Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols
By Michael T. Raggo and Chet Hosmer
4.5/5
()
About this ebook
- Provides many real-world examples of data concealment on the latest technologies including iOS, Android, VMware, MacOS X, Linux and Windows 7
- Dives deep into the less known approaches to data hiding, covert communications, and advanced malware
- Includes never before published information about next generation methods of data hiding
- Outlines a well-defined methodology for countering threats
- Looks ahead at future predictions for data hiding
Michael T. Raggo
Michael Raggo (CISSP, NSA-IAM, ACE, CSI) has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise. Michael is the author of “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols for Syngress Books. A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent presenter at security conferences, including Black Hat, DEF CON, DoD Cyber Crime, InfoSec, SANS, and OWASP.
Related to Data Hiding
Related ebooks
Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsMalware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Hacking and Penetration Testing with Low Power Devices Rating: 2 out of 5 stars2/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5Botnets: The Killer Web Applications Rating: 5 out of 5 stars5/5Blackhatonomics: An Inside Look at the Economics of Cybercrime Rating: 3 out of 5 stars3/5Coding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsManaged Code Rootkits: Hooking into Runtime Environments Rating: 5 out of 5 stars5/5Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology Rating: 4 out of 5 stars4/5Implementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsHack the Stack: Using Snort and Ethereal to Master The 8 Layers of An Insecure Network Rating: 0 out of 5 stars0 ratingsMastering Mobile Forensics Rating: 0 out of 5 stars0 ratingsProfessional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Kismet Hacking Rating: 0 out of 5 stars0 ratingsPractical Anonymity: Hiding in Plain Sight Online Rating: 3 out of 5 stars3/5Snort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Wireshark & Ethereal Network Protocol Analyzer Toolkit Rating: 0 out of 5 stars0 ratingsThe Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 0 out of 5 stars0 ratingsExecuting Windows Command Line Investigations: While Ensuring Evidentiary Integrity Rating: 0 out of 5 stars0 ratingsMeeting People via WiFi and Bluetooth Rating: 0 out of 5 stars0 ratingsPractical Cyber Forensics: An Incident-Based Approach to Forensic Investigations Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Digital Triage Forensics: Processing the Digital Crime Scene Rating: 2 out of 5 stars2/5Nmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsData Hiding Techniques in Windows OS: A Practical Approach to Investigation and Defense Rating: 5 out of 5 stars5/5Web Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5X-Ways Forensics Practitioner’s Guide Rating: 0 out of 5 stars0 ratingsBuilding a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratings
Security For You
Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5
Reviews for Data Hiding
3 ratings0 reviews
Book preview
Data Hiding - Michael T. Raggo
culture.
Preface
It’s 4 AM at Spika, a small cramped Internet Café in downtown Prague. A young student is sipping a coffee in the back corner of the café. He enters a blog and posts a photograph with the caption Zhelayu vsego khoroshego or (wishing you the best). At precisely 6 A.M. dozens of Botnet operators visit the same blog page automatically retrieving the photograph posted as instructed. The operators have repeated this operation for months, as done many times before, the bot operators save the image and copy down the caption. They extract the first 8 Fibonacci characters from the caption Zhelayu vsego khoroshego (1,1,2,3,5,8,13,21) that yield ZZhea oh
. Next they load the image into a steganography program named JPHS, and use the Fibonacci extracted pass phrase ZZhea oh
. However, unlike days before, the program asks for the name of a file to store the hidden contents. Normally it rudely reports incorrect pass phrase …. But not today.
As instructed the bot operator’s type in attack.txt
and press Enter. The file attack.txt
is then created. It contains a simple list of 2,047 IP addresses along with the date of May 9, 2007. The bot operators activate their team of zombies that are spread across the globe dutifully awaiting orders. They provide the attack list and set the attack date to May 9th, 2007. On the morning of May 9th, one of the most wired countries in Europe has instantly become and island, as 100,000+ zombies surgically attack their country’s infrastructure with a relentless distributed Denial of Service attack that lasts over a week, thereby isolating this small country 300 miles east of Stockholm. Most of us in the western world have never heard of this country, but it’s one we won’t soon forget.
The zombies are now asleep, but the bot operators continue to wait for new images with lists of the next victims to attack with their even larger army of zombies.
Obviously, this is a factious and sensationalized rendering of how the cyber attacks on this small but now well-known country of Estonia began. Or is it?
