Small Business Attack – Steganography
Steganography is talked about a lot in the security field, but not much outside of it. Though there are many forms of varying complexity, at it’s core all you need to know that steganography incolves hiding data inside of other data. It is commonly used with pictures, but it can be applied to pretty much any file. Any file that you may need to use in your business could be used as a conduit for other data.
Take, for example, this photo, which is on your website (maybe you sell bone adhesives, I don’t know):
Suppose that you had some top secret data that you wanted to hide (clearly highly confidential):
An attacker could use one of many tools to embed the highly confidential image within the safe one, and most people would be none the wiser. For example:
(For the technically inclined, I used stegotools and the last 2 bits to hide the image. Try it out if you like.)
It’s important to realize that this example is highly contrived. In the real world, attackers can use any file at all and any transport mechanism:
- Logos on a web site
- Press releases emailed out
- Financial documents on CD
If you have any confidential data at all, and any way to communicating with the public, the data can be leaked. How can you protect yourself?