Have you ever heard of the idea of hiding something in plain sight? Today’s security-conscious environment is the ideal place for trying out new techniques for hiding sensitive information. After all, we need to stay one step ahead of hackers and would-be data thieves!

That’s why we are about to explore the concept of steganography, including what is steganography, what techniques it entails, and how it’s used in today’s cybersecurity efforts. So, let’s begin with a definition.

What Is Steganography?

Steganography is a means of concealing secret information within (or even on top of) an otherwise mundane, non-secret document or other media to avoid detection. It comes from the Greek words steganos, which means “covered” or “hidden,” and graph, which means “to write.” Hence, “hidden writing.”

You can use steganography to hide text, video, images, or even audio data. It’s a helpful bit of knowledge, limited only by the type of medium and the author’s imagination.

PGP in Cyber Security With Modules From MIT SCC

Your Cyber Security Career Success Starts Here!View Course
PGP  in Cyber Security With Modules From MIT SCC

Although the technique is centuries old, it’s still useful enough to make us justifiably pose the question, “What is steganography in cyber security?” But before we explore its uses in today’s cyber security field, let’s get more acquainted with the overall concept by looking at some steganography examples, then wrap things up with a fun little exercise. 

What Are Some Examples of Steganography?

Steganography breaks down into five types:

  • Text Steganography

This type of steganography involves using white spaces, capital letters, tabs, and other characters.

  • Audio Steganography

Audio steganography is used with digital audio formats like WAVE, MIDI, and AVI MPEG, using echo hiding, parity coding, and LSB coding, to name a few.

  • Video Steganography

Video steganography deals with video formats like H.264, Mp4, MPEG, and AVI. In addition, it employs pictures to carry concealed data.

  • Image Steganography

Pixel intensities are employed to hide information.

  • Network Steganography

Network protocols use TCP, UDP, and IP as carriers.

Text steganography is arguably the easiest type to work with. Obviously, writing is a simple exercise and doesn’t require special skills or tools. People can use text steganography in many everyday uses. Steganography, however, has specific conditions of its use. For instance, everyone in the message chain, for example, must be aware that there’s a hidden message. The secret would be lost if the reader is unaware of the code! Remember to let the recipient know that they should be looking for the embedded message. Eventually, they’ll find it.

Steganography also covers certain instances of watermarks embedded in images. Anyone who has worked with online photo collections has encountered watermarks on licensed images. Though not all such watermarks are considered steganography, some steganographic techniques store watermarks in data.

Now for that promised fun exercise. Take a look at the previous paragraph. There’s a top-secret message embedded in it! Can you find the message? If not, you’ll find the answer at the end of the article!

Other steganography examples include:

  • Writing with invisible ink
  • Embedding text in a picture (like an artist hiding their initials in a painting they’ve done)
  • Backward masking a message in an audio file (remember those stories of evil messages recorded backward on rock and roll records?)
  • Concealing information in either metadata or within a file header
  • Hiding an image in a video, viewable only if the video is played at a particular frame rate
  • Embedding a secret message in either the green, blue, or red channels of an RRB image

Steganography can be used both for constructive and destructive purposes. For example, education and business institutions, intelligence agencies, the military, and certified ethical hackers use steganography to embed confidential messages and information in plain sight.

On the other hand, criminal hackers use steganography to corrupt data files or hide malware in otherwise innocent documents. For example, attackers can use BASH and PowerShell scripts to launch automated attacks, embedding scripts in Word and Excel documents. When a poor, unsuspecting user clocks one of those documents open, they activate the secret, hidden script, and chaos ensues. This process is a favored ransomware delivery method.

FREE Course: Introduction to Cyber Security

Learn and master the basics of cybersecurityStart Learning
FREE Course: Introduction to Cyber Security

Steganography has a huge advantage over standard cryptographic methods. When someone uses cryptography, they’re passively calling attention to the fact that there’s secret information present in the medium in question. Thus, the very presence of encrypted data tells intruders, “Aha! Here’s some secret information!” Steganography, however, hides the sensitive information in an otherwise innocuous document. Therefore, would-be hackers have no idea that there is anything secret and enticing in the first place.

How Steganography Differs From Obfuscation

Obfuscation, like steganography, is defined as hiding information, but the big difference is that the former method deliberately makes the message hard to interpret, read, or decode. That makes sense since to obfuscate means to render something unclear, unintelligible, or obscure. 

Cyber-security professionals employ obfuscation to protect sensitive information such as programming codes. The process makes it difficult for hackers to read the codes in the first place, which in turn prevents them from exploiting the data. 

To sum it up, while steganography is a form of obfuscation, the reverse doesn’t apply. 

Steganography Techniques Explained

Now that we have a better grasp on what steganography is, what forms it comes in, and who uses it, let’s take a closer look at a sample of the available techniques.

  • Secure Cover Selection

Secure Cover Selection involves finding the correct block image to carry malware. Then, hackers compare their chosen image medium with the malware blocks. If an image block matches the malware, the hackers fit it into the carrier image, creating an identical image infected with the malware. This image subsequently passes quickly through threat detection methods.

  • Least Significant Bit

That phrase almost sounds like a put-down, doesn’t it? However, in this case, it refers to pixels. Grayscale image pixels are broken into eight bits, and the last bit, the eighth one, is called the Least Significant Bit. Hackers use this bit to embed malicious code because the overall pixel value will be reduced by only one, and the human eye can’t detect the difference in the image. So, no one is even aware that anything is amiss, and that the image is carrying something dangerous within.

  • Palette-Based Technique

Like the Least Significant Bit technique, the Palette-Based Technique also relies on images. Hackers embed their message in palette-based images such as GIF files, making it difficult for cybersecurity threat hunters or ethical hackers to detect the attack.

CEH (v10) - Certified Ethical Hacking Course

Get trained on advanced methodologies hackers useView Course
CEH (v10) - Certified Ethical Hacking Course

Let’s Check Out Some Popular Steganography Applications

There are many kinds of dedicated software applications available to facilitate steganography. Here is a partial list of the more well-known steganography applications:

  • Image Steganography: This application is a JavaScript tool used to hide images in other image files
  • OpenStego: This program is an open-source steganography tool
  • Xiao Steganography: Xiao hides secret files in WAV or BMP files
  • Crypture: This application is a command-line tool used to conduct steganography
  • NoClue: This application is an open-source tool that hides text information in both video and image carrier files
  • Steganography Master: This app is an Android-based open-source tool that can hide text in an image and gives you a decoding tool to pull hidden text messages from image files. It supports multiple image formats (BMP, JPG, ICO, PNG)
  • Steghide: Steghide is an application that hides data in different audio and image files, including JPEG, BMP, AU, and WAV
Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Check out the course preview now!

Are You Interested in a Cyber Security Career?

Whether you’re interested in steganography or not, cyber security is a field with a lot to offer for someone who wants an exciting challenge mixed in with a great career that offers security and excellent benefits.

Simplilearn’s Post Graduate Program in Cyber Security is designed to teach you the skills you need to become an expert in the fast-growing field of cyber security.  The course offers you a comprehensive approach to protecting your organization’s infrastructure and securing its data, including topics like cloud-based security, risk analysis and mitigation, and compliance. In addition, you will gain a range of skills from foundational to advanced via industry-leading cyber security certification courses.

This course is well-suited for professionals who want to upskill since it helps you stay abreast of all the latest cybersecurity trends. However, if upskilling is your priority, you should consider widening your cybersecurity-related skill range by taking Simplilearn’s CISSP Certification Training Course and developing your expertise in defining IT architectures and in designing, building, and maintaining secure business environments, using globally approved information security standards.

According to Indeed, Network Security Engineers in the United States earn about USD 114,060 a year. Meanwhile, in India, a Security Analyst who has cyber security skills can earn an average of ₹491,643 per year, according to Payscale.

And Now, the Hidden Message Solution…

As for the mystery message above, read it again, but take note of the first letter of each sentence. That’s an example of steganography. Can you see the top-secret message now? That paragraph is a form of an acrostic, a composition with a hidden word or phrase, and is just another form of steganography.

So, what are you waiting for? Check out Simplilearn today and take that initial step to an exciting and rewarding career in the ever-growing and much-in-demand world of cybersecurity professionals!

About the Author

SimplilearnSimplilearn

Simplilearn is one of the world’s leading providers of online training for Digital Marketing, Cloud Computing, Project Management, Data Science, IT, Software Development, and many other emerging technologies.

View More
  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.