Feeds

Al-Qaeda said to be using stegged porn

More .jpg terror

  • alert
  • submit to reddit

SANS - Survey on application security programs

From time to time a rumour that international terrorists are trading Net porn embedded with secret blueprints for some dastardly deed resurfaces. It has returned this week, in a New York Post article claiming that Italian members of al-Qaeda have been caught with stegged terror .jpg's.

"Chilling details of al-Qaeda's secret communications system - and the possibility of widespread knowledge that the devastating attacks on New York and Washington were in the works - were unveiled in a courtroom in Milan, where a group of Islamic militants are on trial for supporting al-Qaeda's terrorist activities," the Post explains.

"Photographs of President Bush, Secretary of State Colin Powell and Palestinian leader Yasser Arafat were also being passed around on the Internet by members of the group, along with hundreds of pornographic photos."

We'll forget for the moment that the likelihood of Islamic fundamentalists hiding messages in porn is roughly the same as their likelihood of hiding them in pig carcasses.

This hardy steg rumour began before 9/11 with an alarmist article from USA Today claiming that bin Laden's people were communicating via stegged porn files, though no evidence was ever produced. These were the days when Clinton-Administration FBI Director Louis Freeh became obsessed with the Internet's potential to spawn terror through encryption, and his boss, US Attorney General Janet Reno, became obsessed with its potential to corrupt children.

Shortly after the 9/11 atrocity, the ABC News show Primetime dutifully revived the rumor, claiming, essentially, that it had been substantiated, though no evidence was ever produced. A stegged photo was produced, but it was a demo, not in any way associated with terrorism.

Days later crypto researchers Peter Honeyman and Niels Provos debunked the story, cracking the example image ABC had cobbled up with the password 'abc'. "The broadcast showed fabricated images that were suggesting terrorist use of steganography. In fact, it was just a demonstration," the researchers noted. Honeyman and Provos had actually put a good deal of time into searching for stegged images in the wild, and came up with nothing.

They ran a cluster of workstations against two million images on eBay and one million on USENET, and attacked the candidates with a dictionary of 1.8 million words.

During the recent liberty operation in Iraq, I cataloged over 300 war-related images gathered from around the Web, hoping to find a stegged map to the weapons of mass destruction we used to hear so much about. I checked them with Stegdetect, a tool written by Provos (which is temporarily unavailable for download due to a wacky Michigan law).

When 30 of them tested positive for stegging technique JP-Hide I became suspicious; I would have thought it a miracle if one file actually contained stegged content, so I contacted Provos who explained that the tool does not do well against JP-Hide and false-positives are a problem. Nevertheless I ran all the candidates with Stegbreak, attacking them with several dictionaries, including one over 300MB in size, an exercise which took well over a week on my P4 box.

Nothing turned up, which was hardly a surprise, but this doesn't necessarily mean nothing's there. It just means it's extremely likely that nothing's there - which, when you get to thinking about it, is a good way of looking at the stego/terror rumor. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.