What is Steganography and How Does It Work?

We can all remember the old war stories of secret agents and the unbreakable messages back to headquarters. One of the most popular means of evil messaging secrecy was recording the text backward on a rock and roll record. Only the war leaders knew how to unbreak the code and play the message. 

What is Steganography?

In modern times the technique is referred to as Steganography, hiding data within an ordinary, non-secrete file. Colorful origins of Steganography existed as far back as ancient Greece. The first recorded use of the tactic was in a book by Johannes Trithemius in 1499 titled Steganographia. The book is a discourse on both Steganography and cryptography that is disguised as a book on magic. 

Steganography has been used for centuries, primarily in wartime, with secret and invisible inks on paper. Throughout the decades, Steganography is still used today as a more technological and innovative advancement method.

In a digital world, Steganography has seen a skyrocketing rebirth; from invisible inks to advanced algorithms, cybersecurity applications are limitless. 

How Does Steganography Work?

In Steganography, two types of messages exist, with the first being container and the second being secretive. One type of messaging has the task of hiding the contents of the other, making it invisible to eavesdroppers. Hidden messages appear to be something else: articles, lists, or cover text for example.

In practical everyday terms, there are two main steganographic models; injection and generative. Injective steganographic is the most widely used and consists of inserting messages into another text acting as a container. The process is meant to hide the message from the human eye and to be indistinguishable from the original. Generative Steganography, on the other hand, takes the message and builds a container around it to hide the content in the best way possible.

Types of Steganography

Steganography is the practice of hiding in plain sight, of which five common types exist. 

1. Image steganography is a fascinating type where secret information is encoded into a digital image. The technique relies on imperceptible small changes in pixel image color or noise, making it difficult to detect with the human eye. One pixel image can be concealed within another using the least significant bits of one pixel to represent the hidden image instead. 

Different methods of image steganography:

• least significant bit of encoding
• Parity encoding
• Phase coding
• Spread spectrum 

2. Network steganography is a quickly evolving form of hiding information. The technique uses network traffic to conceal messages within a TCP/IP header, payload, and network packets. Messages can be sent between different packets and within headers.

3. Audio steganography is similar in technique to sending video messages. Backmasking is playing the message in reverse, requiring those receiving the message to play the entire track in reverse. Sophisticated techniques include the least bits technology, where each audio bit is masked to hide a piece of the message.

4. Text steganography is the simplest form of masking a message. The sender might use the first letter in a sentence to form the text, or it may point to another post, and so on. Other techniques could include adding encoded information within the punctuation or even meaningful typos within the text.

Techniques used to hide data:

• Format based
• Random statistical generation
• Linguistic method 

5. Video steganography is a sophisticated means of hiding information in plain sight. Videos are represented as sequences of still images, and each image can encode a separate frame within each depiction. This method is used to hide a coherent video within plain sight. 

Two main classes of video steganography:

• Embedding data in a raw video file and compressing it later
• Embedding data directly into a compressed data file 

Cybercrime and Steganography

Cybercriminals find that using Steganography is an excellent means of tricking users into downloading malware and other malicious code. Web surfers visit a normal-looking website and click on an attachment without realizing the malicious code hidden in the text or image.

Hackers hide malware code inside images using the least significant bit technique (LSB). The method makes minor changes to an image’s digital code to change values. For example, the image may be considered greyscale; however, after the hacker is finished, the image is changed to a black or darker shade without the user knowing. Once downloaded, the image acts like clicking on a malicious link. Scale the approach to thousands of pixels, and infecting a computer or corporate network becomes easy. 

Steganography and ransomware are a lethal combination, with gangs learning how to use the technique to deliver malicious payloads to extract a ransom. Hiding sensitive personal or corporate data within a legitimate email or text communication provides the entryway into a secure network. 

Web pages as a means to hide malicious code such as uploaded stolen images and posted logs. Maintaining this encrypted malicious code in covert web locations becomes easier to infect web surfers. Malvertising is another easy way to infect a web surfer’s computer system using Steganography. Malicious code embedded inside banner ads redirects users to exploited landing pages. 

Steganography Examples

E-commerce skimming has become a popular attack mode for cybercriminals. E-commerce security platform Sansec published a research paper showing criminals embedding malware inside Scalable Vector Graphics (SVG). Malicious attacks were carried out by embedding code inside SVG images, and the decoder was hidden in other parts of the web page.

Another attack method is embedding malicious encrypted code inside a legitimate software update, such as the SolarWinds method. Attackers were able to breach Microsoft, Intel, and Cisco, in addition to various other governmental agencies. Attackers used Steganography to mask malicious code that seemed to be a benign XML file. The file served as an HTML response from a control server. The malicious data was disguised as a different string of text.

In 2020, attackers hit several countries, such as Japan, Great Britain, and Germany, with infected documents using a steganographic method. Attackers embed malicious code into an image placed on a reputable platform. The malware was used to steal Microsoft passwords with a secret script hidden inside the image. 

Protecting against a steganographic cyber attack, just as in the past, has become complicated with specific tools and technological advancements.