What is steganography?

The word steganography has Greek origins, it means concealed writing, in the dig ital world steganography (aka steg or stego) consists in hiding data inside data , it is mostly used to hide text inside pictures or sound files but any kind of data can be hidden and any kind of file can be used as a carrier file. Steganographic software takes advantage of the way binary works where the bits t owards the right of a file are the ones with less significance, changing them re sults in little distortion for the file, an example of this would be changing t he red colour of a few pixels on a digital photography for a different tone of r ed that it is not noticeable to the human eye, since a photography can have mill ions of pixels slightly changing a thousand of them would be very hard to notice without the the original picture to compare with. Another use for steganography is digital watermarking, the film industry is know n to embed an invisible watermark in their preview films, before release, if one of these copies is leaked and found in a file sharing site they can track down who the person responsible for that copy was. Steganographic software is commonl y used in conjunction with encryption, the data is encrypted before hiding it to add an extra layer of security, if the hidden data is ever found it would still be protected by a password. Steganography advantages over encryption It does not attract attention: Encrypting a message gives away that there is som ething of value and this will attract unwanted attention. Packet sniffing barrier: Encrypted PGP email messages start with a line identify ing them as an encrypted PGP message, making it easy for a packet sniffer on an ISP to flag encrypted PGP emails by just scanning for the word PGP or GnuPG, thi s can not be used against steganography. Makes Internet surveillance difficult: If someone s Internet activities are being monitored visiting Flickr and uploading personal family photos with hidden messa ges will not trigger any alarm but sending encrypted messages and visiting a pol itical discussion forum will. Difficult to prove it exists: In some countries like the United Kingdom you can be required by the police to provide the password to your encrypted files, refus ing to do so carries a prison sentence, if the data has been hidden inside a pho tograph the police would first have to show beyond reasonable doubt that there i s definitely something hidden inside the file. Methods to detect steganography Steganalysis is the art of discovering hidden steganographic messages, this scie nce is not perfect, it is possible for steganalysis not to detect steganographic files if the data has been very well concealed and the original file, before da ta has been hidden within it, is not available for analysis. Image steganalysis Steganographic software embeds information in front of the hidden message, this information contains details about the length of the message, compression method , and anything else the developer chooses, after all the data has to be readable at some point, if the software used to hide the information (aka payload) inser ts some unique characteristic in the header then it can be proved the file has b een tampered with.

A good method to find hidden messages inside pictures is by using an hexadecimal editor and read the image header first bytes, for example a GIF image seen by a n hexadecimal editor will always read 47 49 46 38?, it means GIF in ASCII code, if a GIF image has been used to hide a message within it when viewed with an hex ed itor the first identifying bytes will be different from the standard ones. There are automated tools to detect steganography, one such tool is Stegdetect, capable of detecting messages in jpeg images, after a hidden message has been fo und a brute force attack can be launched, with dictionary words attempting to gu ess the password and expose the data. Highly compressed data like .rar, .mp3 or .jpeg files make it more difficult to hide data inside because they have less spare bits available, if you want to make it tough for someone to find your hidden data use an uncompressed carrier file, like .bmp for images and .wav for sound. How to hide text in pictures and other files There are various steganography programs available to hide text or files inside photographs, sound files and executable files, you can even hide data inside doc uments and HTML code, any kind of electronic file can be used to hide data withi n it.