Steganography Decoded

Steganography Decoded

What exactly is Steganography?

I was re-watching Prison Break S5 recently and I watched Micheal Scoffield's son drawing a picture and I loved how artistic and amazing he was at hiding clues in pictures that reminded me of Steganography.

When you decide to enter the tech world, you can't avoid it but keep on learning. One of my interests in this magic world is Cyber Security and each year many companies lose millions of dollars due to inefficient methods put in place to safeguard data, storage, connections, etc.

It is in this world of cyber security and communication, we find Steganography. Do not confuse it with Cryptography since these are two separate words with different meanings.

So what is Steganography?

Top-3-Steganography-Tools.jpg Steganography, the practice of hiding information, has been around for centuries. And in parallel to technological advances, steganography has also evolved and adapted with the advent of computers and the internet.

Digital steganography usually involves hiding data inside innocuous files such as images, videos, and audio. So basically it is hiding data within data.

You do not need to manipulate the data in any form like Cryptography, you just embed what you want in the same data and can sometimes be hard to detect.

Etymology

post-38916-image-1455380337.png The word “steganography” seems fancy, but it actually comes from a fairly normal place. The root “steganos” is Greek for “hidden” or “covered,” and the root “graph” is Greek for “to write.” Put these words together, and you’ve got something close to “hidden writing,” or “secret writing.”

Origins

The oldest documented case of steganography dates to 500 BC, in which Histiaeus, the ruler of Milteus, tattooed a message on the shaved head of one of his slaves and let the hair grow back. He then sent the slave to the Aristagoras, his son-in-law, who shaved the slave’s head again and revealed the message.

In the centuries that followed, more modern forms of steganography were invented, such as invisible inks. Today, steganography has moved to the digital world with hackers installing malware using this trick and this type of malware is usually referred to as Trojan Horse.

Methods

There are a large number of steganographic methods that most of us are familiar with like:

🎈 Image manipulation
🎈 RGB hex code changes (alpha code insertions)
🎈 Song Headers
🎈 Web page headers
🎈 Invisible Ink writings
🎈 Plain Text hidden messages
🎈 Hidden in Video Metadata

Hackers

hack.jpeg Steganography uses are primarily restricted to hackers nowadays who use steganographic applications to embed malicious code. A hacker alters the least significant bit of any file and encrypts it with malicious code. Once this code is downloaded by the user either by opening a file or image the malware is activated.

This can in turn help the attacker to gain control over the network of the user or destroy any intended content. The difference between the original file or image or stenographed image or file is so subtle and it cannot be detected by the naked eye.

🐎 Trojan Horses A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. This type of social engineering can be done by the Steganography methods we have seen above. what-is-a-trojan-horse-featured-image-big-800x400.png

Trojans take their name from the hollow wooden horse that the Greeks hid inside of during the Trojan War. The Trojans, thinking the horse was a gift, opened their walled city to accept it, allowing the Greeks to come out of hiding at night to attack the sleeping Trojans.

Read about Trojan War here

Techniques Used

According to JigSaw Academy, there are about three techniques used to achieve the above methods.

🔹 Least Significant bit

steganography-hide-secret-data-inside-image-audio-file-seconds.w1456.jpg The attacker identifies the least significant bits of information in the carrier file and substitutes it with the secret message, in most cases, malicious code. Once the target downloads the file, the malware is introduced in the computer that allows the hacker or attacker to access the device.

Sandboxes are used to detect these corrupt files but hackers have invented ways like sleep patching to bypass these. Sleep patched malware is not detected by sandbox as it is benign and takes time to be detected.

🔹 Palette Based Technique

This uses digital images as malware carriers where attackers first encrypt the message, hide it in a wide palette of the cover image. It can carry only limited amounts of data but still frustrates cybersecurity professionals as the data is encrypted and takes time to decrypt.

🔹 Secure Cover Selection

A very complex technique, cybercriminals have to compare blocks of the carrier image to specific blocks of specific malware. It involves finding the right match to carry the malware. The identical match is fitted carefully into the carrier image. With the resulting image being identical to the original it becomes even more difficult to detect by software applications and cybersecurity software.

Tools & Software 🛠

Today there are tools and software packages that are used in Steganography and some of these allow a user to embed hidden data inside a carrier file, such as an image or video, and later extract that data.

steghide12-660x236.jpg 📌 Anubis
📌 DeepSound
📌 Mr. Crypto
📌 StegaMail
📌 Steghide
📌 Camouflage
📌 Hide’N’Send

Check out this Wikipedia page for a full list & more information about these tools.

Examples A simple example of steganography would be a message in plain text. For example, the following sentence:

“This example comprises higher technical evidence regarding modern situations”. ( The first letter of each word reveals the phrase “TechTerms”.

Also, try getting invisible ink writing and see the magic.

Can You Solve This?

steg-sunset-1024x350 (1).png

Conclusion

Steganography may not be easily detected and sometimes you need to be told that there is data hidden or use tools to decode the hidden data.

Ronnie Atuhaire 😎
Follow me here & on Twitter for more Blogs!