[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Spy vs. Spy
By Sally Adee
First Published August 2008
Earlier this year, someone at the United States Department of Justice
smuggled sensitive financial data out of the agency by embedding the
data in several image files. Defeating this exfiltration method, called
steganography, has proved particularly tricky, but one engineering
student has come up with a way to make espionage work against itself..
Keith Bertolino, founder of digital forensics start-up E.R. Forensics,
based in West Nyack, N.Y., developed a new way of disrupting
steganography last year while finishing his electrical engineering
degree at Northeastern University, in Boston..
Steganography uses innocuous documents, usually an image file, as
carriers for secret messages. Unlike encryption, steganography encodes
the message while at the same time concealing the fact that a message is
being sent at all. The Greek-derived name means "covered writing." The
earliest steganographers were said to be Greek generals who tattooed
sensitive information onto the shaved heads of messengers. Once the hair
grew back, the messenger could travel without suspicion to the intended
recipient, who "decrypted" the secret message by shaving the messenger.s
head again. In its current incarnation, steganography often makes use of
e-mail, an ideal carrier for any corporate spy, disgruntled employee, or
Steganography algorithms vary widely.digital forensics firm WetStone
Technologies Inc., of Ithaca, N.Y., lists 612 applications - but they
work on basically the same principle. To embed a message in an innocuous
image of a cat, for example, a commonly used steganography algorithm
called LSB takes advantage of the way computers digitally encode color.
The algorithm hides the fugitive file inside the so-called noncritical
bits of color pixels. Noncritical bits are just what they sound like.the
least important information in a pixel. A gray pixel in the cat.s
uniformly gray fur, for example, is coded as a number that looks
something like 00 10 01 00. By changing the least significant bits.the
last two.you introduce one-millionth of a color change, an absurdly
subtle alteration that no human eye could detect. ?
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!