{"id":22902,"date":"2019-07-02T08:42:40","date_gmt":"2019-07-02T12:42:40","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=22902"},"modified":"2019-11-15T22:24:22","modified_gmt":"2019-11-15T11:24:22","slug":"digital-steganography","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/digital-steganography\/22902\/","title":{"rendered":"What is digital steganography?"},"content":{"rendered":"

We all know what it means to \u201cread between the lines\u201d in a figurative sense, but before we used modern technology to communicate with one another, people sometimes took it literally, such as by writing secret messages in invisible ink between the lines of a seemingly normal letter.<\/p>\n

The technique, whereby the author of a message hides secret information inside something that looks innocent on the surface, is known as steganography,<\/em> and it is almost as old as writing itself. Unlike cryptography, which scrambles the message to make it unreadable without the decryption key, the purpose of steganography is to conceal from prying eyes the very existence of the message. As with many other information-handling methods, steganography is now used in digital technologies, too.<\/p>\n

How does digital steganography work?<\/h2>\n

A secret message can be hidden in almost any digital object, be it a text document<\/a>, license key<\/a>, or even file extension<\/a>. For example, the editors of Genius.com, a website dedicated to analyzing tracks by rap artists, used two types of apostrophes in their online lyrics that, when combined, made the words \u201cred handed\u201d in Morse code, thereby protecting their unique content from being copied<\/a>.<\/p>\n

One of the most convenient \u201ccontainers\u201d for steganographers happens to be media files (images, audio, video, etc.). They are usually quite large to begin with, which allows the added extra to be meatier than in the case of, say, a text document.<\/p>\n

Secret information can be written in the file metadata<\/a> or directly in the main content. Let\u2019s take an image as an example. From the computer\u2019s point of view, it is a collection of hundreds of thousands of pixels. Each pixel has a \u201cdescription\u201d \u2014 information about its color.<\/p>\n

For the RGB format, which is used in most color pictures, this description takes up 24 bits of memory. If just 1 to 3 bits in the description of some or even all pixels are taken up by secret information, the changes in the picture as a whole are not perceptible. And given the huge number of pixels in images, quite a lot of data can be written into them.<\/p>\n

\n\n\n
\"Original<\/a><\/td>\n<\/a><\/td>\n<\/tr>\n<\/table>\n

The left-hand image has no hidden message; the right-hand image contains the first 10 chapters of Nabokov\u2019s Lolita<\/em><\/em>\n<\/p><\/div>\n

\u00a0<\/p>\n

In most cases, information is hidden in the pixels and extracted from them using special tools. To do so, modern steganographers sometimes write custom scripts, or add the required functionality to programs intended for other purposes. And occasionally they use ready-made code, of which there is plenty online.<\/p>\n

How is digital steganography used?<\/h3>\n

Steganography can be applied in computer technologies in numerous ways. It\u2019s possible to hide text in an image, video, or music track \u2014 either for fun or, as in the case above, to protect a file from illegal copying.<\/p>\n

Hidden watermarks are another good example of steganography. However, the first thing that comes to mind on the topic of secret messages, in both physical and digital form, is all manner of secret correspondence and espionage.<\/p>\n\n

A godsend for cyberspies<\/h3>\n

Our experts registered a surge in cybercriminal interest in steganography 18 months ago<\/a>. Back then, no fewer than three spyware campaigns swam into view, in which victims\u2019 data was sent to C&C servers under the guise of photos and videos.<\/p>\n

From the viewpoint of security systems and employees whose job it is to monitor outgoing traffic, there was nothing suspicious about media files being uploaded online. Which is precisely what the criminals were counting on.<\/p>\n

Subtle memes by subtle means<\/h3>\n

Another curious piece of spyware<\/a>, meanwhile, received commands through images. The malware communicated with its cybercriminal handlers through the most unlikely source: memes posted on Twitter.<\/p>\n

Having gotten onto the victim\u2019s computer, the malware opened the relevant tweet and pulled its instructions from the funny image. Among the commands were:<\/p>\n