Branden Palacio (Marquette University), Keyang Yu (Marquette University)
The widespread availability and routine use of social media platforms have created new opportunities for covert communication over channels that are often permitted within organizational networks. This work presents SocialStego, a proof-of-concept system that demonstrates how limited social media security policies can be exploited by an insider to exfiltrate sensitive information without violating nominal access controls. Adopting an insider-threat perspective, SocialStego combines Least Significant Bit (LSB) steganography with a hybrid cryptographic scheme to protect the confidentiality of embedded payloads. Specifically, AES-256 is used for payload encryption, while RSA- 2048 supports secure key exchange. A custom encoding protocol is implemented to embed encrypted data into lossless PNG image files and WAV audio files. Encoded carrier files are transmitted using existing social media and messaging infrastructure that preserves lossless media formats. The system examines the trade-offs between embedding capacity and perceptual distortion, showing that WAV carriers support higher payload capacity under the proposed design due to their variable duration, while increasing the LSB bit depth introduces more noticeable and potentially detectable noise artifacts in the carrier. Collectively, these findings demonstrate the feasibility and associated risks of covert data exfiltration via commonly accessible social media channels and highlight the need for organizations to account for such mechanisms when developing security policies and controls.