New means to uncover hidden data in digital media
Steganography – the practice of concealing information within digital media to avoid detection – presents major challenges for law enforcement agencies (LEAs). Unlike encryption, where text is made to be unreadable, there is no obvious way to detect whether steganography tools have been applied. “LEAs and forensic institutes have to constantly adapt to new methods used by cybercriminals,” notes UNCOVER project coordinator Helena Bruyninckx from the Royal Military Academy in Belgium. “Keeping up with technological advancements requires continuous training and development, which puts pressure on resources.” Indeed, dealing with huge amounts of digital evidence has made data management a hugely complex undertaking for LEAs. Data has to be efficiently managed and analysed, while ensuring privacy, chain of custody and compliance with regulations.
A tailored toolkit for LEAs
The EU-funded UNCOVER project sought to address this need through the development of a tailored toolkit for LEAs. To achieve this, the team began by screening existing steganography tools, identifying more than 7 000 currently on the internet. “In parallel, LEAs were asked about their knowledge of steganographic methods,” says Bruyninckx. “From this, a priority list of tools was drawn up.” The tools on this priority list were next analysed. If a signature or flaw was found, a detector could be quickly built. If not, further research was carried out. Each detector was then tested independently by LEAs, with feedback given to developers.
Enhanced steganalysis detectors
The final toolbox includes 36 detectors, 18 ‘helpers’ to enhance steganalysis detectors, and 14 recovery tools. These detectors were able to cover more than 70 % of the shortlisted steganographic tools identified by end users. All ethical, legal and chain-of-custody requirements were integrated and verified, and a platform integrating the detectors developed. Workshops were also organised by the project consortium to refine training material, and increase awareness of steganography within the LEA and forensic community. “To test the effectiveness of our detectors, we hid information in digital media with simple tools found freely on the internet,” explains Bruyninckx. “We were able to show that our detectors can outperform existing software.”
Bolstering law enforcement capabilities
Enabling LEAs to more accurately and efficiently identify hidden information in digital data could help to reduce investigation time and improve outcomes. Increasing the technological autonomy of LEAs could also make public authorities less dependent on external solutions. “The idea is that terrorist groups and organised crime who rely on steganography to coordinate operations, or share sensitive information, can be more easily detected,” adds Bruyninckx. These tools have since been made classified by the European Commission, and so are not as yet publicly available. Nonetheless, the project has produced guidebooks covering legal and ethical aspects, as well as publicly available reports. The project has also made an important contribution to machine learning and artificial intelligence research in the field of cybersecurity. “The overall aim from the beginning was to enhance law enforcement capabilities in combating cybercrime and other illegal activities,” says Bruyninckx. “We also wanted to advance the field of digital forensics and the development of sophisticated digital tools beyond the field of steganalysis.”
Keywords
UNCOVER, steganography, digital, media, criminal, forensics, law
