you're reading...
Hacking / Counter Intelligence, Lawful Intercept

An Introduction to Steganography aka Stenography

What is Steganography
Steganography is the art and science of hiding that communication is happening. Classical steganography systems depend on keeping the encoding system secret, but modern steganography is detectable only if secret information is known, e.g. a secret key. Because of their invasive nature, steganography systems leave detectable traces within a medium’s characteristics. This allows an eavesdropper to detect media that has been modified, revealing that secret communication is taking place. Although the secrecy of the information is not degraded, its hidden nature is revealed, defeating the main purpose of Steganography.

The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in his Histories. Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.

Listening Posts
Cold war tensions built up an abundance of listening posts around the world that are still in use today by several government agencies. Listening posts are usually an apartment of office with a lot of available bandwidth and radio equipment. The radio equipment intercepts signals, most prominently satellite phones, and relays the conversation back to central data warehousing for linguistic processing in the United States. Certain filters are applied to the data at the listening post to flag for priority, though the majority of analysis is performed state side where hopefully both sides of a conversation can be paired.

This is a good opportunity for me to say that listening posts are typically not duplex. Due to various constraints with the way a communication network is design and cryptography time constraints, typically only one half of a conversation is captured.

Modern Day Intelligence
With changes post 9/11 the United States started taking a more strict stance on the control of the root name servers of the internet, and various root level hubs where data is transported underneath oceans has been tapped for intercept.

The Next Generation
The next logical leap for intelligence on both sides was to start adopting technology that could not only make an online identity completely anonymous in terms of originating and destination identities, but also to bury data in such a way that it couldn’t be detected. The first applications of digital steganography started in the 90’s about the same time that PGP was mysteriously taken off the US market for 2 years while it was still available for purchase in Canada.

Modern steganography not only buries data, but also encrypts it. Data can not only hide in images any more, but also in any digital file. The new frontier is in hiding data in music files as they are distributed en mass via P2P networks and the source and destination don’t even have to have a transient chain of willful possession. Due to variations in the encoding or recording of a song, there are also many different digital footprints which makes it difficult to use comparative analysis to detect differing versions.


About Pythorian

Exploration and Production oriented security consultant for securing IT infrastructures relating to natural resources.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: