(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for November 25th, 2009

Leggo my stego!

with one comment

I have been quiet lately, mostly due to doing two gigs, taking care of my new digs, and fighting the great leaf insurgency of 09. I have though, after winning said leaf insurgency, finally sat down for a bit with intartubes. What follows comes from a foray into the underbelly of the internet that seems to be proliferating very well.

Those whacky jihadists.

Following up on a previous project that kinda went nowhere, I decided to hoover some sites, then cull image files for testing with various steganalysis products. The net result of my searches and testing are here. I have washed hundreds of photos through the Stegdetect (Outguess) process and the files in that container all have a “high probability” of being stegged.

Now some of you out there may be saying to yourselves;

“Come on man, steg is so hard to detect and really, this is a myth. You’re just dreaming that you will find, never mind decrypt anything”

Well, I say why the hell not? I am focusing efforts on little known jihadist sites where those said same Jihadi’s and wanna be’s can easily download JPHIDE and other open source technologies and within minutes be hiding data within LSB’s.. So why not? I think that this is a easy and great way to be having covert channel conversations online. Of course that is the whole point is it not?

PSSST, lemme tell you a secret.. Google stego in the .mil and .gov space.. You will see that I am not the only one to think so. There are MANY RFP’s out there for building a better steganalysis product.

So, the captures continue, but those files above are open to attack. Please, have at them. Use anything and everything to determine if they have indeed been stegged and if you can crack them. If you do, you will get insane props and those files will be passed right on to the authorities. If nothing comes of it, at the very least you have had some fun playing with the tools and noodling about with the technology right?

So I hereby throw the gauntlet down.. Have at it! I will be working in parallel.

Meanwhile, also enjoy this little file. It’s the third gen jihadist manual that I happened upon with some fancy Googling in Arabi.


PS.. Dear NSA, yes I know I have downloaded a Jihadist manual. If you wanna know where I found it just ask. I will happily bird dog it for you.. But please, no JTTF folks knocking at my door at 3am mmmkay?


Written by Krypt3ia

2009/11/25 at 03:31