There has been a recent news story about researchers at Princetown University who are working on a new form of steganography that could allow information to be leaked out of an organization on compact disks (CDs) without being detected.
Steganography takes one piece of information and hides it within another. Computer files (images, sounds recordings, video, text and software files) contain unused or insignificant areas of data. Steganography takes advantage of these areas, replacing them with information. Once the information is embedded in the file, the file can be sent to another location without the information being detected. Once received, the file is processed and the hidden information is extracted from the carrier file.
So for example, using a steganographic utility the contents of a document could be hidden within an apparently harmless picture (JPEG file, for example) and then sent via email to another person, slipping past any existing filters or data leakage protection measures. Once received at its final destination, the attached picture file – which displays perfectly well and appears normal – may be processed again using the steganographic utility to extract the original document contents.
In September last year there was news of researchers developing tools to use steganographic techniques to hide information inside VOIP traffic. And now we have news of researchers who are working on the ability to write information to normal CDs, but in such a manner that the information is unreadable to normal CD drives. The information would be written on the CD in a manner such that a normal CD drive or CD player would think the information is noise, and determine no signal from that part of the CD. The use of a specialized CD reader could read the otherwise unreadable data.
Steganographic techniques may be used to leak sensitive or confidential information out of an organization. It could also be used by criminals and terrorists to communicate between themselves without detection, even if they are being monitored. Detecting hidden steganographic material within legitimate files is very difficult. There are tools available to detect steganographic content in some image files, but these would have limited success. When there are billions of legitimate files being sent around the Internet files every day, it is very difficult to know which files to analyze for possible steganographic content.
By the way, steganography may also be used for legitimate purposes. It may be used to insert identifying information into a document, acting as a digital watermark within a file. This may be used as a method for fighting the problem of digital piracy and unauthorized copying of material. Unfortunately, some watermarks may be removed or destroyed without too much difficulty.
So why am I telling you all this? Well it seems steganography is a little known technique that is available to, and used by, corporate spies, criminals and terrorists. And it is yet another example of the many clever, high tech tools & techniques that the bad guys have at their disposal.
And I can assure you, the bad guys will use any and every tool they can to carry out their dastardly deeds….!
Senior Cybercrime Research Analyst
Author ESET Research, ESET