[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Politech-Leser antworten auf "Steganografie auf azzam.com?"
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Mit durchaus divergierenden Einschaetzungen. Offenbar sind aber einige
der Bilder auf azzam.com wirklich Traeger versteckter Botschaften.
Vgl.
USA Today schon wieder: Bin Laden nutzt Steganografie und Webseiten
http://archive.infopeace.de/infowar.de/msg02949.html
Die al-Qaida-Terroristen und die Steganografie
http://www.telepolis.de/deutsch/special/info/12884/1.html
al-Qaeda poised to strike hard via the Internet
http://www.theregister.co.uk/content/6/26134.html
RB
-------- Original Message --------
Subject: FC: Reply to Politech challenge: Stegograms found on azzam.com
Date: Thu, 11 Jul 2002 23:21:04 -0400
From: Declan McCullagh <declan -!
- well -
com>
Reply-To: declan -!
- well -
com
To: politech -!
- politechbot -
com
Keep in mind that these claims of bin-Laden-stego are closer to
unsourced
speculations than verifiable fact. Perhaps an enterprising prankster has
been posting attack-at-dawn plans in stego form, for instance. And when
some politicos have used 9-11 as an excuse to talk about encryption
restrictions, it makes sense to be appropriately skeptical, though not
entirely dismissive.
Some of this looks like old news. I wrote about a similar claim in Feb
2001, as a followup to a USA Today article:
http://www.wired.com/news/politics/0,1283,41658,00.html
Since then it has been a recurring theme:
http://www.politechbot.com/cgi-bin/politech.cgi?name=steganography
Previous Politech message:
http://www.politechbot.com/p-03735.html
-Declan
PS: Brian sent me his list as an attachment. I've put it at the end of
this
message.
---
Date: Thu, 11 Jul 2002 22:48:15 -0400
From: Brian Ristuccia <brian -!
- ristuccia -
com>
To: "Richard M. Smith" <rms -!
- computerbytesman -
com>, declan -!
- well -
com
Cc: list-geek -!
- osiris -
978 -
org
Subject: al-Qaeda stego on azzam.com
Richard, Declan, Fellow Geeks:
Preliminary checking with a tool called stegdetect shows that a large
number
of images on azzam.com may have hidden information encoded using an
algorithm called jphide.
The site at http://66.197.135.110/~azzam has roughly 580 images and
yields
some 70 hits almost all for jphide. Note that running stegdetect against
some 2300 miscellaneous images including digital camera pictures and
other
junk on my personal web site and web mirrors yielded only a handful of
low
probability hits for steghide and outguess. 12% versus 1% is probably
significant, at least enough so to warrant further investigation.
The stegdetect package includes a program called stegbreak, which will
attempt to extract the images from potential stego files. The process is
computationally expensive and I'm not sure how long it will take or if
it's
even possible with the meager compute resources at my disposal. I'll be
scrounging compute resources to try to extract the (probably encrypted)
contents of at least some of these files and will keep you all posted on
my
findings.
Thanks.
--
Brian Ristuccia
brian -!
- ristuccia -
com
bristucc -!
- cs -
uml -
edu
---
From: Mark Collins <me -!
- thisisnurgle -
org -
uk>
To: declan -!
- well -
com
Subject: Re: FC: Politech challenge: Decode Al Qaeda
stego-communications!
Date: Wed, 10 Jul 2002 16:58:42 +0100
In-Reply-To: <5 -
1 -
1 -
6 -
0 -
20020710085405 -
01b30590 -!
- mail -
well -
com>
This whole "Terrorists using Steganography" thing is BS. A company
called
iomart is, as far as I can tell, the only people actually claiming to
have
discovered anything related to terrorism in images, and even then, their
results are a lil' questionable.
===
Mark 'Nurgle' Collins
http://www.thisisnurgle.org.uk
Stupid IRC quote of the <variable time period>:
<keyDet79> fortunately the outside world (with which u are obviously not
familiar with) fears script kiddies,
---
Subject: Re: FC: Politech challenge: Decode Al Qaeda
stego-communications!
