Course 36 - Windows Forensics and Tools | Episode 14: A Guide to Steganography and OpenStego - CyberCode Academy

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Imagine you need to send like a highly sensitive secret to.

Speaker 2 (00:03):
Someone, right, something really important exactly.

Speaker 1 (00:06):
A piece of information that you absolutely cannot risk falling
into the wrong hands. Now, you could lock it in
a state of the art digital safe, encrypted with the
most complex passwords imaginable, and just send it on its way, which.

Speaker 2 (00:18):
Is what most people would do.

Speaker 1 (00:19):
Yeah, but here's the problem. The moment you do that,
everyone who looks at that digital safe knows you have
a secret.

Speaker 2 (00:27):
They might not know what the secret is, but you
know they definitely know it exists.

Speaker 1 (00:31):
Right, So what if instead you could hide that secret
in plain sight? What if you could tuck it away
inside a completely ordinary, boring digital picture of a cat.

Speaker 2 (00:42):
It's a completely different approach. It really changes the dynamic
of how we secure information because when you hide something
in plain sight, you're removing the target.

Speaker 1 (00:51):
From your back, right, You're blending in.

Speaker 2 (00:53):
Exactly, You aren't just protecting the data itself, you are
protecting the very fact that the data even exists at all.

Speaker 1 (01:00):
Today, we are taking a deep dive into the fascinating
world of staganography. We are going to demystify what this
concept actually is and explore how it differs from traditional.

Speaker 2 (01:13):
Encryption, and we're going to break it down, yep.

Speaker 1 (01:15):
Step by step, we're going to walk you through exactly
how you can hide your own data within digital files
without anyone noticing.

Speaker 2 (01:24):
It really is a subject that feels like it belongs
in a spy novel, honestly, but it's a very real,
very accessible technology that operates all around you every single day.

Speaker 1 (01:35):
So let's start with the word itself, because I think
the origin gives us a huge clue about the philosophy
behind it.

Speaker 2 (01:41):
It definitely does.

Speaker 1 (01:42):
The word steganography comes from ancient Greece. It's a combination
of two words. You've got staganose, which means hidden or covered,
and the Greek root graph, which means to write.

Speaker 2 (01:51):
So literally translated, we are talking about hidden.

Speaker 1 (01:53):
Writing, hidden writing. I love that, and.

Speaker 2 (01:55):
That literal translation is the perfect foundation because long before
we had computers, ancient rulers were using this exact concept.

Speaker 1 (02:03):
Oh really well.

Speaker 2 (02:04):
One of the most famous historical examples comes from an
ancient Greek leader who needed to send a secret message
to his son in law to initiate a revolt. Okay,
high sikes, very high stakes, and instead of sending a
coded scroll that could easily be intercepted. He actually shaved
the head of his most trusted servant.

Speaker 1 (02:23):
Wait what he shaved his head?

Speaker 2 (02:25):
Yeah, he shaved the servant's head, tattooed the secret message
directly onto his scalp, and then just waited for the
hair to grow back.

Speaker 1 (02:32):
That is incredible. So the messenger just walks right through
enemy lions looking completely.

Speaker 2 (02:36):
Normal, he did. I mean, the enemies might search his
bags or his pockets, but they wouldn't think to randomly
shave his.

Speaker 1 (02:41):
Head, right, why would they?

Speaker 2 (02:43):
Exactly? The secret was hidden within an ordinary, non secret carrier.

Speaker 1 (02:48):
Wow.

Speaker 2 (02:48):
So fast forward to today and digital steganography is essentially
defined as the technique of hiding secret data within an ordinary,
non secret file, so like a picture, an audio clip,
or a video, all in order to avoid detection.

Speaker 1 (03:02):
Got it. So the secret data is placed into this
normal looking file, it travels to its destination completely unnoticed,
and then it's extracted by the person who knows it's there.

Speaker 2 (03:12):
You've got it. That's the core loop.

Speaker 1 (03:14):
I do want to clarify the difference between this and cryptography, though,
because I feel like the two often get confused.

Speaker 2 (03:20):
Oh constantly.

Speaker 1 (03:21):
Yeah, if I am using cryptography, or you know, encryption.
It's like I'm shipping a heavy, locked iron safe through
the mail.

