Feeds

Al-Qaeda said to be using stegged porn

More .jpg terror

  • alert
  • submit to reddit

Protecting against web application threats using SSL

From time to time a rumour that international terrorists are trading Net porn embedded with secret blueprints for some dastardly deed resurfaces. It has returned this week, in a New York Post article claiming that Italian members of al-Qaeda have been caught with stegged terror .jpg's.

"Chilling details of al-Qaeda's secret communications system - and the possibility of widespread knowledge that the devastating attacks on New York and Washington were in the works - were unveiled in a courtroom in Milan, where a group of Islamic militants are on trial for supporting al-Qaeda's terrorist activities," the Post explains.

"Photographs of President Bush, Secretary of State Colin Powell and Palestinian leader Yasser Arafat were also being passed around on the Internet by members of the group, along with hundreds of pornographic photos."

We'll forget for the moment that the likelihood of Islamic fundamentalists hiding messages in porn is roughly the same as their likelihood of hiding them in pig carcasses.

This hardy steg rumour began before 9/11 with an alarmist article from USA Today claiming that bin Laden's people were communicating via stegged porn files, though no evidence was ever produced. These were the days when Clinton-Administration FBI Director Louis Freeh became obsessed with the Internet's potential to spawn terror through encryption, and his boss, US Attorney General Janet Reno, became obsessed with its potential to corrupt children.

Shortly after the 9/11 atrocity, the ABC News show Primetime dutifully revived the rumor, claiming, essentially, that it had been substantiated, though no evidence was ever produced. A stegged photo was produced, but it was a demo, not in any way associated with terrorism.

Days later crypto researchers Peter Honeyman and Niels Provos debunked the story, cracking the example image ABC had cobbled up with the password 'abc'. "The broadcast showed fabricated images that were suggesting terrorist use of steganography. In fact, it was just a demonstration," the researchers noted. Honeyman and Provos had actually put a good deal of time into searching for stegged images in the wild, and came up with nothing.

They ran a cluster of workstations against two million images on eBay and one million on USENET, and attacked the candidates with a dictionary of 1.8 million words.

During the recent liberty operation in Iraq, I cataloged over 300 war-related images gathered from around the Web, hoping to find a stegged map to the weapons of mass destruction we used to hear so much about. I checked them with Stegdetect, a tool written by Provos (which is temporarily unavailable for download due to a wacky Michigan law).

When 30 of them tested positive for stegging technique JP-Hide I became suspicious; I would have thought it a miracle if one file actually contained stegged content, so I contacted Provos who explained that the tool does not do well against JP-Hide and false-positives are a problem. Nevertheless I ran all the candidates with Stegbreak, attacking them with several dictionaries, including one over 300MB in size, an exercise which took well over a week on my P4 box.

Nothing turned up, which was hardly a surprise, but this doesn't necessarily mean nothing's there. It just means it's extremely likely that nothing's there - which, when you get to thinking about it, is a good way of looking at the stego/terror rumor. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.