From: Shaya Potter <spotter -!
- cs -
columbia -
edu>
To: declan -!
- well -
com
Date: 10 Jul 2002 14:12:15 -0400
repost?
message on politech
http://www.politechbot.com/p-02638.html
research of ebay (same time period) yes it could have changed, but
where's the evidence.
http://www.citi.umich.edu/u/provos/stego/abc.html
on the issue of azzam.com I think I read about this a bit ago, wasn't
this the site that the pictures changed (such as bin laden facing
different directions) and the appropriate agencies felt that this was
meant for giving messages. If so, its basically a one time pad which
can't really be broken, until one gets rid of that property by
accumulating lots of data points.
---
From: "Quinn, SallyAnn" <SallyAnn -
Quinn -!
- westgroup -
com>
To: "'declan -!
- well -
com'" <declan -!
- well -
com>
Subject: RE: Politech challenge: Decode Al Qaeda stego-communications!
Date: Wed, 10 Jul 2002 17:23:56 -0500
MIME-Version: 1.0
I can't believe this is back. Niels Provos and Peter Honeyman
at the Center for Information Technology integration at U Mich drove a
stake
through the heart of this rumor last fall by scientifically
analyzing 2 million images from e-Bay and 1 million images from USENET.
Their conclusion is: "...we are unable to report
finding a single hidden message."
The study can be viewed at:
http://www.citi.umich.edu/u/provos/papers/detecting.pdf
Oh, Gina Kolata's stories are highly suspect. She interviewed PGP's
author Phillip Zimmerman after 9-11, and wrote an article
insinuating the the algorithm was somehow the terrorists' best friend
and that Phil was quite happy about it.
Sally Ann Quinn, Software Test Engineer
West
50 East Broad St., Rochester, NY 14694
Mail Drop A1-N135
Tel (585) 546-5530 x3243
---
Date: Wed, 10 Jul 2002 16:43:16 +0100
From: Pedro F <pedrof -!
- mail -
pt>
To: Declan McCullagh <declan -!
- well -
com>
Sender: Pedro F <pedrof -!
- mail -
pt>
Subject: Re: FC: Politech challenge: Decode Al Qaeda
stego-communications!
Declan,
concerning this subject, please see this old article from Newsbytes.
I've
made a search in the (old Newsbytes and now) TechNews.com but find
nothing
on this subject so I can't give you the link for the article.
On this subject, see also the search page on Wired
(http://search.wired.com/news/default.asp?query=Steganography). For a
new
application to be released this week, "known as Camera/Shy and is a
browser-based steganography program that can hide data inside GIF images
on
any Web page", see "App Delivers Censored Content"
(http://www.eweek.com/article2/0,3959,361950,00.asp).
best wishes
pedro
No Hidden Messages At Pro-Bin Laden Site - Experts
By Brian McWilliams, Newsbytes
BLOOMSBURG, PENNSYLVANIA, U.S.A.,
12 Dec 2001, 3:51 PM CST
Photos at an anti-American Web site that provides information about
Jihad
are unlikely to contain hidden messages for terrorists, experts said
today.
A review today of dozens of photos at the Azzam.com Web site turned up
no
evidence that the images contained steganographic content, according to
Niels Provos, an expert in the technology.
A report in the Dec. 17 issue of Newsweek said British and U.S.
intelligence sources suspected some of the site's photos and graphics
contain secret messages for Al Qaeda terrorist operatives.
Domain registration records indicate Azzam.com is operated by Azzam
Publications of London, an organization believed to include Osama bin
Laden
supporters, according to the Newsweek report.
Provos' findings were independently confirmed by a researcher at
security
consulting firm Bindview Corporation who goes by the nickname Simple
Nomad.
[...]
---
To: declan -!
- well -
com
Subject: azzam.com Stego CONFIDENTIAL
Date: Wed, 10 Jul 2002 19:19:48 -0400
(Please don't put out my email address.)
