of information. Company's that regard their information proprietary, and rely on the security and integrity of their intellectual property, could be at significant risk.

A Real World Example Of Steganography

Many organizations protect their internal network resources and information by using sophisticated security measures, such as firewalls. Many firewalls can block e-mail attachments such as executables, spreadsheets, and documents, and do so by looking for file extensions. Some security measures, or content filters, can actually determine if the particular file or attachment is actually the type to be blocked, a spreadsheet for instance, by analyzing the contents of the file. This helps prevent the transmission of file attachments that have had their extensions altered or removed.

But how many organizations block the sending of image files like, .jpg or .bmp images.

Imagine having someone on the inside of a company who secures a proprietary document. This person then embeds the document into a picture and sends it to an e-mail address on the Internet. The company's defense systems block many types of file attachments, but image files are not considered a risk, so they are allowed through. The sender and receiver previously agreed on the method and type of deception. Using a Steganography package freely available on the Internet the task was easily and securely executed. The company was completely unaware of the fact that important information was leaked.

Conclusion

There are so many components to this form of deception, I could write ten pages on the subject alone. The purpose for this article is to make people aware of this form of deception and the threat it poses to digital security.

Steganography also has an impact on non-digital information as well. And, pictures are not the only medium that can be used. Sound files are another favorite host for embedding secret information. If you would like to see Steganography in action you can download "The Third Eye" from the following link http://www.defendingthenet.com/downloads/steg.zip. It is a freely distributable Steganography program and was used to create the two image examples referenced above. This download contains the two images above and you will be able to open the image with the hidden text and extract it. The zip file contains a README.TXT file that will give you full instructions on how to extract the hidden text in the image.

But first, you will need the password! Can you guess it? I'll give you a clue: What form of deception did the Roman General use to send his message?**

*The story "The message must get through" although based on documented information about a Roman General performing such an act of deception, is fictional and was written as illustration of such an event strictly for use in this article.

**You should be able to easily guess the password however I must point out that the password should be entered all "lower-case".

About The Author

Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. Darren is a staff writer for http://www.defendingthenet.com and several other e-zines. If you would like to contact Darren you can e-mail him at darren.miller@paralogic.net or team@defendingthenet.com or trydefendthenet@paralogic.net. If you would like to know more about computer security please visit our website. If someone you know has sent you this article, please take a moment to visit our site and register for the free newsletter at http://www.defendingthenet.com/subscribe.htm

Original URL

http://www.defendingthenet.com/N ewsletters/Steganography.htm

In The News:

pen paper and inkwell


cat break through


3 Pervasive Phishing Scams

Scams involving email continue to plague consumers across America, indeed... Read More

Spyware Programs Are Out To Get You!

The average computer is packed with hidden software that can... Read More

Are They Watching You Online?

When surfing the Internet you probably take your anonymity for... Read More

New Mass Mailing Spamming Internet Trojan for the Windows Platform

May. 16th 2005 - MicroWorld has reported the discovery of... Read More

Corporate Security for Your Home Business

The words Corporate Security may conjure up images of a... Read More

Wells Fargo Report Phishing Scam

First off I should explain what phishing is. Phishing is... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

How to Protect Your Child from the Internet

When the Internet first came about, it was realized it... Read More

Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions... Read More

Reducing Fraudulent Transations ? 5 Simple Ways To Protect Yourself

The money being spent online is steadily growing. With billions... Read More

How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances

Spyware/adware is a new major concern for PC users everywhere.... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

IPv6 - Next Step In IP Security

IPv6, IntroductionThe high rate at wich the internet continualy evolves... Read More

Spy Scanners ? Don?t Compromise your Privacy

Spies, spyware, internet parasites are among what they are usually... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More

If You Sell Anything Online Your ePockets Are Being Picked

You and I are a lot alike. We are both... Read More

Phishing and Pharming: Dangerous Scams

As soon as almost all computer users already got used... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Five Excellent Indie Encryption And Security Solutions You Have Not Heard About

Geek SuperheroGeek Superhero watches your computer for changes, immediately notifying... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

The Top Twelve Threats No Computer User Should Ignore

The internet is undoubtedly a fantastic resource for families and... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

How Spyware Blaster Can Protect Your Computer From Harm

By browsing a web page, you could infect your computer... Read More

How to Know Whether an Email is a Fake or Not

A few nights ago I received an email from "2CO"... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

What Can Be Done About Spyware And Adware

Having a good Spyware eliminator on your computer is vital... Read More