Stenography and Spies

                                        

In 2010, the US sent home 10 Russian spies that were using stenography to secretly pass message to their handlers. These messages were not encrypted but invisible to the naked eye, lost in an endless stream of communications transmitted through the web (Mahor, 2018). Stenography is a way of hiding information by concealing a secret message into a fake one and comes from a Greek word which means “covered writing.” Stenography can be embedded into almost any form of communication such as: text, audio, visual, and imagery. It works because the secret message is embedded into the wasted or less essential bits of any communication (Mahor, 2018).

Although, they are two sides of the same coin, stenography is not the same as cryptography. Stenography hides traces of information while cryptography uses encryption to make the message unintelligible (Mahor, 2018). Stenography is relatively easy to implement, there are over 600 known stenography programs available for use. Advances in stenography are on the rise as well. The basic principles can be applies to continuous communications such as wireless networks (Mahor, 2018).

What does an implementation of stenography look like and how can it be used? Stegano.net provides the following scenario: An employee of an electronic equipment company uploads an .mpg music file (Lady Gaga’s Bad Romance) but hidden in this file are the new mobile phone schematics. Once the employee’s collaborators download the file, they can start the manufacturing and production of this new mobile phone technology.

Although implementing stenography is relatively easy, protecting against it is more difficult (Fiscutean, 2021). Cyber criminals are getting more innovative and companies should start using modern endpoint protection technologies that go further than basic signature checks, static checks, and other outdated components. Behavioral engines are more likely to detect stenography than these older detection methods. There are two additional tips to detect stenography: if a file is unusually large, there’s chance stenography has been used. Also, companies need to focus detection efforts on endpoints directly where obfuscation and encryption are easier to detect (Fiscutean, 2021).

References

Fiscutean, A. (2021, September 15). Steganography explained and how to protect against it. CSO Online. Retrieved January 12, 2022, from https://www.csoonline.com/article/3632146/steganography-explained-and-how-to-protect-against-it.html

Mahor. (2018, August 30). Difference between steganography and cryptography (with comparison chart). Tech Differences. Retrieved January 12, 2022, from https://techdifferences.com/difference-between-steganography-and-cryptography.html

Mims, C. (2020, April 2). Russian spies' use of steganography is just the beginning. MIT Technology Review. Retrieved January 12, 2022, from https://www.technologyreview.com/2010/07/13/262517/russian-spies-use-of-steganography-is-just-the-beginning/