Your Secrets Lost Before Your Eyes

TECHNOLOGY

I

DATA THEFT

Your secrets lost before your very eyes! by Alan Woodward

Or in some cases even up to around

head of his most trusted slave to be

5,000 words. More than enough to

shaved and tattooed with a vitally

betray all your most precious and

important secret message

commercially

on it. Once the slave's

sensitive data, from designs

of revolutionary products you're planning

hair had grown, hiding

on being the first to bring to market, to

the message,

ultra-sensitive lists of hard-won

Histaeus used him as

customers; you name it. But data

an emissary to a

concealed in pictures? It may sound like

friendly power via

the basis for a plot sequence in the next

enemy territory to

Mission Impossible movie, but it isn't. It's

instigate a revolt against

real. And unless you are prepared to let

the Persians.

any Tom, Dick or Harry cruise around your precious data, you need to be aware

history shows why

of the th reat it poses.

steganographic writing is such

The technique

a dangerous threat to security.

is called

steganography, from Ancient Greek,

Friends who betray us are

meaning hidden or covered writing, just

always a more potent threat

as that lumbering dinosaur,

than people we recognise as enemies from the

the stegosaurus, is so named because its back

outset, and

was covered in those large bony plates whose real purpose is a mystery even today. But steganography wasn't a mystery to the Ancient Greeks; indeed they most likely invented it. The Greek historian Herodotus records that in 312 Be, Histaeus of Miletus coRlmanded

34

I

Fx & M M

J

U LY

2 0 0 7

This example from

the

TECHNOLOGY

steganographic messages look friendly

I DATA THEFT

Whafs actually happening when

The point is that any encrypted

and innocent. You could devise a simple

message will tend to raise suspicions

you carry out what looks like a

steganographic message by agreeing with

because even though it can't readily be

simple drag and drop?

your recipient that your real message will

read you will know it's been encrypted

consist of the first letter of every word of

and will instantly conclude that

thousands of 'picture elements' or 'pixels'.

your apparent message. 'Bring us your

something fishy's going on.

A pixel is a binary number that provides

An electronic image is comprised of

invoice by Monday', for example, would

In the highly competitive

really mean 'BUY IBM: In steganographic

modern business, the threat of

and white picture) the shade of grey that

writing the apparent message is known

steganography

should be displayed in that particular

as the covertext and the real message is

major issue in corporate

called the plaintext.

ocean of

has recently become a life. It's actually

information

on the colour or (in a black

pixel. The binary number will look

been a significant threat for several

something like this: 10011011 etc

years due to the increased computing

depending on the pixel in question. The

covertext in the example illustrates why

power available on everyone's

individual numbers (the' l' or the '0') are

steganographic writing doesn't tend to set

but people have been distracted

The innocuous appearance of the

alarm bells ringing. It looks innocent,

publicity about cryptography

whereas the message 'BUY IBM'

steganography

desktop,

known as 'bits' and the further along you

by

go to the right the less significant the bits

and

has rather remained

encrypted in a simple code that

the background.

consisted, say, of substituting each letter

worrying threat now because of the

in

the pixel.

It's a particularly

Why does the opportunity for

for the next letter in the alphabet - 'CVZ

enormous

JCN' - obviously looks dodgy and would

desktops today, the massive volume of

be certain to awaken the suspicions of even the most credulous member of an industrial espionage prevention team.

electronic

computing

power on

communications,

become in defining the precise colour of

and the

steganography exist? Because while each pixel is defined by a

number of freely available tools that

series of bits, some of these bits can be

allow even a routine user to employ

changed without affecting the resulting

steganographic

pixel to any discernible extent. In a

techniques.

By far the biggest type of threat is the potential steganographic computerised

computerised

image whose size is 256

by 256 pixels, making a total of 65,536

for concealing

pixels, there would easily be room to

writing within

conceal say, about 5,000 words of data.

images. With Windows

This method of concealment

you can literally drag and drop your

is

hidden text onto a picture and the deed

known as 'bit twiddling'. An obvious place

is done. As Gordon Gekko reminded

to conceal a secret message would be

in the film Wall Street (1985), valuable commodity information.

us

the most

of all is

And it's precisely that

within a computerised

picture that does

not show any apparent changes. Bit twiddling is the most common

which can so easily be given away

way to conceal text within a

today - or sold - using image-based

computerised

steganographic

techniques.

image. There are many

more techniques, though, particularly when using image formats such as the now ubiquitous jpeg which many will have encountered

through their

digital cameras. An apparently innocuous picture of - of example - an employee's

child's first day at

school taken with a standard family

www.fx-mm.com

JULY

j

2007

FX&

M M

I

35

TECHNOLOGY

I DATA THEFT

digital camera could easily be used to

Yet help is at hand because

conceal a damaging leak. The leak could

dedicated teams of experts have been

be so fatal that by the time the school

making available tools to help detect

term ends, thousands of other mums

steganography. The technique they use is

and dads at the business from which the

known as 'steganalysis'.

information was leaked will have had to find new jobs - if they can.

Steganalysis is as much an art as a science. The detection tools need to be used so that the appropriate steganalysis

Whars the best way to

resource is used in the appropriate

guard against the hazard of

situation. Admittedly, this is not easy,

modern image-based

when the range of steganography tools

steganographic betrayal?

and the steganalysis counterparts have

The first step is to recognise that it is a

proliferated and are proliferating just as

potential problem and get help to

the threat from viruses did when they

understand what tools are likely to be

first emerged into the IT environment.

available to a malicious team member.

At Charteris we began our own anti-

You also need to know the manner in

steganography work as a technical

which these tools can be used because

exercise but were soon alarmed at what

they often leave little trace of their

our experiments were telling us, not just

presence - some are even termed 'zero

about the power of the steganography

footprint' by those who develop them.

tools available but also about the degree of care that needs to be applied to combat this potent security hazard. Taking the threat of betrayal by apparently innocuous pixels seriously will lead you to put into practice the measures necessary to defend against it. And you do need to take this threat very seriously indeed. The stegosaurus may be long extinct, but steganographic treachery is, unfortunately,

here to stay.

Alan Woodward is Chief Technology Officer at the business and information technology consultancy Charteris pic, which has developed methods of combating the threat of image-based steganography. Tel: 0207 600 9199. Email: [email protected]

www.charteris.com •

36 I

FX & M M

J

U LY

2 0 07

J