INVESTIGATION HELP NEEDED Hidden photos on an image hosting site As someone posted a few days ago on 4c 8c & here the search terms that give the cp results in the images come from the site img src at first look nothing really suspicious is to be seen on the site no really explicit photos of kids can be found other than upskirt, swimsuit, etc. except for when you look at the people a) commenting on the photos trading photos via mail (?) b) photos of flowers, cars, etc. commented by pedophiles talking about stuff other than in the photo
Can anyone please investigate this and see if there is more to this.
NOTICE THE COMMENTS ON A PHOTO OF A TRACTOR
screenshot of the tractor photo with comments
the tractor photo
screenshot of flower photos notice comments and SAME photo posted 10x in the album
BANNED URL SO CAN'T POST: /pharnisluvsyung/30034761.html?id=30034761
I have been banned on voat for asking help on this. I know for sure there are also misinformists there because only irrelevant topics get upvoted others get downvoted or just deleted like mine did.
DO NOT REPORT THE SITE THAT DOES NOT HELP they just shut it down and make it even harder to find this does not SOLVE anything
I've long since lost my steganography tools and not really wanting to dig, to be honest. Some quick thoughts: >copy the full-size image (not the file) to any other image utility I like irfanview and save it as the same type with good quality settings
They could be just fucking around, but their whole ethos disgusts me and I can't bring myself to look at it too long. The hidden thing is probably not another entire image, more likely a URL. You could maybe find this unencrypted in the file depending on how they operate.
Caleb Torres
Some of them might just be generated comments to make the website seem more active than it is.
Asher Hughes
I'm a shitty phone poster so I can't try right now, but can you open the original picture with winRAR? Old /b/ used this to share cp.
Elijah Cook
Look at the file name in You might be right. I'm not checking.
Juan Ortiz
I hadn't even noticed that yet. The pictures posted there are too small though, so they most likely won't contain cp. The originals on the Russian website may though.
Grayson Campbell
I tried opening it in rar or zip didn't work stegdetect didn't open anything I just can't find any other explanation
Liam King
Save a few different copies of the flower one and see if they have different hashes.
idk if it means anything but the photos with hidden content end with C8 or C6
Evan Jackson
Correct me if I'm wrong, but even if they have different file types, the same image should have the same hash correct?
Brandon Thomas
what do you mean originals this is from the site
Dominic Jackson
If hashes differ but the img res and overall appearances are identical (no filters, resize, blurring, etc), then steg is in use.
Austin Hall
Files are just bytes of data, so they should have the same hash regardless of file type. But if the file was compressed or saved using another program, it could have lost some of the original bytes from the original site.
Juan Gray
User has password protected albums classified under "kids"
This shit makes me sick. Can someone try using wget to detect metadata in the photos? I am learning how to right now but won't have time to finish before I start work.
I'm sure the real deal guys use a preconfigured pair of VMs, one containing Tor, I2P, IPFS, and other darknet onramps, while the second VM is the 'view' VM, and skip the 'website' shit. Pro points if it's two physical machines, one behind the other, with the gateway's uplink further clamped.
Not just amnesiac, but sandboxed/isolated behind a fascist darknet gateway.
Brayden Walker
It has to be zip. The file name should be "a.gif.zip". Not sure it matters, but I'm using 7zip to open it. The file won't open in vlc so I'm assuming you need to unzip all 5 to get the complete video.
An amnesiac OS doesn't help with canaries, they give away your IP. You need to be using Tor or another VPN, both in fact to be safe.
Bentley Jenkins
Ummm no, the VPN suggestion proves this isn't your living. Best way to avoid FreedomHosting like decloak is isolation behind a darknet gateway, no clearnet access.
Benjamin Thomas
Thanks for the info. So would this stop a canary from getting your IP? If you just used a VPN would the canary be able to resolve your real IP, since it would be sending the notification from your actual computer?
Charles Collins
So doesn't Tails solve this, as all of it's network activity is routed through Tor?
