Any discussion on digital steganography ultimately polarizes around two groups: those who believe steganography is being used and those who don’t.
Before delving into the reasons why this is so, let’s first define steganography and how it can be used as an information hiding tool.
Demaratus’ Wax Tablets
Steganography is an ancient information hiding technique that dates back to the days of Ancient Greece. In fact, steganography is derived from the Greek words “steganos” which means “covered” and “graphie” which means “writing.” So steganography literally means “covered writing.”
The Egyptians are generally acknowledged to have been the first to use steganography in the form of hieroglyphics. However, one of the first recorded uses of steganography, and one of the most interesting, dates back to 480BC during the Battle of Thermopylae. When he learned of Xerxes plan to lead his army into Greece, Demaratus scraped the wax off his wax tablet, scribed a message directly on the wood, and then recovered the tablet with wax in order to get a message to Sparta past the Roman guards (Demaratus).
But rather than spend too much time discussing how steganography has been used throughout history, let’s fast forward to the Internet era where we see an evolution to digital steganography.
Wizzy-Wig
Actually it’s WYSIWYG and it means “What You See Is What You Get. Right? Not so fast.
For those of us old enough to remember when a WYSIWYG editor was a revelation, we became accustomed to visualizing the contents of a file by what we could see on the screen. If it was on the screen, it was in the file and vice versa.
Well, nowadays, with digital steganography, a slight modification of WYSIWYG is necessary. Now it’s WYSINAWYG or What You See Is Not Always What You Get.
Why? Because it’s possible that information has been appended to the file beyond the file’s EOF marker or, in the case of a bitmap image, information may have been embedded in the image. Essentially, the hidden information is there but you can’t see it. So with steganography, the old saying that “a picture’s worth a thousand words” could quite literally be true.
For example, there is some simulated financial information embedded in the image of the baseball below.
If you would like to know what information is hidden in the image, you can request a Steganography Threat Evaluation Kit at http://www.sarc-wv.com/
The Lazy PeopleTheory
Now let’s go back to why some believe insiders are using steganography to steal sensitive information and intellectual property and criminals are using steganography to conceal evidence of criminal activity but others do not.
First, the non-believers. This group seems to believe that people are like electrons—they take the path of least resistance. Typically, this path is one of using a thumb drive, or some other ultra-portable storage device, to steal information and then just walk out the front door with it.
Their basic question is “Why would anyone go to the trouble of using steganography when there are so many other easier ways to steal information?” This is a valid question.
Many computer forensic examiners in law enforcement hold the belief that “the criminals we deal with are too stupid, too lazy, or both to use steganography.” There is some validity to that as well.
The Devious People Theory
Now, for the believers. This group tends to believe in the “build it, and they will come” approach. In terms of digital steganography, we could say this is the “if it is there, they will use it” approach.
People in this group tend to believe that people will go to great lengths to avoid being caught doing something they shouldn’t be doing. It is the fear of a visit to the “cross bar hotel” that motivates this group to find ways to conceal their nefarious and most likely illegal activities.
As Data Loss Prevention (DLP) tools and forensics tools continue getting better at detecting sensitive information leaving the enterprise network or finding digital evidence of criminal activity, it is only logical to presume that those wishing to evade detection will find more technically sophisticated ways to conceal their nefarious activities.
And it is very easy, child’s play really, to find, download, install, and use steganography applications that are widely available as freeware or shareware on the Internet.
Just do a Google search on “information hiding” and you will see that you get over seven million links in the search results. Many of those links lead to web sites where digital steganography applications can be found.
Going Forward
So there you have it … some believe steganography is being used and some don’t. It is difficult to convince the non-believers that steganography is, indeed, a threat because there isn’t a large body of empirical data to prove that it is being used. Why should I look for something that you say is being used but yet you cannot prove it? Another valid question.
At the end of the day, we have to acknowledge that no one really knows how often steganography is being used for nefarious purposes.
But, going forward, we also have to acknowledge that we will never know much information is being stolen or how much criminal activity is being concealed through the use of digital steganography until more people understand what it is and believe that it is, in fact, being used.
DRM is not popular jet but maybe it will be in the future?
ReplyDeleteTo be more popular it should offer MORE than only to prohibit access or identifies the end user. What does MORE mean?
Let's see at YouTube:
http://www.youtube.com/watch?v=Jv1LpAKXIO4
Regards,