The use of steganography and hidden codes has been part of warfare for over 3,000 years now. The success or failure of missions in many cases depends on the ability to securely and covertly command, control and communicate. When the mission is international espionage, communication with agents abroad, communication within criminal and/or terrorist organizations, or advanced persistent cyber threats, the requirement for this type of communication only increases. The goals of covert communications haven’t changed much in the last 3,000 years, however, the methods and techniques continue to evolve as new means of hiding data appear.
Over the past decade data hiding has steadily moved from digital images to multimedia files, then to network protocols, and now Smart mobile devices. As the capabilities of our computing platforms and the bandwidth of our networks increases, and the mobility of our communication device of choice accelerates, so does the means to leak information or covertly communicate anywhere and anytime.
Taking a snap-shot in time, this book examines the trends, latest threats, methods and techniques employed by those hiding data and covertly communicating. The book also examines methods to detect, analyze and uncover such methods, while looking toward the future to extrapolate what might be next.
Chapter 1
History of Secret Writing
Information in this chapter:
Introduction
Cryptology
Steganography
Introduction
Data Hiding transcends nearly every aspect of our daily lives, whether it be for good intent or evil. It stemmed from secret writing thousands of years ago, as cited by David Kahn and many historians. It originated in Egyptian civilization in the form of hieroglyphs, intended as symbolic representations of historical timelines for particular lords. Other cultures of the time, such as the Chinese, took a more physical approach to hiding messages by writing them on silk or paper, rolling it into ball, and covering it with wax to communicate political or military secrets. For added security measures, the ball was even be swallowed during transit. As civilization evolved, forms of covert communications became more sophisticated and cryptograms and anagrams advanced.
David Kahn’s The Codebreakers is arguably the most comprehensive historical book about Secret Communications through the ages. Below is a timeline of some of the most notable innovations over the centuries dating back to Egypt and China (see Figure 1.1).
Figure 1.1 Data Hiding, Concealment, and Steganography Timeline
As evident throughout history, secret writing evolved from the need for covert communications. And what is used by our own militaries today to protect us from evil intent, is also used by our enemies to attack our well being. As technology has evolved, so have the ways in which data hiding is used. Today, it is commonly used in corporate espionage, spy communication, malware, child exploitation, and terrorism. Malicious data hiding occurs daily all around us, and many times undetected.
In this book we hope to enlighten you, the reader, with information about the many ways in which data hiding is used, from physical mediums to digital mediums. Although there is the ongoing threat of criminal activity, data hiding is actually a very interesting and fun hobby and for some people, a career. Let’s begin by reviewing the history behind what brought us to digital data hiding, by reviewing many of the techniques of our ancestors and the basis behind cryptography and steganography.
Cryptology
Cryptograms and anagrams are commonly found in newspapers and puzzle books. Cryptograms substitute one character for another. In terms of the alphabet, one letter is substituted for another. The goal of the cryptogram is for the individual to determine what letters are substitutes for others, and use this substitution to reveal the original message. In anagrams, the characters that make-up a message are rearranged rather than substituted.
In either case, the message is made secret by the method or algorithm used to scramble it. There is typically also a key known only to the sender and receiver, such that no one else can read or decipher the message. This secret message is commonly referred to as a cipher text. An eavesdropper cannot read the message unless they determine the algorithm and key. The process of decoding the message is referred to as cryptanalysis (see Figure 1.2).
Figure 1.2 Cryptography
Substitution Cipher
In cryptography, a substitution cipher is a method of encryption in which plaintext is substituted with cipher text using a particular method or algorithm. The plaintext can be replaced by letters, numbers, symbols, etc. The algorithm defines how the substitution will occur and is based upon a key. Therefore, the recipient of the message must know the algorithm and the key (or keying mechanism) in order to decipher the message. When the recipient receives the encrypted message, he/she will use this known substitution algorithm, to decipher the message to reveal the plaintext message.
Caesar
Julius Caesar (100–44 B.C.) initially created a substitution cipher for military purposes that involved substituting Greek letters for Roman letters, thereby making the message unreadable to the enemy. Caesar later created the more commonly known Shift Cipher. Caesar simply shifted the letters of the alphabet by a specified amount. This shifted alphabet was then used for the substitution cipher. In both cases, the original alphabet was substituted by a different character substitution, also referred to as a cipher alphabet or monoalphabetic cipher. For example:
A B C D E F G H I J K L M N O P Q R S T U V W X Y