The July 2022 issue of IEEE Spectrum is here!

Close bar

The Dark Side of Steganography

Cybersecurity researchers in Poland and Italy are trying to out-smart steganographers at hiding their malware

2 min read
The Dark Side of Steganography
Illustration: Getty Images

The complicated mess of code in image, voice, video and even electrocardiogram data provide the perfect carrier for hidden messages. At the Network Security Group at Warsaw University of Technology, in Poland, Wojciech Mazurczyk disguises data the same way cybercriminals do in order to beat them at their own game.

Hackers use the information disguising technique known as steganography to infiltrate computer systems. The technique has since evolved from tattoos to invisible inked letters to flurries of data packets. By altering small bits of data in a file such a JPEG or in packets of voice data, they can send secret information and viruses.

In an IEEE Security & Privacy report, Mazurczyk and Luca Caviglione, a National Research Council of Italy telecommunications specialist, identified three major steganography techniques hackers have used to hide the most recent and prolific malware: local channel, digital file, and network steganography.

“We are seeing trends among malware developers who are intrinsically using information hiding technique to make malware harder and harder to detect,” Mazurczyk says.

In 2014, antivirus research firm AV-TEST reported that there are about 130 million new forms of malware. This is a 63 percent increase from 2013. What’s more, one of the leading antivirus vendors, Symantec, admitted that its products are able to detect only about 45 percent of new threats.

According to Mazurczyk, this is partially a result of new, sophisticated developments in network steganography, which cloaks a message’s origins in the shroud of Internet traffic. The traffic allows steganographers to send longer messages without leaving behind an obvious trail.

Mazurczyk has helped develop network steganography programs such as SkyDe, which sends hidden messages through Skype voice data, and StegTorrent, which encodes information in BitTorrent transactions. After analyzing these programs, Mazurczyk and his team then creates protocols to detect the hidden transmissions. The challenge is that every transmission route a steganographer uses to hide information requires a specific countermeasure, says Mazurczyk.

The damage steganographically hidden malware inflicts can be catastrophic. In the 2006 Operation Shady RAT case, the Trojan.Downbot virus infected computers from 72 organizations around the world, including the United Nations, the U.S. federal government, and economic trade organizations. JPEG and HTML files encoded with commands granted remote servers control over mainframe computers. It took institutions months to recover.

And Mazurczyk and Caviglione predict that such scenarios will only worsen as cybercriminals increasingly turn their attention to smartphones. Over the past two years, McAfee reported a 1,800 percent increase in mobile malware.

Smartphones are like Swiss Army knives that provide dozens of pathways to send a secret message, says Mazurczyk. Steganographers can launch an attack through a smartphone’s camera, its Wi-Fi and cellular network connections, applications, and sensors. For example, the virus Soundcomber can infer secret data by differentiating between changes in vibration or volume settings.

Since the paper was written, even more dangerous steganography cases, like the recent Hammertoss infiltration on GitHub and Twitter, have come to cybersecurity specialists’ attention.  

“I feel that we are just at the beginning of the rope,” says Mazurczyk. “These are the most simple information hiding methods that can be used. In a few years, we will be starting to discover more sophisticated techniques.”

Mazurczyk and his colleagues are working on better ways to detect and prevent the transmission of secret viruses, and spreading awareness among cyber security organizations like the European Commission. But, in order to find hidden messages, they must first think like the stealthiest steganographers.

The Conversation (0)

How the FCC Settles Radio-Spectrum Turf Wars

Remember the 5G-airport controversy? Here’s how such disputes play out

11 min read
This photo shows a man in the basket of a cherry picker working on an antenna as an airliner passes overhead.

The airline and cellular-phone industries have been at loggerheads over the possibility that 5G transmissions from antennas such as this one, located at Los Angeles International Airport, could interfere with the radar altimeters used in aircraft.

Patrick T. Fallon/AFP/Getty Images
Blue

You’ve no doubt seen the scary headlines: Will 5G Cause Planes to Crash? They appeared late last year, after the U.S. Federal Aviation Administration warned that new 5G services from AT&T and Verizon might interfere with the radar altimeters that airplane pilots rely on to land safely. Not true, said AT&T and Verizon, with the backing of the U.S. Federal Communications Commission, which had authorized 5G. The altimeters are safe, they maintained. Air travelers didn’t know what to believe.

Another recent FCC decision had also created a controversy about public safety: okaying Wi-Fi devices in a 6-gigahertz frequency band long used by point-to-point microwave systems to carry safety-critical data. The microwave operators predicted that the Wi-Fi devices would disrupt their systems; the Wi-Fi interests insisted they would not. (As an attorney, I represented a microwave-industry group in the ensuing legal dispute.)

Keep Reading ↓Show less
{"imageShortcodeIds":["29845282"]}