Exploiting database storage for data exfiltration

Steganography is a technique for hiding messages in plain sight – typically by embedding the message within commonly shared files (e.g., images or video) or within file system slack space. Database management systems (DBMSes) are the de facto centralized data repositories for both personal and business use. As ubiquitous repositories that already offer shared data access to many different users, DBMSes have the potential to be a powerful channel to discretely deliver messages through steganography.

In this paper we present a method, Hidden Database Records (HiDR), that adapts steganography techniques to all relational row-store DBMSes. HiDR is particularly effective for hiding data within a DBMS because it adds data to the database state without leaving an audit trail in the DBMS (i.e., without executing SQL commands that may be logged and traced to the sender). While sending a message in this way requires administrative privileges from the sender, it also offers them much more control enabling the sender to erase the original message just as easily as it was created. We demonstrate how HiDR keeps data from being unintentionally discovered but at the same time makes that data easy to access using SQL queries from a non-privileged account.