I tried a little stego searching on azzam.com. Seems like all the images
were
at 66.197.135.110 so I mirrored the whole thing with httrack and used
stegdetect on all jpgs in the images directory. The list below are the
promising images, but I don't have the time or expertise to try to crack
them, and I don't know the reliability of stegdetect. Maybe someone else
can
take it from here.
# stegdetect ./*.jpg | grep "false\|\*"
./abubakr14.jpg : jphide(*)
./amarsmall.jpg : jphide(**)
./campxrayprisoners1.jpg : skipped (false positive likely)
./harithbahraini.jpg : jphide(*)
./iraqduniafalehsmall.jpg : skipped (false positive likely)
./iraqmuhammed.jpg : outguess(***)
./khartashoihomeruins.jpg : jphide(*)
./productspursuitsmall.jpg : jphide(**)
./productsrussianhell.jpg : jphide(*)
./shaheeddiraarsheeshani.jpg : jphide(***)
./shaheedhammamnajdi.jpg : jphide(***)
./shaheedharithbahraini3.jpg : jphide(**)
./shaheedjamaludeenaljazairi.jpg : jphide(*)
./shaheedkhalidqatari2.jpg : jphide(**)
./shaheedmuazqatari.jpg : jphide(*)
./shaheedmuslimturki.jpg : jphide(**)
./shaheedthabitdaheishi.jpg : skipped (false positive likely)
./shatoihomerussians.jpg : jphide(**)
./storiesharbi2.jpg : jphide(***)
./storieszubair1.jpg : jphide(***)
Also in 66.197.135.110/~azzam/afghan/images/photos I get these possible
hits
./tnchildwaits.jpg : jphide(***)
./tnjawad.jpg : jphide(*)
./tnsameera.jpg : jphide(*)
---
To: declan -!
- well -
com
Subject: azzam.com Stego CONFIDENTIAL addition
Date: Wed, 10 Jul 2002 19:28:39 -0400
I just found that there are more possibles in
66.197.135.110/~azzam/qoqaz/images, if you want to send my last email
out,
please copy and add this to it. Sorry :)
More possibles here:
66.197.135.110/~azzam/qoqaz/images
./child3.jpg : jphide(**)
./crimes12.jpg : jphide(***)
./crimes14.jpg : jphide(*)
./crimes22.jpg : jphide(*)
./crimes9.jpg : jphide(***)
./dag2.jpg : jphide(*)
./dag20.jpg : jphide(**)
./dag24.jpg : jphide(*)
./dag25.jpg : jphide(**)
./dag27.jpg : jphide(*)
./dag29.jpg : jphide(*)
./dag32.jpg : jphide(*)
./dag34.jpg : jphide(*)
./dag35.jpg : jphide(**)
./dag36.jpg : jphide(*)
./dag41.jpg : jphide(**)
./dag45.jpg : jphide(***)
./dag54.jpg : jphide(*)
./dag58.jpg : jphide(***)
./db4.jpg : jphide(*)
./dead3.jpg : jphide(*)
./dead4.jpg : jphide(*)
./eidopabuansar.jpg : jphide(*)
./grozsupp1.jpg : jphide(***)
./grozsupp11.jpg : jphide(*)
./grozsupp4.jpg : jphide(***)
./grozsupp6.jpg : jphide(***)
./injured2.jpg : jphide(*)
./injured3.jpg : jphide(*)
./mass4.jpg : jphide(*)
./mass5.jpg : jphide(*)
./poss2.jpg : jphide(**)
./poss4.jpg : jphide(*)
./russianfear1.jpg : jphide(**)
./shaheed7.jpg : jphide(*)
./talhasmall.jpg : jphide(*)
./trio1.jpg : jphide(***)
./triohoriz2.jpg : jphide(***)
---
[From Brian. --Declan]
./66.197.135.110/%7Eazzam/images/campxrayprisoners1.jpg : skipped (false
positive likely)
./66.197.135.110/%7Eazzam/images/lands/worldsmall.jpg : jphide(***)
./66.197.135.110/%7Eazzam/images/productsrussianhell.jpg : jphide(*)
./66.197.135.110/%7Eazzam/images/productspursuitsmall.jpg : jphide(**)
./66.197.135.110/%7Eazzam/images/storieszubair1.jpg : jphide(***)
./66.197.135.110/%7Eazzam/images/shaheedkhalidqatari2.jpg : jphide(**)
./66.197.135.110/%7Eazzam/images/shaheedmuazqatari.jpg : jphide(*)
./66.197.135.110/%7Eazzam/images/storiesharbi2.jpg : jphide(***)
./66.197.135.110/%7Eazzam/images/shaheedhammamnajdi.jpg : jphide(***)
./66.197.135.110/%7Eazzam/images/abubakr14.jpg : jphide(*)
./66.197.135.110/%7Eazzam/images/shaheedthabitdaheishi.jpg : skipped
(false
positive likely)
./66.197.135.110/%7Eazzam/images/shaheedmuslimturki.jpg : jphide(**)
./66.197.135.110/%7Eazzam/images/shaheedjamaludeenaljazairi.jpg :
jphide(*)
./66.197.135.110/%7Eazzam/images/shaheedharithbahraini3.jpg : jphide(**)
./66.197.135.110/%7Eazzam/images/harithbahraini.jpg : jphide(*)
./66.197.135.110/%7Eazzam/images/shaheeddiraarsheeshani.jpg :
