Steganography

What is SteganographY?

The word steganography can be traced back to its Greek origins:

Steganos means "covered" or "hidden."
Graphie means "writing."

The Greeks wrote messages on paper-like material and then covered them with wax. The wax could then be melted to discover the hidden message, which was hidden from view. Another method the Greeks used was to tattoo a message on a bald head; this person would then grow their hair out, thus covering up the message.

Steganography is the art of hiding data in plain sight - you don't realize it is there. Think of this as hiding a piece of information within another piece of information. A more technical definition would be hiding bits of data in unused parts of computer fields with valuable data.

More recent uses of Steganography

Below we will continue our adventure in learning about steganography and how it has been used in more recent history.

Microdots

In World War II, microdots were used to shrink a page of text to about 1mm in diameter. The image to the left shows microdots taped to the inside of an envelope by German spies.

Morse Code

Another method used was to write Morse Code on a length of yarn. This yarn was then made into a piece of clothing. The intended person could then wear the clothing and deliver the secret message. Looking at the clothing, you would have had no clue it contained a secret message! You can read more about the use of knitting by spies in this article.

Machine Identification Code

Did you know that your printer uses steganography? Some color laser printers and copiers use this. These devices leave a small hidden image or dots on each page, allowing you to determine the device on which the page was printed. The image to the writer (obtained from Wikipedia) shows the MIC dots under a UV light. The Wikipedia article on Machine Identification Codes provides significant information on why this was done.

These are just a few examples of how Steganography has been used recently. If you wish to continue to see how steganography has been used, here are some additional readings you might find interesting.

Velvalee Dickinson, the “Doll Woman”: https://www.fbi.gov/history/famous-cases/velvalee-dickinson-the-doll-woman
How It Works: Steganography Hides Malware in Image Files: https://www.virusbulletin.com/virusbulletin/2016/04/how-it-works-steganography-hides-malware-image-files/

Types of Steganography

Remember that there are several types of steganography, but they all have the same end goal -- hiding data!

Technical: Using a chemical to hide the existence of a message - think invisible ink pens!

Linguistic: Uses natural or written language to hide information. There are two types:

Semagrams: uses signs and symbols to hide information
Open Codes: uses reverse order or vertical order to hide information

Digital: This method uses a digital medium to hide a secret message. It can be done using several methods: injection, least significant bit (LSB), transform-domain techniques, or spread-spectrum encoding. We will only look at some of these methods, but you should know them.

Injection: This is a simple method where the secret information is placed within a host file.
LSB: The least significant bit is replaced with data from the message. This will cause a minimal amount of distortion.

Stegongraphy in a file

Using the white space in a file is a great way to hide information. White space can be the space between letters, between words, between sentences or a line break!

You might also be able to manipulate the punctuation within a file to hide a message.

Example:

I like to drink coffee, sparkling water, and lemonade.

I like to drink coffee sparking water and lemonade.

The commas are removed, but when reading it quickly, you might not notice them. The space where the comma was could then be filled with data as needed.

Images

When using an image file to hide hidden information the human eye might not be able to easily detect changes. Also, the file size should stay relatively the same.

Audio/Video Files

If an audio or video file is used data can be hidden using the LSB methodology or even placing information in a frequency that the human ear can not detect.

Detecting

One of the first methods you can use to detect the presence of steganography is by trying to find clues that the software left behind. Also, there are a bunch of steganography tools that you can use to help. Some of the more common ones to use are:

stegdetect
stegbreak
Stego Hunger
Stego Suite

While looking at the file, you might also detect some extra spacing, invisible characters, or a color palette that just does not seem correct. If you are looking at a text document (txt, docx, pdf, etc.), look for changes to the text pattern or if the language pattern differs at any point in the document. This might clue you into the presence of steganography.

Creating Steganography

To help us better understand steganography, let's create our own! Once we can generate steganography files, we can compare them to the original and learn how they have transformed. We will look at a couple tools, but be aware that many more exist!

QuickStego (Wind0ws)

QuickStego is a great piece of software that will let you quickly hide text within a file. The free version works well, but will only allow you to save as a BMP file.

Download QuickStego: http://www.quickcrypto.com/free-steganography-software.html

Steghide (Linux)

Steghide is a powerful piece of software with a wide range of features. The video covers only the basics, but many file types are supported by Steghide. I highly recommend becoming more familiar with Steghide. It should be installed by default in Kali Linux.

Google Sites

Report abuse