Image taken from Pexels.com

During the First World War, elderly, seemingly harmless women in Belgium who lived near the railway station used to sit by their windows, watch the trains passing by, and knit the whole day. Few people would assume that they were anything other than a group of lovely ladies trying to pass their time. In reality, they were monitoring German trains and knitting the pattern of their movements into the fabric. 

They would simply leave a hole in a stitch every time an enemy train passed by the window, thereby tracking the movements of their enemies to help the Belgian resistance. However, it ultimately urged governments to ban new knitting patterns and prevent potential leaks of military plans and tactics.

Now it’s a well-known fact that spies have long been using knitting as a tool for hiding confidential messages. As it turns out, the knitting pattern tends to be an ideal medium for binary code since knots and purls can function as ones and zeros. 

However, binary code isn’t the only method being used. There are endless ways to hide a message within the weave and you can even find courses online to learn the techniques on your own. 

What is steganography?

In a nutshell, steganography is a practice of hiding secret messages within something ordinary-looking that’s not confidential. The possibilities for hiding messages are essentially endless and people have been successfully developing new techniques since ancient times.

The first known case of steganography comes from ancient Greece where a nobleman Histiaeus tattooed his slave’s shaved head and waited for his hair to grow out and hide the secret message. Once his hair grew back, he went to Miletus and delivered the military plan to their army.

From authentication and data protection to digital money, there have been significant improvements in the encryption mechanisms in recent years. Subsequently, any secrecy and data protection tend to be automatically associated with ciphering sensitive information. However, there are other ways to hide messages.

Unlike cryptography, which scrambles data to give more privacy and protect data from possible intruders, steganography relies on numerous clever methods of concealing information to grant more secrecy. Hence, while cryptography hides the content of the message, steganography hides the fact that the message even exists. 

Although they’re not the same thing, most steganography software nowadays uses a combination of steganography and cryptography to cover up all digital traces.

What is stenography used for?

Even though steganography through history used a wide selection of physical mediums to hide the original information, nowadays, it’s almost synonymous with digitally concealed messages. 

Unfortunately, steganography is most commonly connected with the cybercrime milieu. For instance, a Trojan horse malware is a fine example of steganography being used to deliver vicious and devious attacks. Just like the poor people of Troy who didn’t suspect there to be  anything wrong with a wooden horse the Greeks graciously offered them, most people aren’t cautious enough when downloading seemingly benign files from the internet. 

For example, hackers often use LSB steganography to replace the least significant bits of a picture with malicious script files in popular images people like to download and share. Thus, a cute cat picture that’s been circulating on social media may end up being a wolf in sheep’s clothing and it can significantly harm your device and threaten your security. 

On the other hand, steganography has its bright sides as well. Spies and other government employees frequently use these methods to communicate with their central offices during secret operations without raising suspicion. Similarly, many human rights activists and whistleblowers tend to hide highly sensitive information in plain sight while maintaining communication with the media and non-profit organizations. 

Steganography tools

There are numerous free steganographic tools and software that can hide a piece of important information within something ordinary. However, they vary depending on the type of message you want to hide, tools you’re going to use, and a message that’s going to cover your true intentions. From text and pictures to HTML pages and video – any piece of data can function as a vessel for concealing a message. Still, the most widely used technique is embedding a text message into the image. 

One of the most well-known steganography tools is Steghide which can hide different types of data within images and audio files. However, there are more comprehensive software solutions like Invisible Secrets 4 designed for enterprises that, alongside encrypting and hiding essential company files, include email encryption, password managers, IP-IP password transfer, and more. 

How to detect steganography and protect yourself

Many companies and businesses worldwide have faced a growth in targeted cyberattacks that hide malicious PowerShell scripts inside images. Most of these attacks start as a phishing email with a credible-looking file that usually stays under the radar while giving the cybercriminals access to the company’s sensitive data. 

One of the easiest ways to detect steganography is by investing in email security and data-loss prevention tools that have those kinds of features. Also, you can check image hashes to see if they have been modified. Image hashes are unique values that the algorithm assigns to every image. Image copies have the same hash value as the original, but if someone implements a piece of data within the image, the new version will be slightly larger and have a different hash. 

Although comparing image sizes and hashes seems like a pretty straightforward process, it isn’t, and it often feels like looking for a needle in a haystack. It requires specialized software and tools that are going to cover all data types and that are going to prepare you for handling various data security risks.

However, if you stumble upon a specific document that you find suspicious, there are many online tools you can use to check if your file hides some unpleasant surprises. 

Like with any other cybersecurity threat, there isn’t a golden rule on how to protect yourself. Another drawback is that steganography-related security threats tend to be easiest to miss. Thus, make sure to develop a solid cybersecurity strategy that will cover your specific needs and update it regularly.