Can you imagine if you had the ability and power to conceal and hide information within plain sight? Well, is it even possible? Steganography is nothing but the process of hiding information, audio messages, video clips, or images into another piece of information, video clip, audio clip, or image. Who would not forget writing secret messages in invisible ink or hiding coded messages within a piece of data or information?
Well in the world of cybersecurity, steganography is the technique of hiding secret data within a non-secret, ordinary file or message to avoid being detected. It will be decoded only at the destination. The history of steganography dates back to 1500 when Johannes Trithemius used the term in his book Steganographia. It has been a time-honored practice and only gained technical prominence in the last decade.
In this article let us look at:
What is Steganography?. If one needs to define steganography, it can be simply said as a practice of hiding secret messages within or over something that is no secret. It is just a process of embedding a secret piece of text within a text, picture, or audio. The message could be a message or script within a document file or a picture file. A form of covert communication, the main purpose of steganography is concealing and deceiving. The message can be concealed through any medium. It differs from cryptography which is a science that enables privacy. Steganography definition elaborates how it hides data and does not involve scrambling or using a key or code.
What is steganography and how it works is the question most people would ask. The art and science of masking information by embedding messages within something that may seem harmless. It works by replacing some parts of useless or unused data in usual computer files ( for eg: text, HTML, audio, or graphics) with bits of invisible and different information.
There are different ways to hide a message. When a file or image is created, some bytes in the file or image are not necessary and can be replaced with a message without destroying the original message. In this way the secret message is hidden. There are different types of steganography. The most common are:
Digital images are used widely and since they are available in various formats the algorithm used differs completely. Some common kinds are:
Implanting a secret message in audio is most difficult as the human brain has a wide range of auditory capacity. A few methods used are:
In this, a video file will be embedded with supplementary data that will hide the secret message. Some widely known approaches are
This involves focusing on altering the characteristics of documents. Most people can read documents and therefore there are several ways in which this can be achieved. A few ways this is done are:
Steganography techniques used help in concealing the message to the best possible extent to ensure that it is revealed only at the destination. Some of the techniques used are:
The attacker identifies the least significant bits of information in the carrier file and substitutes it with the secret message, in most cases, malicious code. Once the target downloads the file, the malware is introduced in the computer that allows the hacker or attacker to access the device. Sandboxes are sued to detect these corrupt files but hackers have invented ways like sleep patching to bypass these. Sleep patched malware is not detected by sandbox as it is benign and takes time to be detected.
This uses digital images as malware carriers where attackers first encrypt the message, hide it in a wide palette of the cover image. It can carry only limited amounts of data but still frustrates cybersecurity professionals as the data is encrypted and takes time to decrypt.
A very complex technique, cybercriminals have to compare blocks of the carrier image to specific blocks of specific malware. It involves finding the right match to carry the malware. The identical match is fitted carefully into the carrier image. With the resulting image being identical to the original it becomes even more difficult to detect by software applications and cybersecurity software.
Steganography is more an art than a science. It involves using careful techniques to hide the message and execute it. There is no limit to the ways steganography can be used with such a wide range of technology available today. A few examples are:
A simple example of steganography would be a message in plain text. For example, the following sentence:
“This example comprises higher technical evidence regarding modern situations”. ( The first letter of each word reveals the phrase “TechTerms”.
Steganography uses are primarily restricted to hackers who use steganographic applications to embed a malicious code. A hacker alters the least significant bit of any file and encrypts it with malicious code. Once this code is downloaded by the user either by opening a file or image the malware is activated. This can in turn help the attacker to gain control over the network of the user or destroy any intended content. The difference between the original file or image or stenographed image or file is so subtle and it cannot be detected by the naked eye.
Hackers are using this technique called steganography ( originating from the Greek word “ steganographia”) to trick internet users and smuggling malicious content by bypassing firewalls, scanners, and security software. Unlike cryptography which obscures data so that it cannot be comprehended, steganography hides the fact that content exists by embedding it into something else. It is more of a concept and not a method of data delivery by clandestine methods making it easier to execute it in several ingenious ways.
So, have you made up your mind to make a career in Cyber Security? Visit our Master Certificate in Cyber Security (Red Team) for further help. It is the first program in offensive technologies in India and allows learners to practice in a real-time simulated ecosystem, that will give you an edge in this competitive world.