What is Steganography and How Does It Work?

  • By Greg Brown
  • Jul 31, 2023

what is steganography

We can all remember the old war stories of secret agents and the unbreakable messages back to headquarters. One of the most popular means of evil messaging secrecy was recording the text backward on a rock and roll record. Only the war leaders knew how to unbreak the code and play the message. 

What is Steganography?

In modern times the technique is referred to as Steganography, hiding data within an ordinary, non-secrete file. Colorful origins of Steganography existed as far back as ancient Greece. The first recorded use of the tactic was in a book by Johannes Trithemius in 1499 titled Steganographia. The book is a discourse on both Steganography and cryptography that is disguised as a book on magic. 

Steganography has been used for centuries, primarily in wartime, with secret and invisible inks on paper. Throughout the decades, Steganography is still used today as a more technological and innovative advancement method.

In a digital world, Steganography has seen a skyrocketing rebirth; from invisible inks to advanced algorithms, cybersecurity applications are limitless. 

How Does Steganography Work?

In Steganography, two types of messages exist, with the first being container and the second being secretive. One type of messaging has the task of hiding the contents of the other, making it invisible to eavesdroppers. Hidden messages appear to be something else: articles, lists, or cover text for example.

In practical everyday terms, there are two main steganographic models; injection and generative. Injective steganographic is the most widely used and consists of inserting messages into another text acting as a container. The process is meant to hide the message from the human eye and to be indistinguishable from the original. Generative Steganography, on the other hand, takes the message and builds a container around it to hide the content in the best way possible.

Types of Steganography

Steganography is the practice of hiding in plain sight, of which five common types exist. 

1. Image steganography is a fascinating type where secret information is encoded into a digital image. The technique relies on imperceptible small changes in pixel image color or noise, making it difficult to detect with the human eye. One pixel image can be concealed within another using the least significant bits of one pixel to represent the hidden image instead. 

Different methods of image steganography:

  • least significant bit of encoding
  • Parity encoding
  • Phase coding
  • Spread spectrum 

2. Network steganography is a quickly evolving form of hiding information. The technique uses network traffic to conceal messages within a TCP/IP header, payload, and network packets. Messages can be sent between different packets and within headers.

3. Audio steganography is similar in technique to sending video messages. Backmasking is playing the message in reverse, requiring those receiving the message to play the entire track in reverse. Sophisticated techniques include the least bits technology, where each audio bit is masked to hide a piece of the message.

4. Text steganography is the simplest form of masking a message. The sender might use the first letter in a sentence to form the text, or it may point to another post, and so on. Other techniques could include adding encoded information within the punctuation or even meaningful typos within the text.

Techniques used to hide data:

  • Format based
  • Random statistical generation
  • Linguistic method 

5. Video steganography is a sophisticated means of hiding information in plain sight. Videos are represented as sequences of still images, and each image can encode a separate frame within each depiction. This method is used to hide a coherent video within plain sight. 

Two main classes of video steganography:

  • Embedding data in a raw video file and compressing it later
  • Embedding data directly into a compressed data file 

Cybercrime and Steganography

cybercrime and steganography

Cybercriminals find that using Steganography is an excellent means of tricking users into downloading malware and other malicious code. Web surfers visit a normal-looking website and click on an attachment without realizing the malicious code hidden in the text or image.

Hackers hide malware code inside images using the least significant bit technique (LSB). The method makes minor changes to an image’s digital code to change values. For example, the image may be considered greyscale; however, after the hacker is finished, the image is changed to a black or darker shade without the user knowing. Once downloaded, the image acts like clicking on a malicious link. Scale the approach to thousands of pixels, and infecting a computer or corporate network becomes easy. 

Steganography and ransomware are a lethal combination, with gangs learning how to use the technique to deliver malicious payloads to extract a ransom. Hiding sensitive personal or corporate data within a legitimate email or text communication provides the entryway into a secure network. 

Web pages as a means to hide malicious code such as uploaded stolen images and posted logs. Maintaining this encrypted malicious code in covert web locations becomes easier to infect web surfers. Malvertising is another easy way to infect a web surfer’s computer system using Steganography. Malicious code embedded inside banner ads redirects users to exploited landing pages. 

Steganography Examples

E-commerce skimming has become a popular attack mode for cybercriminals. E-commerce security platform Sansec published a research paper showing criminals embedding malware inside Scalable Vector Graphics (SVG). Malicious attacks were carried out by embedding code inside SVG images, and the decoder was hidden in other parts of the web page.

Another attack method is embedding malicious encrypted code inside a legitimate software update, such as the SolarWinds method. Attackers were able to breach Microsoft, Intel, and Cisco, in addition to various other governmental agencies. Attackers used Steganography to mask malicious code that seemed to be a benign XML file. The file served as an HTML response from a control server. The malicious data was disguised as a different string of text.

In 2020, attackers hit several countries, such as Japan, Great Britain, and Germany, with infected documents using a steganographic method. Attackers embed malicious code into an image placed on a reputable platform. The malware was used to steal Microsoft passwords with a secret script hidden inside the image. 

Protecting against a steganographic cyber attack, just as in the past, has become complicated with specific tools and technological advancements.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address