Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Leggo my stego!

with one comment

I have been quiet lately, mostly due to doing two gigs, taking care of my new digs, and fighting the great leaf insurgency of 09. I have though, after winning said leaf insurgency, finally sat down for a bit with intartubes. What follows comes from a foray into the underbelly of the internet that seems to be proliferating very well.

Those whacky jihadists.

Following up on a previous project that kinda went nowhere, I decided to hoover some sites, then cull image files for testing with various steganalysis products. The net result of my searches and testing are here. I have washed hundreds of photos through the Stegdetect (Outguess) process and the files in that container all have a “high probability” of being stegged.

Now some of you out there may be saying to yourselves;

“Come on man, steg is so hard to detect and really, this is a myth. You’re just dreaming that you will find, never mind decrypt anything”

Well, I say why the hell not? I am focusing efforts on little known jihadist sites where those said same Jihadi’s and wanna be’s can easily download JPHIDE and other open source technologies and within minutes be hiding data within LSB’s.. So why not? I think that this is a easy and great way to be having covert channel conversations online. Of course that is the whole point is it not?

PSSST, lemme tell you a secret.. Google stego in the .mil and .gov space.. You will see that I am not the only one to think so. There are MANY RFP’s out there for building a better steganalysis product.

So, the captures continue, but those files above are open to attack. Please, have at them. Use anything and everything to determine if they have indeed been stegged and if you can crack them. If you do, you will get insane props and those files will be passed right on to the authorities. If nothing comes of it, at the very least you have had some fun playing with the tools and noodling about with the technology right?

So I hereby throw the gauntlet down.. Have at it! I will be working in parallel.

Meanwhile, also enjoy this little file. It’s the third gen jihadist manual that I happened upon with some fancy Googling in Arabi.

Enjoy.

PS.. Dear NSA, yes I know I have downloaded a Jihadist manual. If you wanna know where I found it just ask. I will happily bird dog it for you.. But please, no JTTF folks knocking at my door at 3am mmmkay?

CoB

Written by Krypt3ia

2009/11/25 at 03:31

One Response

Subscribe to comments with RSS.

  1. […] have been seeing some hits these last couple days on my “Leggo My Steggo” post from a while back. The post covered some of what I had been finding on jihadist sites with […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: