steganos (στεγανός):
graphein (γράφειν):
covered, concealed, or protected
writing
[~/stego] : This area is about hiding things
Network steganography
[~/stego] : Finding the hidden things
[~/stego] : The unsuspicious medium that draws low attention or no eyes at all
If two knows the same secret, it is highly unlikely that at some point it will not get out
Steganography differs from cryptography in that cryptography conceals only the content of the message through encryption. Steganography conceals the presence of the message itself.
(other than NSA introducing backdoor into RSA, but psst....nobody knows that yet)
Hide the actual existence of the message not the meaning of the message
Embedding covert communications within seemingly innocuous communications
The art of concealing data in a communication in such a way that only the sender and receiver know of its existance and method of access
(http://forensicswiki.org/wiki/Steganography)
(https://cyber-defense.sans.org/resources/papers/gsec)
(www.garykessler.net/library/fsc_stego.html)
1. Put money in a safe
2. Dig a hole for the safe in a forest
Nobody would suspect that someone would actually hide money in a forest, right?
3. Give specific intructions how to acquire
Herodotus documented one of the earliest examples around 440 BC.
He tells the story of Histiaeus who shaved the head of his most trusted slave and tattooed it.
Once the slave’s hair had grown back, the message was hidden.
When the messenger got to their final destination,
their head would be shaved thereby disclosing the message.
- series of electro-mechanical rotor cipher machines
- polyalphabetic substitution cipher
- cryptographic weaknesses, operator mistakes, allied cryptologists
- HP Printers
- Invisible ink (lemon)
- Operation Shady RAT
- Alureon Trojan
- Russian Spy Case
- Al-Qaeda Capture
(http://www.wired.com/2010/06/alleged-spies-hid-secret-messages-on-public-websites/)
(https://threatpost.com/alureon-rootkit-morphs-again-adds-steganography-092611/75688/)
(http://www.darkreading.com/attacks-and-breaches/shady-rat-hid-malware-in-digital-images/d/d-id/1099530?)
image
dvdrom
white space
document
natural text
folder
video
web
hidden OS
spam\email
C source code
alternate data stream
tcp\udp packet
http://blog.trendmicro.com/trendlabs-security-intelligence/sunsets-and-cats-can-be-hazardous-to-your-online-bank-account/
http://forensics.spreitzenbarth.de/2012/02/03/detailed-analysis-of-android-fakeregsms-b/
http://www.howtogeek.com/127154/how-hackers-can-disguise-malicious-programs-with-fake-file-extensions/
https://www.anfractuosity.com/projects/timeshifter/
SMWTWWWSPPPFHSWTHACAFWETRHQ
837787848787878380808070728387847265676570876984827281