This article can also be found in the Premium Editorial Download "Information Security magazine: Symantec 2.0: Evaluating their recent acquisitions."
Download it now to read this article plus other related content.
Out of Sight
Simply put, stego is hiding a covert message within another file so that only the sender and receiver can access it. The sender uses one of a number of freely available/commercial programs (see "Steganography Tools," above) to hide en-crypted and password-protected data inside a host file. Using the same program, the receiver uses the password to extract the information.
The host file—a photo, text message or email—appears unchanged, and there is no indication of the hidden message. Since the sender is placing binary data within a host file, the hidden message can be any file type; that family vacation image could be hiding an image of a new fighter jet prototype.
There are three primary stego techniques:
- Insertion adds information to the carrier file in a format that will be ignored by the viewing application, so the hidden data will be invisible when you look at the file in your word processor, graphics program or Web browser. The benefit is that you can hide as much information as you want, but if the file size looks too large it could raise suspicion.
- Substitution replaces insignificant data, such as the least significant bit in an image, with the covert information, such as a .bmp or .jpg file. This technique does not increase the size of the file, but too much hidden data will start to degrade the image. S-Tools is a popular stego program that hides data by substituting pixels and making duplicate entries in the color table.
- Generation does not use a host file; the hidden message generates a fake
cover message—English text that looks like spam, a letter or a poem. You can hide as much
information as you want because the host file is created on the fly. For example, you could type
"The merger is dead," and it generates something like this:
Why work for somebody else when you can become rich in 48 DAYS! Have you ever noticed nobody is getting any younger & people are much more likely to BUY with a credit card than cash! Well, now is your chance to capitalize on this! WE will help YOU sell more. Act now!
Only someone with a password could decode the real message hidden behind the fake one.
Free programs, like SpamMimic—which is run on a Web site (www.spammimic.com) through which you can encode and decode messages—use this method, as do other commercial tools and proprietary programs.
This was first published in November 2006