Terrorists in Colombia and Spain Used Steganography to Conceal Messages
Fairmont, WV January 1, 2013 - The United Nations Office on Drugs and Crime (UNODC) released a publication titled "The use of the Internet for terrorist purposes" in September 2012 that describes use of steganography by terrorists for covert communications.
Steganography is an ancient form of information hiding that dates back to Ancient Greece. In the Internet era, steganography has evolved into a digital form of information hiding.
The publication states there is an abundance of sophisticated technologies that make it difficult to identify the originator, recipient, and content of Internet communications.
In addition to encryption and anonymizing software, there is a variety of software available to disguise information transmitted over the Internet for illicit purposes, such as steganography software that can be used to hide messages in images.
In particular, Camouflage is given as an example of software that masks information through the use of steganography. Camouflage allows the user to hide files by attaching them to the end of a cover file, also called the “carrier” file. The cover file retains its original file properties and visual characteristics; but, the file is used as a carrier to store or transmit the hidden files. This software may be applied to any file type.
To underscore the value of cooperation at both the national and international level, the publication includes a description of the case involving the Revolutionary Armed Forces of Colombia (FARC).
Digital evidence obtained by Spanish authorities during searches of a suspected terrorist’s house revealed the existence of an “international commission” within FARC.
The evidence revealed the commission operated a security program for communications, particularly messages transmitted via the Internet. One of several aspects of the program called for use of steganography to conceal messages which provided a covert communications channel. The Colombian and Spanish authorities cooperated to analyze the digital evidence and were able to decipher the content of messages transmitted from leaders of FARC in Colombia and Spain.
Backbone’s Steganography Analysis and Research Center (SARC) provides world-class digital forensics tools for triage and digital forensic laboratory analysis as well as a network security appliance to detect the presence or use of steganography to conceal evidence of criminal activity.
SARC technical staff has created the Steganography Analyzer, or StegAlyzer™, family of products that feature the world’s largest database of file and Windows Registry™ artifacts exclusive to digital steganography.
For additional information about digital steganography and StegAlyzer family of products, please visit http://www.sarc-wv.com/products/ or send email to email@example.com.
To read the United Nations publication, go to http://tinyurl.com/UNODC-Publication.
About the SARC
The SARC is a Center of Excellence in digital steganography research and development within Backbone Security. The SARC has established the world’s largest commercially available repository of digital steganography applications, fingerprints, and signatures and has developed industry leading computer forensics and network security steganalysis tools for detecting and extracting information hidden with digital steganography applications. For more information: www.sarc-wv.com.
About Backbone Security
In addition to being the leading provider of digital steganalysis tools, Backbone is a Payment Card Industry Data Security Standard (PCI-DSS) Approved Scanning Vendor (ASV) that conducts automated PCI-DSS compliance assessments with their industry leading 1 Stop PCI Scan service. Backbone also provides real-time intrusion monitoring, vulnerability assessment, penetration testing, and business continuity and disaster recovery planning services. For more information: www.backbonesecurity.com.
Contact - Jim Wingate, Director, SARC and Vice President, Backbone Security
Voice: (304) 333-7272 or (877) 560-7272, Fax: (304) 366-9163, or E-Mail: firstname.lastname@example.org.