Steganography is defined as the art of covered or hidden writing. The purpose of steganography is covert communication. In other words, to hide the existence of a message from another party. Many individuals categorize steganography as a form of cryptography, but it is my belief that the two are distinctly different from one another, and I think it is important to understand the difference. Instead of concealing the fact that a message is being transmitted at all like steganography does, cryptography only aims to make a message unreadable by another party.
This blog post will cover more traditional forms of steganography such as Null Ciphers. There will be a follow-up posting which discusses steganography in digital media and tools to perform these types of tasks.
Steganography all began with null ciphers. A null cipher is a message that is hidden with a set of rules that the two communicating parties often arrange before communication. It can be as simple as "read the third letter of every misspelled word" or "look at the first letter of every rhyming word." Null Ciphers are great because there isn't any need to use intricate algorithms.
Here is a basic example from Gregory Kipper's Investigator’s Guide to Steganography:
"News Eight Weather: Tonight increasing snow. Unexpected precipitation smothers eastern towns. Be extremely cautious and use snowtires especially heading east. The [highway is not] knowingly slippery. Highway evacuation is suspected. Police report emergency situations in downtown ending near Tuesday."
At a quick glance this seems pretty average. But take a closer look, it is rather easy to pick out the actual message that is being communicated. By reading the first letter in each word it actually says "Newt is upset because he thinks he is President."
This particular message is rather silly, but it shows how effective even basic steganography using simple null ciphers can be. In history, this was frequently used as an effective way to communicate more nefarious and secretive messages during war time.
Other Low Tech Mechanisms
Just like with the null cipher example above, there are a variety of ways one can hide a message without using advanced tools and methods. One of the most common methods is to put "invisible" text in a file. This is done by writing in the white space of a file in a font that matches the background color. Another simple form of steganography could be to hide a text message behind a piece of media such as an image in a power point or document. There are hundreds of other low-tech methods for concealing communication that can be very effective.
To be continued... Steganography: Covert Communication - Part II will explore modern day advanced steganography techniques in digital media and provide examples using popular steganographic tools.
Overview of Steganography for the Computer Forensics Examiner: garykessler.net/library/fsc_stego.html
Kipper, Gregory Investigator’s guide to steganography 2004 CRC Press LLC