Are you Helping Terrorists through Stego Videos?

Cyber terrorists have started exploiting Steganography as a gear to blast malicious contents beyond borders to spy on our digital habits like internet browsing history, device locations, standby timings, national secrets, critical defence strategies, banking data, personal records, telephonic conversations, SIM cards, photos and multimedia files stored in device or memory cards, social media profiles, mobile app download patterns, etc. Reetwika, a cybersecurity consultant, tells us about the malicious intent and how we can protect ourselves from it, in the weekly column. A Different Truths exclusive. 

Nowadays, it’s awfully common to receive, download and forward multimedia files through social chatting networks, especially WhatsApp and Facebook messenger. But have you ever wondered whether these files are 100% genuine? Are they really what you see on screen? What if they contain malicious files hidden by terrorists and you are just helping them to spread within your network? Why will someone waste his valuable time, effort, resource, talent and money to entertain you just for free? Do give a thought.

Steganography, coined from two Greek words – ‘Steganos’ meaning ‘covert’ and ‘Graphein’ meaning ‘writing’, is an ancient secret messaging technique popularly used by messengers to conceal data within another data in such a way that it can easily pass through a reader’s eye without notice. Either of the hidden message or its container can be of any multimedia file type – rich text, image, audio or video. It’s said that during World Wartime, it was first masterminded by a Greek spy and since then it has been in extensive practice by various surveillance agencies for exchanging confidential national information through stego-files. 

Unfortunately, with the rise of digital economy, cyber terrorists have started exploiting Steganography as a gear to blast malicious contents beyond borders to spy on our digital habits like internet browsing history, device locations, standby timings, national secrets, critical defence strategies, banking data, personal records, telephonic conversations, SIM cards, photos and multimedia files stored in device or memory cards, social media profiles, mobile app download patterns, etc. 

As per a recent study, more than 85% of all such AV clips are infected in some or the other way. Special thanks to social media addicts like us, who unknowingly help the pranksters reaching a wider target by downloading, viewing and forwarding their hidden spyware to our colleagues, friends, and family who might be using the same device to access their official and personal accounts. 

Many people confuse Steganography with Cryptography. However, there is a stark difference in their applications. Cryptography is used for secure communications between sender and receiver where only the receiver with the key can decode the message. The encrypted message looks so different from original that anyone can easily differentiate between a ciphertext (encrypted) and a plain text (unencrypted), but it is literally impossible to detect a stego-file in naked eyes because Steganography is applied when the sender does not want anyone to notice that there are hidden messages embedded inside a data container. 

In this column, I will take you through three popular Steganography techniques and how you may avoid becoming a victim. Earlier, linguistic (or text) Steganography was very popular via Morse code, telegraph, and courier services, but nowadays, it’s rarely in use. In this socially connected multimedia loving world, mostly three variants are predominant now – Image Steganography, Audio Steganography, and Video Steganography in increasing order of complexity and possible devastation. 

Image Steganography 

Human eyes are very sensitive to brighter images while our optical receptors often miss minute changes in ‘hue’ and ‘saturation’ components of an image. Innumerable digital photo editing applications are available these days to beautify pictures by optimising the image attributes like brightness, contrast, sharpness, hue, saturation, red-eye, noise, aspect ratio and colour schemes. That’s where stego-champs play the foul game. 

With the help of these softwares and a simple code (or by directly using a GUI based freeware tool like Invisible Secrets, Blowfish, etc), they modify the ‘hue’ and ‘saturation’ by downsampling the chroma components of the image in such a way that the pixel intensity gets reduced. The elasticity thus created is utilised to embed hidden files into the picture. There is hardly any aesthetic difference between the original and Stego-image for normal human eyes to detect the camouflage. 

Image file formats which are prone to Steganography are Bitmap, JPEG, PNG, and GIF of which the latter two support lossless form of data compression, with least chance of detection even with the help of high-end Steganalysis tools.

Audio Steganography 

It is almost impossible to spot audio distortions by normal human ears unless you are exceptionally observant of all the notes. Audio processing softwares are easily available over the internet where we can adjust the various acoustic components like waveform, timeline, DC offset, noise, speed, start and end time, data sections, fading in and out, equalisation, reverb, etc.  

With the help of these audio streamers along with a Java code (or by simply using a tool like MP3Stego), the original clip is first heavily compressed to insert data inside the intermediate channels by subtly increasing the byte sampling rate per microsecond. The least significant bit is then transformed and pushed to the header file in such a way that the modification goes undetected. The altered file appears like an audio clip with an inbuilt echo, barely noticeable to human ears. 

