What is Steganography and Why Should Investigators Care?
Ron Alvarez
IP Investigations and Protection Blogger - Founder and Editor of IP Probe-Blog
*Previously published on my blog:?IPProbe.Global
A recent BBC article titled, “Industrial Espionage: How China Sneaks Out America’s Technology Secrets,” has introduced me to the term “steganography.”
The article alludes to the recent sentencing of an ethnic Chinese, former GE employee for trade secrets theft.
Here's an excerpt from the BBC article:
“According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
“It was a technique called steganography, a means of hiding a data file within the code of another data file. Mr Zheng utilised it on multiple occasions to take sensitive files from GE.”
"Background to the Investigation:
"19. From in or about November through in or about December 2017, GE Power discovered that a large number of encrypted files had been saved on ZHENG's work computer. The files were encrypted using a program called AxCrypt, which is a program that is not provided by GE Power to its employees.
"Following GE Power's discovery of the encrypted files on ZHENG's GE-issued computer, GE Power installed monitoring software in an attempt to determine what information he was encrypting, and what he was doing with the information ( e.g., transferring it elsewhere).
领英推荐
"20. During the process of monitoring ZHENG's activities on his computer(s), GE Power discovered that on or about July 5, 2018, ZHENG moved approximately 40 encrypted files to a "temp folder" on his company-issued desktop computer located in his dedicated workspace at GE Power.
"GE Power determined that the files related to sealing and optimizing turbine technology - information that GE considers to be proprietary and secret. ZHENG used 7 Case 1:19-cr-00156-MAD Document 25 Filed 04/18/19 Page 8 of 31 "steganography" (i.e., a means of hiding a data file within the code of another data file) to remove the files from GE Power's facilities.
"Through the steganography technique, ZHENG placed the aforementioned electronic files into the binary code of a separate electronic file on the computer an otherwise innocuous-looking digital photograph of a sunset. ZHENG then e-mailed the digital photograph file of the sunset, which secretly contained the hidden GE electronic files containing GE's proprietary data, from his GE-provided email address ("ZHENG GE Email Account") to his personal e-mail address at Hotmail ("ZHENG Hotmail Account")."
So, what is steganography?
Essentially, it’s the technique of secretly hiding data inside a non-secret file.
Hidden in plain sight, so to speak.
So, with this recently sentenced IP thief, he embedded GE’s IP into the photograph of a sunset.
What is also interesting is that although the term "steganography" is new to me and may be new to some of you, the concept of hiding messages or data within the body of another message or data is not.
Here's a link to a video produced by the United States National Security Agency (NSA) which explains that the concept/strategy of steganography started as far back as the Greek and Roman era—long before arriving at the door of our current digital age.
And if you want to take a deep dive into the technique used to imbed stolen data into a harmless-seeming photograph, see the following tutorial YouTube video produced by Edureka.
Disclaimer:?IPProbe.Global?is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in?IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.