Steganography and the Insider Threat: Backbone Security Explains Why the IT Security Community Should Take Notice

Share Article

Insider Threat Ranked #2 on List of 8 Hard Problems by INFOSEC Research Council



Insiders can use digital steganography to exfiltrate sensitive information such as intellectual property, trade secrets, personal financial information, personally identifiable information (PHI), and protected health information (PHI).

Whether the insider threat or the external threat is more serious has been the subject of perennial discussion ever since the concept of threats to information systems emerged. And there is no end in sight.

The insider threat is a particularly intractable problem because there are so many ways insiders can steal information from an enterprise network. It is a very hard problem to solve. In fact, the insider threat problem is so hard, it is formally ranked #2 on the Hard Problem List, or HPL.

The HPL began as a study initiated in 1997 by members of the Information System Security (INFOSEC) Research Council. The idea was to compile a list of “the hardest and most critical challenges in INFOSEC research that must be addressed for the development and deployment of trustworthy systems for the U.S. Government.”

The original HPL ( was released in 1999; but, due to rapid evolution in both technology and threats, an updated HPL was released in November 2005 ( Although eight years have passed and technology and threats have continued to evolve during that time, it is instructive to note the eight hard problems identified in the 2005 update remain the subject of intense research and development in the government and private sector.

Today, we are inundated with a nearly constant stream of news about external attackers and the damage they cause along with the information they steal. It is a situation conducive to becoming tone deaf, to some degree, to the constant barrage of news about cyber threats.

The cacophony of alarm bells regarding external threats is drowning out the more insidious insider threat.

Since the dawn of the Information Age, much has been written about the insider threat and the many ways insiders can steal information. As an indication of how much as been written, a Google search on “insider threat” will return nearly 90 million links.

One of the ways insiders can steal information is not getting much, if any attention. Insiders can use digital steganography to exfiltrate sensitive information such as intellectual property, trade secrets, personal financial information, personally identifiable information (PII), and protected health information (PHI).

Digital steganography is an Internet era version of an ancient information hiding technique that dates back to the days of Ancient Greece. Using digital steganography, a file can be embedded within, or appended to, another file in such a way that it cannot be seen or heard. Unlike cryptography, which translates information into an unintelligible sequence of letters and numbers, steganography conceals the very existence of the information.

Insiders have become acutely aware of the value of the information they work with on a day-to-day basis. As a result, insider theft of sensitive information is increasing at an alarming pace. Insiders can use any of the 1,500+ steganography applications available on the Internet as freeware or shareware to steal PII, PHI, or intellectual property, for example. The current generation of network security appliances and data loss prevention systems do not detect insider use of steganography.

The Steganography Analyzer Real-Time Scanner (StegAlyzerRTS) was developed in Backbone Security’s Steganography Analysis and Research Center (SARC) as a countermeasure to the threat from insiders using digital steganography to steal sensitive information. It is the world’s only commercially available network security appliance capable of detecting steganography in real-time.

The latest generation of StegAlyzerRTS is capable of operating on networks with throughput of up to 1 Gb/s and detects insiders downloading any of the 1,150 digital steganography applications currently in the SARC’s archives. Detecting an insider activity downloading a steganography application is an early warning indicator the insider is planning to steal sensitive information.

StegAlyzerRTS offers a “drop-in, turn-key” capability that will not affect network throughput. StegAlyzerRTS was found to be effective for identifying files associated with steganography applications and files that contain hidden steganographic data by the Defense Cyber Crime Institute (DCCI).

For additional information about StegAlyzerRTS and the digital forensics products designed to detect the use of digital steganography to conceal evidence of criminal activity, please call 877-560-7272 or visit


About the SARC

The SARC is a Center of Excellence in digital steganography research and development within Backbone Security. The SARC has established the world’s largest commercially available repository of digital steganography applications, fingerprints, and signatures and has developed industry leading computer forensics and network security steganalysis tools for detecting and extracting information hidden with digital steganography applications.

About Backbone Security

In addition to being the leading provider of digital steganalysis tools, Backbone is a Payment Card Industry Data Security Standard (PCI-DSS) Approved Scanning Vendor (ASV) that conducts automated PCI-DSS compliance assessments with their industry leading 1 Stop PCI Scan service. Backbone also provides real-time intrusion monitoring, vulnerability assessment, penetration testing, and business continuity and disaster recovery planning services.

Contact: Jim Wingate, Director, SARC and Vice President, Backbone Security
Voice: (304) 333-7272 or (877) 560-7272, Fax: (304) 366-9163.
# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jim Wingate
Follow us on
Visit website