You may think you're guarding your assets, but malicious insiders are using steganography to slip closely guarded company secrets out of your organization.
You're confident a trusted employee can't steal research information on your company's new
anti-cancer drug or plans for its next acquisition. Physical and logical controls monitor just
about everything that leaves the building or the network, even encrypted messages sent to
unauthorized recipients. But what about the message hidden in the family vacation photo he emailed
to his "cousin"? Steganography has just bypassed all your defenses.
Steganography (from the Greek root "staganos," meaning covered or secret), or stego, is the technique of hiding data in a host file. Historically, it's been within the purview of the military, criminals and researchers. In recent years, however, it's drawn a lot of interest from the business community, and with good reason.
Leaks hidden using stego often go undetected or unreported, making losses hard to quantify; many of the investigated cases are kept secret under NDAs, but it's a safe bet that organizations are losing millions of dollars every year.
While some form of steganography has been in use for thousands of years (see "
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
History Lesson"), computer technology
and the ubiquity of the Internet has taken this type of covert communication to a whole new
level.
This was first published in November 2006