Ian Phillips
Use a hex editor that can do a diff of 2 files. A large number of differences will probably mean the images were compressed differently, while a smaller number may point to deliberate changes to the data. (Could just be the metadata though.)
Connor Lewis
weird that nobody checked a very obvious steg related to the piz case
Hard to trust a vpn you do not control, they all "claim" to be anonymous…
As long as Tails has no outside connection or dns leaks, or any other unknown exploits. I have never used it but I hear its secure?…I use "Whonix", a ltitle less mainstream
Aiden Diaz
I could be wrong, but last time I looked into TAILS it did in fact have a dns leak, this was a while ago however and the issue could have been remedied.
Joshua Garcia
it's so obvious he's not refering to mrp in the photo but something else
Personally I dont trust Tails simply because how "mainstream" it is, and how it is pushed as the defacto tor os. Hopefully I'm just overly paranoid.
Isaiah Cox
TAILs will stop application layer exploits. TAILs cannot save you if any clearnet-facing software is exploited, such as Tor router itself, the kernel, the network manager, etc. SELinux should mitigate this though, except for kernel exploits or in misconfiguration cases. Even VM isolation isn't perfect, Spectre+Meltdown crossed those lines and I'm sure that infoleak exploit is one of the tamer ones in the toolbag.
Yes, assuming VPN routing isn't strict. If it is strict and it routes over VPN, you're dumb to think the VPN won't sing on you.
Zachary Cooper
do you mean a tampermonkey script
Cameron Hill
I don't know what to think. Wikileaks promotes it, which could be viewed as a reason to use it. Snowden also recommends it, which makes me question its viability, considering he might glow with the lights off.
Jayden Turner
yeah i have no idea what i am doing but this thread has peaked my interest very much
Welcome to the world of what the fuck is the truth anymore :) Trust yourself, do your own research.
Camden Evans
s/peaked/piqued check'd
Brody Wood
No, they won't have the same hash if they're different file types.
Aaron Ortiz
Use it and Whonix as references and homebrew your own with a pair of extra systems.
Carter Morgan
This guy guessed correctly, it's steghide. The problem is though you need to get the password, hence they always have email or kik contacts. However, just the fact that there is an encrypted file within their pictures should be enough proof.
Jose Thomas
I was saying if they were the same file and you changed the file ext. Data is data. Obviously the file headers and such will change if they were totally different file types.
Asher Ortiz
Also, "isolating wifi" with a godlike password means nothing if the flare sweeps the channels spewing a covert distress code + identifiers, if it detects no clearnet + yes wifi card + no open wifi with clearnet, assuming kernel exploit to permit this, and assuming urban area cell towers also double as civilian wifi SIGINT collection stations.
Caleb Bailey
I have no idea how to help or else I would. I hope you good guys find these fuckers.
Charles Allen
Not code for anything. Breast buds are the primordial lumps which sprout on a pubescent girl's chest. Not yet breasts but still not flat like a boy's. Girls will start to bud as soon as puberty begins, so anywhere from 8 to 10 years old these days. Conspicuous absence of buds, for example on the chests of a 16-year-old that it's being claimed is just a "late bloomer" are a fairly solid sign that she's actually a boy, because buds form so early.
I can. I prefer it. I don't want them to obfuscate. I don't want them to be smart enough to hide their statements. Now we know about tractors; we didn't know about tractors before. I prefer they be retarded. I prefer they be out in the open. We have to kill them all. We can't very well do that if we don't know who they are, right?
Isaiah Williams
P.I. user here. All you need to do is to establish probable cause, if we can prove that a crime has occurred or is likely to occur by following the STEG trail, the Feds will be able to secure the warrants and subpoenas needed to put these individuals away. I know little to nothing about steganography however. Any help this way is much appreciated.
