Picture this - your secrets lost before your very eyes

Streams of binary code Alan Woodward of Charteris says a picture may be worth a thousand words, but it could also hide something more treacherous.

Today, businesses wanting to guard against the potentially ultra-serious hazard of vitally important data being deliberately leaked to unauthorised people outside or even inside the organisation, need to get to grips with an alarming reality: a picture can also conceal a thousand words.

Or in some cases even up to around 5,000 words. More than enough to betray all your most precious and commercially sensitive data: locations of newly-discovered oil fields; formulae for synthesising newly-discovered molecules of breakthrough drugs costing millions or even billions to develop; designs of revolutionary products you're planning on being the first to bring to market; ultra-sensitive lists of hard-won customers; you name it.

Data concealed in pictures? It may sound like the basis for a plot sequence in the next Mission Impossible movie, but it isn't. It's real. And unless you are prepared to let any Tom, Dick or Harry cruise around your precious data, you need to be aware of the threat it poses.

The technique is called steganography, from Ancient Greek words meaning hidden or covered writing, just as that lumbering dinosaur the stegosaurus is so named because its back was covered in those large bony plates whose real purpose is a mystery even today.

But steganography wasn't a mystery to the Ancient Greeks; indeed they most likely invented it. The Greek historian Herodotus records that in 312 BC, Histaeus of Miletus commanded the head of his most trusted slave to be shaved and tattooed with a vitally important secret message on it. Once the slave's hair had grown, hiding the message, Histaeus used him as an emissary to a friendly power via enemy territory to instigate a revolt against the Persians.

This example from history shows why steganographic writing is such a dangerous threat to security. Friends who betray us are always a more potent threat than people we recognise as enemies from the outset, and steganographic messages look friendly and innocent.

You could devise a simple steganographic message by agreeing with your recipient that your real message will consist of the first letter of every word of your apparent message. 'Bring us your invoice by Monday', for example, would really mean 'BUY IBM'. In steganographic writing the apparent message is known as the covertext and the real message is called the plaintext.

The innocuous appearance of the covertext in the example illustrates why steganographic writing doesn't tend to set alarm bells ringing. It looks innocent, whereas the message 'BUY IBM' encrypted in a simple code that consisted, say, of substituting each letter for the next letter in the alphabet - 'CVZ JCN' - obviously looks dodgy and would be certain to awaken the suspicions of even the most credulous member of an industrial espionage prevention team.

The point is that any encrypted message will tend to raise suspicions because even though it can't readily be read you will know it's been encrypted and will instantly conclude that something fishy's going on.

In the highly competitive ocean of modern business, the threat of steganography has recently become a major issue in corporate life.

It's actually been a significant threat for several years due to the increased computing power available on everyone's desktop, but people have been distracted by publicity about cryptography and steganography has rather remained in the background.

It's a particularly worrying threat now because of the enormous computing power on desktops today, the massive volume of electronic communications, and the number of freely available tools that allow even a routine user to employ steganographic techniques.

By far the biggest type of threat is the potential for concealing steganographic writing within computerised images. With Windows you can literally drag and drop your hidden text onto a picture and the deed is done.

As Gordon Gekko reminded us in the film Wall Street (1985), the most valuable commodity of all is information. And it's precisely that which can so easily be given away today - or sold - using image-based steganographic techniques.

What's actually happening when you carry out what looks like a simple drag and drop?

An electronic image is comprised of thousands of 'picture elements' or 'pixels'. A pixel is a binary number that provides information on the colour or (in a black and white picture) the shade of grey that should be displayed in that particular pixel.

The binary number will look something like this: 10011011 etc depending on the pixel in question. The individual numbers (the 1 or the 0) are known as bits and the further along you go to the right the less significant the bits become in defining the precise colour of the pixel.

Why does the opportunity for steganography exist? Because while each pixel is defined by a series of bits, some of these bits can be changed without affecting the resulting pixel to any discernible extent. In a computerised image whose size is 256 by 256 pixels, making a total of 65,536 pixels, there would easily be room to conceal say, about 5,000 words of data.

This method of concealment is known as 'bit twiddling'. An obvious place to conceal a secret message would be within a computerised picture that does not show any apparent changes.

Bit twiddling is the most common way to conceal text within a computerised image. There are many more techniques, though, particularly when using image formats such as the now ubiquitous jpeg which many will have encountered through their digital cameras.

An apparently innocuous picture of - of example - an employee's child's first day at school taken with a standard family digital camera could easily be used to conceal a damaging leak. The leak could be so fatal that by the time the school term ends, thousands of other mums and dads at the business from which the information was leaked will have had to find new jobs - if they can.

What's the best way to guard against the hazard of modern image-based steganographic betrayal?

The first step is to recognise that it is a potential problem and get help to understand what tools are likely to be available to a malicious team member. You also need to know the manner in which these tools can be used because they often leave little trace of their presence - some are even termed 'zero footprint' by those who develop them.

Yet help is at hand because dedicated teams of experts have been making available tools to help detect steganography. The technique they use is known as 'steganalysis'.

Steganalysis is as much an art as a science. The detection tools need to be used so that the appropriate steganalysis resource is used in the appropriate situation.

Admittedly, this is not easy, when the range of steganography tools and the steganalysis counterparts have proliferated and are proliferating just as the threat from viruses did when they first emerged into the IT environment.

At Charteris we began our own anti-steganography work as a technical exercise but were soon alarmed at what our experiments were telling us, not just about the power of the steganography tools available but also about the degree of care that needs to be applied to combat this potent security hazard.

Taking the threat of betrayal by apparently innocuous pixels seriously will lead you to put into practice the measures necessary to defend against it. And you do need to take this threat very seriously indeed. The stegosaurus may be long extinct, but steganographic treachery is, unfortunately, here to stay.

Alan Woodward is chief technology officer at the business and information technology consultancy Charteris.

www.charteris.com

29 March 2007

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.