Archive for Conferences

International Conference On Post Graduate Education 2008

“Postgraduate Education: Multidisciplinary Perspectives” will be held from December 16-18, 2008 in Penang, Malaysia.

The 3rd International Conference on “Postgraduate Education: Multidisciplinary Perspectives” will be held from December 16-18, 2008 in Penang, Malaysia. It will be hosted by Universiti Sains Malaysia, in cooperation with the Deans Council of Graduate Schools and the Ministry of Higher Education, Malaysia. The 1st conference on higher education was organized by University Malaya in 2004 while the 2nd conference on higher education was organized by University Malaysia Sarawak in 2006.

This Conference will be a meeting of minds to primarily discuss on significant issues which focus on multidisciplinary perspectives in higher education. The conference will provide a vibrant scholarly space to critically and creatively engage with new ideas and research about teaching and lifelong learning in higher education. In addition to researcher and student presentations, experts of the region will also be invited to give keynote speeches, sharing their insights on challenges and issues facing contemporary scholarship on higher education.

As the chairperson of this esteemed Postgraduate International Conference this year, I would like to personally extend my invitation to experts in the higher education, heads/administrators of higher education institutions, scholars, researchers, graduate, postgraduate students and representatives of interested organizations and foundations to participate in this esteemed conference to exchange opinions, experiences, views, and discuss new trends in higher education and its management. It is in this light that the theme of the 3rd international conference, seeks to promote our diverse and varied membership to meet and share our experiences on research, ideas of improvements in the quality, relevance, efficiency, and flexibility of higher education systems in order to stimulate a country’s engagement with the global knowledge economy.

Take this opportunity to write and publish paper

The fees is RM 200 for post grad student ! JOMMM!!!

ISACA® InfoBytes


Hiding Messages in Images and Text:
Risk Associated with the Technology of Steganography

By Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM

This article is a result of performing a systematic study and research into the working mechanism of technology used in steganography, an area of interest under computer forensics study. The article is an attempt to express how this technology works, how it can be misused and how the hidden risks associated with this technology can impact IS auditors and security professionals. In the future, automated IS security audit tools likely will be created that will help a CISA, CISM or CISSP detect these risks. The content in this document will be useful to all CISAs, CISMs and CISSPs and others in the field who would like to investigate computer crimes using modern technology.

Incidents in the US on 11 September 2001, as well as other recent terror attacks, have shaken many nations. Steganography has become an important issue because it is one technology through which a terrorist outfit can be in touch with its members around the globe.

Steganography is a graphical way of hiding information or a message within objects. While others are unaware of the content, the message is available to all concerned. As indicated numerous times in the media, many information transfers have been taking place over the Internet. These transfers allow the sender to distribute a message from anywhere in the world to anywhere else. Thus, when the message is sent, only the recipient knows that he/she has a message while others ignore it. This technology can be applied at various places causing major concern to IS auditors and security professionals.

Securing Information

Before understanding the science and art of steganography, it is appropriate to revisit various modus operandi used for any secure communication and information hiding. Security often refers to the assurance of confidentiality, integrity and availability. In this article, there is a greater focus on confidentiality, with less focus on integrity and no focus on availability-assuming availability is a risk and that it can be detected if suspected.

There are four ways of hiding information within a written communication:

  1. Secret writing—The text is written and broken into smaller pieces and sent to the destination via newspaper or human body, for example. The text is reassembled at the receiving end, comparable to solving a jigsaw puzzle.
  2. Cryptography—The message is broken into smaller units using a known or pre-determined algorithm or key. It may be a substitution, additive, transposition, transcription, etc. The science of cryptography is used for message encryption technology, digital signatures and private and public key cryptosystems used in digital certificates.
  3. Steganography—Techniques that conceal the existence of a hidden communication. The secret message to be transmitted is camouflaged in a carrier so that its detection becomes difficult. Information related to the sender and the receiver of the message also can be hidden this way.
  4. Digital watermarking—A message is embedded in digital media to prove ownership and either is perceptible or imperceptible. Today, people undertake great effort to dedicate time and intellectual capabilities toward creating artwork, pictures, images, videos, diagrams, designs, etc. They may have used a good portion of their time looking into references and research, and perhaps even more time bringing their work into some purposeful, meaningful shape. These fall under the individual’s intellectual property rights (IPRs). The increasing amount of original work presented on the Internet can be digitally copied by anybody who can then claim ownership.

Using Steganography

The techniques of using secret writing and cryptography can be detected easily as these techniques can be seen but not interpreted. Although confidentiality of the content of the message is achieved, confidentiality of the communication is not achieved and hence the message can be tracked and the sender identified. The science of steganography takes care of confidentiality in the content of the message as well as communication of the message. When one is suspicious, he/she can attempt to decode, destroy or change content. Thus, steganography is when the sender embeds a secret message into a public message, which is subsequently sent to the receiver, who knows how to interpret it. The probability of somebody else knowing that the embedding has taken place and being able to interpret the secret message is low.

The Process


There are four components needed to understand this process. There is a carrier, technically called “cover,” denoted by the letter c. The secret message that needs to be hidden is denoted by the letter m. The next is the output called stego-media, denoted by the letter s, into which the message m needs to be carried. Lastly, the stego-key is denoted by k. The output s is obtained by using c + m + k into the steganography algorithm or technique.

The most probable reason for sending a message by this method is that any third party who receives this message will not be in a position to know about the presence of a secret message. The stego-media should not invoke any suspicion, otherwise the purpose of information hiding is lost. The message can be hidden into text, disk space, network packets, images, audio and video. The message also can be text, image or audio. Thus, one can have text into text, text into image, voice into image, etc. Again, the technique of embedding a secret message can be substitution, transform domain, spread-spectrum, statistical and distortion-based.

Finding hidden messages can be difficult. Images can be manipulated by blurring, sharpening, rotating, resizing and stretching. Embedding messages in high-frequency band covers is less suspicious because they can be decoded easily if detected. Embedding messages in low-frequency bands is more suspicious because they cannot be decoded easily if detected. This may be due to significant degradation in the stego-media, although they are within the perceptible range of human beings.

The steganography technique of data hiding can be done using one of the following two broad technologies:

  1. Substitution technique
  2. Transform domain technique

The substitution technique uses LSB (least significant bits) or MSB (most significant bits). Inserting too much data into this cover or embedding them at improper locations may invoke suspicion.

In the transform domain technique, data embedding uses three types of hiding capabilities or features. They are:

  1. Discrete fourier transforms (DFT)
  2. Discrete cosine transforms (DCT)
  3. Discrete wavelet transforms (DWT)

DFT uses middle frequencies. One may use row encoding or ring encoding of messages and place them into carrier images. Row encoding can best be placed in an open scene, such as a skyline. Ring encoding can spread into a picture in the form of a ring spread across the four quadrants of the picture. Besides circles, one could trace out any other geometric form of data marks for hidden messages.

DCT seems to be a popular way for hiding data in images and video. Data are embedded into JPEG/MPEG compressions. The file size in DFT could raise suspicion of the presence of hidden information. With DCT, this suspicion is less. Selection of blocks for hiding messages can be done using random sequences.

DWT seems to be gaining ground into signal processing and multimedia applications.


Images, pictures, audio, video and text all have become targets of suspicion for Trojans. In a picture, the LSB can be used for carrying hidden messages. Only too much data in the LSB area will raise suspicion for inspection or investigation. When the message is hidden using DFT, and the picture contains a lot of low light scenery, i.e., decreased contrast, tracing the hidden message becomes difficult. However, increasing brightness or contrast can reveal the ring mark, indicating the presence of a hidden message. The most effective way to hide an audio recording is to use spread-spectrum data into a cover image with a sky scene, water scene, landscape, etc. Within such scenes, the data hide in an echo imperceptible to humans.

For example, in a picture an image can be hidden within an image. Within a picture, text can be used and hidden into a bit number that satisfies y = mx + c to hide along a straight line and a circle along x2 + y2 = c. The same can be separated out and contents seen or read. Instead of lines, these could be architectural plans or road maps, for example. In the case of text, one could identify the sequence of bit numbers that satisfies specific mathematical equations. Images have their own color bits. The last bit of a color bit will carry the content bit of the text. Upon decoding, the entire text can be removed. This text is of the type LSB. When the text content bit is put into the first bit of a color bit, it is of the type MSB. Thus, text or picture hiding is best done in low-contrast scenes because humans detect it less frequently.

