This Is How Your Computer Gets Hacked!

Mustapha A. Obeid, Information Systems Operations Manager, Illinois Institute of Technology

Few days ago I received the following email with a picture that was added as an attachment:

No problem, right? Had I clicked on the attachment my laptop would have been immediately hacked by a virus or may be a Ransom Ware similar the infamous WannaCry that has circulated recently.

The technique is called steganography, and I will show you exactly how it works in the hope that you will be able to protect yourself against future attempts. This post includes certain technical details but I will let go of the heavy-duty tech jargon hoping that non-technical readers will be able to follow.

“Steganography is the art of hiding something in plain sight”

First, a primer.

1. Download a picture, any picture, off the Internet.

Example:

https://upload.wikimedia.org/wikipedia/commons/8/82/Chicago_sunrise_1.jpg

2. Use MS Word (or any word processing software of your choice) to create a file called “Test.docx.” Open the file and type in the following: “Test 123.” Save the file.

3. If you have Microsoft Windows as your operating system use the COPY command to merge the two files: the initial picture that you downloaded in step 1 and the “Test.docx” file that you created in step 2.

Example: C:> COPY /B Chicago_s unrise_1.jpg + Test.docx

Chicago_sunrise_2.jpg

The above command line merges the two objects “Chicago_sunrise_1.jpg” and “Test.docx” and creates a new picture object called “Chicago_sunrise_2.jpg” with the content of “Test.docx” embedded into it.

4. Now use any picture viewer software of your choice (such as “Windows Photo Viewer”) and take a good look at the two pictures “Chicago_sunrise_1.jpg” and “Chicago_sunrise_2.jpg.” They look identical, right? Well, looks can be deceiving because the second picture, “Chicago_sunrise_2.jpg,” has the file “Test.docx” (and its content) embedded within, yet completely hidden from view.

Now Steganography is the art of hiding something in plain sight, for example when looking at a picture on your computer and not being able to see embedded messages or files. Steganography is powerful just like that.

In the example above we embedded a simple Word file with simple content, but we could have also embedded a whole list of things that are far more sinister such as computer viruses and RansomWare. And once you view the malicious picture, your computer is hacked.