Audio file formats which are heavily susceptible to Steganography are WAV, BWF, MP3, FLAC and DST of which the last three support lossless audio codec, which can even pass through specialised Steganalysis tools.

Video Steganography 

This is the most critical of all the Steganography techniques and is, of course, the toughest to crack even using state-of-the-art Steganalysis tools. The complexity shoots up due to three-dimensional container possibilities – video, audio and data streams. If any combination of these components of the original video is manipulated, thousands of files could be masked inside the clip which makes it the most difficult of all methods. 

Many video editing applications are available with free or trial licenses where users can edit attributes like filter, colour, noise, speech, background sounds, inline text, coding, frames, processing rate, streaming, pixel density, codec, motion vector etc. In addition to the GUI based keyboard, it only requires a simple computer program (or a web app like OpenPuff) to embed a large number of files inside a small video clip.   

Video file formats which are largely vulnerable to Steganography are FLV, H.264, FFmpeg, AVI, MOV, MP4 and MPEG of which the latter four support lossless video compression, thus enabling invisibility to Steganalysis tools. 

Preventions 

Let me share some simple tips following which you can easily avoid becoming a Stego victim. However, steganography detection remains one of the most challenging hurdles of world’s top-notch data scientists and forensic experts even today. 

Lower the file size, higher is the chance of manipulation. So, try to avoid opening unusually small audio/video clips (especially which are less than 15 MB in size). You may verify the normal size of a video file clicked by your iPhone or a digicam. 

Avoid using built-in Java devices as multimedia files can be more easily manipulated in Java-based platforms. 

Keep auto download option disabled for multimedia files wherever applicable (ex: Whatsapp, Facebook, etc). Choose to open only those you trust. 

Don’t download and circulate free music, images, and videos from unidentified websites. 

Don’t open animation clips (especially GIF format) and puzzles with multiple combinations (particularly Cicada3301 and Sudoku) if you are not absolutely sure of its source. 

Avoid using pirated softwares, freewares or open source applications as they often come with a stego-worm embedded within the setup files. Once you run and configure the program, the malicious code gets covertly installed in your operating system’s program files. 

Bitmap images are comparatively safer of all the popular image formats as BMP manipulations are easily detectable. 

WAV is the most secure of all the available audio formats as it does not support data compression compared to an MP3 file format. 

Avoid using Unicode keypads (example – regional language apps like Avro, Lipikaar, Farsi, etc) specifically with Zero-Width Joiner (ZWJ) and Zero-Width Non-Joiner (ZWNJ) character sets. There is hardly any visual difference with plain text typed in ASCII characters (normal English letters & digits), but certain Windows fonts can identify the hidden messages written in Unicode. (You may try this out in MS Word if you have any of the Unicode keypads already installed.) 

If you are using internet through Wireless LAN, beware of silent installation of HICCUPS system (Hidden Communication System for Corrupted Networks). You may install a licensed version of Control Threat Removal (CTR) plugin available online and offline from trusted vendors, in your device to reduce the risk of shared digital contents. This will be very handy if you are using Google cloud platforms accessing critical multimedia rich documents. 

Above all, it’s an earnest request to all my dear readers, please refrain yourself from downloading, opening, enjoying and sharing random multimedia files floated through WhatsApp, Facebook, YouTube, Vimeo, Piracy websites etc if you are not 100% certain of its origin, particularly if you are accessing your official accounts from the same device. It can be severely devastating if you or anyone in your social network hold an accountable designation at an organisation with legitimate permissions to access critical data. It may lead to irrecoverable loss to you, your family, organization, nation or the whole world at large. 

You never know what that file actually contains within it. It might look like an attractive image, invaluable quotation, tuneful music, funny animation or amusing video, but in the backend, the creator may have implanted deadly sniffers, malwares, spywares, backdoors, ransomwares or any devastating files for that matter. As a responsible global citizen and a diligent technology user, let us take a pledge to befool the ultra-techie cyber pranksters by putting a stop to circulating their lucrative stego-files amongst our friend circles. Perhaps that will be our biggest patriotic gift in this era of cyber warfare. 

©Reetwika Banerjee 

Photos from the Internet

#Steganography #Malware #Spyware #Cryptography #Bitmap #JPEG #PNG #GIF #SIMCards #Software #CyberWarfare #CyberSecurity #CoverStory