Simply having encrypted/hidden data is not enough to get a warrant, the comments might make or break individual 'cases', but they can't get a blanket warrant for everything that's a violation of due process. It may be possible to brute force the password, crypto I'm a bit better at so maybe I can be of help, I'll look into the algorithms steghide uses
Cameron Collins
Along those lines, depending on how far the black project surveillance goes, DPA with smart power meters should pick up coded comms if the flare can make hardware with known power draw characteristics modulate power use. In physical penetration scenarios, mics getting coil whine could be used in a 1-2 punch on a totally isolated (no any-net) system.
Bah, I am digressing!
Logan Kelly
A steganographic file system, for example, is a partition of your hard drive hidden within the normal file system. Hidden not like a "hidden file" in the OS, but rather the bits which make up the partition itself are spread all around the hard drive rather than being a big lump of gigabytes all together. This hides the existence of the partition from data dump systems and makes all of the information look like junk data if you're just reading files straight off the drive.
Thomas Edwards
exactly I am against just shutting down the sites like the retards have done on voat.co seriously they are dumb asf I posted this there and a retard commented on the pop-ups he got from some game ??? like wtf trying to derail asf and they just shutdown sites (((Gaetanne Antat))) as if that solves anything
Hunter Phillips
Can you go into any detail why this over Tails? I don't know that much about this stuff and anything that is less well known will have less attackers. Curious why you like this one user.
Jackson Hernandez
Forgetting the password would net them less jail, but if only one is arrested so there's no Nash squeezing possible.
Doesn't this require a map of all written files to prevent collision on write?
Brandon Brown
But there's nothing hidden in those files. What another user suggested is probably the case, posts by bots smart enough to inject context into their comments. Files are too small, data is not compressed. At best there's URLs hidden somewhere in the pictures, which point to the real cp and it's those off-site pictures that perverted comments refer to. But I still think bots is more likely.
Grayson Perry
I'm the same user, but these threads are always useful to try to learn things from other anons who know about these things. I think we should all strive to know a bit about this type of stuff given the age we live in, but some of us might be "to old" to learn such a thing in depth.
Christopher Brown
One VM is the router, with one side facing the net and the other a virtual LAN (etherstub), hosting Tor with SOCKS port on the virtual LAN side, and a second 'view' VM with ONLY the virtual LAN for connection.
Oliver Taylor
Could it be something as simple as the images being different for users who are logged in?
Cameron Lewis
If the host is involved, then yes.
Jason Butler
Thank you user.
Wyatt Moore
It was just the first one I used, but I like how they have two vms, one handles all connects to tor, and the other runs your apps. Basically just isolates anything you run from the networking and routing.
Luke Scott
I like the sound of that, I really need to get into knowing my system better than I do. Everyday it grows much more important nowadays.
I hope all the anons who know how to do this type of thing can do it and hopefully bring them down.
Ayden Morales
I wish steghide embed WAV → Red Book audio CD → ripped WAV → steghide extract WAV worked.
I know steghide embed WAV → FLAC → WAV → steghide extract WAV works fine, I tried it myself.
Christopher Martinez
Good middle security solution, like Qubes or OpenSolaris 10 + Solaris Trusted Extensions (superior IMO, but dead now pic related).
If we can get a foothold into their little social media platform, we can skiptrace at least a few of them, everyone leaves a trail. Patience and persistence user.
Interesting theory. Sounds to me undercover is going to net the best results, the problem with that is it opens up the investigator to charges.
Leo White
Has to operate with sterile gloves. Can't be me now as I expressed capability here without a net-condom on.
Michael Bell
If this was the case wouldn't there be telltale signs in the scripting of the webpage that could be viewed in something like firebug or some other source viewing software or is it a setting on the server to specifically serve particular users other images?
Eli James
If done right, ie on the backend: no.
If the site is hosting injected code then maybe. Probably just sloppy on the webmaster's part himself than an injection.
Lucas Long
Think of a CMS as a program which takes database content and creates the page on the fly upon request.
Lucas Bailey
I really don't think it's bots because those users have their own albums with explicit photos of children.
Thomas Reed
I wouldn't recommend anyone do it unless they were prepared to accept the possibility of being caught up in their own net.