22 comments

[ 3.1 ms ] story [ 59.1 ms ] thread
Why #EpsteinStegoSaurus? What could the PGP key being embedded mean?
This is a ELI10 version that I took from another post as a lot of this cryptography is above my level of understanding.

Posting this here because what I found elsewhere is probably incorrect and more conspiracy orientated, however it would be nice to hear what experts in the field would think this is used for.

>Someone distrusted who they were trying to contact at the NY post as being a read editor in charge. They had the NY Post alter a published Epstein photo sent on a web site for the world to see, that had a hidden message in it. The message was not meant to be found easily and was for one person, a public whistle-blower or snitch, to see. The message is a PUBLIC encryption key meant to sent uncrackable images and file in future to the NY Post news desk. The person meant to see it now has a PGP public email key, and can send NY post their own even better PGP public email key now, and two may communication can start. The size of the PGP key found is overkill in size, a size only used by the CIA, or science researches. It's size makes it seem astronomical in size paranoia security.

1. Where, in the original "article" is this "10k" size of the PGP key ever mentioned? (All I can see is the "Result size: 9846", which looks like some sort of output from a steganography program, and that's the data it found's size in bytes. An exported PGP key could be of a reasonable bit length and still be 9KiB in size, depending on additional metadata on the key.)

2. Link to source image? How was the key found to be embedded in the image? The tweeter seems to "not have Internet" — of course not! — when asked?

This was the direct link he claimed in his twitter thread. https://twitter.com/_Luke_Slytalker/status/11693807432916049...

I'm not saying this is anything other than internet conspiracy stuff, and who knows if this guy is hoaxing everyone, however this is why I posted here because a lot of people more knowledgeable than me can chime in.

Thanks for your input.

It's internet conspiracy stuff... and what's worse, is that all of this is industrialized. Reading through that thread and the related tweets is just depressing. Please do not say what I am about to say as an attack... I just truly am horrified at what's going on and hope that shining a little light can help people discern truth from what is now an industry dedicated to sowing discontent and disinformation. We are but pawns stuck in the middle and I'm not sure what the right answer is.

I mean - take https://twitter.com/JacquelineMcNab/status/11695820154499440... for an example. Do these people really believe that Jack Dorsey is sitting there on his Aeron chair twiddling his thumbs and thinking, GEE I WONDER WHICH QANON FOLLOWER I SHOULD SHADOW-BAN TODAY? Or https://twitter.com/OuterLimits816/status/116943344838742425... - Twitter corporate is saying, "OuterLimits816 is trying too hard to expose the deep state. I should just gaslight him (or her) by randomly taking away their likes."

It really is fun to feel like you're "in" on a secret. I get it. Folks feel marginalized in their real life, and spending hours "researching" things and posting your findings on Twitter with like minded individuals - who praise you with likes and retweets about your amazing insight! - can feel intense. You may even feel like you're learning something (and sometimes you might actually learn something in the process!)

But it's not real. There's plenty of shady stuff going on. This isn't it. In fact the "people" praising you and egging you on - they may be random people PAID to do it. After all, https://en.wikipedia.org/wiki/On_the_Internet,_nobody_knows_.... We have real problems to deal with. Getting spun up about a post from a random Twitter user claiming that low order bits flipped randomly in a JPEG image represents a super-secret encryption key for covert communication is not one of them.

I just had to vent because stuff like this makes me absolutely vomit and despair for the future of our country.

Okay. How to regenerate whatever output from that JPEG the Tweet author claims to get? outguess emits random garbage for me over that URL.

(It's also not clear how to use this program from its own documentation, and the program has some QC issues…)

>How to regenerate whatever output from that JPEG the Tweet author claims to get?

No idea, that's why I posted here so someone that does know how to do this can either verify it as a hoax or a legit find.