Speaker 2 (03:29):
That's a great analogy.

Speaker 1 (03:31):
Thanks, because even if the lock is mathematically unbreakable, the
channel of communication is just glaringly obvious. Everyone from the
postal worker to anyone looking at your front porch knows
you're shipping something highly valuable.

Speaker 2 (03:43):
And that visibility can be a massive liability. In the
digital world. An encrypted file or a secure message is
clearly identifiable. It basically screams to anyone monitoring the network, Hey,
I am a secret, right.

Speaker 1 (03:55):
But stechnography is entirely different. So you lock the message
in the unbreakable safe, and you disguise the safe to
look like a completely normal, boring postcard exactly.

Speaker 2 (04:04):
The postal worker looks at it and just sees a
tourist sending a greeting. The channel itself is disguised.

Speaker 1 (04:10):
This raises a question for me if the iron safe
is already unbreakable, like, why do I care if people
know I am shipping it?

Speaker 2 (04:17):
Well, the answer comes down to a concept known as
plausible deniability, and this is becoming really critical in modern
digital security. Okay, how so, imagine a scenario where an adversary,
whether that's a corporate spy, an authoritarian government at a
border crossing, or even just a malicious hacker, forces you
to reveal your passwords. Okay, if you have a hard

(04:39):
drive sitting there full of encrypted, locked files, there is
absolutely no way you can deny that you are hiding something.

Speaker 1 (04:46):
Because the encrypted data itself is undeniable proof that a
secret exists. If you refuse to hand over the password,
you're just caught in.

Speaker 2 (04:52):
Standoff precisely, But if you utilize steganography, there's no obvious
secure channel. If an adversary inspects your CA computer, all
they see are ordinary innocuous files.

Speaker 1 (05:03):
Like family pictures, audio clips, maybe some vacation videos.

Speaker 2 (05:06):
Exactly, just every day stuff. There's no way for them
to definitively prove that encrypted data exists inside those specific files.
And because of that, the owner of the data can
legitimately deny that they even possess a secret.

Speaker 1 (05:21):
Wow, because you can't be forced to hand over a
key to a safe that no one.

Speaker 2 (05:26):
Knows exists, that's exactly it.

Speaker 1 (05:28):
Does that mean we should just I don't abandon an
encryption and use steganography for everything?

Speaker 2 (05:34):
Oh no, definitely not In modern digital security, the two
are almost always combined.

Speaker 1 (05:39):
Okay, that makes sense.

Speaker 2 (05:40):
Yeah, using both together drastically improves the security of the information.
The content you want to conceal is first encrypted and
then it is incorporated into the innocuous cover file.

Speaker 1 (05:50):
Right, because if you just hide plaintext inside an image
and someone accidentally stumbles upon your hidden channel, yeah, your
secret is instantly exposed exactly.

Speaker 2 (05:59):
Anyone could just read it.

Speaker 1 (06:00):
But if it's encrypted first, they just find a lock
safe they still can't open.

Speaker 2 (06:05):
You've hit on the core strategy there. There are massive
advantages to layering them.

Speaker 1 (06:08):
So if we're combining them, how does a computer actually
physically hide a safe inside a postcard?

Speaker 2 (06:15):
It's pretty clever, actually, because if.

Speaker 1 (06:17):
I take a whole text document and shove it into
a photograph, my instinct is that the photo is just
going to break like, it's going to look like a glitchy,
corrupted mess to anyone who opens it.

Speaker 2 (06:27):
It does seem counterintuitive, I know, but it relies on
how digital files are structured at a microscopic level. And
it's important to note. You can hide almost any type
of data text, images, audio, inside almost any other type
of digital content, and.

Speaker 1 (06:42):
The resulting output the file that's carrying the secret. That's
called the stegotext.

Speaker 2 (06:45):
Right, Yes, the stegotext, and one of their most common
methods for creating stegotext is embedding a text file into
an image file. It uses a fascinating technique called least
significant bits or LSB.

Speaker 1 (06:58):
Okay, walk me through the math least significant bits, because
I am really struggling to visualize how adding data to
an image doesn't visibly alter the picture.

