Hiding in plain view: Steganography

Steganography has seen a bit of a resurgence lately.  For those not in the know, steganography is not a newly discovered form of dinosaur.  Rather, it is a means of hiding in plain view. 

The Wikipedia defines “steganography” as “the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured.”

One of the areas in which steganography has found an audience is pornography, particular the trading of illegal images involving minors.  The illicit images are hidden in what would otherwise be innocent photographs of seascapes and sunsets.  Only a person having the proper software can extract the images.

Steganography software is readily available on the Web.  One need only Google™ “steganography” to find dozens of potential sources of free software. 

From a security perspective, the discovery of steganography software on a business computer can generally lead to only one conclusion (unless the user is secret agent):  illegal activity.  The user could be trafficking in illicit images or attempting to smuggle trade secrets out of the company without detection.  In any event, a complete investigation/audit should be conducted to determine why the software was installed and what it was used for.

Copyright © 2007 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline