Computerworld - An engineering firm suspected that an insider was transmitting valuable intellectual property out of its network. When Seattle-based forensics consulting firm Electronic Evidence Discovery Inc. (EED) investigated the case in June 2000, it couldn't find the evidence on the local hard drive. After checking mail logs, however, investigators found the smoking gun: two e-mails with harmless-looking image attachments sent by an engineer. Turns out, the images were hiding two of the company's most precious engineering specifications.
The technique used to hide the specifications inside image files is a high-tech version of a process called steganography, which has been around since the beginning of recorded history, says Sayan Chakraborty, vice president of engineering at Sigaba Corp. in San Mateo, Calif.
During the Roman Empire, he explains, secret information was tattooed on a messenger's shaved head. When the hair grew back, the messenger was sent out with the secret message on his scalp and a decoy message in hand.
In the IT realm, steganography replaces unneeded bits in image and sound files with secret data. Instead of protecting data the way encryption does, steganography hides the very existence of the data. And it's undetectable under traditional traffic-pattern analysis.
There are few legitimate uses for steganography, say forensics professionals. And despite reports circulating about terrorists using steganography to communicate secretly, experts doubt that's the case.
"Most people study steganography either as an academic discipline or a curiosity, but I don't know if even terrorist groups would actually use it," says Chakraborty.
Last year, after reading a USA Today article about steganography and terrorism, Neils Provos, a Ph.D. student in computer science at the University of Michigan in Ann Arbor, decided do his dissertation on steganography.
Provos developed detection and cracking tools to analyze images for signs of steganography, such as overly large files and uneven bit mapping. He tested the tools and then used them to compare 2 million images on San Jose-based eBay Inc.'s Web site, which has been cited as a possible place for posting and retrieving hidden messages. Provos found no cases of steganography.
"Steganography becomes the focus of attention, dies down, and then the public is all over it again," says Provos. "But it will never be pervasive, because the amount of data you can actually hide in the images is fairly small. And if someone wanted to steal intellectual property, it'd be easier to copy the data on a disk and carry it out in your pocket."
Even if steganography is present, forensics experts prefer to start by investigating less complex areas. But in some cases, the only evidence might be hidden in image or sound files, so investigators need to be aware of steganography and the tools used to detect and crack it, say experts.
"It's true that steganography is very little used, but we need to be aware of it when doing almost any forensics analysis," advises Kenneth Shear, vice president of technology and law at EED.
| POSSIBLE USES OF STEGANOGRAPHY | DRAWBACKS | Used to combine explanatory information with an image (like doctor's notes accompanying an X-ray) | Could accidentally degrade or render an image misleading |
|---|---|
| Embedding corrective audio or image data in case corrosion occurs from a poor connection or transmission | Could counteract and be counterproductive with the original image |
| Peer-to-peer private communications | Doesn't hide the fact that an e-mail was sent, negating the purpose of secret communications |
| Posting secret communications on the Web to avoid transmission | Someone else with a steganography detection and cracking tool could expose the message |
| Copyright protection | A form of this already exists, called digital watermarking, but requires use of separate hardware tools because steganographic software can't use separate hardware tools. Steganographic software also can't protect the watermark. |
| Maintaining anonymity | Easier to open free Web-based e-mail or use cloaked e-mail |
| Hiding data on the network in case of a breach | Better to understand and effectively use standardized encryption |
See additional Computerworld QuickStudies
Read more about Security in Computerworld's Security Topic Center.


- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Driving Secure Enterprise File Sharing and Syncing in the Enterprise
- GroupLogic's new activEcho is the industry's only secure Enterprise File Sharing and Synching solution that balances the need for simplicity for the end...
- The Enterprise File Sharing Option
- Enterprises and IT departments need to address several critical security issues when considering file sharing and syncing products. Many of today's solutions do...
- Security Strategies to Virtualizing Internet-Facing Applications
- The IT organization at Intel has set a goal to transition their enterprise to a private cloud for their Office and Enterprise applications....
- Cloud Security Planning Guide
- Cloud security considerations span protecting hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different...
- Cloud Security Vendor Round Table
- This vendor round table guide will help you to evaluate different cloud technology vendors and service providers based on a series of questions... All Security White Papers
- Live Webcast
Data Privacy and Protection in Production Environments: New Research from Ponemon Institute - Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT
In a recent study conducted by Ponemon Institute, fifty-five percent of respondents... - Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT
In a recent study conducted by Ponemon Institute, fifty-five percent of respondents... - Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?
- FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
- BlackBerry PlayBook OS 2.0 Security Overview
- The presentation provides an overview of BlackBerry PlayBook OS 2.0 security capabilities and features, including: BlackBerry® Balance™ technology, BlackBerry® Bridge, data-at-rest protection, and...
- BlackBerry NFC Security Overview
- The presentation on NFC security will provide an overview of the security protections built into the BlackBerry platform to protect users, application developers...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts