 |
Steganography ? The Art Of Deception & Concealment
The Message Must Get Through
-----------------------------
The year is 300A.D., and you're part of a war machine
unlike anything the world has ever seen. You are a field
General for the Roman Empire and charged with assimilating
yet another non-Roman culture. Your current mission; get
tactical information you've collected in the field to an
outpost one hundred miles away. The land between you and the
outpost is treacherous and filled with enemy. The
information you've collected is critical to the success of
the current campaign and must reach the remote outpost
intact. This will call for ingenious deception. You send for a messenger, who is in reality a Roman slave.
The messenger's head is shaved clean, and the message for
the outpost is tattooed on his head. Several weeks later,
the messengers hair has grown in and completely concealed
the secret information. The messenger departs and one week
later reaches the outpost. A quick head shave and the
outpost has the information needed to ensure yet another
victory for Rome. This is one of the earliest forms of Steganography on
record. The art of hiding messages within another medium
and avoiding detection. The Ancient Technology Of Deception
A Modern Day Threat
-----------------------------------
Take a look at the following two images at
http://www.defendingthenet.com/stgpic.htm. The first picture
is quite normal. The second picture looks exactly like the
first. However, the second picture is not a normal picture
at all. It contains a portion of the article you are
currently reading in the form of a Microsoft Word document.
It has been embedded in the image using a Steganography
program and is nearly undetectable. Not only can you not
see a visual difference in the picture, the file size of the
original and the Stego Medium (image with the hidden text)
is exactly the same. There are several programs on the Internet that may be able
to detect a small anomaly in the picture, like "stegdetect",
but the method used to embed the secret document is
protected by a key, or password, as well. The technology behind effective Steganography is quite
complex and involves serious mathematical computations.
Computers and technology make this a trivial task and make
this art of deception a serious threat to the security of
information. Company's that regard their information
proprietary, and rely on the security and integrity of their
intellectual property, could be at significant risk. A Real World Example Of Steganography
-------------------------------------
Many organizations protect their internal network resources
and information by using sophisticated security measures,
such as firewalls. Many firewalls can block e-mail
attachments such as executables, spreadsheets, and
documents, and do so by looking for file extensions. Some
security measures, or content filters, can actually
determine if the particular file or attachment is actually
the type to be blocked, a spreadsheet for instance, by
analyzing the contents of the file. This helps prevent the
transmission of file attachments that have had their
extensions altered or removed. But how many organizations block the sending of image files
like, .jpg or .bmp images. Imagine having someone on the inside of a company who
secures a proprietary document. This person then embeds the
document into a picture and sends it to an e-mail address on
the Internet. The company's defense systems block many
types of file attachments, but image files are not
considered a risk, so they are allowed through. The sender
and receiver previously agreed on the method and type of
deception. Using a Steganography package freely available
on the Internet the task was easily and securely executed.
The company was completely unaware of the fact that
important information was leaked. Conclusion
----------
There are so many components to this form of deception, I
could write ten pages on the subject alone. The purpose for
this article is to make people aware of this form of
deception and the threat it poses to digital security. Steganography also has an impact on non-digital information
as well. And, pictures are not the only medium that can be
used. Sound files are another favorite host for embedding
secret information.
If you would like to see Steganography in action you can
download "The Third Eye" from the following link
http://www.defendingthenet.com/downloads/steg.zip. It is a
freely distributable Steganography program and was used to
create the two image examples referenced above. This
download contains the two images above and you will be able
to open the image with the hidden text and extract it. The
zip file contains a README.TXT file that will give you full
instructions on how to extract the hidden text in the
image. But first, you will need the password! Can you guess it?
I'll give you a clue: What form of deception did the Roman
General use to send his message?** *The story "The message must get through" although based on
documented information about a Roman General performing such
an act of deception, is fictional and was written as
illustration of such an event strictly for use in this
article. **You should be able to easily guess the password however I
must point out that the password should be entered all
"lower-case". About The Author
----------------
Darren Miller is an Information Security Consultant with
over sixteen years experience. He has written many technology
& security articles, some of which have been published in
nationally circulated magazines & periodicals. Darren is a
staff writer for http://www.defendingthenet.com and several other
e-zines. If you would like to contact Darren you can e-mail
him at darren.miller@paralogic.net or
defendthenet@paralogic.net. If you would like to know
more about computer security please visit our website. If someone you know has sent you
this article, please take a moment to visit our site and
register for the free newsletter at
http://www.defendingthenet.com/subscribe.htm Original URL
------------
http://www.defendingthenet.com/Newsletters/Steganography.htm
|
|
|
|
RELATED ARTICLES
Spyware, This Time Its Personal!
First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission... It can log your keystrokes, which websites you visit, read you email, and even prowl your hard drives. At some point in time, it transmits its harvested information to the owner. Transmitting this data can slow your computers resources which can result in programs taking longer to load, make for longer waits for WebPages to load, and even complete system failures can occur.
Corporate Security for Your Home Business
The words Corporate Security may conjure up images of a group of techies working in a wire-filled basement room of Microsoft or HP, combating hackers and terrorists online using words like algorithm and encryption. If you own your own business, do not allow yourself to think that security is only for big corporations. Every company, big or small, technological or traditional, has two major security concerns: protecting information, and protecting hardware.
Make Money Online - Defend Against The Latest Scam
First, let's do a little recap'. As I stated in the first part of the article, "Make Money Online - The Latest Scam Disclosed", "refund policy scammers" affect the websites that make money online by selling digital products by buying the product and asking for refunds, while keeping the product.
SPYWARE - Whos Watching Who?
I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror." With that attitude, I praise their skills only for the mere sake of not wanting them to defile mine, or my business.
5 Tips For An Unbreakable Password
Despite the current wave of identity theft and corporate security breaches it's amazing how very few people treat their passwords with any level of seriousness. Most computers users, both at home and in the office, see passwords as a nuisance and therefore make them as easy to remember as possible. This can be a catastrophic mistake.
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of Troj/Sober-Q, which is a mass mailing spamming internet Trojan for the Windows platform.
Backup and Save your business!
There you are busily typing away on your PC or your
Laptop, and all of a sudden the strangest thing happens.
The screen goes black, extinquished like a candle in the
wind.
How Spyware Blaster Can Protect Your Computer From Harm
By browsing a web page, you could infect your computer with
spy ware, ad ware, dialers and hijackers. These, unwelcome
guests, are some of the fastest growing threats on the
Internet today. It is important to protect your computer
and one of the most powerful software products, available
for this, is Spy ware Blaster, a program created by Java
cool.
How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer
If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Many people want to know what they did to get infected. Unfortunately, usually it was just one wrong click.
Traditional Antivirus Programs Useless Against New Unidentified Viruses!
Every now and then you can read about a new virus and the damage it causes. The millions viruses costs companies each time they strike. It is however not only companies that are suffering from the damages caused by viruses. A virus can be just as damaging if not more for a private Internet user by destroying important documents, family pictures and everything else you keep on your computer. Therefore should no home computer be without a good virus protection software. This way you can protect your computer and yourself from loosing data, corrupted hard drives and a number of other problems. There are several anti virus programs available of which some are free and some are not. You should however always remember that you might get what you paying for, meaning that the service and the updates might be better for the paid alternatives and thereby protect your computer better.
How Can Someone Get Private Information From My Computer?
From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News, a free ezine for online auction sellers and enthusiasts.
Dont Miss Information Because of Misinformation
It has been said that with the wealth of information, freely available, the Internet has the ability to make you smarter, faster, than any other medium on the planet.
Why Malicious Programs Spread So Quickly?
It seems that nowadays cybercriminals prefer cash to fun. That is why malicious programs of various kinds (viruses, worms, Trojan horses, etc.) are very often aimed at stealing valuable -- in a direct sense of this word -- private and financial information. When written, these programs are spread all over the Web.
Internet Small Business and Fraud
Be careful of sites that promise to send you "instant pins". These companies usually have lax credit card security and can afford customer charge backs from fraudulent transactions. Instant gratification, so coveted by our lifestyles, is something to be very wary of in the realm of online business.
Protecting Your Identity On The Internet
Afraid that someone is monitoring your PC or installed a keylogger to record every single keystroke? Find out which tools you need to get to make sure you are protected.
Adware and Spyware: The Problems and Their Solutions
The Threat
Arming Yourself Against Spyware
While clicking from site to site on the internet you are likely to land yourself on a website that downloads spyware onto your computer system. Even while using familiar or unlikely and secure web site you run the risk of being infected with unwanted spyware. Most commonly, spyware detects and records your internet and computer usage information so advertisers can bombard you with pop ups and email ads they feel are appropriate to your interests. More malicious spyware applications can identify, record and send to intruders your credit card, bank account and social security information to intruders who use it for identity theft.
How to Prevent Online Identity Theft
Identity theft rates one of the fastest growing crimes in mAmerica today and the Internet can make it even easier for some criminals to take your good name and drag it through the mud.
Whats All This I Hear About Firewalls?
At this point, if you've got the whole "turning the computer on" thing down; you are ready to learn about firewalls. Whether you use your computer for business or pleasure, it is important to have a firewall. If you use a high speed Internet connection like Cable modem or DSL, you are at a MUCH greater risk for someone to hack into your computer, ultimately giving them free rein to meddle in your files and your life.
3 Things You Must Know About Spyware
1)Spyware is on your system. Like it or not, statistically speaking, you probably have spyware on your machine right now. There are so many malicious programs floating around out there that one or two have bound to have gotten past all of your security settings. McAfee and Norton Anti Virus are both excellent programs, but even they can be beaten by the determined spyware makers and distributors. One recent computer repair man said, close to 80% of the machines that he services have spyware on them. I believe it. Spyware can be sneaky and it can install quietly without your knowledge. Your system probably has spyware on it; make sure it doesn't corrupt your data files or worse.
|