For IS auditors and security professionals, steganography techniques are used for sending messages (including voice, video, text, drawings and images) within an image. This is a major threat to users of information systems, as confidential and sensitive information can be placed into pictures and then distributed. Detection of such messages is difficult and only the recipients can take advantage of and use the contents. The sending of such pictures can be posted through chat sessions, bulletin boards, bulk mails, etc. The risk of detection is very high in this case. Even after detection, decoding the message may be difficult. Thus, the impact of such threats caused by the resulting vulnerability is very high. Research in this area began in the 1990s, and has yet to mature fully. The work on detection tools soon will aid in tracing, tracking and fixing, the way professionals have antiviruses for viruses, firewalls for network security and embedded message readers for hidden messages that could be a risk to the organization, business or economy of a nation.

Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM
is the director of the Institute of the Millennium and the chief executive at Secure Matrix (India) Private Limited.

Conference on Digital Forensic and Law

Defending Against Insider Use of Digital Steganography

James E. Wingate, CISSP-ISSEP, CISM, IAM
Backbone Security


Glenn D. Watt, CISSP, CISM, IAM, IEM
Backbone Security

Marc Kurtz, CISSP
Backbone Security

Chad W. Davis, CCE
Backbone Security

Robert Lipscomb
Backbone Security



The trusted insider is among the most harmful and difficult to detect threats to information security, according to the Federal Plan for Information Assurance and Cyber Security Research and Development released in April 2006.  By default, employees become trusted insiders when granted the set of privileges needed to do their jobs, which typically includes access to the Internet. It is generally presumed the insiders are loyally working to achieve the organization’s goals and objectives and would not abuse the privileges given to them. However, some insiders will inevitably abuse some of their privileges. For example, a trusted insider might abuse their privilege of access to the Internet to download, install, and use an information hiding tool, such as one of the hundreds of digital steganography applications available on the Internet, to steal sensitive, classified, or proprietary information. Effective countermeasures to this threat must begin with an organizational policy prohibiting installation of information hiding tools on user workstations and must also include automated tools capable of detecting attempts to download and use digital steganography applications. This paper will describe the threat from insider use of digital steganography applications; a new approach to detecting the presence or use of these applications; and extraction of hidden information when a known signature of one of these applications is detected. The analytical approach to steganalysis involves the development and use of computer forensic tools that can detect “fingerprints” and “signatures” of digital steganography applications. These tools can be employed in both an off-line forensic-based mode as well as a real-time network surveillance mode. Detection of fingerprints or signatures in either mode may lead to the discovery and extraction of hidden information. Accordingly, this approach represents a significant improvement over traditional blind detection techniques which typically only provide a probability that information may be hidden in a given file without providing a capability to extract any hidden information.

Keywords: insider, steganography, steganalysis, computer forensics, artifacts, fingerprints, hash values, signatures


InfraGard Conference 2006

Digital Steganography


For many years, designers, developers, and evaluators of “trusted systems” for processing national security sensitive information have wrestled with issues about the ways hardware, operating systems, and application software can be used to establish covert channels in order to steal sensitive information.

In fact, there are four different definitions of covert channels in the National Computer Security Center guide on the topic.1 In the broadest sense, a covert channel for communications is a way for someone to communicate with anyone else in such a way as to conceal the fact the communication is taking place.

Steganography, which comes from the Greek words “steganos,” or “covered” and “graphy,” or “writing,” can be used to establish covert channels between an insider and one, or more, external entities. Essentially, steganography is used to “cover” the “writing” so as to conceal its very existence. Modern use is called digital steganography.

In April 2006, the National Science and Technology Council released the Federal Plan for Cyber Security and Information Assurance Research and Development2, which defines steganography as “the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message.”

The plan states that international interest in steganography technology research and development has exploded in recent years and because of the potential for using digital steganography applications to establish covert channels for communications, these technologies pose a potential threat to U.S. national security.

It is highly noteworthy that the plan lists use of cyberspace for covert communication immediately after physical attacks against key data centers and communications nodes, particularly by terrorists, on the list of immediate concerns for the U.S. information technology infrastructure.

