Please check out our recent posts on SlideShare ...
PowerPoint presentation on the emerging threat from criminal and insider use of digital steganography conceal evidence of criminal activity or steal sensitive information:
http://www.slideshare.net/jwingate/digital-steganographyan-emerging-threat
(best viewed in slide show mode)
Steganography Analysis & Research Center (SARC) Product and Training brochures:
http://www.slideshare.net/jwingate/sarc-product-brochures
Wednesday, September 30, 2009
Monday, September 28, 2009
DLP Exposed
There's a huge gaping hole in Data Leak Prevention (DLP) products currently being marketed that vendors don’t want you to know about.So what is it they don’t want you to know? They don't want you to know their products cannot detect steganography, or information embedded within files with any of the digital steganography applications currently available as freeware or shareware on thousands of web sites across the Internet. This hidden information, in the form of personally identifiable information, stolen intellectual property, or unauthorized images in the workplace, cannot be detected by current DLP products.
But those who purchase DLP systems, which often carry six-figure price tags, must know that the detection capability of even the most technically sophisticated DLP system can be defeated with a simple steganography application obtained for free on the Internet.
Detecting insider use of steganography to exfiltrate sensitive information requires a network security appliance capable of detecting steganography in real-time. StegAlyzerRTS, the Steganography Analyzer Real-Time Scanner does just that.
For more information, please visit the SARC web site at http://www.sarc-wv.com/.
Tuesday, September 22, 2009
The Compelling Reason to Buy StegAlyzerRTS
To sell their products, all vendors must discover the most significant need that would cause a customer to buy their product.
In marketing parlance, this is called the compelling reason to buy. I’ll refer to that simply as the CRTB.
Please bear with me for a bit while I build up to the CRTB the real-time steganography detection system developed in Backbone’s Steganography Analysis and Research Center (SARC).
Ever since mankind rose up out of the primordial ooze, there has been crime … and there will always be crime.
One can picture a caveman bashing another caveman over the head with his club to steal a big chunk of Wooly Mammoth for dinner! Yum! So, here we have our first case of assault with a deadly weapon or attempted murder along with theft of a Mammoth carcass, or a piece thereof. Hence, criminal activity emerges.
Now, let’s boogie down the evolutionary path a few million years to the Internet era.
The advent of the Internet has done many great things for mankind. However, it has also facilitated the emergence of an entirely new class of criminal … the cyber criminal. Criminal activity is no longer confined to real space. It has evolved and now takes place in both real space and cyber space.
To keep things simple, let’s define a cyber criminal as anyone who would use a computer to do anything that would be considered a violation of law. Further, for the purposes of this blog, let’s say the cyber criminal is a trusted insider on an enterprise network who is contemplating how to achieve a life of ease … perhaps on a chaise lounge on a beach in the Bahamas sipping colorful, sweet drinks with funny names.
Because practically everything in 21st century depends on computers in some way, shape, form, or fashion, there will never be fewer computers than we have today. Rather, there will continue to be more computers and more computer users.
According to the Internet World Stats web site [1], Internet user growth from 2000 to 2008 was a whopping 342.2% and there are now nearly 1.6 billion, yup … that’s B-I-L-L-I-O-N, Internet users worldwide.
So, now let’s assume the ratio of criminals who used computers for criminal activity remained constant during that period … it could be 1 in 100, 1 in 50, 1 in 10, etc. It doesn’t really matter. The point is the number of cyber criminals grew at the same rate as the general Internet user population—a rate of 342.2% over that period!
More criminals using more computers add up to more cyber crime.
More cyber crime is driving the need for improved network security tools to detect malicious insiders.
As the network security tools used to detect insider behavior, malicious insiders are becoming motivated to find more technically sophisticated ways to conceal their nefarious activities to avoid a visit to, and possibly an extended stay in, the Cross Bar Hotel.
Hence, the stage is set for Google-search savvy users to Google something really clever like “information hiding” which results in nearly 5.8 million links many of which will inevitably lead the user to “steganography” which results in more than 620,000 links when Googled.
