Editing Steganography (section)

==Countermeasures and detection==
Detecting physical steganography requires a careful physical examination, including the use of magnification, developer chemicals, and [[Ultraviolet|ultraviolet light]]. It is a time-consuming process with obvious resource implications, even in countries that employ many people to spy on other citizens. However, it is feasible to screen mail of certain suspected individuals or institutions, such as prisons or prisoner-of-war (POW) camps.

During [[World War II]], prisoner of war camps gave prisoners specially-treated [[paper]] that would reveal [[invisible ink]]. An article in the 24 June 1948 issue of ''Paper Trade Journal'' by the Technical Director of the [[United States Government Printing Office]] had Morris S. Kantrowitz describe in general terms the development of this paper. Three prototype papers (''Sensicoat'', ''Anilith'', and ''Coatalith'') were used to manufacture postcards and stationery provided to German prisoners of war in the US and Canada. If POWs tried to write a hidden message, the special paper rendered it visible. The US granted at least two [[patent]]s related to the technology, one to Kantrowitz, {{US Patent|2515232}}, "Water-Detecting paper and Water-Detecting Coating Composition Therefor," patented 18 July 1950, and an earlier one, "Moisture-Sensitive Paper and the Manufacture Thereof," {{US Patent|2445586}}, patented 20 July 1948. A similar strategy issues prisoners with writing paper ruled with a water-soluble ink that runs in contact with water-based invisible ink.

In computing, steganographically encoded package detection is called [[steganalysis]]. The simplest method to detect modified files, however, is to compare them to known originals. For example, to detect information being moved through the graphics on a website, an analyst can maintain known clean copies of the materials and then compare them against the current contents of the site. The differences, if the carrier is the same, comprise the payload. In general, using extremely high compression rates makes steganography difficult but not impossible. Compression errors provide a hiding place for data, but high compression reduces the amount of data available to hold the payload, raising the encoding density, which facilitates easier detection (in extreme cases, even by casual observation).

There are a variety of basic tests that can be done to identify whether or not a secret message exists. This process is not concerned with the extraction of the message, which is a different process and a separate step. The most basic approaches of [[steganalysis]] are visual or aural attacks, structural attacks, and statistical attacks. These approaches attempt to detect the steganographic algorithms that were used.<ref name="Wanyer2009">Wayner, Peter (2009). ''Disappearing Cryptography: Information Hiding: Steganography & Watermarking'',  Morgan Kaufmann Publishers, Amsterdam; Boston {{ISBN?}}</ref> These algorithms range from unsophisticated to very sophisticated, with early algorithms being much easier to detect due to statistical anomalies that were present. The size of the message that is being hidden is a factor in how difficult it is to detect. The overall size of the cover object also plays a factor as well. If the cover object is small and the message is large, this can distort the statistics and make it easier to detect. A larger cover object with a small message decreases the statistics and gives it a better chance of going unnoticed.

Steganalysis that targets a particular algorithm has much better success as it is able to key in on the anomalies that are left behind. This is because the analysis can perform a targeted search to discover known tendencies since it is aware of the behaviors that it commonly exhibits. When analyzing an image the least significant bits of many images are actually not random. The camera sensor, especially lower-end sensors are not the best quality and can introduce some random bits. This can also be affected by the file compression done on the image. Secret messages can be introduced into the least significant bits in an image and then hidden.  A steganography tool can be used to camouflage the secret message in the least significant bits but it can introduce a random area that is too perfect. This area of perfect randomization stands out and can be detected by comparing the least significant bits to the next-to-least significant bits on an image that hasn't been compressed.<ref name=Wanyer2009 />

Generally, though, there are many techniques known to be able to hide messages in data using steganographic techniques. None are, by definition, obvious when users employ standard applications, but some can be detected by specialist tools. Others, however, are resistant to detection—or rather it is not possible to reliably distinguish data containing a hidden message from data containing just noise—even when the most sophisticated analysis is performed. Steganography is being used to conceal and deliver more effective cyber attacks, referred to as ''Stegware''. The term Stegware was first introduced in 2017<ref>{{cite web|url=https://www.mcafee.com/blogs/enterprise/seeing-through-stegware/|title=What's Hidden in That Picture Online? Seeing Through "Stegware"|publisher=[[McAfee]]|last=Lancioni|first=German|date=16 October 2017}}</ref> to describe any malicious operation involving steganography as a vehicle to conceal an attack. Detection of steganography is challenging, and because of that, not an adequate defence. Therefore, the only way of defeating the threat is to transform data in a way that destroys any hidden messages,<ref>{{cite report |url=https://www.researchgate.net/publication/319943090 |title=Defenders Guide to Steganography |year=2017 |doi=10.13140/RG.2.2.21608.98561 |last1=Wiseman |first1=Simon}}</ref> a process called [[Content Threat Removal]].