Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘Steganography’ Category

Covert Channel

leave a comment »

Written by Krypt3ia

2020/01/14 at 20:30

Posted in Steganography

Al-Qaida Goes “Old School” With Tradecraft and Steganography

with 3 comments

al-Qaida: Shifting into the spy shadows

12 March 2010 www.cicentre.net

When couriers get caught, so do key al-Qaida documents, plans and key communications. Shaffer says now al-Qaida is hiding their communications on the Internet. It’s not a new concept, but certainly one that’s gaining a lot of momentum since a growing number of critical commanders and operators have either been killed or arrested. How are these dead drops happening? “Steganography in photographs is a good example of a dead drop,” says Shaffer. In a nutshell, a dead drop in a photo involves embedding a message in a picture. .

WTOP, 12 March 2010: A growing list of terror suspects nurtured by al-Qaida is emerging. Former military interrogator Dave Gabutz informed WTOP Radio of this notion in June 2009 after he had spent years tracking al-Qaida sleeper units and recruiters. “We came across the first one in Falls Church, Va.,” Gabutz says. This “first one” was controversial Imam Anwar al-Awlaki, who worked at a location watched by Gabutz and his team. . . .

. . . Gabutz says the recruiters are spreading out. “Michigan, Florida, Texas, Nashville, Richmond, Knoxville, and California,” are prime locations, according to Gabutz. There are indications terrorist recruiters are using every available opportunity and option to lure more people into their world and plan attacks against the United States.

Hezbollah sympathizer Mahmoud Kourani was doing just that before his arrest near Detroit in 2002. “Kourani’s specialties appeared to be weaponry, spycraft, counterintelligence,” according to Tom Diaz, a former Congressional Crime Subcommittee staffer. Diaz says Khourani was recruiting people for training. Recruits were to be trained “to make things go bang, to attack, military type training, terror type training,” Diaz says. . . . .

. . . .One question that is puzzling investigators is how al-Qaida communicates with its foot soldiers and recruiters, some of whom may be embedded in the fabric of the U.S. military. With the almost daily capture and killing of key handlers in Pakistan, it seems al-Qaida is being forced to communicate in a completely different way. Since so many couriers and foot soldiers are being rolled up, al-Qaida is relying on “electronic dead-drops,” says Army Reserve Lt. Col. Tony Shaffer, a former Defense Intelligence Agency officer.

When couriers get caught, so do key al-Qaida documents, plans and key communications. Shaffer says now al-Qaida is hiding their communications on the Internet. It’s not a new concept, but certainly one that’s gaining a lot of momentum since a growing number of critical commanders and operators have either been killed or arrested. How are these dead drops happening? “Steganography in photographs is a good example of a dead drop,” says Shaffer. In a nutshell, a dead drop in a photo involves embedding a message in a picture. .

I have been seeing some hits these last couple days on my “Leggo My Steggo” post from a while back. The post covered some of what I had been finding on jihadist sites with regard to alleged “Stegged Images” that I had been testing to see if they were indeed hiding data.

Thus far I have found images that seem to be stegged but I have yet to actually crack an image open and see the data hidden within. So, it’s kind of up in the air if any of the images I have found are in fact stegged. Anyone who wants to give it a shot feel free to copy the files out of the share in the link above.

Of course this whole article and the premise that the jihadis have had to change their methods of command and control is on the whole correct I think. However, I believe that they have been using dead drops for some time and not only because of the roll ups recently. This is just a good standard “tradecraft” practice that should be used when waging such campaigns. Hell, they probably learned it from us or the Brits in the first place… Well maybe the KGB too.

Now that they have also made much more of their online persona, I am also sure that they have been maximizing this type of technique not only with steg, but also with dead drop email accounts. All one has to do is create an account, share the password, and then just talk amongst yourselves with draft emails. No need to hit the send button there huh. Add to that the use of TOR and you have a pretty safe way to communicate.

What’d be even more secure would be a one time pad.. But, I really don’t see them passing out OTP’s to each jiahdi cell.

This reminds me of “Hacking A Terror Network” which has a story line based approach talking about this very scenario of Steg use. I have talked to the author online and shared my data. The problem of how to prove these methods of communication are myriad. So, it may be hard to prove this theory…

I guess I am gonna have to wash some more pictures, video, and audio through the steg detection software and see what I get…

CoB