Year Zero Research/Weak Leads
Steganogrophy
Steganogrophy: the process of hiding data inside other data. For example, a text file could be hidden "inside" an image or a sound file. By looking at the image, or listening to the sound, you would not know that there is extra information present.
The Tools
- Stegdetect / Stegbreak
- Dictionary Dictionary containing all words from currently confirmed active Year Zero websites.
Currently, there is some conjecture (With backup provided by stegdetect) that there may be data hidden inside pictures on various government and resistance sites.
The following files have been flagged by Stegdetect as possibly being steg'd with jphide: (The number of stars indicate the level of certainty that hidden data exists, as reported by stegdetect)
105th Airborne Brigade
- memories_05.jpg : "***"
- memories_06.jpg : "***"
- air_03.jpg : "**"
- home_06.jpg : "**"
- home_05.jpg : "*"
- memoriam_03.jpg : "*"
- memories_03.jpg : "*"
- air_04.jpg : "*"
Church Of Plano
- church_07.jpg : "**"
Be The Hammer
I am trying to Believe
- menu_02.jpg : "***"
- whatis_05.jpg : "***"
- howdoes_08.jpg : "**"
- menuBkgd3.jpg : "**"
- whatis_07.jpg : "*"
- menu_04.jpg : "*"
- menuBkgd4.jpg : "*"
- menuBkgd6.jpg : "*"
- menuBkgd.jpg : "*"
- content_03.jpg : "*"
Consolidated Mail Systems
Another Version of the Truth
Hidden Images
Through brute force URL testing, 17 images have been discovered that are not referenced in the html source of the website.
They are all similar to images linked in the pages, but have small differences - which may or may not be clues.
00000.gif theory
There is currently a theory that this image may contain data: http://yearzero.nin.com/00000.gif
Close inspection of this image will reveal that it contains exactly 18 colors, most of which are in a pattern to the left. This pattern is reminiscent of how ASCII text, which has been converted to binary data, looks when drawn as a bitmap. Unfortunately, there are more color codes than just 2(1 & 0), and the rectangular boundaries are not all multiples of 8. It is believed, however, that there is data there. One would not post such a unique background image as a .gif unless it is necessary that the color values stayed clean.
Another interesting detail when looking at the color codes is that some of them correspond to the numbers of the images hidden on the yearzero minisite. Below is a list of the color codes used in the 00000.gif image, followed by a list of the image numbers.
Color Codes in decimal:
0,0,0
4,2,1
0,5,0
4,4,2
6,2,6
7,7,1
9,6,7
0,14,1
9,13,0
22,12,1
2,25,0
22,24,0
9,35,6
29,33,60
39,39,37
51,52,50
224,224,223
255,255,255
Image Numbers: 03, 07, 10, 12, 14, 19, 22, 25, 28, 31, 39, (86 = albumcover.jpg)
The image numbers that are used in the color codes are: 07, 12, 14, 22, 25, 39 The image numbers that are not used in the color codes are: 03, 10, 19, 28, 31 (and 86)
The color code elements that are not in the list of images are: 0, 1, 2, 4, 5, 6, 9, 13, 24, 29, 33, 35, 37, 50, 51, 52, 60, 223, 224, 255
While this may be a somewhat weak correlation, the color codes that correlate and the ones that do not are split exactly 50/50. It seems highly unlikely that this is merely coincidental.
It is possible that this image does not use standard steganography, so the chance of it needing a password is low. It is believed that any data may be hidden in plain sight, and is probably a plaintext message of some sort. Photoshop and a working knowledge of number systems are probably the best tools in this instance.