Stegograms found on azzam.com

Declan McCullagh's Politech ^ | July 11, 2002 | Politech discussion group

[JohnathanRGalt]

Stegograms found on azzam.com

---

• Date: Thu, 11 Jul 2002 23:21:04 -0400
• To: politech@politechbot.com
• Subject: FC: Reply to Politech challenge: Stegograms found on azzam.com
• From: Declan McCullagh <declan@well.com>

---

Keep in mind that these claims of bin-Laden-stego are closer to unsourced speculations than verifiable fact. Perhaps an enterprising prankster has been posting attack-at-dawn plans in stego form, for instance. And when some politicos have used 9-11 as an excuse to talk about encryption restrictions, it makes sense to be appropriately skeptical, though not entirely dismissive.

Some of this looks like old news. I wrote about a similar claim in Feb 2001, as a followup to a USA Today article: http://www.wired.com/news/politics/0,1283,41658,00.html

Since then it has been a recurring theme: http://www.politechbot.com/cgi-bin/politech.cgi?name=steganography

Previous Politech message: http://www.politechbot.com/p-03735.html
-Declan

PS: Brian sent me his list as an attachment. I've put it at the end of this message.

---
Date: Thu, 11 Jul 2002 22:48:15 -0400
From: Brian Ristuccia <brian@ristuccia.com>
To: "Richard M. Smith" <rms@computerbytesman.com>, declan@well.com
Cc: list-geek@osiris.978.org
Subject: al-Qaeda stego on azzam.com

Richard, Declan, Fellow Geeks:

Preliminary checking with a tool called stegdetect shows that a large number of images on azzam.com may have hidden information encoded using an algorithm called jphide.

The site at http://66.197.135.110/~azzam has roughly 580 images and yields some 70 hits almost all for jphide.
. . . . . . .
.....( read rest of thread at Polytechbot.com )....

[JohnathanRGalt]

Previous Discussions:
Help stop the Taliban from collecting money on the web
Azzam has "A Friend in Pennsylvania"
Is the American government requiring American companies to host terrorist web sites?

[JohnathanRGalt]

Azzam -- Jihadi website ping!

[Maedhros]

bump

[Maedhros]

Do you know anything about this Stegdetect program? I'd like to run some websites through it.

[RightOnTheLeftCoast]

Wow! This is fascinating. Thanks for posting it. I subscribe to the politech list (it's free) but have been letting it stack up lately.

[denydenydeny]

One of the criticisms on the linked article is that "2 million images on e-bay and Usenet were searched last year and yielded nothing." But why didn't they look on Azzam.com, a place where we know the 9/11 hijackers lurked?

[JBBooks]

http://www.wetstonetech.com/index_ms.html

They make a great program called stegawatch. Ask for Robin, she's very helpful.

[brityank]

Eyemage IIE is a brand new piece of free software that allows you to encrypt with awesome security any file or text into a bitmap image. You can hide photos in photos, zip files in images and Word documents in diagrams then send those images to your chums who can decrypt them. Alternatively you can just keep them safe on your hard drive.

Try it; it's free and fun to play with. (Look in 'Windows Software'; plus you need IE to get to the page.)

[Grampa Dave]

Thanks for the ping!

[CapandBall]

ping - some Win based steg tools referenced here.

[Nogbad]

Do you know anything about this technique?

[JohnathanRGalt]

denydenydeny wrote: "One of the criticisms on the linked article is that '2 million images on e-bay and Usenet were searched last year and yielded nothing.' But why didn't they look on Azzam.com, a place where we know the 9/11 hijackers lurked?

-------------
From: "Quinn, SallyAnn"
Subject: RE: Politech challenge: Decode Al Qaeda stego-communications!
Date: Wed, 10 Jul 2002 17:23:56 -0500

I can't believe this is back. Niels Provos and Peter Honeyman at the Center for Information Technology integration at U Mich drove a stake through the heart of this rumor last fall by scientifically analyzing 2 million images from e-Bay and 1 million images from USENET. Their conclusion is: "...we are unable to report finding a single hidden message."
-------------
denydenydeny, you are right and SallyAnn is jumping to an unwarranted conclusion. That doesn't prove that the images on Azzam might not have secret messages -- only that the ones on e-Bay didn't -- at the time of the study. If you're going to look for secret communications from terrorists, why not look at a terrorist website, Duh.

As I understand the study, Provos & Honeyman were looking at e-Bay to establish a scientific control so when they found images that are altered by steganography they would have some statistical evidence to know the difference.

Steganography is a means of hiding messages. Encryption is what renders them secret.

Both are important in communicating instructions to operatives in the field.

But, more importantly, it's what Azzam does in the open -- in plain English or Arabic that is the most worrysome.

[Mitchell]

Do you know anything about this technique?

Steganography has its origins in the classical "null cipher," in which a message is hidden inside an apparently innocuous, but carefully constructed, message. (For example, the plaintext could be the third letter of each word in what looks like a normal message.)

More modern versions take advantage of the fact that images (some other file types could also be used) can be modified significantly without any apparent change to the viewer. So the bits of the plaintext could be placed in, say, the low bit of each red, green, or blue color intensity. This almost certainly won't change the visual appearance of the image, but the plaintext can be easily extracted by somebody who knows that it's there.

To use this in practice, one would presumably PGP-encrypt the plaintext first and then hide the PGP-encrypted message in an image using these steganographic techniques. What the steganography does is to keep people from even realizing that there is a secret message there, generally preventing attempts at cryptanalysis or even traffic analysis.

Recent programs are said to use techniques devised so that common statistical tests on the modified image won't look any different from the results of those tests on a normal, unmodified image. This would make it especially difficult to discern which images on the web or in Usenet might have steganographic content. (I haven't looked at the techniques used in programs like outguess, but it's all open-source, so you can see for yourself what they're doing if you're of a mind to. Check out the outguess web site, for instance, for more information.)

[JohnathanRGalt]

Azzam responded to the charges of 'Stegograms' here:

http://66.197.135.110/~azzam/afghan/news/news.php

Use the 'month view'.

---

13 December 2001 : Why is azzam.com being attacked in the media?

---

...
2) The second accusation is that the US officials 'fear the site is embedded with secret codes and instructions of use to militants including affiliates of Osama bin Laden's Al-Qaeda network' using steganography image-encrypting techniques. This is a laughable claim that is made against any media organisation that exposes the lies of the US. It was made before against Al-Jazeera TV and now it has been made against us. The US has apparently confirmed that this site is 'being monitored' and this in itself is an answer to the baseless claim above. What they are saying is that cells of terrorist 'sleepers' who try to hide themselves from society and intelligence whilst they plan for their terrorist attacks are going to go to perhaps the most well-known English language site on Jihad, which is almost certainly being 'monitored' by authorities, (having their IP addresses tracked in the process), and then download image files contain secret messages containing their instructions. Common-sense would dictate that such terrorists would stay away from high profile sites altogether for fear that accessing them might give them away. The real reasons for hostility to the site are given below.
......

[Capt. Tom]

Common-sense would dictate that such terrorists would stay away from high profile sites altogether for fear that accessing them might give them away. The real reasons for hostility to the site are given below.

Also common sense should stop us from blabbing about the discovery. You would want the Muslim terroristss to continue so you could solve the code and have a leg up in advance of an attack.

This business of warning the enemy that we know about their methods of communicating is dangerous.

They are not planning to steal cars- they are planning to kill as many Americans as possible. This is serious business and telling the public only endangers the public, since it also tells the Islamic terrorists we are on to them. - Tom