Evidence of Steganography in Real Criminal Cases

ancientribe writes "Researchers at Purdue University have found proof that criminals are making use of steganography in the field. Steganography is the stealth technique of hiding text or images within image files. Experts say that the wide availability of free point-and-click steganography tools is making the method of hiding illicit images and text easier to use. Not everyone is convinced; some security experts such as Bruce Schneier have dismissed steganography as too complex and conspicuous for the bad guys to bother using, especially for inside corporate espionage: 'It doesn't make sense that someone selling out the company can't just leave with a USB.'"

Debunking steganography

[DrYak]

In fact people like Guillermito has regularly showed that a lot point'n'click stegano softs are just completely useless. They either don't work at all (fail to transport data) or store the data in nearly not hidden at all way (payload stored as-is past the end of the file, or zero-padded and used for the least significant bit of the file without any encryption).

Specially if the marketing blurb mentions "military grade" (translation : triple AES is used to store the password. The reader software inputs a password from the user and if it matches the hash... the soft proceeds extracting the otherwise clear, non crypted and un-obfuscated payload).

So while it *is* possible to design actually working steganography, if a would-be pedo-terrorist-criminal tries to google for stenographic software, he'll most likely land on useless software.

Re:get over it

[Kjella]

Encrypted, hidden data can be added to MP3s, MPEG4s, Actually, the more compressed the less likely you can embed anything useful. Trying to embed information would either lead to inefficient compression, which can be detected or to unnatural noise which can also be detected. Also you can't have an unembedded and an embedded version around, so adding stenography to that episode of Heroes you send would be really stupid and trivially found with a diff. Most good formats like bmp, wav etc. would raise eyebrows since they're so uncommon. I think your favorite non-suspicious option today would be getting a digicam with a raw option, then use the least significant color bit. It's near noise anyway since very few cameras can actually detect 10/12 bits/channel, there's no reference to go by and it's perfectly reasonable to share photos that way. Do an AES pass on the data so you're writing psuedo-random data, and I imagine it'd be rather hard to detect.