Top Banner

Click here to load reader

Digital Steganography An Emerging Insider Threat September 21, 2007 James E. Wingate, CISSP-ISSEP, CISM, NSA-IAM Vice President for West Virginia Operations

Mar 26, 2015

ReportDownload

Documents

  • Slide 1

Digital Steganography An Emerging Insider Threat September 21, 2007 James E. Wingate, CISSP-ISSEP, CISM, NSA-IAM Vice President for West Virginia Operations and Director, Steganography Analysis and Research Center (SARC) Backbone Security An affiliate of Slide 2 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 2 Clarkes Third Law Any sufficiently advanced technology is indistinguishable from magic. --Sir Arthur Charles Clarke Retrieved from http:\//en.wikipedia.org/wiki/Clarke%27s_three_laws Slide 3 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 3 The Insider Threat Hard Problem List (HPL)* Hardest and most critical problems from perspective of IRC member agencies Original list published in 1997 Revised November 2005 Insider Threat #2 out of 8 hard problems! Just behind Global-Scale Identity Management * http://www.infosec-research.org/docs_public/20051130-IRC-HPL-FINAL.pdf Slide 4 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 4 The Insider Threat Lists insiders as example of threat agent along with usual threat agents Malicious hackers Organized crime Terrorists Nation states In describing threat and vulnerability trends insiders are at the top of the list! Slide 5 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 5 Insider Threat Insiders Surrounded By Sensitive Information Jane and John Insider Credit Card Information Names Addresses Phone Numbers SSANs Law Enforcement Information Classified Information Intellectual Property Slide 6 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 6 Insider Threat Telephone Printed listings E-mail 3.5 Floppies CDs/DVDs Portable Electronic Devices (PDA/iPod/etc) Portable storage media Jane and John Insider E-mail attachments Cell/Camera phones Slide 7 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 7 What Is Steganography? Stega-what? Not stenography writing in shorthand notation Pronounced "ste-g&-'n-gr&-fE* Derived from Greek roots Steganos = covered Graphie = writing * - By permission. From the Merriam-Webster Online Dictionary 2007 by Merriam-Webster, Incorporated (www.Merriam-Webster.com). Slide 8 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 8 What Is Steganography? A form of secret communication used throughout history The Codebreakers by David Kahn Interleaves use of cryptography and steganography throughout history Fast forward to Internet era Evolution from analog to digital steganography Hide any file inside another file Typically, text in image or image in image Slide 9 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 99 Definition of Steganography Derived from the ancient Greek words for covered writing, steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message. --Federal Plan for Cyber Security and Information Assurance Research and Development, April 2006 Simulated Child Pornography Mirror Lake Yosemite National Park Slide 10 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 10 Definition of Steganalysis The examination of an object to determine whether steganographic content is present, and potentially to characterize or extract such embedded information. --Federal Plan for Cyber Security and Information Assurance Research and Development, April 2006 Mirror Lake Yosemite National Park Simulated Child Pornography Slide 11 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 11 Why Use Steganography? Legitimate purposes Digital Rights Management (DRM) Digital watermarking of copyrighted works typically songs and movies Covert LE or military operations Nefarious purposes Conceal evidence of criminal activity Establish covert channels to steal sensitive or classified information Slide 12 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 12 Why Communicate Covertly? Use of encryption is overt Fact that information is encrypted is easily detected Could lead to attempts to decrypt the information Use of steganography is covert Fact that information exists is concealed Information often encrypted before being hidden Steganography often called dark cousin of cryptography Slide 13 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 13 Relevance to Cybercrime Is being used to conceal various types of criminal and unauthorized activity Child pornography Identity theft Terrorism (recruiting, planning, etc.) Economic/industrial espionage Theft of intellectual property Drug and weapons trafficking Money laundering etc. Slide 14 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 14 Is Steganography A Threat? The threat posed by steganography has been documented in numerous intelligence reports. These technologies pose a potential threat to U.S. national security. International interest in R&D for steganographic technologies and their commercialization and application has exploded in recent years. Slide 15 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 15 Is Steganography A Threat? Lists insiders as example of threat agent along with usual threat agents Malicious hackers Organized crime Terrorists Nation states In describing threat and vulnerability trends insiders are at the top of the list! Slide 16 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 16 Firewall Insider Use of Steganography Internet E-mail Scenario Insider External Recipient Slide 17 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 17 Insider Use of Steganography Web Site Scenario Insider External User Slide 18 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 18 3,300,000 Links! Insider Use of Steganography Level of Interest Slide 19 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 19 Insider Use of Steganography Over 1,000 steganography applications available on the Internet Number is growing over 400 added last year Most are freeware/shareware http://www.stegoarchive.com Most are easy to use Many feature drag-and-drop interface Many offer encryption option Some offer VERY STRONG encryption Very easy to find, download, and use! Slide 20 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 20 Insider Use of Steganography A serious and growing threat Conceal illegal images Child pornography Conceal unauthorized images Adult pornography Steal PII for ID theft Conceal evidence of criminal activity Not detected by firewalls! Not detected by IDS/IPS! Not detected by content filters! Slide 21 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 21 Best Place to Hide Something? In plain site Highly likely that more evidence of criminal activity is being concealed with steganography than anyone knows and we dont know how much because no one is looking for it! Slide 22 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 22 Old Chinese Proverb Modern day translation = A picture is worth a thousand words Slide 23 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 23 With Digital Steganography its literally quite true! Slide 24 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 24 Typical Application Slide 25 2007 Backbone Security. All rights reserved. SARC ~ Raising the Threshold of Perception 25 THE GETTYSBURG ADDRESS: Four score and seven years ago our fathers brought forth on this continent a new nation, conceived in liberty and dedicated to the proposition that all men are created equal. Now we are engaged in a great civil war, testing whether that nation or any nation so conceived and so dedicated can long endure. We are met on a great battlefield of that war. We have come to dedicate a portion of that field as a final resting-place for those who here gave their lives that that nation might live. It is altogether fitting and proper that we should do this. But in a larger sense, we cannot dedicate, we cannot consecrate, we cannot hallow this ground. The brave men, living and dead who struggled here have consecrated it far above our poor power to add or detract. The world will little note nor long remember what we say here, but it can never forget what they did here. It is for us the living rather to be dedicated here to the unfinished work which they who fought here have thus far so nobly advanced. It is rather for us to be here dedicated to the great task remaining before us--that from these honored dead we take increased devotion to that cause for which they gave the last full measure of devotion--that we here highly resolve that these dead shall not have died in vain, that this nation under God shall have a new birth of freedom, and that government of the people, by the people, for the people shall not perish from the earth. Hide Text in Image THE GETTYSBURG ADDRESS: Four score and seven years ago our fathers brought forth on this continent a new nation, conceived in liberty and dedicated to the proposition that all men are created equal. Now we are engaged in a great civil war, testing whether that nation or any nation so conceived and so dedicated can long endure. We are met on a great battlefield of that war. We have come to dedicate a portion of that field as a final resting-place for those who here gave their lives that that nation might live.