RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

Steganography and Corporate Spying

Category: Research Tags: Espionage, Stego, Steganography
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2009-10-22 17:11:11

Steganography has been around for centuries. Steganography is the art of "hiding in plain sight." Applications of steganography in earlier times included the use of microdots (tiny photographic text) as punctuation marks in typed letters. To the unaided eye, these microdots looked no different than a comma or a period at the end of a sentence. But to the intended recipient, he/she would use a microscope to view the tiny message contained inside.

Unlike cryptography, steganography provides security through obscurity for not only the message, but also the intended recipient. Applied to current times, say a billboard or a flyer can be used to transmit messages with the recipient meanwhile onlookers have no idea the true meaning behind the content. Apply these principles into technology and you have a whole new realm of information security. Stego is nothing new to the technology field.

There are hundreds of stego applications floating around the net. The majority of these applications take advantage of "image noise" in an image file, such as a typical JPG. Image noise is most apparent in image regions with low signal level, such as shadow regions or underexposed images. Computer applications such as JPGHide can be used to take in information and it in these low bit regions of the image that are undetectable to the eye. For example, picture of a sunset over San Diego could easily contain a secret message or another image entirely. Other stego apps allow the same type of hiding within a Microsoft Word document.

Now if there are applications that enable stego to take place, there are probably applications that defeat it, right? Right. Advancements in steganalysis, the detection of steganographically encoded packages, have been made however they're not at all fool proof. Some stego detection programs rely on comparison between the good/known image and the "suspicious" image. But what if there isn't an original to compare to? Also, when an image is highly compressed, this also makes it very difficult for stego identification.

How does this all translate into the corporate world? Many corporations today employ Data Leakage Protection / Data Loss Prevention solutions in the form of hardware and/or software. Some of these solutions will sit inline at the perimeter and passively watch for pre-defined strings of data leaving the company network, such as Social Security Numbers, Credit Card Numbers and valued intellectual property in email messages and documents. What does this do for images and documents that have hidden data... trade secrets, credit card numbers, PII, financial information, etc? It does very little. Steganography in the corporate world is certainly not commonplace, but it does deserve attention. How soon will your firewall vendor be releasing a steganography detection hardware appliance? How soon will SDP (Steganography Detection Prevention) become the latest Information Security buzzword?



Share |



Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com