Steganography is the practice of hiding or concealing a message within a message that is not secret, such as hiding a secret script inside a Microsoft Word document. The goal of steganography is to practice secrecy or deceit.
Where did steganography come from?
Steganography (literally meaning covered writing) dates back to ancient Greece, where common practices consisted of etching messages in wooden tablets and covering them with wax, and tattooing a shaved messenger’s head, letting his hair grow back, then shaving it again when he arrived at his contact point.
In the modern world, steganography is most commonly used by hackers. A hacker can use steganography to conceal scripts in computer files and documents. The scripts can contain malicious malware and other types of viruses used for cyberattacks.
How does steganography work?
There are different ways a hacker or IT professional can use steganography. The common way to use steganography is to embed a secret file within a common computer file such as Microsoft Excel or Word document.
By replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.
As the victim clicks on the modified file, the click will unleash the hidden script that will secretly get installed on the computer. The installed program can be designed to perform various functions including grabbing the latest versions or more files of the malware from the internet.
To combat steganography, security applications such as antivirus software are designed to identify typical moves made by steganography applications. Security applications are constantly updated to look for new methods and signature moves of steganography applications. Anti-virus software also looks at file sizes to determine if the file is suspiciously large compared to the typical file size. Steganography might be a common tool for illegitimate purposes, however, it can be used to prevent unauthorized viewing and to protect identities and valuable data from theft.
Examples of steganography
Steganography tools allow the hiding of files and data in different applications. For example, Steghide can be used to hide data in audio and image files, while OpenPuff can be used to conceal files in Flash, video, audio, or image formats. Other steganography examples include hiding an image in a video that only be played at a particular frame rate, hiding data within a file header, backward masking a message in audio format, or embedded text in a photo.
When used to send information (rather than applications), steganography can function as a secret code that requires the receiving party to know what to look for. Here’s a very elementary example… a sample postcard that uses steganography to hide a message in plain sight:
Hi Mom — The trip was great, and you’ll never guess what I saw. Thirty seagulls flew up among telephone lines atop the building we’re staying in.
In this instance, the sender and his mother agreed that he’d use steganography to send a message if he was in danger. Both agreed that the writer would put his message in the second sentence of the letter home, using the second letter of each word to communicate.
So looking again at the seemingly innocuous postcard’s second letters of the words in the second sentence…
Hi Mom — The trip was great, and you’ll never guess what I saw. This morning we saw thirty seagulls flew up among telephone lines atop the building we‘re staying in.
…we see letters H, O, E, A, H, E, L, P, M, E, I, T, H, U, E, T, N forming the words “help me.”
Note that there are additional letters that precede and follow the primary message. In our very simple example, before the real message, we see H, O, E, A, while after the words “help me,” we see I, T, H, U, E, T, and N. These additional letters help create noise that makes the message somewhat less obvious.
What are steganography’s advantages?
Steganography sometimes is used when encryption is not permitted. Or, more commonly, it’s used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.
The greatest advantage is that a secret file or script can be hidden in what appears to be an ordinary object. This makes the object less suspicious to the user or system. Steganography’s implementation can be challenging. However, when done properly, steganography can be extremely difficult to detect using the standard anti-virus software.