Speaker 2 (07:07):
Sure, Think about how a computer displays color. When you
look at an image on a screen. It is made
up of millions of individual pixels, and each pixel gets
its specific color from a combination of numbers representing red, green,
and blue the RGB values exactly In a standard eight
bit image, these color values range from zero to two

(07:28):
fifty five. So let's say you have a picture of
the sky and a specific blue pixel is represented by
the number two fifty five.

Speaker 1 (07:33):
Okay, so the computer is being told to display blue
at a maximum intensity of two fifty five.

Speaker 2 (07:38):
You got it. Now, your secret text file, let's say
it's a list of passwords, is ultimately just binary data.
It's just a long string of ones and zeros. The
stiganography algorithm takes the ones and zeros of your secret
message and uses them to slightly alter the least significant
bits of the image's color data.

Speaker 1 (07:55):
Wait, so what does that mean in practice?

Speaker 2 (07:57):
Well, it might change that blue pixels value from a
two fifty five down to a two fifty four.

Speaker 1 (08:01):
Oh wow, I see where this is going. Yeah, because
human biology cannot possibly perceive the difference between shade two
fifty five and shade two fifty four. To my eye,
it is the exact same.

Speaker 2 (08:11):
Blue sky exactly. To you, it's identical. But a computer
reads that tiny one digit difference as a piece of
hidden code that is wild. By spreading those microscopic tweaks
across thousands of pixels, you can encode an entire document
into the background noise of the image.

Speaker 1 (08:28):
So you are changing the physical digital makeup of the file,
but the result appears absolutely identical to the original image
to the naked eye.

Speaker 2 (08:37):
That's the magic of LSB.

Speaker 1 (08:39):
That is brilliant. It's essentially hiding information in the microscopic
shadows of the digital world. I know this isn't just theoretical, though,
How are people actually applying this pixel math in the
real world today?

Speaker 2 (08:52):
There are quite a few legitimate uses, actually, particularly for
protecting intellectual property. Online publishers and photographers frequently use staganography
to add digital water marks or trademarks to their media files.

Speaker 1 (09:04):
Right because if you put a giant, visible water mark
across a beautiful photograph, you completely ruin the art.

Speaker 2 (09:09):
Nobody wants a giant logo over a sunset, exactly.

Speaker 1 (09:12):
But if you hide your copyright information inside the microscopic
color variations of the pixels, you protect it silently. Yep.

Speaker 2 (09:19):
If someone steals the image and puts it on their website,
you can just download it, extract your hidden stago text,
and definitively prove it belongs to you.

Speaker 1 (09:27):
It's such an elegant solution for copyright enforcement.

Speaker 2 (09:29):
It really is. But as with all technology, malor developers
utilize these exact same mechanisms for malicious purposes too.

Speaker 1 (09:37):
Of course they do.

Speaker 2 (09:38):
Yeah, they use stiganography to obscure the transmission of malicious
code and bypass network security.

Speaker 1 (09:44):
But how does hiding code in an image bypass a firewall?
I thought firewalls scan everything that comes through.

Speaker 2 (09:51):
Well, firewalls and anti virus scanners generally look for obvious
known threats they scan files for specific signatures or hashes
associated with MOULA.

Speaker 1 (10:00):
Okay, so they're looking for a specific fingerprint, right.

Speaker 2 (10:03):
They do not have the processing power to run deep
mathematical analysis on the least significant bits of every single
cat picture or meme that an employee downloads. It would
just grind the network to a halt.

Speaker 1 (10:15):
That makes sense.

Speaker 2 (10:16):
So by hiding the malware taiload inside an innocuous looking image,
the malicious data just masquerades as harmless pixel data.

Speaker 1 (10:24):
It just slips right past the security perimeter.

Speaker 2 (10:26):
Exactly, and then a secondary script that's already inside the
network extracts the hidden payload and executes it.

Speaker 1 (10:33):
That is terrifyingly clever.

Speaker 2 (10:35):
It's a massive headache for cybersecurity professionals, for sure.

Speaker 1 (10:38):
So if this is manipulating data at the microscopic, single
pixel level, I'm assuming I can't just open ms paint
and type a password into a picture.

Speaker 2 (10:47):
No, No, you definitely can't do this by hand.

