what is steganography, and what can it be used for?

what is steganography, and what can it be used for?

IT pro typing on laptop cybersecurity

One of many first issues I keep in mind doing as a child was writing secret messages to pals utilizing invisible ink. I used to be solely about 8 or 9 on the time, so I used the instruments my mother unwittingly made accessible: lemon juice and an iron. I wrote my secret message on a chunk of paper after which advised my good friend to make use of an iron or perhaps a match – some type of warmth supply – to burn the lemon juice a bit, turning it brown. This revealed the key message I wished to share. Ever do this your self? Effectively, you probably have, you and I’ve engaged within the time-honored apply of steganography.

You're reading: what is steganography, and what can it be used for?

What Is Steganography?

Steganography is the apply of hiding a secret message within (and even on prime of) one thing that’s not secret. That one thing will be absolutely anything you need. Today, many examples of steganography contain embedding a secret piece of textual content within an image. Or hiding a secret message or script within a Phrase or Excel doc.

The aim of steganography is to hide and deceive. It’s a type of covert communication and might contain the usage of any medium to cover messages. It’s not a type of cryptography, as a result of it doesn’t contain scrambling knowledge or utilizing a key. As a substitute, it’s a type of knowledge hiding and will be executed in intelligent methods. The place cryptography is a science that largely permits privateness, steganography is a apply that allows secrecy – and deceit.

How Steganography Is Used Immediately

Steganography has been used for hundreds of years, however as of late, hackers and IT professionals have digitized The phrase “steganography” appears fancy, nevertheless it truly comes from a reasonably regular place. The foundation “steganos” is Greek for “hidden” or “coated,” and the foundation “graph” is Greek for “to jot down.” Put these phrases collectively, and also you’ve bought one thing near “hidden writing,” or “secret writing.”

Read more: what is the difference between llama and alpaca

it to do some fairly inventive issues. There are a selection of apps that can be utilized for steganography, together with Steghide, Xiao, Stegais and Concealment.

Right here’s an instance of how digital steganography works. A good friend of mine despatched me a steganographic message – a secret message embedded inside a picture. The picture was a photograph that I had beforehand despatched him of a geyser I had paddled to whereas on Yellowstone Lake final summer season.

To embed his secret message to me, my good friend then issued the instructions proven in Determine 2. With my very own copy of Steghide (accessible in Home windows, Linux and Mac), I used the command sequence proven in Determine 3 to extract that secret message. I then learn it utilizing the cat command.

Apparently, my good friend is a fan of the traditional film Christmas Story and one way or the other felt the necessity to repeat Little Orphan Annie’s reminder for us all to maintain up with our vitamin: “Be sure you drink your Ovaltine.”

This can be a trivial instance of how steganography has been used over the a long time. However over time, penetration testers and attackers alike have been utilizing steganography to do greater than share messages.

Utilizing Steganography to Ship Assaults

Immediately, attackers use PowerShell and BASH scripts to automate assaults. So are pen testers. For instance, attackers have been embedding precise scripts inside macro-enabled Excel and Phrase paperwork. As soon as a sufferer opens the Excel or Phrase doc, they activate the embedded, secret script.

You might want to know: what is the difference between nuts and legumes

The attacker doesn’t must trick the consumer into utilizing functions akin to Steghide. On this case, the hacker – or pen tester – is “dwelling off the land.” The attacker is utilizing a steganographic software to reap the benefits of widespread Home windows functions and options akin to Excel and PowerShell. All of the sufferer must do is learn the doc, and an unlucky collection of occasions begins to happen.

  1. First, the sufferer clicks on an Excel doc that an attacker has modified utilizing steganography.
  2. That click on unleashes a hidden PowerShell script.
  3. This script then installs an installer app into the Home windows laptop. This installer app strikes shortly and is so refined that typical antivirus functions don’t discover it.
  4. This downloader then goes out to the web and grabs up to date variations of malware akin to URLZone (or newer instruments) that then compromise the sufferer’s laptop.

Over time, attackers have used the process above to ship ransomware akin to Snatch. Hackers have put in subtle malware that’s cable of keylogging, enlisting computer systems into DDoS botnets, or putting in trojans, akin to the most recent variants of Rovnix and Pillowmint. The checklist goes on.

Synthetic Intelligence and Steganography

We’re additionally seeing attackers add synthetic intelligence (AI) into the combination. More and more, we’re seeing AI makes use of of varied ways, together with steganography, to cover data. AI implementations have even been capable of modify steganographic strategies in order that assaults can’t be simply found.

Detecting Steganography

Safety analysts work to determine the ways, strategies and procedures (TTPs) of attackers and pen testers. Over time, they’ve recognized typical signatures that steganographic functions use. That is why antivirus functions, for instance, can determine typical strikes made by steganographic functions.

Due to this fact, pen testers and attackers morph and modify their procedures to thwart detection. And so the “cat and mouse” sport continues: attackers always modify instruments and strategies, and safety analysts always search for new signatures and strategies.

CompTIA Cybersecurity Analyst (CySA+) validates the talents wanted by cybersecurity analysts, together with steganography. Obtain the examination aims without cost to see what expertise it is advisable be a cybersecurity analyst.

Read more: what is italian vegetable soup called