Steganography Useful for Espionage, Malware and More

Steganography is 2,500 years old, so it has shown itself to have staying power. As our means to communicate change, so does the implementation of steganography. Yet the principle remains constant.

Therefore, it is no surprise that criminal and nation states have kept pace and evolved their capabilities from the analog world to the digital world.

After all, steganography is the “art of hiding something within an object.”

Historical Perspective

An interesting Data Loss Protection (DLP) use of steganography occurred during the tenure of UK Prime Minister Margaret Thatcher. The SANS Institute’s 2001 paper on Steganography details the use to identify those individuals who were releasing information in an unauthorized manner to the press. Thatcher had the word processors programmed to encode their identity in the spacing of words within the documents so that any document shared could be traced back to the originator.

Meanwhile, others have used steganography to move information surreptitiously, either because espionage was being conducted or because censors existed. An example, again from the SANS paper, would be the hiding data within .bmp files, with only a two-bit difference between the original and the steganographic image. In the example, the user stored the entire texts of Hamlet, Julius Caesar, King Lear, Macbeth, Merchant and Notice – 734,891 bytes of text.

And then of course the use of steganography to watermark creative works, has been present for many years. Criminal use in 2001 included: communications, fraud, hacking, electronic payments, gambling, harassment, intellectual property theft, etc.

Steganography Today

The use of steganography in malware is continually being detected, as evidenced by the Japan CERT notifications and blog posts in mid-late 2017 concerning the “Tick” or “Bronze Butler”  which used the Daserf malware with encrypted configuration files and backdoors hidden in images. Japan CERT noted that (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Blog. Read the original post at: