While their public support of terrorist organizations is being dismissed with "anyone can claim to be Anonymous" their blind distribution of encrypted files containing information from outside entities may not even be known to the inner-most circles of the organization.
What encrypted files? One of the most common means of distributing Anonymous related information is through social media - especially through the distribution of image files. Little known to many outside the security field is that images can be used to hide information through a process called Steganography. For those not familiar with the topic here is an excellent whitepaper on how Steganography works as well as how to detect it. I have started using the StegDetect program from Outguess.org and have found some interesting results.
I recently started analyzing several images being re-posted by the Twitter handle @YourAnonNews. Out of 51 images analyzed I found two images which returned "positive" as having embedded data, as well as two additional images which generated errors during analysis (possibly obfuscated?).
The first picture with a positive hit was an internet meme of the TV show "Game of Thrones".
The picture was re-posted by @YourAnonNews here: https://twitter.com/i/#!/YourAnonNews/media/slideshow?url=http%3A%2F%2Ftwitpic.com%2Fbqiggl
However the image originated from @57UN here: http://twitpic.com/bqiggl
Below is the image re-posted by @YourAnonNews
|Picture re-posted by @YourAnonNews - Click to Enlarge|
|Similar Meme Picture - Click to Enlarge|
Similarities between the two pictures:
Both are of the same content - with only a slight variation (text at the bottom)
Both are 72 dpi resolution
Both are 24-bit color depth
There are also some interesting differences between the two pictures.
The "Gym" picture is 600x461 pixels while the "Sandy" picture is 600x460 (Gym is one pixel taller)
The "Gym" picture is 69,919 bytes while the "Sandy" picture is 51,416 bytes (26% difference)
Error Level Analysis (ELA) using FotoForensics produces some interesting results.
|ELA - @YourAnonNews Reposted Image|
|ELA - "Sandy" image|
So the question remains - is there something embedded inside this image? I believe so. Unfortunately all of my attempts to crack the password failed. Whatever secret this image holds we may never know. But I believe it definitely holds a secret.
It was suggested in the comments below that this is simply a result of resizing or cropping the image. As such I cropped both images as suggested...and this provided some rather interesting results.
|Suspect steganography image "Gym" cropped|
|ELA of cropped "Gym" image|
More interesting is that StegDetect now throws an error instead of a negative/positive hit for steganography. "error: Quantization table 0x01 was not defined"
|Image "Sandy" cropped|
|ELA of Image "Sandy" cropped|
Al-Qaeda uses steganography - documents hidden in porn videos found on memory stick - http://www.infosecurity-magazine.com/view/25524/alqaeda-uses-steganography-documents-hidden-in-porn-videos-found-on-memory-stick/
Hidden Pictures: Steganography, Al-Qaeda and Anonymous - http://sofrep.com/15858/hidden-pictures-steganography-al-qaeda-anonymous/