Malware has found its way onto a company computer. The hackers’ aim is to steal sensitive corporate data and to do so highly discreetly and so subtly that nobody notices. How? By means of steganography, a millennia-old art of hiding messages in the message carrier so that they go unnoticed by third parties. Hackers embed information or malicious code in video or image files that their victims share unawares on social media channels or company websites where the cyber-invaders capture them and extract the hidden information. The companies in question have no idea of what is happening.
Cybercriminals are discovering steganography for their purposes because even in days of state-of-the-art IT defense systems there is nothing to stop them. Hackers have simply too many ways of hiding digital information to all intents and purposes imperceptibly. It can even be concealed in network and communication protocols. Figures compiled by the Criminal Use of Information Hiding Initiative show that the amount of malware capable of using steganography doubled between 2011 and 2016.
Hiding information in the information carrier
Even in the Ancient World spies used this technology to conceal their messages in the bearer of the message. They tattooed secret instructions in the scalp of mercenaries. These inconspicuous messengers passed every checkpoint unnoticed. The message was only revealed when their scalp was shaved at their destination. Much the same went on in World War II when secret services shared messages in knitting patterns, chess problems and crossword puzzles sent through the post. Information of strategic importance could in this way be concealed in what at first glance appeared to be harmless letters. The Western powers certainly saw that as reason enough to strictly regulate correspondence.
Fast forward. Today, hackers infect corporate networks to influence their LAN latency by means of malware. IT spies manipulate the delay, an inconspicuous parameter that measures the speed of a network connection in milliseconds. Corporate information can be sent out of the network via this seemingly random fluctuation and this steganographic intervention goes unnoticed by third parties.
Not Just Theory: NSA snooping at chancellor’s office in Berlin
This is not just theory, as demonstrated by malware such as Linux Fokirtor and Regin, both of which can embed information in network protocols. Criminals are not alone in using this dubious software. In 2015 the U.S. National Security Agency used it to snoop on computers at the Federal Chancellor’s Office in Berlin. Snoopers also manipulate sound files, with the data flow proceeding inaudibly in the natural background noise without anyone suspecting a thing.
Difficult to prove, almost impossible to discover
Only insiders know what the real content of a seemingly insignificant message is, so data crime of this kind is hard to prove, trace or identify. Few if any investigators know what to look for, and if the perpetrators use codes, that will make identifying them even more difficult. Steganography is used not only to steal information or smuggle in malicious code. Hackers also use it to cover up their tracks, to surf anonymously, to store data secretly and to hijack and control computers, plant and machinery.
Prevention and Containment
Security software specialist McAfee knows how companies can protect themselves. Updated anti-virus protection keeps malware at bay. Employees should also only be allowed to install software from a company repository and not from just anywhere on the Web. When installing software the repository will make sure that signatures are trustworthy and also segment the corporate network so that a steganographic attack can be more easily contained.
Given that there are no limits to the imagination of hackers, it is simpler to think up new ways to hide information than to develop universal protective strategies. That is why defensive measures focus only on the malware in question and that is only promising if invaders use malware that is well known and widespread. If they use less common software the IT world is as yet unable to combat them.
Smart remote-controlled sockets store data
Loopholes for steganography exist not only in video and online games; the Internet of Things also enables botnets to be set up and put to use. Take Smart Home products, for example. Smart remote-controlled sockets, voice assistants and lamps seem to be ideal locations for dubious data thieves. Nobody would look to them or expect them to house hidden information, especially as suitable security and scanning tools do not exist.
The Criminal Use of Information Hiding Initiative was established in 2016 to ensure that this does not continue to be the case. It is a public-private partnership of scientists, legal experts and IT specialists. They collaborate across industries with Europol’s European Cybercrime Centre to promote research, point out the risks and develop initial protective strategies.
Botnets consist of millions of devices and behave like invincible monsters. Combating them is easier said than done. Remove one and thousands more takes its place.
Scientists expect powerful quantum computers to be available in the near future. The downside is that new megacomputers may be able to crack key encryption methods.
Amazon, Twitter, the German Chancellor's office – DDoS attacks cause systems to collapse more and more frequently by using connected devices in the Internet of Things.
What do you do when hackers strike or employees steal important business information? Keep calm and start looking for clues, advises IT forensics expert Volker Wassermann.
Online Editor