TECHNOLOGY
I
DATA THEFT
Your secrets lost before your very eyes! by Alan Woodward
Or in some cases even up to around
head of his most trusted slave to be
5,000 words. More than enough to
shaved and tattooed with a vitally
betray all your most precious and
important secret message
commercially
on it. Once the slave's
sensitive data, from designs
of revolutionary products you're planning
hair had grown, hiding
on being the first to bring to market, to
the message,
ultra-sensitive lists of hard-won
Histaeus used him as
customers; you name it. But data
an emissary to a
concealed in pictures? It may sound like
friendly power via
the basis for a plot sequence in the next
enemy territory to
Mission Impossible movie, but it isn't. It's
instigate a revolt against
real. And unless you are prepared to let
the Persians.
any Tom, Dick or Harry cruise around your precious data, you need to be aware
history shows why
of the th reat it poses.
steganographic writing is such
The technique
a dangerous threat to security.
is called
steganography, from Ancient Greek,
Friends who betray us are
meaning hidden or covered writing, just
always a more potent threat
as that lumbering dinosaur,
than people we recognise as enemies from the
the stegosaurus, is so named because its back
outset, and
was covered in those large bony plates whose real purpose is a mystery even today. But steganography wasn't a mystery to the Ancient Greeks; indeed they most likely invented it. The Greek historian Herodotus records that in 312 Be, Histaeus of Miletus coRlmanded
34
I
Fx & M M
J
U LY
2 0 0 7
This example from
the
TECHNOLOGY
steganographic messages look friendly
I DATA THEFT
Whafs actually happening when
The point is that any encrypted
and innocent. You could devise a simple
message will tend to raise suspicions
you carry out what looks like a
steganographic message by agreeing with
because even though it can't readily be
simple drag and drop?
your recipient that your real message will
read you will know it's been encrypted
consist of the first letter of every word of
and will instantly conclude that
thousands of 'picture elements' or 'pixels'.
your apparent message. 'Bring us your
something fishy's going on.
A pixel is a binary number that provides
An electronic image is comprised of
invoice by Monday', for example, would
In the highly competitive
really mean 'BUY IBM: In steganographic
modern business, the threat of
and white picture) the shade of grey that
writing the apparent message is known
steganography
should be displayed in that particular
as the covertext and the real message is
major issue in corporate
called the plaintext.
ocean of
has recently become a life. It's actually
information
on the colour or (in a black
pixel. The binary number will look
been a significant threat for several
something like this: 10011011 etc
years due to the increased computing
depending on the pixel in question. The
covertext in the example illustrates why
power available on everyone's
individual numbers (the' l' or the '0') are
steganographic writing doesn't tend to set
but people have been distracted
The innocuous appearance of the
alarm bells ringing. It looks innocent,
publicity about cryptography
whereas the message 'BUY IBM'
steganography
desktop,
known as 'bits' and the further along you
by
go to the right the less significant the bits
and
has rather remained
encrypted in a simple code that
the background.
consisted, say, of substituting each letter
worrying threat now because of the
in
the pixel.
It's a particularly
Why does the opportunity for
for the next letter in the alphabet - 'CVZ
enormous
JCN' - obviously looks dodgy and would
desktops today, the massive volume of
be certain to awaken the suspicions of even the most credulous member of an industrial espionage prevention team.
electronic
computing
power on
communications,
become in defining the precise colour of
and the
steganography exist? Because while each pixel is defined by a
number of freely available tools that
series of bits, some of these bits can be
allow even a routine user to employ
changed without affecting the resulting
steganographic
pixel to any discernible extent. In a
techniques.
By far the biggest type of threat is the potential steganographic computerised
computerised
image whose size is 256
by 256 pixels, making a total of 65,536
for concealing
pixels, there would easily be room to
writing within
conceal say, about 5,000 words of data.
images. With Windows
This method of concealment
you can literally drag and drop your
is
hidden text onto a picture and the deed
known as 'bit twiddling'. An obvious place
is done. As Gordon Gekko reminded
to conceal a secret message would be
in the film Wall Street (1985), valuable commodity information.
us
the most
of all is
And it's precisely that
within a computerised
picture that does
not show any apparent changes. Bit twiddling is the most common
which can so easily be given away
way to conceal text within a
today - or sold - using image-based
computerised
steganographic
techniques.
image. There are many
more techniques, though, particularly when using image formats such as the now ubiquitous jpeg which many will have encountered
through their
digital cameras. An apparently innocuous picture of - of example - an employee's
child's first day at
school taken with a standard family
www.fx-mm.com
JULY
j
2007
FX&
M M
I
35
TECHNOLOGY
I DATA THEFT
digital camera could easily be used to
Yet help is at hand because
conceal a damaging leak. The leak could
dedicated teams of experts have been
be so fatal that by the time the school
making available tools to help detect
term ends, thousands of other mums
steganography. The technique they use is
and dads at the business from which the
known as 'steganalysis'.
information was leaked will have had to find new jobs - if they can.
Steganalysis is as much an art as a science. The detection tools need to be used so that the appropriate steganalysis
Whars the best way to
resource is used in the appropriate
guard against the hazard of
situation. Admittedly, this is not easy,
modern image-based
when the range of steganography tools
steganographic betrayal?
and the steganalysis counterparts have
The first step is to recognise that it is a
proliferated and are proliferating just as
potential problem and get help to
the threat from viruses did when they
understand what tools are likely to be
first emerged into the IT environment.
available to a malicious team member.
At Charteris we began our own anti-
You also need to know the manner in
steganography work as a technical
which these tools can be used because
exercise but were soon alarmed at what
they often leave little trace of their
our experiments were telling us, not just
presence - some are even termed 'zero
about the power of the steganography
footprint' by those who develop them.
tools available but also about the degree of care that needs to be applied to combat this potent security hazard. Taking the threat of betrayal by apparently innocuous pixels seriously will lead you to put into practice the measures necessary to defend against it. And you do need to take this threat very seriously indeed. The stegosaurus may be long extinct, but steganographic treachery is, unfortunately,
here to stay.
Alan Woodward is Chief Technology Officer at the business and information technology consultancy Charteris pic, which has developed methods of combating the threat of image-based steganography. Tel: 0207 600 9199. Email:
[email protected]
www.charteris.com •
36 I
FX & M M
J
U LY
2 0 07
J