Speaker 1 (10:49):
So how are people actually pulling this off?

Speaker 2 (10:51):
You absolutely need specialized software. Steganography software performs several highly
complex functions behind the scenes. It handles the encoding, translating
your text into those binary ones and zeros. Second, it
keeps a precise mathematical map of exactly which pixels in
the cover file have been altered.

Speaker 1 (11:11):
Oh right, because if the software doesn't remember which specific
blue pixels it changed from two fifty five to two
fifty four, the hidden message is just lost in a
sea of millions of other pixels exactly.

Speaker 2 (11:22):
It would just be random noise. You'd never get it better.

Speaker 1 (11:24):
That mapping is critical, very critical.

Speaker 2 (11:27):
The software also handles encrypting the data before it's hidden,
and finally it provides the extraction mechanism to put the
text back together for the recipient.

Speaker 1 (11:35):
What's surprising to me is how accessible this software is.
You don't need a top secret security clearance or supercomputer.
There are proprietary tools, open source tools, and even web
based applications available to pretty much anyone.

Speaker 2 (11:49):
Oh yeah, the barrier to entry is virtually nonexistent today.
For instance, there's a tool called Joosteganography which is optimized
for hiding secret files within BMP images or WAV audio file.

Speaker 1 (12:02):
And there's also one simply called image staganography, which is
just a JavaScript tool. Right.

Speaker 2 (12:07):
You don't even have to download a heavy application for
that one. It just runs right in the browser environment
and lets you hide images inside other image files.

Speaker 1 (12:14):
That's crazy.

Speaker 2 (12:15):
And for those who prefer working in a command line interface,
there is a tool called crypture. And then, of course
you have comprehensive open source programs like open steago.

Speaker 1 (12:24):
Let's actually put ourselves in the driver's seat with open Stego.
I want to walk through how this workflow feels for
a user.

Speaker 2 (12:31):
Okay, let's do it.

Speaker 1 (12:32):
Let's say I've got a standard Windows ten setup sitting
on my desktop. I have an innocent picture of a cat,
and we'll just call it image one dot png. I
also have a highly sensitive text file named password dot
txt that I need to hide.

Speaker 2 (12:44):
So you have your cover file, the image, and your
message file the text. The process starts by navigating to
the open stego website and downloading the standard executable file.

Speaker 1 (12:54):
This normal download yep.

Speaker 2 (12:56):
You run the installer except the terms, and launch the application.
There's no complex server setup or anything like that. It
functions like any normal desktop application.

Speaker 1 (13:04):
Okay, So I open the program and I'm looking at
the interface. I see a high data tab. Yeah, I
assume I just load up my files? You do?

Speaker 2 (13:11):
The software simply asks you to assign your inputs. You
browse your computer and assign password dot txt as a
message file you want to hide. Then you assign your
cat picture image one dot png as the cover file
your disguise. Essentially.

Speaker 1 (13:25):
Okay, so my innocent picture is loaded, my secret text
is loaded, and the software essentially asks me for a master.

Speaker 2 (13:31):
Key at this point, right, yes, And this is where
the encryption layer we discussed earlier comes into play.

Speaker 1 (13:36):
You don't just inject the text raw, right.

Speaker 2 (13:39):
You select a strong encryption algorithm right there from a
drop down menu, and you input a secure password. By
doing this, you are ensuring that even if someone somehow
discovers the hidden channel, they still need that master key
to read the contents.

Speaker 1 (13:53):
I type in my password, name my output file image
two dot png, and click hide data.

Speaker 2 (13:59):
That's it.

Speaker 1 (14:00):
Whare just takes over.

Speaker 2 (14:01):
The software handles all that complex pixel math we talked about.
It encrypts the text, injects it into the cat picture,
and spits out a brand new image file onto your desktop.

Speaker 1 (14:10):
How long does that take?

Speaker 2 (14:11):
It takes mere seconds?

Speaker 1 (14:12):
Wow.

Speaker 2 (14:12):
And to reverse the process, say you email image two
dot png to a colleague, they simply open open Stego
on their end, Navigate to the extract data tab and
load the image.

Speaker 1 (14:22):
So they pick an output folder, type in the master
password we agreed upon, and click extract.

