have become significantly more sophisticated in recent years. For example, an arising challenge for forensic
experts are solutions like SonicVortex
Transactions ( http://www.sonic-coin.
com/) that can be treated as a next-generation crypto currency platform. It enables hiding encrypted bitcoin transactions in innocent pictures and offers a
stealthy address and built-in TOR support. This can potentially provide tremendous difficulties for investigating
financial crimes.
In addition, there have been press
releases stating that criminals/terrorists are exploiting different aspects of online games/gaming consoles to enable covert
communicationj as they offer many
aspects including digital images, video, network traffic, and even elements within the virtual world that
can be modified in order to conceal
messages. It must be noted this option was recognized in the academia
community almost a decade ago. 30
A few academic publications already deal with the transfer and storage of hidden data in the Internet of
Things (IoT). 23, 32 It is likely it will only
be a matter of time before Io T services,
such as smart homes and wearables,
will be subjected to information hiding-based cybercrime. Io T devices provide entirely new ways to store hidden
data in their actuators and in the memory of embedded components—places
where no current methods will search
for hidden data and for which no tailored tools are available.
Also, other popular and innocent-looking online services like Skype, IP
telephony, Bit Torrent, or cloud storage
systems can be exploited to enable covert communication. 23 Therefore, network traffic and data exchanged during
such transmissions can be utilized for
information hiding purposes often
without overt sender and overt receiver
knowledge or consent.
Moreover, hiding tools became in-
creasingly adaptive. In this context,
adaptiveness refers to a malware
function that can automatically ad-
just to a changing environment. For
instance, imagine an administrator
j http://cjel.law.columbia.edu/preliminary-
reference/2016/communicating-terror-the-
role-of-gaming-consoles-and-backdoors/
Steganography Analysis and Research
Center (SARC) claimed their latest ver-
sion of the Steganography Application
Fingerprint Database contained over
1,250 steganography applications.
It must be also noted that many of
the commercial tools for information-hiding detection do not exactly focus
on revealing the embedded secret data
but rather try to find artifacts left behind by the hiding tools. This appears
to be a good approach; however, it is
only successful for the list of well-known data hiding tools or under assumption that it was the legitimate
user of the device who installed this
type of software. In practice, if a proprietary data-hiding tool is utilized or the
device is infected with information
hiding-capable malware, revealing its
artifacts will be not possible or the true
intention of the attacker will be still
difficult to establish.
In contrast, the detection of hidden
data, which is typically done by the forensics examiner for LEAs or anti-terrorism
units, is far more challenging and the ex-traction/recovery of the secrets is even
harder (for example, due to utilized encryption of covert data).
Another point is that still many forensics examiners do not routinely
check a suspect’s computer for information-hiding software and, even if
they do, several issues arise (see the accompanying sidebar).
When discussing forensic challenges for information hiding, the two most
important aspects that should be considered are technical capabilities of the
suspect and type of the crime. 17
The technical capabilities of the
suspect may map to the resources that
he has on his computer (installed software, hardware) or which he accessed
(for example, visited webpages or
downloaded e-books).
The type of a suspected crime can
also point to a utilization of data hiding. For example, terrorists or child
pornographers tend to hide their secrets in images and then send it
through email or by posting it on a
website. A similar case is with crimes
that involve the transfer of business-type records. Obviously, if a cybercrime
is investigated then information hiding usage is always a viable option.
As mentioned, methods as well as
applications of information hiding
Many of the
commercial tools
for information-
hiding detection do
not exactly focus
on revealing the
embedded secret
data but rather try
to find the artifacts
left behind by the
hiding tools.