Editing Steganography (section)

==Applications==
===Use in modern printers===
{{Main|Printer steganography}}
Some modern computer printers use steganography, including [[Hewlett-Packard]] and [[Xerox]] brand color laser printers. The printers add tiny yellow dots to each page. The barely-visible dots contain encoded printer serial numbers and date and time stamps.<ref>{{cite web |url=https://www.eff.org/press/archives/2005/10/16 |title=Secret Code in Color Printers Lets Government Track You; Tiny Dots Show Where and When You Made Your Print |publisher=[[Electronic Frontier Foundation]] |date=16 October 2005}}</ref>

===Example from modern practice===
The larger the cover message (in binary data, the number of [[bit]]s) relative to the hidden message, the easier it is to hide the hidden message (as an analogy, the larger the "haystack", the easier it is to hide a "needle"). So [[digital image|digital picture]]s, which contain much data, are sometimes used to hide messages on the [[Internet]] and on other digital communication media. It is not clear how common this practice actually is.

For example, a 24-bit [[bitmap]] uses 8 bits to represent each of the three color values (red, green, and blue) of each [[pixel]]. The blue alone has 2<sup>8</sup> different levels of blue intensity. The difference between 11111111<sub>2</sub> and 11111110<sub>2</sub> in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the [[least significant bit]] can be used more or less undetectably for something else other than color information. If that is repeated for the green and the red elements of each pixel as well, it is possible to encode one letter of [[ASCII]] text for every three [[pixel]]s.

Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) because of the injection of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible. The changes are indistinguishable from the [[noise floor]] of the carrier. All media can be a carrier, but media with a large amount of redundant or compressible information is better suited.

From an [[information theory|information theoretical]] point of view, that means that the [[Communication channel|channel]] must have more [[channel capacity|capacity]] than the "surface" [[signal (information theory)|signal]] requires. There must be [[redundancy (information theory)|redundancy]]. For a digital image, it may be [[noise]] from the imaging element; for [[digital audio]], it may be noise from recording techniques or [[amplifier|amplification]] equipment. In general, electronics that digitize an [[analog signal]] suffer from several noise sources, such as [[Johnson-Nyquist noise|thermal noise]], [[flicker noise]], and [[shot noise]]. The noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, [[lossy compression]] schemes (such as [[JPEG]]) always introduce some error to the decompressed data, and it is possible to exploit that for steganographic use, as well.

Although steganography and digital watermarking seem similar, they are not. In steganography, the hidden message should remain intact until it reaches its destination. Steganography can be used for [[digital watermark]]ing in which a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, [[Coded Anti-Piracy]]) or even just to identify an image (as in the [[EURion constellation]]). In such a case, the technique of hiding the message (here, the watermark) must be robust to prevent tampering. However, digital watermarking sometimes requires a brittle watermark, which can be modified easily, to check whether the image has been tampered with. That is the key difference between steganography and digital watermarking.

===Alleged use by intelligence services===
In 2010, the [[Federal Bureau of Investigation]] alleged that the [[Foreign Intelligence Service (Russia)|Russian foreign intelligence service]] uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents without diplomatic cover) stationed abroad.<ref>{{cite web|title=Criminal complaint by Special Agent Ricci against alleged Russian agents|url=https://www.justice.gov/opa/documents/062810complaint2.pdf|publisher=United States Department of Justice}}</ref>

On 23 April 2019 the U.S. Department of Justice unsealed an indictment charging Xiaoqing Zheng, a Chinese businessman and former Principal Engineer at General Electric, with 14 counts of conspiring to steal intellectual property and trade secrets from General Electric. Zheng had allegedly used steganography to exfiltrate 20,000 documents from General Electric to Tianyi Aviation Technology Co. in Nanjing, China, a company the FBI accused him of starting with backing from the Chinese government.<ref>{{cite web|title=GE Engineer Charged in Elaborate Theft of Trade Secrets|url=https://blog.twinstate.com/news/ge-trade-secrets-theft|publisher=Twinstate Technologies}}</ref>

===Distributed steganography===
There are distributed steganography methods,<ref>{{cite book |chapter=Distributed Steganography |publisher=[[IEEE]] |year= 2011|doi=10.1109/IIHMSP.2011.20 |isbn=978-1-4577-1397-2 |title=2011 Seventh International Conference on Intelligent Information Hiding and Multimedia Signal Processing |last1=Liao |first1=Xin |last2=Wen |first2=Qiao-yan |last3=Shi |first3=Sha |pages=153–156 |s2cid=17769131 }}</ref> including methodologies that distribute the payload through multiple carrier files in diverse locations to make detection more difficult. For example, {{US Patent|8527779}} by cryptographer William Easttom ([[Chuck Easttom]]).

===Online challenge===
The puzzles that are presented by [[Cicada 3301]] incorporate steganography with cryptography and other solving techniques since 2012.<ref>{{cite news|title=Cicada 3301: The darknet treasure trail reopens|author=Jane Wakefield |url=https://www.bbc.co.uk/news/technology-25667292|work=BBC News|access-date=11 January 2014 |date=9 January 2014}}</ref> Puzzles involving steganography have also been featured in other [[alternative reality game]]s.

The communications<ref>{{Cite web|url=http://www.maydaymystery.org/mayday/texts/index.html|title=The texts|website=Maydaymystery.org|access-date=23 November 2017}}</ref><ref>{{Cite web|url=http://www.maydaymystery.org/mayday/recent.html|title=Recent things|website=Maydaymystery.org|access-date=23 November 2017}}</ref> of [[Arizona Daily Wildcat#The May Day mystery|The May Day mystery]] incorporate steganography and other solving techniques since 1981.<ref>{{Cite web|url=http://www.maydaymystery.org/mayday/mystery.html|title=The Mystery|website=Maydaymystery.org|access-date=23 November 2017}}</ref>

=== Computer malware ===
{{Main|Stegomalware}}
It is possible to steganographically hide computer malware into digital images, videos, audio and various other files in order to evade detection by [[antivirus software]]. This type of malware is called stegomalware. It can be activated by external code, which can be malicious or even non-malicious if some vulnerability in the software reading the file is exploited.<ref name="Chaganti-2021">{{Cite report |last1=Chaganti |first1=Raj |last2=R |first2=Vinayakumar |last3=Alazab |first3=Mamoun |last4=Pham |first4=Tuan |date=12 October 2021 |title=Stegomalware: A Systematic Survey of Malware Hiding and Detection in Images, Machine Learning Models and Research Challenges |url=https://www.techrxiv.org/articles/preprint/Stegomalware_A_Systematic_Survey_of_Malware_Hiding_and_Detection_in_Images_Machine_Learning_Models_and_Research_Challenges/16755457/1 |language=en |doi=10.36227/techrxiv.16755457.v1|arxiv=2110.02504 }} (pre-print, not peer reviewed)</ref>

Stegomalware can be removed from certain files without knowing whether they contain stegomalware or not. This is done through [[Content Disarm & Reconstruction|content disarm and reconstruction]] (CDR) software, and it involves reprocessing the entire file or removing parts from it.<ref>{{Cite web |last=Votiro |date=30 November 2021 |title=Finding a Content Disarm & Reconstruction (CDR) Vendor |url=https://votiro.com/blog/what-to-look-for-in-cdr-file-sanitization-vendors/ |access-date=11 January 2023 |website=Votiro |language=en-US}}</ref><ref>{{Cite web |title=Content Disarm and Reconstruct – SecureIQLab |date=12 April 2022 |url=https://secureiqlab.com/content-disarm-and-reconstruct/ |access-date=11 January 2023 |language=en-US}}</ref> Actually detecting stegomalware in a file can be difficult and may involve testing the file behaviour in [[Virtualization|virtual]] environments or [[deep learning]] analysis of the file.<ref name="Chaganti-2021" />