Steganography is hiding in plain sight, and can be used for corporate espionage, or terrorism. Lisa Bock explains steganography can be detected by spotting an unusually large payload, or observing image irregularities called “blocky artifacts” with the naked eye, or using specialized tools for analysis.
- [Voiceover] Detecting steganography is not always easy, however it's important to be aware of stegonography as law enforcement is now becoming more and more involved. Steganography can be used for corporate espionage, terrorism, and child pornography. Image steganography tools hide the message in a carrier by bit manipulation, such as using the least significant bit to insert the pay load. When using the least significant bit on a palette based image this often causes a large number of duplicate colors, where nearly identical colors appear twice in the palette.
And these are called "color buddies." Detecting stegonography is done by steganalysis. Now the best way to detect if there's stegonography is to compare the image against the original, however that most likely is not possible, therefore a deeper look into the file is required. We might want to watch for an unusually large image. For example, anything on the Internet, any image that's placed on a webpage is usually done what's called optimization.
That washes the image so it then loads faster. A large image might indicate there is a payload. If the carrier image was not dense enough, the detection could be viewed with the naked eye and this is called block artifacts. Over here on the right hand side we see Jasper. In the top picture is the original. Down below we can see what it might look like if an unusually large file were to be inserted into the image. WetStone is a company that has what's called Stego Suite.
These products deal directly with Stego analysis and there is a number of different products involved in the suite. Stego Analyst is a feature rich tool that allows an investigator to search for visual clues for evidence of stegonography being used in an image or audio file. Once a suspected carrier is found, Stego Watch scans the entire file system and flags suspected files and returns the results into an interface or workbench.
Now encryption has made steganalysis harder because it increases the randomness and recovery of the contents cannot be done unless you have a key. Stego Break is a tool designed to obtain the passphrase that has been used on a file found to contain stegonography. So that the contents can be revealed. The bottom line though is new steganography algorithms are being written all the time with better methods to conceal.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks