Steganography: Hide files inside other files

Encrypted files arouse curiosity anyway. Who can't resist the temptation to try to open them with the presumed password? Perhaps you should hide your secrets in innocent family photos or in your favorite song. You can hide files in other files in other files, which is also called steganography.

Tip 01: Steganography

There are three options to protect documents from prying eyes. You can make documents invisible, use a tool to encrypt the message that can only be read by someone with the code, or store your secret in a location that the uninitiated can ignore. The method of hiding information in an unusual place but in plain sight is called steganography. Steganos means hidden in ancient Greek, and "graffein" means writing.

secret tattoo

Steganography is as old as the road to Rome. As early as 440 BC, King Horodotus had a slave shave his head and then tattoo a message on his skull. Once the slave's hair grew back, he smuggled information about an imminent Persian invasion through enemy lines through his tattoo. The same ingenuity can be found in the TV series Prison Break where the main character had the blueprints of and vital information about a prison tattooed on his body in order to escape.

Tip 02: Counting on noise

Digital files are ideal for hiding in other digital files. That's because the human senses are limited. Certain small imperfections, say noise, we cannot perceive. In all file formats prone to noise, it is therefore possible to hide stowaways. Media files are ideal for steganographic conversion because they are usually large files. Nobody notices when in a picture the blue value of every hundredth pixel corresponds to a letter of the alphabet, because the human eye sees no difference between the blue with the values ​​Red 0, Green 23, Blue 127 and the blue with the values ​​Red 0, Green 23, Blue 128.

Tip 03: Hide a book

After 15 minutes of instruction, a 12-year-old child can hide a five-page text or a blueprint in a digital photo and upload that image to a website. The visitor who knows which photo is involved and who has the knowledge and software to distil the hidden information from the photo, reveals the secret file after a few seconds. The information to be hidden can be a complete book, it does not have to be a small file. We put it to the test and hid the complete works of Shakespeare, a 2,191 page PDF file, in a picture of the English master with SilentEye. We didn't see any difference in the photo.

Steganography is a nightmare for security agencies

Tip 04: Terrorist drug

Steganography is a nightmare for security agencies. After all, nobody expects vital information to be hidden in a photo. In the book Gideon's Spies – The Secret History of the Mossad, the author explains how terrorist organizations such as Al-Qaeda and ISIS communicate with their members about attacks through text messages hidden in pictures of listings on eBay, in online classifieds or in images on porn sites. It is very difficult to find out which photos are hiding messages… you have to look for the proverbial needle in a haystack. In addition, you need to know what technique the sender used to hide the message.

To know if an image contains a secret file, you must either have the original image so that you can compare the size of the file, or you must have a check digit of the original. Only then can you discover discrepancies at the level of individual bits. It is impossible to tell the difference with the naked eye.

Tip 05: Steg analysis

If you have discovered a suspicious photo, you still need to open and decrypt the file with the correct password. This process is called gradient analysis. Again, there are different programs that all use a different technique to encrypt and decrypt the data. They differ depending on the type of file you want to hide something in. For example, there are programs that are intended to store information in graphic files and other programs are better at storing information in audio files.

The most commonly used technique to hide files is Least Significant Bit

Tip 06: Unimportant bit

The most commonly used technique for hiding files in a carrier is that of Least Significant Bit (LSB). The color of each pixel in an RGB image is defined by three bytes, each byte consisting of 8 bits. However, not all bits are essential for determining the final result. By changing the least important bit of each byte, you can hide three new bits in one pixel. Thus, instead of bluntly adding the bits of the new file to the existing bits of the carrier, the software will look for bits that are unimportant to the carrier. As a result, few bits are added in the LSB method, mainly bits are replaced.

Campina case

A historical case of steganography in the criminal history of the Netherlands is the Campina case. Someone threatened to poison the yogurt of this brand via anonymous messages. The blackmailer sent Campina the instructions and the software with which the company had to package the account number and a pin code steganographically in the image of a red second-hand Volkswagen Golf. The dairy manufacturer would publish that photo among the other car advertisements on the website of (the then existing) Autotelegraaf.nl. The perpetrator happily surfed via an anonymous account to the website on which the advertisement was placed and extracted the bank details from the photo. He was caught anyway. It turned out to be an employee of the company. He got four years.

Tip 07: Xiao Steganography

Enough theory for now, let's put the old, trusted stegatool Xiao Steganography to the test. This mini application is free and intended to package files into bmp images or wav sound files. That is also the biggest disadvantage of this program, because these file formats are becoming less common. To actually hide a file inside another file, you don't have to do much other than follow the wizard. With the button Add files you first choose a carrier, so that is the photo or the sound file. Then choose the file you want to hide in it, which can only be a txt file or png image.

Why bmp?

A bmp image is much bulkier than a jpg image of the same dimensions. This means that a bmp file contains many more bits in which something can be changed without deteriorating the visual quality. A jpg file is heavily compressed and therefore contains much fewer bits. You can hide files in jpgs, but they are much more sensitive to loss of quality.

Recent Posts