As if computer malware that steals your data weren’t enough, now there’s a new kind to worry about: Malware that does it via covert messages that are practically impossible to detect. And it’s becoming more prevalent, according to a new paper by researchers at the Warsaw University of Technology, the National Research Council of Italy, and Fraunhofer FKIE, a private information security research institute.
The malware is a modern take on steganography, an old technique of hiding secret messages in apparently innocuous texts. This new so-called “network steganography” works by cramming extra information into the data packets that travel across networks when we use the internet.
Steganography is useful when it’s important to obscure not only the content of a message, but the fact that a message exists at all, making it hard for law-enforcement agencies to detect. In digital form, it can be useful for good causes—for example, allowing a journalist facing censorship to communicate without attracting attention. But more often it has been used to infect computers and secretly steal data, or as a communication tool for criminal organizations.
One such organization was the child pedophilia ring known as the “Shadowz Brotherhood,” which was uncovered in 2002. It used an older steganographic method of encrypting data and storing it in apparently innocent image files. Modern network steganography could be even more difficult to detect, because unlike image files, the network packets that contain the secret messages are often deleted automatically, leaving no footprints to examine.
Since most of what we know about steganographic methods comes from researchers, not criminals, it’s hard to know how widespread the malware is on the Internet. What little we do know comes from the attacks that are exposed, such as a 2008 theft of financial data from the US Department of Justice and a piece of malware called Duqu discovered infecting computers in 2011 by researchers in Budapest. But these attacks were still more primitive than the techniques the new paper describes.
To make matters worse, there are potentially hundreds of steganographic methods that network technology makes possible—from sending data over a voice service like Skype during pauses in a conversation, to tacking extra words on to Google search suggestions, to communicating via precise patterns of smartphone vibrations. That makes security difficult to tackle, the researchers say. The paper concludes with a pessimistic whimper: “A problematic aspect in this regard is the lack of effective and universal countermeasures,” it says. “We therefore deduce a need for additional research … that will lead to improved countermeasures.”