With digital steganography, it is possible to hide information “inside” a digital file, or message, to conceal it from view. Information hiding could be done by appending information to the end of a file so that the information is not viewable by the application that opens, displays, and manipulates it. It could also be done by embedding information inside a file through a technique that manipulates the least significant bits (LSBs) of bytes representing the color components of each pixel in a digital image. This is generally referred to as the LSB Embedding or Encoding Technique. Finally, it could be done by translating a message into a form that, for all intents and purposes, appears to be e-mail spam. The latter approach is generally referred to as spam mimicry.

Steganography Risk Assessment

The classical approach to Risk Assessment is to first identify and assess the threat, then determine vulnerability to the threat, and finally determine the impact if the vulnerability is exploited.

Threat: Digital steganography applications can be used to steal sensitive information by sending the information outside the local computing environment, through boundary protection mechanisms, to anyone on the outside.

Hundreds of steganography applications are available as freeware or shareware on the Internet. There are some commercially licensed steganography applications that can be purchased for use by individuals. Clearly, not everyone who purchases a license to a steganography application will have malicious intent. However, others do so with the intent to steal sensitive information or conceal evidence of criminal activity.

Not only are steganography applications widely available, they are user friendly as well, many with graphical interfaces (GUIs) with the familiar “drag and drop” functionality to drag a file containing a secret message or other information and drop it onto the carrier file which serves as the container, or carrier, for the hidden information.

Considering how easy it is to find, download, and use digital steganography applications, it would be easy for trusted insiders with malicious intent to use them to steal critical information or to conceal evidence of some type of criminal activity.

Vulnerability: Few organizations, if any, have deployed countermeasures because they do not view steganography as a threat. In fact, few even understand digital steganography; much less know enough about it to perceive any risk.

This is a situation where the threat is high but threat perception is low to non-existent. As a consequence, little effort has been put into developing appropriate security controls to mitigate the threat.

All too often, when the topic of steganography comes up, a typical comment is “Oh, you mean short-hand writing?” It then becomes necessary to explain that short-hand writing is stenography. Others, who understand steganography, don’t believe it to be a threat. A typical retort is “Why would anyone go to the trouble of finding, downloading, installing, and using a steganography application when they can walk out the door with the crown jewels on a thumb drive?” Still others, who understand steganography and acknowledge it is a threat, have adopted the attitude that little or nothing can be done about it because there are no good tools available to detect the presence or use of steganography and then extract the hidden information-referred to as steganalysis.

Admittedly, any empirical data to bolster arguments that steganography is a threat is noticeably lacking. There are, however, some limited efforts underway to determine the prevalence of use of steganography. Unfortunately, there is little evidence proving steganography is being used.

In 2002, Europol cracked a pedophile ring called the Shadowz Brotherhood whose members were reported to be “hiding obscene material in apparently innocent picture files.”3,4 Although the word “steganography” was not used in either of the referenced media articles, from comments in the article, one can infer the group was using one or more steganography applications as a means to distribute the images by putting the files containing the contraband images on web sites accessible via the Internet.

It is believed digital steganography continues to be used as a means to distribute child pornography-sometimes by embedding the contraband images in adult pornographic images.

However, in spite of the Shadowz Brotherhood case, and possibly other cases that have not been widely reported, the question of whether digital steganography is a threat remains a paradox. Not many computer forensic examiners appear to be interested in looking for the use of steganography to conceal evidence of criminal activity until it is proven to be a threat. But, to prove that steganography is, in fact, a threat, computer forensic examiners need to look for it and then offer sanitized summaries of cases that involve the use of steganography when they encounter it during their examinations.

Impact: In his statement to the U.S. Senate Committee on Government Reform, Frank Cilluffo, Co-chairman of the Cyber Threats Task Force, provided a sampling of terrorist attacks on critical infrastructures after telling the committee that infrastructures have been popular terrorist targets for a long time because the destruction or incapacitation of key components could have a debilitating effect on U.S. national and/or economic security.5

Cilluffo also mentioned the many news articles about al Qaeda’s use of the Internet in the aftermath of 9-11 and reports that claimed their cyber tradecraft may have included use of highly sophisticated technology such as steganography.

It does not take much of a stretch of the imagination to consider that steganography may have been used to conceal communication between members of terrorist cells to plan the infrastructure attacks described by Cilluffo-including al Qaeda’s planning for the 9-11 attack.

Consider the banking and finance sector. An insider could use a steganography application to steal sensitive financial information that could result in illegal insider trading which could affect U.S. financial markets and, by logical extension, U.S. economic security.

In the information technology sector an insider could use a steganography application to reveal critical vulnerabilities to malicious hackers facilitating a cyber attack with devastating effects on key components of the Internet and the U.S. information technology infrastructure.

Any critical infrastructure sector that relies on Process Control Systems or Supervisory Control and Data Acquisition (SCADA) technology to control critical functions and processes is vulnerable to an insider who could use a steganography application to reveal critical vulnerabilities or key process parameters that could facilitate an attack on key components of any, or all, of the sectors. The General Accounting Office published a study on the challenges of securing control systems.7 Another excellent treatment of this topic can be found in a paper by Tenable Network Security.8

Countermeasures: The traditional approach to detecting use of digital steganography has been the blind detection approach, also referred to as anomaly-based detection.

The blind detection approach attempts to determine if information may be hidden in a given carrier file without any knowledge of the steganography application that was used, or the embedding technique employed by that application, and without access to a reference copy of the carrier file-a “known clean” copy that hasn’t had any information hidden within it.

There are numerous approaches to blind detection “attacks” on suspect carrier files, each with different potential outcomes.

The “visual attack” involves examining the suspect file, usually an image, to determine if there appear to be any obvious visual cues that the image has been manipulated. This approach typically works best if a reference copy of the carrier file is available for comparison.

The “structural attack” involves analyzing the structure of the particular file type suspected of being a carrier file. Deviations from standard structural elements or components may be indicative that information has been hidden in the file.

The “statistical attack” involves computing the statistical properties of the particular file type. Embedding information in a file generally alters the statistical properties of the file. Thus, the statistical attack seeks to determine the degree of variance from an expected norm. Because some steganography applications go to great lengths to minimize the degree to which they alter the statistical properties of carrier files, this approach is often not conclusive. Typically, a blind detection algorithm employing a statistical attack will yield only a probability that information may be hidden in a given file. This is of little benefit to a law enforcement computer forensic examiner who must find evidence of criminal activity. Thus, the hidden information must be detected and extracted in order to have something of potential evidentiary value to present to a prosecutor.

For an excellent treatment of these techniques along with additional information on steganography, see the article on steganography by Professor Gary Kessler of Champlain College in Forensic Science Communications.9

An evolving technique to detecting the presence or use of digital steganography applications, referred to as the analytical detection approach, is centered on detecting artifacts and signatures of steganography applications. The principle objective of the analytical approach is to discover enough information about the steganography application used to hide information to increase the probability of being able to extract the hidden information when it’s detected. The thinking is that detecting an artifact will identify a specific application. Then, analysis of that application will reveal the embedding technique and the types of files that can be manipulated by the application.

It should be noted that absence of artifacts cannot be interpreted to mean the media being examined does not contain carrier files with hidden information. As with the Cloak™ steganography application, a separate application for the sole purpose of extracting hidden information may be available so that recipients of files or messages containing hidden information don’t have to purchase a full license to the steganography application used to hide the information.

Detecting a signature of a particular steganography application would lead to identifying the application that left the signature. That may, in turn, facilitate the task of extracting the information hidden with that application.

Artifact Detection: The key to artifact detection is determining the complete footprint of each steganography application. This can be done by taking a snapshot of a system after installing an application on a baseline system. Then, any additional files beyond the files on the baseline system were added as a result of installing the steganography application. These files can then be hashed, generating the “fingerprints” of the file artifacts and added to a steganography application artifact database or a “steg hash set.”

In the case of computers running various versions of the Windows operating system, there may be artifacts of a steganography application in the registry. Consider a scenario where a highly, or even moderately, sophisticated user wants to cover their tracks after using a steganography application to hide information in a file. The user might uninstall the application and then delete obvious files and folders associated with the application that the uninstall process didn’t remove. Tracks covered-right?

Not so fast. As it turns out, like many Windows-based applications, steganography applications sometimes create or modify registry keys and/or values. Accordingly, even after going to some lengths to cover their tracks, if the user is not sophisticated enough to edit the registry, there may be evidence there in the form of a single key or value that could be associated with a particular steganography application.

Signature Detection: Some steganography applications leave an identifiable signature, or hexadecimal byte pattern, in the carrier file in which a message is embedded. Signature-based detection of steganography applications is not unlike the signature-based detection employed to detect viruses, worms, trojans, and other forms of malware.

