Feature

More Than Meets the Eye

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."

Download it now to read this article plus other related content.

You may think you're guarding your assets, but malicious insiders are using steganography to slip closely guarded company secrets out of your organization.


You're confident a trusted employee can't steal research information on your company's new anti-cancer drug or plans for its next acquisition. Physical and logical controls monitor just about everything that leaves the building or the network, even encrypted messages sent to unauthorized recipients. But what about the message hidden in the family vacation photo he emailed to his "cousin"? Steganography has just bypassed all your defenses.

Steganography (from the Greek root "staganos," meaning covered or secret), or stego, is the technique of hiding data in a host file. Historically, it's been within the purview of the military, criminals and researchers. In recent years, however, it's drawn a lot of interest from the business community, and with good reason.

Leaks hidden using stego often go undetected or unreported, making losses hard to quantify; many of the investigated cases are kept secret under NDAs, but it's a safe bet that organizations are losing millions of dollars every year.

While some form of steganography has been in use for thousands of years (see "

    Requires Free Membership to View

History Lesson"), computer technology and the ubiquity of the Internet has taken this type of covert communication to a whole new level.

This was first published in November 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: