recommended reading

This Emerging Malware Sends Secret Messages and Is Practically Impossible to Detect


As if computer malware that steals your data weren’t enough, now there’s a new kind to worry about: Malware that does it via covert messages that are practically impossible to detect. And it’s becoming more prevalent, according to a new paper by researchers at the Warsaw University of Technology, the National Research Council of Italy, and Fraunhofer FKIE, a private information security research institute.

The malware is a modern take on steganography, an old technique of hiding secret messages in apparently innocuous texts. This new so-called “network steganography” works by cramming extra information into the data packets that travel across networks when we use the internet.

Steganography is useful when it’s important to obscure not only the content of a message, but the fact that a message exists at all, making it hard for law-enforcement agencies to detect. In digital form, it can be useful for good causes—for example, allowing a journalist facing censorship to communicate without attracting attention. But more often it has been used to infect computers and secretly steal data, or as a communication tool for criminal organizations.

One such organization was the child pedophilia ring known as the “Shadowz Brotherhood,” which was uncovered in 2002. It used an older steganographic method of encrypting data and storing it in apparently innocent image files. Modern network steganography could be even more difficult to detect, because unlike image files, the network packets that contain the secret messages are often deleted automatically, leaving no footprints to examine.

Since most of what we know about steganographic methods comes from researchers, not criminals, it’s hard to know how widespread the malware is on the Internet. What little we do know comes from the attacks that are exposed, such as a2008 theft of financial data from the US Department of Justice and a piece of malware called Duqu discovered infecting computers in 2011 by researchers in Budapest. But these attacks were still more primitive than the techniques the new paper describes.

To make matters worse, there are potentially hundreds of steganographic methods that network technology makes possible—from sending data over a voice service like Skype during pauses in a conversation, to tacking extra words on to Google search suggestions, to communicating via precise patterns of smartphone vibrations. That makes security difficult to tackle, the researchers say. The paper concludes with a pessimistic whimper: “A problematic aspect in this regard is the lack of effective and universal countermeasures,” it says. “We therefore deduce a need for additional research … that will lead to improved countermeasures.”

Reprinted with permission from Quartz. The original story can be found here

(Image via Mopic/

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.