The image on the left has no hidden message while the image on the right conceals a hidden message generated using MuslimCrypt (image: Pixabay.com).
MuslimCrypt is a jihadi-made steganography and encryption tool unveiled in January 2018. The tool is meant to hide text messages within image files to allow secret communication among jihadis online. Part I in this series examined the tool's basic functionality and found that the tool appears to work as intended. MuslimCrypt was able to hide text messages in an image, and visual comparison of the resulting stego-image (the image containing the hidden text) with the original image showed little to no degradation in the image's quality.[1]
This report, Part II in the series, presents the results of an experiment in which a secret message was embedded in a JPEG image using MuslimCrypt and then transmitted online over a number of platforms used frequently by jihadis. This was done to provide a more realistic imitation of the operational setting in which jihadis may try to use the tool. This report will examine the effectiveness of transmitting stego-images on Twitter, Facebook, Instagram, WhatsApp, and Telegram (where MuslimCrypt was first unveiled), as well as on the encrypted email services Tutanota and ProtonMail. Although these platforms are used frequently by jihadis, this list is not comprehensive. With the abundance of online platforms and technologies at the disposal of jihadis, the number of possible uses of MuslimCrypt to send hidden messages online is nearly infinite.
The need to examine whether stego-images can be sent effectively online, rather than assuming that a stego-image will always be successfully decoded by the recipient, stems from the way digital steganography works. Unlike encryption, which is easily detected when implemented and which mangles data to make it incomprehensible, steganography aims to maintain the normal appearance of data by using an innocuous cover or communication scheme. To this end, a stego-image is generally considered to be robust if it withstands the various changes that influence it during any of the transmission phases. Such changes may include saving a stego-image under a different file format, like from JPEG to PNG, or by uploading the stego-image to a social media platform that applies image compression. MuslimCrypt's robustness is questionable as several of the stego-images generated by the program failed to be successfully decoded after being posted on Facebook, Twitter, Instagram, and WhatsApp. The same stego-images, however, were successfully decoded after being emailed on Tutanota and ProtonMail. The effectiveness of sending stego-images on Telegram depended on how the image file was uploaded onto the platform.
The full text of this report is available to MEMRI Jihad and Terrorism Threat Monitor subscribers.
Subscription information is available at this link.
JTTM subscribers can visit this page to view the report.
[1] See MEMRI JTTM report Analysis Of Jihadi Encryption And Steganography Tool MuslimCrypt - Part I: Background And Functionality, April 2, 2018.
Latest Posts
