A Bit More on Steganography

Craig Johnston recently posted a blog about steganography. It is interesting to me that I have known for years how to get data out of a company on a CD or a DVD with virtually no chance of detection. There are large areas in CD and DVD images that are not supposed to contain data, but if they do contain data most devices will completely ignore it anyway. If you want to play with this, make an image of a CD. Open the image with a hex editor and you’ll see a bunch of zero’s at the beginning and the end of the CD. This is called the lead in and lead out. There are two minutes worth of data in each region that by specification are hex 00, but can be used to hide information. Below is a picture of what part of the lead in looks like looks like in a hex editor. I’m a fan of PSPad, if you need a hex editor for Windows.

 

DVDs can contain a lot more information that will not be displayed under normal circumstances.

When it comes to steganography, there are lots of file types that can be used. It takes a little finesse to hide data in a picture file. The locations of the information can dramatically affect a picture. One of the two pictures below has a message in it.
  

The only difference between the two pictures is that I changed a few bytes in the picture on the right so that it contains a message. You can open the picture in a hex editor and at about offset 0×400 you will see “Hi Readers!” A skilled person can add messages that will not visibly affect some pictures, but even changing the hue, you would not know there is a message in the picture. Below is the hex representation of the part of the picture I changed.
 

MP3 files are far more forgiving. Changing a few bytes will either not be audible for most people, or it will not raise suspicion that there is other data in the file. One of the two audio clips below has the phrase “Hi Readers!” inserted in it. Can you hear the difference? If you can hear a difference, would you guess that the song contains a message? The two links below will download a short piece of a song.

 Ghost's Blues Cut         Ghost's Blues Cut2

Here is where I added a message…

Steganography can be very useful for hiding your own personal data. I could hide my passwords in an MP3 I keep on a thumb drive. There is no rule that the hidden messages have to be in plain text either. The messages can be encrypted and that can make them extremely hard to detect. Steganography can be, and probably is also used by criminals, terrorists, and governmental intelligence organizations in some cases. There are tools that try to detect “stego” files, but I am not aware of any testing that tells how effectively they can do that. Once such a file is detected, then there is the matter of determining what the information is in the file and that can be nearly impossible if intelligent encryption techniques are employed. There are also tools for creating such files. You can find some of them at http://www.cotse.com/tools/stega.htm

Randy Abrams
Director of Technical Education
 

Author ESET Research, ESET

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.