
NY Post's photo of Epstein has a 10k PGP key embedded - aphextim
https://twitter.com/_Luke_Slytalker/status/1169373631358459909
======
aazaa
No evidence presented other than easily faked screenshot. Crowd goes wild.

Pass.

At a minimum, an independent link to image and the URL for the image on the
Post's website should be easily found. Neither are.

~~~
aphextim
This was the direct link he claimed in his twitter thread.

[https://twitter.com/_Luke_Slytalker/status/11693807432916049...](https://twitter.com/_Luke_Slytalker/status/1169380743291604992)

------
leetbulb
My guess is that this is either a false positive by outguess or something
embedded by NY Post meant for internal use.

Edit: outguess is finding binary data in the file, but the binary data is
57643 bytes, far larger than a PGP key. outguess 0.13 supposedly finds a
smaller payload... Yeah my guess is just false positive.

------
haste410
Why #EpsteinStegoSaurus? What could the PGP key being embedded mean?

~~~
aphextim
This is a ELI10 version that I took from another post as a lot of this
cryptography is above my level of understanding.

Posting this here because what I found elsewhere is probably incorrect and
more conspiracy orientated, however it would be nice to hear what experts in
the field would think this is used for.

>Someone distrusted who they were trying to contact at the NY post as being a
read editor in charge. They had the NY Post alter a published Epstein photo
sent on a web site for the world to see, that had a hidden message in it. The
message was not meant to be found easily and was for one person, a public
whistle-blower or snitch, to see. The message is a PUBLIC encryption key meant
to sent uncrackable images and file in future to the NY Post news desk. The
person meant to see it now has a PGP public email key, and can send NY post
their own even better PGP public email key now, and two may communication can
start. The size of the PGP key found is overkill in size, a size only used by
the CIA, or science researches. It's size makes it seem astronomical in size
paranoia security.

~~~
deathanatos
1\. Where, in the original "article" is this "10k" size of the PGP key ever
mentioned? (All I can see is the "Result size: 9846", which _looks_ like some
sort of output from a steganography program, and that's the data it found's
size in bytes. An exported PGP key could be of a reasonable bit length and
still be 9KiB in size, depending on additional metadata on the key.)

2\. Link to source image? How was the key found to be embedded in the image?
The tweeter seems to "not have Internet" — of course not! — when asked?

~~~
aphextim
This was the direct link he claimed in his twitter thread.
[https://twitter.com/_Luke_Slytalker/status/11693807432916049...](https://twitter.com/_Luke_Slytalker/status/1169380743291604992)

I'm not saying this is anything other than internet conspiracy stuff, and who
knows if this guy is hoaxing everyone, however this is why I posted here
because a lot of people more knowledgeable than me can chime in.

Thanks for your input.

~~~
deathanatos
Okay. How to regenerate whatever output from that JPEG the Tweet author claims
to get? outguess emits random garbage for me over that URL.

(It's also not clear how to use this program from its own documentation, and
the program has some QC issues…)

~~~
ipython
The short answer: you can't reproduce it. Because it never happened in the
first place. Not to mention that Outguess doesn't provide the "data type" of
the output - you just get the bits. The entire thing is a badly-executed hoax.

~~~
ipython
BTW this looks like the tool that could have created the output format from
the twitter screenshot: [https://github.com/DominicBreuker/stego-
toolkit/blob/master/...](https://github.com/DominicBreuker/stego-
toolkit/blob/master/scripts/check_jpg.sh). That repo has a Dockerfile so you
can build the Docker image to see if you can recreate their results.

------
busterarm
Interesting to see this go from the front page to well past 100 in only a few
minutes.

~~~
aphextim
I don't even see it in the top 500 anymore....although maybe I overlooked it
when scrolling too fast.

Nvm, upon review this post is now Flagged.

------
fredley
My question: who was looking, and why? Is someone really checking every image
on NY Post/other media sites for steganographically embedded data, or were
they acting on a tip off? This whole thing looks extremely odd.

~~~
creaghpatr
People were suspicious because the published NYPost photo appeared to be
photoshopped or altered in some way. Not sure if it actually was but it caught
on.

------
ipython
This is very much an extraordinary claim and IMO is entirely without merit.

For those who do not know anything about steganography, it is the science of
hiding messages in the 'noise' of a carrier file. The carrier file is most
commonly an image or a video. Since image and video files are so large, and
the eye cannot detect minor differences in low level bits (think the
difference between the hex color #ff6600 used in the HN title bar... if you
changed it to #ff6601 one day, you would not be able to visually perceive that
the color changed, yet you've now 'hidden' a 1 bit in your image)

NOW back to this... in the late 90's and early 2000's the steganography thing
was HUGE. As in, tons of research and home-grown tools were developed during
this time. "Outguess" was one of those tools, and it looks like the one
referenced from the Twitter screenshot.

Remember, at its most basic level, steganography is nothing more than
'flipping' the least order bits of 'something' \- whether it's color indices
in a GIF file, or in this case, a JPEG file. There's no "marker" that says
HEY, STEGANOGRAPHY HERE. After all, that would defeat the purpose, no?

Therefore, this is PERFECT fodder for conspiracy theorists to hook in ignorant
(not using in a derogatory fashion, just folks who don't know) laypersons into
thinking there is something "hidden" by waving their hands with jargon and
pseudoscience. Try it for yourself- run 'outguess' in extraction mode against
ANY jpeg file and you'll get random data back. Voila! Hidden messages
everywhere! Better yet ENCRYPTED HIDDEN MESSAGES! OH NOES!

Now this is not all to say that steganography has never been used for high
level statecraft. Read all about FBI Operation Ghost Stories -
[https://www.fbi.gov/news/stories/operation-ghost-stories-
ins...](https://www.fbi.gov/news/stories/operation-ghost-stories-inside-the-
russian-spy-case).

TL;DR: a team of undeclared Russian spies (so-called 'illegals') lived inside
the US for years, sending data back to Moscow. One of the ways they
communicated with the "Center" was through - you guessed it - steganography.
You can read all about how it worked in the criminal complaint here:
[https://vault.fbi.gov/ghost-stories-russian-foreign-
intellig...](https://vault.fbi.gov/ghost-stories-russian-foreign-intelligence-
service-illegals/documents/referrals-part-01-of-01/view) \- start at page 143.

~~~
DanBC
It's important to say that using the LSB for steganography is trivially
detectable unless the image is enormous and the hidden data is small.

There's been some work of the best ratio but I can't find it at the moment.

