tag:blogger.com,1999:blog-21633793.post6571833627022579705..comments2023-12-12T03:19:42.467-05:00Comments on CYB3RCRIM3: Steganography?Susan Brennerhttp://www.blogger.com/profile/17575138839291052258noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-21633793.post-14564181009619266152011-04-23T19:27:19.907-04:002011-04-23T19:27:19.907-04:00It's a really interesting topic, since I'v...It's a really interesting topic, since I've never really heard of any type of steganography coming up in court cases. But like Jim Wingate said, its probably because it's not often looked for. However, another problem with this exists because it is extremely difficult to even detect stego. While a few tools exist out there, like StegDetect, they are nowhere near perfect, and have many problems. They usually only return a percent of how likely stego has been used.<br /><br />-<a href="http://technology-flow.com" rel="nofollow">Kevin</a>Kevinhttp://technology-flow.comnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-66903626421746665322010-03-02T13:52:39.820-05:002010-03-02T13:52:39.820-05:00I believe it will become more of a problem in the ...I believe it will become more of a problem in the future. There are already narco-traffickers like Juan Carlos Ramirez Abadia hiding information about his drug deals in pictures of Hello Kitty (Ref: http://afp.google.com/article/ALeqM5ieuIvbrvmfofmOt8o0YfXzbysVuQ). Also, I believe insiders with access to sensitive information such as PHI and PII and Intellectual Property, etc. will be driven to find more technically sophisticated ways to hide information as network security tools such as Data Loss Prevention Systems and eDiscovery tools continue to get better. I think the fact there are 7,970,000 hits when you Google "information hiding" to be quite alarming. So my theory remains that use of steganography to steal information or otherwise conceal evidence of crminal activity is much more widespread than anyone knows and no one really knows because so few are even willing to try to look for it!Jim Wingatehttp://www.sarc-wv.comnoreply@blogger.comtag:blogger.com,1999:blog-21633793.post-2159194307329303192009-12-31T12:42:33.792-05:002009-12-31T12:42:33.792-05:00Thank you . . . that all makes a lot of sense.
...Thank you . . . that all makes a lot of sense. <br /><br />I suspected it might, in part, be because there's usually no need to look for stego because my sense is run of the mill cybercriminals, and especially the child porn types, aren't using it. And if, as you say, there's lots of evidence in plain view, why bother with stego?<br /><br />I wonder if it will become more of a problem in the future . . . as criminals become more sophisticated about all of this.Susan Brennerhttps://www.blogger.com/profile/17575138839291052258noreply@blogger.comtag:blogger.com,1999:blog-21633793.post-32064470608816027162009-12-31T11:22:44.039-05:002009-12-31T11:22:44.039-05:00I suggest the reason steganography has not come up...I suggest the reason steganography has not come up in any legal cases is because CF examiners do not routinely conduct steganalysis in the course of their examinations. Another reason could be that they don't need to look for hidden evidence because they find enough in the clear in the course of conducting a traditional computer forensic examination.<br />I also suspect that even when use of steganography is revealed, prosecutors have their investigators and CF examiners find another way to get the evidence so they don't have to try to explain steganography to a jury ... which may be construed by some as potential evidence tampering because of the very nature of some steganography techniques to modify files. For example, the Least Significant Bit (LSB) image encoding technique modifies the LSBs of the carrier image in order to embed the hidden information.<br />Another reason steganography is not detected more frequently is because the general consensus among law enforcement computer forensics examiners seems to be that the "criminals we deal with are too stupid, too lazy, or both, to use steganography. <br />Finally, another reason steganograpghy is not detected more often is because no one believes anyone is using it, so why waste time looking for it. It's a classical paradox.Jim Wingatehttp://www.sarc-wv.comnoreply@blogger.com