jphide(***)
./66.197.135.110/%7Eazzam/images/iraqmuhammed.jpg : outguess(***)
./66.197.135.110/%7Eazzam/images/iraqduniafalehsmall.jpg : skipped
(false
positive likely)
./66.197.135.110/%7Eazzam/images/amarsmall.jpg : jphide(**)
./66.197.135.110/%7Eazzam/images/khartashoihomeruins.jpg : jphide(*)
./66.197.135.110/%7Eazzam/images/shatoihomerussians.jpg : jphide(**)
./66.197.135.110/%7Eazzam/afghan/images/photos/worldsmostwanted.jpg :
skipped (false positive likely)
./66.197.135.110/%7Eazzam/afghan/images/photos/tnchildwaits.jpg :
jphide(***)
./66.197.135.110/%7Eazzam/afghan/images/photos/tnsameera.jpg : jphide(*)
./66.197.135.110/%7Eazzam/afghan/images/photos/tnjawad.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/sarajevo2.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/toronto2.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/madrid1.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/madrid3.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/shaheedthabitdaheishi.jpg :
skipped
(false positive likely)
./66.197.135.110/%7Eazzam/qoqaz/images/talhasmall.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/trio1.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/triohoriz2.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/grozsupp1.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/grozsupp6.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/grozsupp11.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/grozsupp4.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/dead3.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dead4.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/poss2.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/poss4.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/eidopabuansar.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/db4.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/shaheed7.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/injured2.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/injured3.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/russianfear1.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/child3.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/dag2.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag20.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/dag24.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag25.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/dag27.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag29.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/glossary/ak74.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag32.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag34.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag35.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/dag36.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag41.jpg : jphide(**)
./66.197.135.110/%7Eazzam/qoqaz/images/dag45.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/dag54.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/dag58.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/mass4.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/mass5.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/crimes9.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/crimes10.jpg : skipped (false
positive likely)
./66.197.135.110/%7Eazzam/qoqaz/images/crimes12.jpg : jphide(***)
./66.197.135.110/%7Eazzam/qoqaz/images/crimes14.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/crimes22.jpg : jphide(*)
./66.197.135.110/%7Eazzam/qoqaz/images/qzasplogosmall.jpg : skipped
(false
positive likely)
./stegdetect/jpeg-6b/testimg.jpg : jphide(***)
./stegdetect/jpeg-6b/testimgp.jpg : jphide(***)
./stegdetect/jpeg-6b/testorig.jpg : jphide(***)
./stegdetect/jpeg-6b/testprog.jpg : jphide(***)
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.