Understanding Steganographi

[Lotta]

I have a problem regarding Steganographi.
When I have transfered a message hidden in a list, the message will not contain any small letters. What is the purpose to not code small and capital letters when I want to hide message in a list?
Is there any occasion when this method is not suitable?

[PM8228]

The title was a little misleading, I thought I would learn something about stenography. As for steno, look it up. I have never tried it, but it looks cool. However, in the end google knows all if someone here does not know

-Cheers-

[sysmin770]

So you actually mean stenography right? Stegonaraphy is basically hiding data in plain sight, like hidden data in a picture or something.

[Junk]

Steganography (I never could really spell it right I think so bear with me) is the art of hiding messages/files within images, movies, etc. As sysmin770 said they are hidden in plain sight but I believe you need a special key to view the hidden code or message. Correct me if I'm wrong here because I'm far from an expert on this topic.

I was looking on Google for a site that would give some good explanation to at least begin learning about Steganography. I liked this one the best: http://www.securityfocus.com/infocus/1684

I hoped this helped you out at least a little bit!

[tonybradley]

Steganography is hiding text or code within something else- usually a graphic image so that it is undetected. I recommend you read Hiding In Plain Sight by Eric Cole if you want to learn more about it. It also comes with some tools on the CD that you can play with. Files containing hidden steganography messages are virtually undetectable.

Here is a link to my review of Hiding In Plain Sight

[jenjen]

Originally posted here by tonybradley
Files containing hidden steganography messages are virtually undetectable.

Now I had thought that was true too.. until I read today groovicus's tut entitled "Windows Forensics-Where to look-What to use" found here

in that tut, groovicus mentions a tool called Stegdetect:
Capable of detecting several different steganographic methods to embed hidden information in JPEG images.

you can find more about Stegdetect here

Currently, the detectable schemes are
jsteg,
jphide (unix and windows),
invisible secrets,
outguess 01.3b,
F5 (header analysis),
appendX and camouflage.

heh.. not one month ago, I had told a friend about camouflage.. insisting it couldn't be detected.
WELL.. I guess I was wrong.. you learn something new everyday.. (thx, groovicus)

[tonybradley]

True. In fact, Hiding In Plain Sight also includes some of those tools. One "issue" though has been that you would first need to know what tool was used to hide the data in order to detect and unhide it.

So, I mis-spoke a little. There are tools that will detect hidden data, but only if you know what tool was used to hide the data in the first place. You could use a tool across a broad range of files and just randomly stumble onto hidden data. Or, if you had reason to believe a specific person may have hidden data you could just run every steg detection tool you can find in hopes that you stumble onto the one that detects whatever was used to hide the data.

Either event is sort of a shot in the dark though. The hidden data still remains "virtually" undetectable right now. As long as you have no reason to suspect I would embed data in a graphic, you wouldn't be scanning it with jsteg or any other tools to begin with.

An extra measure of security would be to also encrypt the file. If I first encrypt the file and then hide it with stego I have double protection. Even if someone accidentally stumbles onto the fact that there is embedded data they won't be able to open and view it.

[groovicus]

But by encrypting the file, you're tipping me off that there is something unusual about that particular file that warrants attention. And if (when ) I decrypt the file, I'll definately know somethings up when it just turns out to be a picture of your dog, or something equally mundane.

Stego is by it's nature designed to hide stuff right in the open. Back in world war I or II, information used to be stored on microdots, and hidden on a period at the end of the sentence...

All software installed leaves traces, even applications that run from floppy sometimes "hook" into windows api calls and leave traces....

Even though stego detection is still in it's infancy , relativiely speaking, programmers are working hard to find common traits among stego tools, and they eventually will have apps to find it. I was reading an article (sorry, don't remember where) about using a variant of an electron scanner to look at files, and finding holes in it that could contain data. It did so by making sort of a 3-d "map"...hmmm...I'll have to see if I can remember where I read that....

[tonybradley]

I agree with you- but that isn't what I said....or at least not what I meant.

I am not saying to hide your embedded stego data in a JPG and then encrypt the JPG. As you suggest that would fairly nullify the biggest advantage of stego- secrecy. Someone would see an encrypted file and have a burning desire to crack into it and would assume stego when it turned out to be a JPG.

However, what I was suggesting is that you encrypt your data file first- then embed the encrypted file. The stego JPG would still be secret. Nobody would know just by looking that it contained data. However, if by chance someone used a tool and discovered that the JPG contained data they would still need to ALSO crack the encryption on the embedded file.

[groovicus]

hmm..gotcha...I was looking at it in reverse....

I'll go drink my big cup of "shut the hell up and pay attention"


EDIT: Now I'm going have to take a peek at some stego tools. I'm thinking it would be useless to use a program that encrypts and hides your data, 'cause once you know the tool used, your screwed.

And I'm wondering if it scatters the data in random locations, or if it puts it in a string...Thanks Tony..got my brain all fired up already this morning!!