The short answer: you can't reproduce it. Because it never happened in the first place. Not to mention that Outguess doesn't provide the "data type" of the output - you just get the bits. The entire thing is a badly-executed hoax.
I agree; I just thought simply asking first might help prove out that there's nothing here. Normally, I'd hard pass on "content" like this, but apparently enough people upvoted this to make it to the front page of HN.
I truly hope this post stays up and somebody knowledgeable weights in.
No evidence presented other than easily faked screenshot. Crowd goes wild.

Pass.

At a minimum, an independent link to image and the URL for the image on the Post's website should be easily found. Neither are.

I'm inclined to agree.

* Commenters have to beg to get link to screenshot. OP tweets that he doesn't have Internet.

* No upload of supposed output.

* No reproduction instructions

* program doesn't actually emit the output in the screenshot if run over supposed input

* Banner present in screenshot that doesn't appear in this program's output (edit: ah, someone found a wrapper that does.[1])

* Confusion between output size in bytes of an encoded GPG key with all its metadata, and a cryptographic key's length in bits

* Outdated version of an ancient bespoke program that can barely build itself

Don't get your news or politics from Twitter.

[1]: https://news.ycombinator.com/item?id=20886905

My question: who was looking, and why? Is someone really checking every image on NY Post/other media sites for steganographically embedded data, or were they acting on a tip off? This whole thing looks extremely odd.
People were suspicious because the published NYPost photo appeared to be photoshopped or altered in some way. Not sure if it actually was but it caught on.
My guess is that this is either a false positive by outguess or something embedded by NY Post meant for internal use.

Edit: outguess is finding binary data in the file, but the binary data is 57643 bytes, far larger than a PGP key. outguess 0.13 supposedly finds a smaller payload... Yeah my guess is just false positive.

This is very much an extraordinary claim and IMO is entirely without merit.

For those who do not know anything about steganography, it is the science of hiding messages in the 'noise' of a carrier file. The carrier file is most commonly an image or a video. Since image and video files are so large, and the eye cannot detect minor differences in low level bits (think the difference between the hex color #ff6600 used in the HN title bar... if you changed it to #ff6601 one day, you would not be able to visually perceive that the color changed, yet you've now 'hidden' a 1 bit in your image)

NOW back to this... in the late 90's and early 2000's the steganography thing was HUGE. As in, tons of research and home-grown tools were developed during this time. "Outguess" was one of those tools, and it looks like the one referenced from the Twitter screenshot.

Remember, at its most basic level, steganography is nothing more than 'flipping' the least order bits of 'something' - whether it's color indices in a GIF file, or in this case, a JPEG file. There's no "marker" that says HEY, STEGANOGRAPHY HERE. After all, that would defeat the purpose, no?

Therefore, this is PERFECT fodder for conspiracy theorists to hook in ignorant (not using in a derogatory fashion, just folks who don't know) laypersons into thinking there is something "hidden" by waving their hands with jargon and pseudoscience. Try it for yourself- run 'outguess' in extraction mode against ANY jpeg file and you'll get random data back. Voila! Hidden messages everywhere! Better yet ENCRYPTED HIDDEN MESSAGES! OH NOES!

Now this is not all to say that steganography has never been used for high level statecraft. Read all about FBI Operation Ghost Stories - https://www.fbi.gov/news/stories/operation-ghost-stories-ins....

TL;DR: a team of undeclared Russian spies (so-called 'illegals') lived inside the US for years, sending data back to Moscow. One of the ways they communicated with the "Center" was through - you guessed it - steganography. You can read all about how it worked in the criminal complaint here: https://vault.fbi.gov/ghost-stories-russian-foreign-intellig... - start at page 143.

It's important to say that using the LSB for steganography is trivially detectable unless the image is enormous and the hidden data is small.

There's been some work of the best ratio but I can't find it at the moment.

Interesting to see this go from the front page to well past 100 in only a few minutes.
I don't even see it in the top 500 anymore....although maybe I overlooked it when scrolling too fast.

Nvm, upon review this post is now Flagged.