Thus, more and more trusted insiders who have gone over to the dark side will use steganography applications that are widely available on Internet web sites and are easy to find, download, install, and use to exfiltrate (that’s a fancy word for “steal”) sensitive information.
If only 1% of the estimated 1.5 billion Internet users were using steganography to steal information, that would be 15 million cyber criminals. So let’s bump it down a notch and say that only .1%, or one-tenth of one percent, are using steganography to steal information … that’s still 1.5 million cyber criminals using steganography. Now let’s assume only 1% of those cyber criminals are trusted insiders. That’s still 15,000 malicious insiders who could steal untold amounts of sensitive information without ever being detected.
Thus, the CRTB StegAlyzerRTS is to detect malicious insiders who download and use steganography applications to steal sensitive information such as Personally Identifiable Information to sell on the Identity Theft Black Market or Intellectual Property that is the Crown Jewels of the company.
But even with such a CRTB, many enterprise networks will continue to go unprotected from the threat of insider use of digital steganography.
So … now, where’s that Sex on the Beach … ahhhh.
[1] Internet World Stats, Usage and Population Statistics, http://www.internetworldstats.com/stats.htm
In marketing parlance, this is called the compelling reason to buy. I’ll refer to that simply as the CRTB.
Please bear with me for a bit while I build up to the CRTB the real-time steganography detection system developed in Backbone’s Steganography Analysis and Research Center (SARC).
Ever since mankind rose up out of the primordial ooze, there has been crime … and there will always be crime.
One can picture a caveman bashing another caveman over the head with his club to steal a big chunk of Wooly Mammoth for dinner! Yum! So, here we have our first case of assault with a deadly weapon or attempted murder along with theft of a Mammoth carcass, or a piece thereof. Hence, criminal activity emerges.
Now, let’s boogie down the evolutionary path a few million years to the Internet era.
The advent of the Internet has done many great things for mankind. However, it has also facilitated the emergence of an entirely new class of criminal … the cyber criminal. Criminal activity is no longer confined to real space. It has evolved and now takes place in both real space and cyber space.
To keep things simple, let’s define a cyber criminal as anyone who would use a computer to do anything that would be considered a violation of law. Further, for the purposes of this blog, let’s say the cyber criminal is a trusted insider on an enterprise network who is contemplating how to achieve a life of ease … perhaps on a chaise lounge on a beach in the Bahamas sipping colorful, sweet drinks with funny names.
Because practically everything in 21st century depends on computers in some way, shape, form, or fashion, there will never be fewer computers than we have today. Rather, there will continue to be more computers and more computer users.
According to the Internet World Stats web site [1], Internet user growth from 2000 to 2008 was a whopping 342.2% and there are now nearly 1.6 billion, yup … that’s B-I-L-L-I-O-N, Internet users worldwide.
So, now let’s assume the ratio of criminals who used computers for criminal activity remained constant during that period … it could be 1 in 100, 1 in 50, 1 in 10, etc. It doesn’t really matter. The point is the number of cyber criminals grew at the same rate as the general Internet user population—a rate of 342.2% over that period!
More criminals using more computers add up to more cyber crime.
More cyber crime is driving the need for improved network security tools to detect malicious insiders.
As the network security tools used to detect insider behavior, malicious insiders are becoming motivated to find more technically sophisticated ways to conceal their nefarious activities to avoid a visit to, and possibly an extended stay in, the Cross Bar Hotel.
Hence, the stage is set for Google-search savvy users to Google something really clever like “information hiding” which results in nearly 5.8 million links many of which will inevitably lead the user to “steganography” which results in more than 620,000 links when Googled.
Thus, more and more trusted insiders who have gone over to the dark side will use steganography applications that are widely available on Internet web sites and are easy to find, download, install, and use to exfiltrate (that’s a fancy word for “steal”) sensitive information.
