What is Steganography?

What is Steganography?

• The process of hiding data in images is called Steganography.
• The most popular method for hiding data in files is to utilize graphic images as hiding place.
• Attackers can embed information such as:
  1. Source code for hacking tool
  2. List of compromised servers
  3. Plans for future attacks
  4. your grandma/s secret cookie recipe

What is Steganography? It has been described as the art and science of hiding information by embedding messages within other seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images.

Given below is a list of few steganography tools.

• DiSi-Steganograph is a very small, DOS-based steganographic program that embeds data in PCX images.
• EZStego is a Java based steganographic software which modifies the LSB of still pictures (supports only GIF and PICT formats) and rearranges the color palette.
• Gif-It-Up v1.0 is a stego program for Windows 95 that hides data in GIF files. It replaces color indexes of the gif color table with indexes of 'color friends' (a color friend is a color in the same table and as close as possible).
• Gifshuffle conceals a message in a GIF image by re-ordering the color map. Source code and a WIN32 executable are provided.
• Hide and Seek is a stego program that hides any data into GIF images. It flips the LSB of pseudo-randomly chosen pixels. The data is first encrypted using the blowfish algorithm.
• JPEG-JSTEG hides data inside a JPEG file. (Source code available)
• MandelSteg and GIFExtract hide data in fractal GIF images. MandelSteg will create a Mandelbrot image (though it could be modified to produce other fractals), storing your data in the specified bit of the image pixels, after which GIFExtract can be used by the recipient to extract that bit-plane of the image. (Source code available)
• MP3Stego hides data in popular MP3 sound files.
• Nicetext transforms cipher-text into innocuous text which can be transformed back into the original cipher-text. The expandable set of tools allows experimentation with custom dictionaries, automatic simulation of writing style, and the use of Context-Free-Grammars to control text generation.
• Pretty Good Envelope hides data in almost any file. In fact it embeds a binary message in a larger binary file by appending the message to the covert file as well as a 4-byte pointer to the start of the message. To retrieve the message, the last 4 bytes of the file are read, the file pointer is set to that value, and the file read from that point.
• OutGuess is a steganographic tool for still images. It support the PNM and JPEG image formats. OutGuess 'preserves statistics based on frequency counts. As a result, no known statistical test is able to detect the presence of steganographic content'.
• SecurEngine hides files into 24 bit bitmap images (JPEG or BMP) or even text files. Files can be encrypted using GOST, Vernam or '3-way'.
• Stealth is a simple filter for PGP 2.x which strips of all identifying header information. Only the encrypted data (which looks like random noise) remains; thus it is suitable for steganographic use.
• Snow is used to conceal messages in ASCII text by appending white spaces to the end of lines.
• Steganography Tools 4 encrypts the data with IDEA, MPJ2, DES, 3DES and NSEA in CBC, ECB, CFB, OFB and PCBC modes and hides it inside graphics (by modifying the LSB of BMP files), digital audio (WAV files) or unused sectors of HD floppies. The embedded message is usually very small.
• Steganos is an easy to use wizard style program to hide and/or encrypt files. Steganos encrypts files and hides them within various different types of files. It also includes a text editor using the soft-tempest technology. Many other security features are included.
• Steghide features hiding data in BMP, WAV and AU files, blowfish encryption, MD5 hashing of pass phrases to blowfish keys and pseudo-random distribution of hidden bits in the cover-data.
• Stegodos is a set of DOS programs that encodes messages into GIF or PCX images. It works only with 320x200x256 pictures. The data embedded by modifying the LSB of the picture is noticeable in most cases.
• Stegonosaurus is a UNIX program that will convert any binary file into nonsense text, but which statistically resembles text in the language of the dictionary supplied.
• StegonoWav is a Java (JDK 1.0) program that hides information in 16-bit wav files using a spread spectrum technique.
• wbStego lets you hide data in bitmaps, text files and also HTML files. The data is encrypted before embedding. Two different user interfaces are proposed: 'the wizard' guides the user step by step and the 'pro' mode gives him full control.
  ..................................................................................................................................................................... .......................