Steganography is a hidden and deceptive form of cheating and cybercrime in the digital age. It involves hiding information in seemingly innocent data such as images, audio files, or video files, which makes it difficult for conventional security systems to detect. This hidden information is then used for malicious purposes connected to cybercrime and cheating.
Cybercrime: Modus operandi
The modus operandi of the cybercriminals is simple. The cybercriminals use steganography to embed a malicious code in a legitimate-looking payload inside an image or audio file. This file can pass undetected by antivirus software, but with a hidden command which can trigger or activate a hidden malware on a target system.
This way hidden data encoded into a seemingly innocuous file is sent to the attacker without raising any suspicion. The cybercriminals then use steganography to extract sensitive information from the compromised system.
Steganography in online gaming
Steganography has been used in online gaming to hide cheating tools or code within game files. These tools can give players unfair advantages, such as wall hacks, aimbots, or speed hacks. By embedding the cheating software within the game related image or video files, cheaters can avoid detection by anti-cheat software systems scanning for suspicious files.
Also Read: Dick Tracy: The iconic Comic-book detective and the fight against crime
Another use of steganography is to communicate with other players without getting caught by game administrators. Cheaters may exchange game strategies or coordinate cheating activities by hiding messages within in-game screenshots or other media files.
Dark Web and Cryptography
Steganography is also used to facilitate secret communication in the dark corners of the internet. Cybercriminals use encrypted hidden messages to avoid detection by law enforcement and cybersecurity agencies. Some illicit transactions, such as buying and selling stolen data or illegal goods, can be concealed using steganography. This makes it much harder for authorities to trace such activities.
Difficult to detect
One of the biggest challenges with steganography is that it can bypass traditional security measures like antivirus programs, which typically focus on detecting known malicious files. Since the hidden data is embedded in such a manner that it doesn’t alter the visible content of the file, security software may not flag it as suspicious.
Detecting steganography requires more sophisticated techniques such as analysing file structure, looking for anomalies in file size, or applying statistical methods to detect hidden patterns in media files.
Potential for Abuse
Attackers can use steganography to send phishing messages that appears harmless to the recipient. For example, an attacker could hide a phishing link in an image attached to an email. If the recipient clicks on the image, they could unknowingly be directed to a malicious website.
Steganography could also be used for spreading disinformation, fake news or propaganda files because it is hard to track the origin of the message and verify its authenticity.
How to Protect Against Steganography?
Security systems need to evolve to detect hidden data within files. Some advanced tools are designed to identify steganography by analysing file structure or performing pattern recognition. Users can be educated about the risks of downloading unknown files, opening suspicious attachments, and engaging with untrusted sources online.
Organizations can implement regular checks and audits on systems to detect any unusual behaviour that may indicate hidden malicious activity. Steganalysis is the process of detecting hidden information within files. There are specialized software tools that analyse files for the presence of steganography, offering an extra layer of defence.
In short, steganography is a powerful tool that can be misused by cybercriminals and cheaters. As technology advances, so do techniques used to detect and prevent this kind of deception. This remains a serious concern in both cybersecurity and digital ethics.
Recently Pradeep Kumar Jain, a shop owner in Shiv Nagar, Jabalpur, received a call on his mobile phone at 8 am on March 28 from an unknown number +91-9827832213. A photo of customer services was visible on that number.
The caller told Pradeep, “Sir, I have sent you a photo on WhatsApp. Please download that photo and see if you recognize them?”
After finishing his routine work, Pradeep Jain downloaded the photo received on WhatsApp from the unknown number.
This is where Pradeep made a mistake.
As soon as Pradeep clicked on that photo, automatically an application named customer support got installed on Pradeep’s mobile and he became a victim of Steganography due to which Rs 2,01,000 was withdrawn from his account by the cybercriminal.
This incident is not worth considering as a common incident, because, this incident of steganography is not a simple and normal one.
Steganography has been in existence since ancient times. Stegano is a Greek word which means concealed, embedded, hidden. That is, a special message hidden inside a normal visible message.
Also Read: Controlling Crime in India: “Fancy Windows” theory
In ancient times, almost every King used to hire skilled people who were expert in the art of sending secret messages. They were kept on high positions and paid high salaries by the King. Their job was only to code or decode secret messages and alert their king. This was the history behind Steganography.
Soon time changed and so did the methods of Steganography. There have been several instances when ancient paintings or code words engraved have been seen on the walls of caves at many places. The real message can be detected by looking at these pictures or code words in a special way, from special angles or in other scientific ways.
Even in this modern era of communication revolution, Steganography is being used extensively, but unfortunately, many people are not aware of it. The cyber fraud that happened with Pradeep Jain in Jabalpur is also related to Steganography.
In the current cyber era, the use of expensive mobiles and laptops for show and status symbol is fine, but a little carelessness in using them can make people like Pradeep Jain — victims of cyber fraud.
Click on any photo or message coming from an unknown number on your mobile only after thinking carefully and using your full discretion, because such messages may contain malware.
Embedded software program can be easily delivered to your mobile or laptop by cyber criminals through messages. But, until you the user of the mobile or laptop do not click on the photo/ message, the Steganographed message does not get permission to be activated in your mobile /laptop.
As soon as the messages or photos are clicked, the application hidden in those messages or photos gets activated and takes over control of the mobile/laptop from the hands of the real user and allows the cybercriminal to carry out their intended task.
By the time the user understands the reality, the cyber criminals have already accomplished their plan. Unfortunately the cyber criminals do not leave anything to chance. The photo or message can be emotional, or heart touching.
Investigations in Pradeep Jain’s bank revealed that his money was transferred to an account called “IB IBF” which had only recently been opened in Canara Bank, Hyderabad. As soon as the money was transferred, the fraudsters withdrew it through ATM.
Pradeep’s passbook had suspicious transactions recorded in names like “Vishal Online” and “Jannatun Bibi Online”. The fraudsters sent him several dot (.) messages on WhatsApp between 9:38 am and 5:12 pm to find out whether he is online or not.
Pradeep got his account blocked. But even after the account was blocked, the fraudsters tried to withdraw Rs 96,000 from his account. They kept messaging to open the account again, but because the account frozen, they didn’t succeed in their plans.
Earlier cyber scammers used OTP and phishing, now they are using a technique called steganography to send normal looking photo on WhatsApp. When someone clicks on it, a hidden link gets activated and an app gets downloaded automatically. This app gives scammers full access to the mobile, through which they can steal money.
Always remember being cautious is the biggest protection.
