Steganography & Cybercriminals

When pictures worth a thousand secrets!

Mohamed N. El-Guindy, MCGI, CEng, MBCS, CITP, MIEEE

ISSA Egypt, President

•The largest International Association for Security Professionals

•138 Chapter around the world in 70 Countries

•More than 13,000 Security Professionals

•Provides Education, Training, Certification and Publications

The primary goal of the Information Systems Security Association, Inc. (ISSA) is to promote practices that will ensure the confidentiality, integrity; and availability of organizational information resources

About ISSA

What is Steganography?

Steganography - \Steg`a*nog"ra*phy\,

n. [Gr. steganos (covered or secret) + graphy

(writing or drawing).] The art of writing in cipher, or in

characters which are not intelligible except to persons

who have the key; cryptography.

The art and science of hiding information!

Steganography in History!

Herodotus, who documented the conflict between Persia and Greece in the fifth century B.C., felt that the art of secret writing saved Greece from Xerxes, the tyrant king of Persia.

Steganography in History!

Demeratus wanted to notify Sparta thatXerxes intended to invade Greece.

Sent a warning by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surface

Another Example:

Histaiaeus shaved the head of the messenger and tattooed the text on it!

Steganography in History!

Johannes Trithemius

Writes his famous bookStegoraphia c. 1499 in Frankfurt

• First book about Crypto. and Stego.• Appears to be about magic!• Now shown to be covertext

Steganography vs. Cryptography

• Hide message within another message

• Normal files are not suspicious

• No laws associated with itStego.

• Encrypt the original message

• Scrambled files or images may look suspicious

• Some laws ban cryptographyCrypto.

Steganography: Simple Examples

Null Cipher:Using innocent-sounding message to send the secret message

Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank and overwhelming any day.

Send lawyers guns and money

Steganography: Simple Examples

Microdots Are photographs the size of a printed period having the clarity of standard-sizedtypewritten pages.

The first microdots werediscovered masquerading asa period on a typed envelopecarried by a German agent in 1941.

Steganography: Simple Examples

Invisible inksAre colorless liquids that require heat, light, or a special chemical to change their colors and make them visible.

Example used by spies:Eggs have been used to hide secret messages.A message is written on the shell of a clean eggand the ink diffuses through the porous surfaceof the shell. When the egg is boiled thoroughly,the shell is carefully peeled off, revealing the message.

Classification of Steganography

Welcome to digital age!

Encoder

Decoder

Cover

Image

Secret

ImageStego Object

Original

Cover

Secret

Image Communications

Channel

Basic Principle in Steganography

Steganography: Digital Images

Color Tables:

Images are composed of dots called pixels

Each pixel gets its own color by combining

percentages of red, green and blue (RGB)

Each of these colors has value from 0 to 255

Zero designates that the color is present

255 designates complete saturation of that color

RGB color model has 16,777,216 possible colors

Total of 255x255x255

Steganography: Digital Images

White Color:

R = 255G = 255B = 255

Color Saturation represented by 255

RED: R= 255 G = 0 B = 0

Steganography: Digital Images

LSB technique – Least Significant Bit:• A simple yet effective way of hiding data in an image for any purpose

• Replace the least significant bit (LSB) of each byte in the cover with a single bitfor the hidden message

11100101 01001110 10101101 10010111 … 01011010

10110010…

Least Significant Bit

Hidden message

Cover

Consider replacing LSB with letters of message or bits of the hidden image

Scale of the Problem

Unknown...there is little public information on the use of data hiding techniques by cybercriminals

Only recently has the security community started to concern itself with this subject

Lack of awarenessLack of professionally developed analysis tools and techniques

It is believed that advanced hiding techniques are used by Cybercriminals (organized crimes), terrorists, child pornographyCyber warfare and advanced malware development!

Scale of the Problem

# of AltaVista Keyword Hits on “Steganography”

(One hit/Website)

0

1000

2000

3000

4000

5000

6000

7000

Jan-

93

Jul-9

3

Jan-

94

Jul-9

4

Jan-

95

Jul-9

5

Jan-

96

Jul-9

6

Jan-

97

Jul-9

7

Jan-

98

Jul-9

8

Jan-

99

Jul-9

9

Jan-

00

Jul-0

0

Jan-

01

Time

# o

f Hits

Internet Hits for Steganography starts to increase

Scale of the Problem

• Over 140 data hiding packages and services currently available from numerous Web sites

• Platforms include:

Windows – DOS – Java – Macintosh - Unix/Linux

Real Scenario

How Cybercriminals will use Steganography?

Spy or Cybercriminal

Secret data or images for

target or victim

Cover Image or Carrier File

Stego Tool

Who will conduct the

crime?

Stego Medium

Secure Channel

Steganography: Carrier Files

Carrier File:

A file in which you can hide data using specific methods.

Carriers are usually multimedia files

(images, sounds, meshes, web pages, etc.)

Carrier File

JPEG, BMP, PNG Files

WAV Files

Web Pages

No restrictionsBut long files!

Depends on the size of carrier file. Uses LSB.

Real Scenario - Invisible Secrets!

Invisible Secrets:

- One of the best tools

- Lots of options

- Support Stego Encryption

- Widely used legally and illegally

- Transfer files securely

- Erase Internet Traces!

- Commercial software

Real Scenario - DEMO

Real Scenarios - Invisible Secrets!

Suppose this image has a secret!

How many people downloaded this secret?

Can law enforcement and computer forensic professional trace the criminal act

Will they know the identity of the criminals? (All are involved!)

DID YOU DOWNLOAD A SECERET? Who Knows!

Are We Going Further?

Even biological data, stored on DNA, may be a candidate for hidden messages, as biotech companies seek to prevent unauthorizeduse of their genetically engineered material.

DNA Based Steganography, DNA Cryptography and DNA Computers!

• Can steganography be detected?– Sometimes…many of the simpler steganographic

techniques produce some discernable change in the file size, statistics, or both. For image files, these include:• Color variations• Loss of resolution or exaggerated noise• Images larger in size than that to be expected• Characteristic signatures, e.g., distortions or patterns

– However, detection often requires a priori knowledge of what the image or file should look like

Detection!

Steganalysis - Stegdetect

• Automated tool for detecting Steganography content in images

• Currently-claimed detection schemes:– Jsteg

– JPHide

– Invisible Secrets

– Outguess 0.1.3b

• Analysis shows this program is extremely unreliable and provides excessive (i.e., near 100%) false-positives

• Evidence of Steganography software on computer– Forensics examination– Hashes of well-known files don’t match originals

• Transmission logs – Excessive/unusual e-mails involving pictures,

sound files, etc.

• Discernable (visual) changes• Statistical analysis

Evidence of Data Hiding

Defeating Forensics

• Several products currently available on the Internet that are designed to thwart forensic examination by wiping critical files on a hard disk

• Example:

– Evidence Eliminator

– www.evidence-eliminator.com

– “Buy protection for just $74.95(US) that will defeat Forensic Analysis equipment costing over $7000.00(US).”

• Increased convergence of Internet with telephony and other media will likely increase development and impact of new data hiding techniques

– Personal Digital Assistants - PDA

– Voice over IP

– PCS and Handheld, Mobiles etc

• Software piracy likely to increase criminals will actively work to develop new watermark attack techniques

• Sophisticated tools are readily available on the Internet, and are easy-to-use

• Development/use of information hiding products far outpaces the ability to detect/recover them;We are going to Biotechnological Era!

• There is a need for information security researchers!

Trends & Summary

Thank You

ISSA Egypt Chapter

http://www.issa-eg.org

Mohamed N. El-Guindy