urltea.com/14k5 -> blog.wired.com/27bstroke6/2007/08/researchers-ana.html
Forensics Ayman_alzawahiri Ayman_alzawahiri_analysis Neal Krawetz, a researcher and computer security consultant, gave an interesting presentation today at the BlackHat security conference in Las Vegas about analyzing digital photographs and video images for alterations and enhancements. Using a program he wrote (and provided on the conference CD-ROM) Krawetz could print out the quantization tables in a JPEG file (that indicate how the image was compressed) and determine the last tool that created the image -- that is, the make and model of the camera if the image is original or the version of Photoshop that was used to alter and re-save the image. Comparing that data to the metadata embedded in the image he could determine if the photo was original or had been re-saved or altered. Then, using error level analysis of an image he could determine what were the last parts of an image that were added or modified. Error level analysis involves re-saving an image at a known error rate (90%, for example), then subtracting the re-saved image from the original image to see every pixel that changed and the degree to which it changed. The modified versions will indicate a different error level than the original image. You can see the difference in the two pictures (below right) of a bookshelf. Krawetz added some books and a toy dinosaur to the original image -- both of which show up clearly in the second picture after he's completed the error level analysis.
Bookshelf_and_dinosaur But more interesting were the examples Krawetz gave of al Qaeda images. Krawetz took an image from a 2006 al Qaeda video of Ayman al-Zawahiri (above right), a senior member of the terrorist organization. The image shows al-Zawahiri sitting in front of a desk and banner with writing on it. But after conducting his error analysis Krawetz was able to determine that al-Zawahiri's image was superimposed in front of the background -- and was most likely videotaped in front of a black sheet. Krawetz was also able to determine that the writing on the banner behind al-Zawahiri's head was added to the image afterward. In the second picture above showing the results of the error level analysis, the light clusters on the image indicate areas of the image that were added or changed.
has a different error level DEL: , likely around the same time that al-Zawahiri was added, Krawetz says :DEL . Error level analysis shows that the books in the lower right-hand corner of the image have a different error level than the items in the rest of the image, suggesting they were added later. In fact the books register the same error level as the subtitles and As-Sahab logo. Further analysis also shows that the books have a different color range than the rest of the image, indicating that they came from an alternate source. Krawetz wasn't able to determine what the books were but says if they were religious books, they might have simply been added to lend authority and reverence to the video. It's also possible, he says, that such details could be added to a picture to send a message in code to al Qaeda operatives.
For those of you who think the software is better used to catch media manipulations of photos and video, Krawetz did present examples of these in his talk. And to "Ann" who commented that she doubts al Qaeda would put subtitles on a video, As-Sahab, the logo in the lower left corner of the two al Qaeda videos is the production arm of al Qaeda.
Ben Venzke of IntelCenter says his organization didn't add the As-Sahab logo. He points out that just because the error levels are the same for two items in an image, that doesn't prove they were added at the same time, only that the compression was the same for both items when they were added.
Aug 1, 2007 5:20:08 PM Ayman al-Zawahiri's beard also appears pretty light in the analysis results. Perhaps secret messages of terror are secluded within the beard.
Aug 1, 2007 5:56:38 PM It's time this program disappeared and it's creator sent off to the Gulag before he inadvertantly reveals that the Al-Qaeda threat is as real as democracy in America.
Aug 1, 2007 6:52:16 PM I just think that al-Qaeda's hideout is too squalid for a video, so they e-mailed the vid out and had it fixed up. And Al-Gwahir or whatever is too ugly for even makeup to fix.
It looks like some kind of Command and Conquer cutscene where the big bad supervillan terrorist commander is cursing you for you crushing defeat of his forces in genericmiddleeasterntownname.
Aug 1, 2007 7:35:09 PM This is pretty cool, but if one wanted to hide evidence of photoshopping, I'd think all you'd need to do is take a screen capture of your edited image and then compress and save that. Or maybe, in photoshop, just shift the entire image a few pixels, thereby making everything appear altered in analysis.
Aug 1, 2007 7:36:58 PM Wow, how am I not surprised that an interesting article about a handy tool that will bring fraudulent photos to light has only comments by loonies trying to make snide political comments. Go hug a homicide bomber if that's your thing, but this program has numerous potential applications that have nothing to do with your slactivism.
Aug 1, 2007 7:49:56 PM This should be a great new tool that will bring PS hacks to light, along with the other forms of analysis like inconsistent light source, pixel depth, color balance, focus, depth of field, jaggies, etc. Too bad you can't take a photo of hot girls on the street and have it tell you if her face and chest are original.
Aug 1, 2007 8:00:44 PM I'd really like to apply this technique to some of my more careful 'gimp' forgeries; since I match the exposure and white balance in all the source photos, and gimp doesn't add any signature of it's own (apart from a default comment which I can edit) or mess with the EXIF data at all, I don't think I leave much to work with.
Aug 1, 2007 9:01:50 PM The real way to get around this analysis would to be to work with an uncompressed (RAW) image from acquisition through post production. After a final jpeg is output, compression would be uniform across the image.
Aug 1, 2007 10:05:30 PM 'Denial Is A Political Party' - what's even more amusing is you bashing others for making "snide political comments" while making one yourself.
Aug 1, 2007 11:01:52 PM The wire services just called, they want Neal Krawetz to knock it the hell off. The all just bought the latest version of Photoshop and now they can't use it. They are going to send Jamil Hussein and Johnny Salami over to straighten him out.
Aug 1, 2007 11:41:32 PM wow, you'd think with the shitload of money the government both taxes and prints, they could have paid for the actors to come in and give their little terror speeches on a real set instead of doing green screen.
Aug 2, 2007 1:54:32 AM Too bad this is being used in the wrong area. How many times does the Press try to pull one over us by making the war efforts seem all the more successful and brave. I mean how many pictures do we see with the faces of the civilians photoshopped. They try to make the civillians look more angry or evil. I kid you not, I've seen some of the worst photoshopped pictures attempting to make it seem like everyone in the crowd behind the US soldiers were evil terrorists. and it made it look like just the faces of the people were smudged or something. Much like any other technology, in the wrong hands its useless.
Aug 2, 2007 1:55:06 AM @memals and others: Paranoia is the number one "disease" in the world today. To the paranoid there is a conspiracy behind everything. A paranoid loves nothing better than to make accusations with no proof...
Aug 2, 2007 2:15:32 AM Kim Zetter: I find the topic very interesting. Can you please amend the article to make it clear whether it talks about manipulating a video stream or a still frame? Obviously the former is an order of magnitude more difficult. As far as I can tell this presentation is not web accessible, but maybe someone else has found a link, would be greatly appreciated.
Aug 2, 2007 2:44:07 AM Great tool for busting the foto-cheaters. Will be interesting when this program hits the general public and we can check every foto in ...
|
http://csua.com/feed/