Speaker 2 (14:27):
Yep, and just like that password, dot txt materializes on
the computer, pulled right out of the digital shadows of
the photograph.

Speaker 1 (14:35):
It is a brilliant, seamless process.

Speaker 2 (14:37):
Very seamless.

Speaker 1 (14:38):
But hold on, I'm stuck on something here. I get
the pixel math. I understand changing a two fifty five
to a two fifty four, But we can't just defy
the laws of digital physics. Yeah. If I take a
five megabyte text file full of data and I shove
it into a two megabyte image of a cat, doesn't
the image just get heavier? How does this cybersecurity expert

(15:01):
not look at a seven megabyte cat picture and immediately
know something is wrong?

Speaker 2 (15:05):
Ah, you've zeroed in on the fatal flaw of this technique.

Speaker 1 (15:09):
I knew there had to be a catch.

Speaker 2 (15:10):
You cannot defy digital physics. While the image looks visually identical,
that extra data has to go somewhere, and it manifests
an anomaly in the file size.

Speaker 1 (15:19):
So it's literally like mailing a regular sized postcard, but
the postcard mysteriously weighs five pounds exactly postal worker is
going to notice.

Speaker 2 (15:26):
It is the exact same principle. The newly generated image
image two dot P and e will be physically larger
in terms of bytes than the original image one dot
P and e. So in a forensic investigation, experts aren't
relying on their eyes to look for visual glitches. They
are utilizing statistical analysis and examining file properties.

Speaker 1 (15:45):
So if a digital forensics tool flags a low resolution
basic image that somehow takes up fifteen megabytes of sword space,
that is a massive red flag.

Speaker 2 (15:54):
Exactly. That discrepancy tells the investigator, Hey, this file is
carrying extra weight.

Speaker 1 (15:59):
It's hiding something, and that file size anomaly is the
thread investigator's pull to unravel this deganography.

Speaker 2 (16:06):
Yes, it directs their attention, telling them exactly which files
on a massive hard drive they need to run through
extraction tools or brute force cracking attempts.

Speaker 1 (16:14):
It's like a constant cat and mouse game between hiding
the data seamlessly and managing the physical footprint at least
behind it absolutely is well, we have covered a massive
amount of ground today. We traveled from ancient Greek messengers
with tattooed scalps to the microscopic manipulation of digital color values.

Speaker 2 (16:32):
We really spend the timeline on this one.

Speaker 1 (16:34):
We did. We explored why the concept of plausible deniability
makes s taganography distinct from and highly complimentary to traditional encryption.
We walk through the experiential reality of executing this using
accessible tools like open stago, and finally, we looked at
how forensic experts catch this invisible data by hunting for
those suspicious file sizes.

Speaker 2 (16:55):
It's a hidden layer of the digital environment that forces
you to reconsider the nature of the data you interact
with every single day.

Speaker 1 (17:02):
Speaking of which, to reinforce what you've learned today, we
have a quick review question for you.

Speaker 2 (17:07):
Let's see if they are paying attention.

Speaker 1 (17:09):
Think back to the beginning of our deep dive. What
does the word staganography literally mean? Is it a hidden file,
B hidden writing, C hidden image or D hidden rock?

Speaker 2 (17:22):
Take a second.

Speaker 1 (17:23):
Okay, if you guess B hidden writing, you are absolutely correct.
Deriving from the Greek words steganos and graph, it is
the ancient art of hiding messages in plain sight, entirely
updated for the digital age.

Speaker 2 (17:34):
Perfectly said, we.

Speaker 1 (17:35):
Want to leave you with a final thought to mull
over as you go about your day. The next time
you're scrolling through a sea of memes, photos, and audio
clips online, ask yourself, are you just looking at everyday,
ordinary media.

Speaker 2 (17:46):
Or are you staring at thousands of invisible locked safes
passing by in plain sight.

Speaker 1 (17:52):
Thanks for taking this deep dive with us.

All Episodes

Course 36 - Windows Forensics and Tools | Episode 14: A Guide to Steganography and OpenStego

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

iHeartRadio 24/7 News: The Latest

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Course 36 - Windows Forensics and Tools | Episode 14: A Guide to Steganography and OpenStego