(U//FOUO) Los Angeles Fusion Center: Steganography Intelligence Bulletin

Steganography: A Lesser Known Method of Concealing Electronic Information, Attacking Systems

  • 5 pages
  • For Official Use Only
  • January 11, 2012

Download

(U//FOUO) Steganography—the practice of concealing data within a carrier—may be used to obscure malicious or criminal information and activity from law enforcement. While steganography dates to the fifth century BC, it has long been regarded as, and remains, one of the most advanced forms of clandestine communication. In modern usage, the Internet allows accessibility to, and broad dissemination of, steganography tools, and its application continues to evolve with technology. Understanding steganography in its current state is essential to its identification and detection.

(U) Detection

(U//FOUO) Detecting steganography is challenging; in fact, determining whether media contains extraneous data is nearly impossible. Generally, detection occurs only through direct knowledge of its existence, evidence of steganography tools, or chance. Some indicators of steganography may include:

• (U//FOUO) Conspicuous and unusual sharing of digital media files via peer-to-peer (P2P) clients, e-mail, or uploads to Web sites
• (U//FOUO) Repeated sharing of the same file
• (U//FOUO) Possession of steganography software, or visiting sites known to contain steganography
• (U//FOUO) Sharing of content that is inconsistent with a subject’s life, such as pictures of children when he or she is not known to have any
• (U//FOUO) Possession of two or more copies of a file that do not look/sound identical, that is, the same image but of varying sizes and hash values
• (U//FOUO) Presence of files whose large size is unusual for the type of content
• (U//FOUO) Possession of books or articles on—or, expression of interest in—cryptography or steganography

(U) Note that traditional security devices (for example, firewalls) do not detect steganography; a file containing a concealed message presents as a legitimate file.

(U) Tools for Detection

(U) Steganalysis, the method of detecting steganography and destroying the hidden message, is possible through free online tools. Deciphering and viewing the original message is challenging without the encryption keys, and some detection software may only identify steganography within a specific medium.

(U) Illicit Uses of Steganography

(U) Covert Communication

(U) Steganography can be used to hide communication behind seemingly innocuous files to pass messages without fear of detection.

• (U) According to an indictment unsealed in June 2010, an accused Russian spy network in New York began to use steganography as early as 2005. After a raid on the home of an alleged spy, law enforcement found a program on a computer that allowed group members to embed data in images on publicly available Web sites.
• (U//FOUO) The second issue of The Technical Mujahid details the benefits of using steganography over encryption; the magazine includes instructions for and examples of steganography.

(U) Concealing Illicit Activity

(U//FOUO) Criminals use steganography to hide materials or information for the purpose of

• (U) Trafficking in child pornography
• (U) Committing fraud
• (U) Evading government censorship abroad
• (U) Conducting industrial espionage

(U) VoIP Steganography

(U) Voice over Internet Protocol (VoIP) steganography, also known as network steganography, is one example of adaption to new technology. Use of a proprietary VoIP service eliminates the need for a carrier to conceal data, and extends the message length. The longer the conversation or data exchange, the longer or more detailed the hidden message can be. The brief time period the VoIP data exists for makes this nearly impossible to detect or prevent.

5 comments for “(U//FOUO) Los Angeles Fusion Center: Steganography Intelligence Bulletin

  1. February 3, 2012 at 6:19 am

    “Conspicuous and unusual sharing of digital media files via peer-to-peer (P2P) clients, e-mail, or uploads to Web sites”

    No one ever does this. Why waste the bandwidth or time with such trivial pursuits.

    • Mark
      February 7, 2012 at 1:57 am

      sarcastic i hope?

    • Mark
      February 7, 2012 at 1:58 am

      and by that i mean TONS of people share files in that manner and its ridiculous to consider that a suspicious activity…

  2. John
    February 7, 2012 at 6:07 pm

    The whole point is to overwhelm the desk jockies to analyze all the data within a server. Taking months to look at every single media, scanning for hidden messages, giving the opposition time to cover his tracks and evade security forces. Data retention is easy nowadays, it’s having the analysts to sift through the terabit upon terabit of data to get anywhere. Thats why counter intel hardly catches anyone until after the fact

Leave a Reply

Your email address will not be published. Required fields are marked *