If only 1% of the estimated 1.5 billion Internet users were using steganography to steal information, that would be 15 million cyber criminals. So let’s bump it down a notch and say that only .1%, or one-tenth of one percent, are using steganography to steal information … that’s still 1.5 million cyber criminals using steganography. Now let’s assume only 1% of those cyber criminals are trusted insiders. That’s still 15,000 malicious insiders who could steal untold amounts of sensitive information without ever being detected.
Thus, the CRTB StegAlyzerRTS is to detect malicious insiders who download and use steganography applications to steal sensitive information such as Personally Identifiable Information to sell on the Identity Theft Black Market or Intellectual Property that is the Crown Jewels of the company.
But even with such a CRTB, many enterprise networks will continue to go unprotected from the threat of insider use of digital steganography.
So … now, where’s that Sex on the Beach … ahhhh.
[1] Internet World Stats, Usage and Population Statistics, http://www.internetworldstats.com/stats.htm
Thursday, September 10, 2009
Update to SAFDB Coming Soon
A new version of the Steganography Application Fingerprint Database (SAFDB) containing the file artifacts of more than 750 steganography applications will be created by Nov 30th.
SAFDB was developed in Backbone’s Steganography Analysis and Research Center (SARC) and is now widely recognized as the world’s largest database of hash values exclusive to digital steganography applications.
SAFDB is an integral part of StegAlyzerAS (Steganography Analyzer Artifact Scanner) and StegAlyzerRTS (Steganography Analyzer Real-Time Scanner).
StegAlyzerAS is a computer forensics tool used to detect the presence of steganography applications on seized media. In addition to detecting file artifacts, StegAlyzerAS offers the unique capability to detect Windows Registry artifacts (i.e., keys and/or values). This makes it possible to determine if a particular steganography application was ever installed by the user even if the user uninstalled the application and then deleted the files and folders associated with the application that were created in the installation process.
StegAlyzerRTS is a network security appliance that detects insiders downloading any of the applications in SAFDB in real-time.
SAFDB contains seven different hash values for each file artifact associated with each steganography application in the SARC’s steganography application archive. The hash values were computed with the CRC-32 and MD-5 hashing algorithms plus all five of the algorithms specified in FIPS 180-2, Secure Hash Standard—SHA 1, SHA 224, SHA256, SHA 384 and SHA 512.
SAFDB also includes the artifact file name, file size, associated application name, in addition to other information about each file and application.
Current plans call for the creation of new versions of SAFDB in each quarter of CY2010 with each version containing information on all file artifacts associated with at least 25 more steganography applications than the previous version.
SAFDB was developed in Backbone’s Steganography Analysis and Research Center (SARC) and is now widely recognized as the world’s largest database of hash values exclusive to digital steganography applications.
SAFDB is an integral part of StegAlyzerAS (Steganography Analyzer Artifact Scanner) and StegAlyzerRTS (Steganography Analyzer Real-Time Scanner).
StegAlyzerAS is a computer forensics tool used to detect the presence of steganography applications on seized media. In addition to detecting file artifacts, StegAlyzerAS offers the unique capability to detect Windows Registry artifacts (i.e., keys and/or values). This makes it possible to determine if a particular steganography application was ever installed by the user even if the user uninstalled the application and then deleted the files and folders associated with the application that were created in the installation process.
StegAlyzerRTS is a network security appliance that detects insiders downloading any of the applications in SAFDB in real-time.
SAFDB contains seven different hash values for each file artifact associated with each steganography application in the SARC’s steganography application archive. The hash values were computed with the CRC-32 and MD-5 hashing algorithms plus all five of the algorithms specified in FIPS 180-2, Secure Hash Standard—SHA 1, SHA 224, SHA256, SHA 384 and SHA 512.
SAFDB also includes the artifact file name, file size, associated application name, in addition to other information about each file and application.
Current plans call for the creation of new versions of SAFDB in each quarter of CY2010 with each version containing information on all file artifacts associated with at least 25 more steganography applications than the previous version.
Subscribe to:
Posts (Atom)