This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."
Download it now to read this article plus other related content.
You may think you're guarding your assets, but malicious insiders are using steganography to slip closely guarded company secrets out of your organization.
You're confident a trusted employee can't steal research information on your company's new anti-cancer drug or plans for its next acquisition. Physical and logical controls monitor just about everything that leaves the building or the network, even encrypted messages sent to unauthorized recipients. But what about the message hidden in the family vacation photo he emailed to his "cousin"? Steganography has just bypassed all your defenses.
Steganography (from the Greek root "staganos," meaning covered or secret), or stego, is the technique of hiding data in a host file. Historically, it's been within the purview of the military, criminals and researchers. In recent years, however, it's drawn a lot of interest from the business community, and with good reason.
Leaks hidden using stego often go undetected or unreported, making losses hard to quantify; many of the investigated cases are kept secret under NDAs, but it's a safe bet that organizations are losing millions of dollars every year.
While some form of steganography has been in use for thousands of years (see "
This was first published in November 2006