CAE - Steganography (Lesson)

Steganography

Steganography as a Form of Camouflage

How many times have you played the Find the Hidden Items game? Let’s take a look! How many hidden objects can you find?

Steganography, however, is the practice of hiding messages, so that the presence of the message itself is hidden!

Steganography vs Encryption

Steganography does not rely on having a secret key to safeguard the information. As you learned in a previous lesson, encryption uses an algorithm to convert plaintext to ciphertext, requiring a key to encrypt/decrypt). Steganography, Instead, relies on the fact that no one knows that a secret is being exchanged. Steganography has become a popular tool for criminals to use when communicating across open channels like forums or even social networking sites.

• It is “security through obscurity” so nobody knows a secret is being exchanged!
• It is “hiding in plain sight” but not quite like the Find the Hidden Items game because you can find it by just looking at it.
• It is different from regular encryption, which only seeks to hide the message, but not the fact that a message is being exchanged.
• It is most common to hide text inside a graphic.

For example, someone can post a photo of their soccer team on Facebook but hide the instructions for robbing the bank inside that picture! Your accomplice knows to look in any pictures you post for messages and successfully retrieves the information.

Steganography and Law Enforcement

Steganography is very hard for law enforcement to catch because:

1. It is hard to know when steganography exists as you can’t tell by looking at a picture. If you have the original picture, however, you can tell because there will be a size difference. That’s a sign that there is hidden data.
2. Once you have a steganography picture, you still need to know exactly what software was used to encrypt it or else you are out of luck. There are lots of programs.

Practical Uses of Steganography

• You suspect someone is illegally distributing copyrighted documents or images, so you add hidden copyright information in them using steganography tools to double-check.
• You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
• You want to embed secret files available only to a select few in a public forum.

Steganography can exist in text, audio, or video -- almost any digital data type. The only restriction is that the message must be substantially smaller in size than the carrier file.

Tools for Steganography

Often the container file is a picture but that is not a requirement. If a picture is used, you need photo editing software… and your eyes! There are several ways to hide the text “inside” an image, for example.  Sometimes it is in the actual picture but obscured by the font size, color, or position. You can use photo editing software like Paint, Photoshop, or Gimp to examine the image close-up or to manipulate the picture.

Picture files contain a lot of bits so it is easier to hide other data inside without visually disrupting the original file. As you learned earlier in this lesson, data can be hidden in any file that is big enough to disguise the presence of extra data.

One of the tools is Hex editor, such Hxd (Windows), or Okteta, or Bless (Linux). In some cases, the text may be hidden inside the bits of the file. By opening the file with a Hex editor, you can see the file bits are represented in Hexadecimal on the left side and in ASCII on the right side. Remember Hex and ASCII from a previous lesson?

To understand a Hex editor, let’s use the analogy of a body and an x-ray. A picture is like our bodies -- it is what we see with the plain eye. The Hex editor information is like an x-ray image -- it shows the insides, what makes up the body or image.

Here is an example of manipulating an image by adding hidden data:

 

Digital Photos and Metadata

Every photo that is taken with a digital device will save a lot of information. This is called the “metadata,” which is information about the file. It usually includes information such as where the photo was taken (GPS), when it was taken (date/time), whether the photographer used a flash setting, the author, file size, camera information, and much, much more. 

While metadata is “hidden” data within a file, most of the time it is not meant to be hidden/secret, like a message using steganography. It is created automatically, depending on camera settings. In steganography, metadata is altered later, to put in incorrect information or to hide information. 

For example, here is a photo that was taken at the Abel Tasman National Park.

Using a free online Exif viewer tool, we can extract and display the metadata and we can tell that the camera was a Canon PowerShot SX40 HS and the photographer was standing in Abel Tasman National Park in New Zealand. On the far right is a list of more information captured in the metadata and how it will typically be displayed by using an Exif Viewer Tool. It is then possible to edit Exif data to hide secret data.

Cool Facts

In the early days of social media, photos you uploaded to Facebook or Instagram would include all that metadata, but this turned out to be a problem in many ways because it contained private information, such as your home address (if you took the picture at home) or other information you might not want strangers to know. Now any pictures uploaded to social media sites are automatically stripped of their metadata.

Finding Hidden Data

Binwalk is a tool for searching a given binary image for embedded files and executable code. You can use this tool for searching files for embedded data and then extract it. It is possible to hide one or more files inside another file, like Russian nesting dolls!

We can use the Binwalk tool to identify the “nested” files and extract them. In this example, Binwalk found the original JPEG file plus a Zip file that contains ‘Secret.txt’

Steganography Software

Steganography applications allow users to embed one file into another with the option of adding a password or key. There is no generic steganography extraction tool.  To extract hidden text or files, you need to know exactly what software was used to encrypt it. Commonly used open-source steganography software applications are Steghide, Camouflage, OutGuess, Open Stego, and Xiao Stego.

Only about 15 years ago, steganography was not much more than a party trick. Like look, I can hide stuff in a picture! But it was not very useful because the existing software was mostly command line, Linux-based, and not reliable. Today that has changed dramatically. There are many steganography software programs that have Graphic User Interface (GUI) and are very easy to use with reliable results. 

As you learned earlier in this lesson, law enforcement is frustrated that there is no useful tool to detect if an image contains steganography to extract it. Given the rapid expansion of AI tools like ChatGPT, it may be possible to develop an AI-based app that will aid law enforcement in identifying malicious actors.

Reflection and Wrap-up

In this lesson, you have learned about steganography and how it works. While it offers a powerful tool for privacy and secure communication, its ability to conceal data within innocuous files makes it attractive to cybercriminals. Malicious actors can use steganography to hide malware, spyware, or other harmful code within seemingly harmless files, such as images or audio files, which can then be distributed without raising suspicion. This hidden code can be activated once the file reaches its target, leading to unauthorized access, data breaches, or other cyber-attacks. This dual-use nature of steganography highlights the importance of robust cybersecurity measures to detect and mitigate such hidden threats.

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.