top of page
Search
Writer's pictureInvestigateCZ

Stenography. What is it and how is it used?


Stenography means literally "covered writing" It is the secreting of message(s) within something else like a book or an image and in a digital sense it is the hiding of data within other files.


In the realm of hacking, the original file is designed to pass by the observer or user without arousing suspicion in the form of perhaps an image or video but contained within can be anything from a hidden message to a RAT or Remote Access Tool which gives a remote user full access to your machine.


In the last thirty years, there has been a growing interest in stenography and its use by criminals, terrorists, and hackers. While encryption is used to make a message unreadable, stenography is used to hide the data itself and thus, nothing suspicious is seen by an average viewer of the file. As no suspicion is aroused by the file, there is a much higher chance of it being viewed and shared, unlike an encrypted file which may have the opposite effect as the alarm is raised as the file doesn't look quite as it should in one way or another.


Stenography is a useful method, used by hackers and is increasing in popularity in recent years, seeing an increase of 600% in 2017 alone. With hackers able to place malicious software into images, audio video and text files that seem innocuous to the user, hiding the program in plain sight, they have been able to expose millions to malicious software over the last few years.


One of the reasons for this is that anti virus programs and security companies have become proficient at intercepting malware by way of detecting encryption and metaware that enables them to see if there is communication with a remote server and to see exactly what the program does and therefore many have turned away from this method and turned towards stenography as they they can disguise their malware and stealthily avoid detection.


The hackers currently seem to have the advantage as a stenography based attack is often what is known as a "zero day" or "zero hour" threat meaning that it has not ben seen before and therefore is able to neatly sidestep known methods of attack, making detection a challenge.


So how do I protect myself?


By keeping your software and your antivirus up to date, installing any recommended patches and having a good firewall, you have a better chance of keeping ahead of the game but not all threats will be stopped by these measures.


As always, do not open files that you do not know the origin of. Additionally, you can invest in a good sandbox which is a program that allows you to open files in a safe environment (protected section of your computer) to prevent the file or it's contents from leaving that area. In the extreme, operating a virtual machine will also protect you but this is for more advanced users.


In this day and age of sharing pictures, memes, video and the like, get in the habit of checking what you are opening and it's origin as well as regularly running a deep anti virus scan on your system.


A bit of vigilance will go a long way in keeping you, your hardware and your privacy safe online.







39 views0 comments

Recent Posts

See All

Comments


bottom of page