A significant challenge of signature-based steganography detection is the time and effort required to discover the signatures. The typical approach to signature discovery involves use of a hex editor to compare a reference file and a “steg’d” file side by side. The reference file is a file known to be clean, meaning there has been nothing hidden in it. The steg’d file contains a known payload, such as the Declaration of Independence or the U.S. Constitution. The steg’d files are generated with the known payload using every option offered by a particular steganography application. Then, the objective of the steganography analyst, or steganalyst, becomes one of trying to discern anomalies, differences, and/or patterns in the steg’d file to determine how the payload was embedded, the beginning of the payload, the password if one was used, etc. This process can range from hours to days or weeks.

Another significant challenge of signature-based detection is the need for continuous effort to find new steganography applications as they appear on the Internet and then perform the signature discovery process on each and every one to attempt to determine if the application leaves a uniquely identifiable signature in the steg’d file-a daunting task to say the least.

There is also the possibility the application does not leave a uniquely identifiable signature in the steg’d file. In that case, the best chance of determining the application has been used is to detect a file or registry artifact associated with the application. If an artifact is detected, additional analysis, perhaps with expert assistance from a steganalysis expert, may yield the steg’d files and the resulting possibility of extracting information that may have been hidden with the application. The worst-case scenario is one where neither an artifact nor a signature is detected. In that case, any information hidden in steg’d files will simply go undetected.

Some steganography applications can be run from thumb drives or other portable devices that can be plugged into a USB port. In these cases, there may be no fingerprints left in the system that would indicated a steganography application had been used to hide something.

Many steganography applications also provide users with the capability to encrypt the secret message before embedding it within the carrier file. Depending on the strength of the encryption algorithm and how it was implemented, it is entirely possible that hidden information may be detected and extracted, but may turn out to be cipher text. In that case, the examiner is presented with a difficult cryptanalysis problem.

Ultimately, the most effective countermeasures to the threat posed by use of digital steganography will likely evolve into a comprehensive approach that includes the best features of both the analytical approach and the blind detection approach. Combining the best features of both will advance the state-of-the-art of steganalysis.


The use of steganography will never be detected if no one ever looks for it.

Countermeasures to the threat of steganography will not be deployed until only management, computer security professionals, and computer forensic examiners become convinced the threat is real.

To find incontrovertible evidence that steganography is, in fact, being used to steal sensitive information and conceal evidence of criminal activity require, computer forensic examiners need to include steganalysis as a routine aspect of their computer forensic procedures, use the best available tools to detect the presence and use of steganography, and provide feedback through user groups and professional associations and publications.

A comprehensive enterprise security program should include countermeasures to the threat posed by insider use of steganography. The first step is to acknowledge the threat exists by developing and implementing policy to prohibit users from having steganography applications on their workstations. Finally, both passive and active detection tools and techniques should be employed to enforce the “no steg” policy.

James E. Wingate, CISSP-ISSEP, CISM, NSA-IAM, is Vice President for West Virginia Operations and Director, Steganography Analysis and Research Center (SARC) for Backbone Security. Located in North Central West Virginia, the SARC is conducting research to advance the state-of-the-art of digital steganalysis tools, techniques, and procedures.

1 NCSC-TC-TG-030 Version-1, A Guide to Understanding Covert Channel Analysis of Trusted Systems, November 1993.

2 Federal Plan for Cyber Security and Information Assurance Research and Development, Report by the Interagency Working Group on Cyber Security and Information Assurance, April 2006,



5 Statement of Frank J. Cilluffo, Co-chairman, Cyber Threats Task Force, Homeland Defense Project, Center for Strategic & International Studies to the U.S. Senate Committee on Government Reform on October 4, 2001.

6 Towards Eliminating Steganographic Communication,” Anthony Whitehead, Carleton University, Conference Proceedings, Third Annual Conference on Privacy, Security and Trust, Oct 12-14, 2005

7 Critical Infrastructure Protection, Challenges in Security Control Systems, Statement of Robert F. Dacey, Director, Information Security Issues, U.S. GAO, October 1, 2003,

8 Protecting Critical Infrastructure, SCADA Network Security Monitoring, June 7, 2006 (Revision 3),

9 Forensic Science Communications, An Overview of Steganography for the Computer Forensic Examiner, Volume 6-Number 3, July 2004,