 all right well I guess I'll just stand here I don't need my fancy iPad now to remotely control it anyway I was welcoming you guys to to Vegas I love coming here I've spoken at DEF CON before a couple of times and it's mostly black hat that I've spoken at it was like 12 years running and then I kind of got over it but I love I love coming out to Vegas I like to like people watch I gotta tell you the stretch pants thing is still in apparently and and these people clearly don't have mirrors at home right but I gotta I swear to God this this woman bought some like you know the baby's the baby jeans and it's got the name when I first saw her butt was so big it looked like two verbs I had I had no I was like be what anyway so welcome again this is shit I'd like to walk around this is my wife Birgit and my son whose name I won't tell you because I don't trust any of you guys so what we're going to talk about today is using social media as a cyber mule and what I mean by that is using different techniques that allows me to communicate with people by using other people's resources and then we're going to you know I'll define cyber mule and you'll see you'll see kind of what I what I mean by that and we're gonna look at this from the perspective of a bad guy and what they what their goals are I mean I know what their goals are because I think that way I just don't do it and then what I'd like to do is kind of talk about ways that you guys kind of get some audience participation outside of the Q&A they didn't know I was going to do that so that might not work well but we'll just see but my interest is is I I contend that what I'm about to show you is undetectable so once you see what I'm doing you be thinking about how you can detect it all right so what I want to show you is what's called a spectrogram a spectrogram is basically a graphic representation of a frequency at this spectral density of a signal and I'll explain what spectral density is but basically a sound has been piped through the spectrometer and what it does is it synthesizes graphics by the by the input audio signal and what they mean by spectral density is amplitude and amplitude measured as a is displayed as a gamma of the deltas and spectral density so that's what you're seeing with the yellow and blues here are gammas in the deltas between sound now that's actually Monty Python it says you know much that is hidden no Tim quite so one of the things that this is used for is the application for profoundly deaf people it allows them to have a visual representation of a audio signal and it helps them to to better hear and reproduce and speak and things of that nature so here's an actual example of one we're going to take a audio frequency and we're going to convert it into graphics now I think you can see the little line over here what this graph represents the horizontal is time the vertical is frequency and the amplitude as I said is represented by the gammas of the deltas and the Phi Kappa's so here let's play that all right so you could see you can pretty much see the drum hits right and you can see how the frequencies spike going up down below those are lower frequencies and they're pretty much straight because we can't hear those frequencies in the base drum doesn't doesn't produce sound at that frequency if I was to break this into 4-4 time you can see now we have these individual lines the unfortunate thing is that this shows how the Ramones don't have that good timing whenever they play so the A.O. let's go you can kind of see it the first the first guy here is A.O. let's go A.O. let's go so you can kind of you can kind of see how someone who can't hear could identify this with a visual application and so again you'll see right so if you guys could see that that's what I was talking about with the with the Ramones there so when as you can see by this graph those sound frequencies are being synthesized and it is a factor of the equipment or the spectrometer that can give a different representation of spectral density let's think of that as resolution sound resolution right depending on in your regular monitor you have to have a monitor that can support high resolution if we have a spectrometer that can analyze frequencies closer together like 24 bit 32 bit 64 bit sampling then it would have a better range of spectral densities so since these are gammas I'm sorry since these are deltas you can kind of see we're basically dealing with blue and yellow right because they're a delta and in this case the blue is representing some level of silence or the background what the blue is the mean frequency of silence I feel like Paul Simon all of a sudden any any old people in here got that so there's a flip side to this if we can take an audio signal and feed it into a spectrometer to get a graphic display why can't we take a graphic and feed it into the spectrometer and freak it out and see if we can produce a sound so what we've what I've done here is I've drawn see that's outstanding artwork isn't it see if I like die later on from whatever it is I'm going to do this is going to be worth money so here I've basically drawn from the top left which is the highest frequency that's about 20,000 kilohertz 20,000 Hertz 20 kilohertz yes and there and there we have time so let's take a listen at this guy I love that part it's just awesome it feels like I'm going into something you know so as you can see in this semi I was I was trying to draw it diagonally to be honest with you you could tell my state of mind at the time the the spectral density here is very tight right because the source was a graphic and the when the source was a audio frequency the synthesized spectral density was fuzzy and grainy like we saw whenever the original is a graphic here it is you know the perfectly separated gammas or deltas of the gamma and it's not the term gamma is used even though it's not really gamma what gamma really is is a voltage difference from your old cathode ray tubes and luminescence created based on a voltage input that's what a real gamma is but what we're calling gamma here is the difference in color and you can kind of see the blue outline but we have a straight on middle yellow a little bit fuzzy and the blue so if we look at the data map for this guy as we've said the vertical axis is our frequency see that horizontal is time and the amplitude is by the gammas so that this is all solid because I drew it that way which means the amplitude is right on that's a solid yellow because compared to silence silence is blue that's solid yellow there was no other sound so now I'm going to draw something a little bit more complex so rather than just a line I have multiple points this is again me trying to draw a straight line I don't know what I was doing there so now rather than just one basic isn't that awesome thank you good night so if you noticed where we have really solid yellow we didn't hear much sweet we heard static because it represents like a full frequency range of noise all at the same amplitude but once we were doing the variations then we could see up and down and blah blah blah blah right so this these are some examples of the flip side where we're feeding or I didn't feed it anything I drew the graphic and then created a wave file now what so what right here we are what does this have to do with Facebook and cyber mule goals for a bad guy are that they don't want to get caught right none none of us want to get caught if you do get caught don't have anything on you no ride and dirty right so and in this case what we're doing we're talking about covert communications or information right we don't want the I don't want the information on my person because the law enforcement will get it I want to be able to communicate like with that we want to communicate undetected that's kind of the big one right if I make a cell phone call I got a frequency going through the through the air you know if I send an email we've got data going along so we want to communicate in a way that is undetected hopefully I don't need any money trail right so I want access to this data for free and hell why not I want that data backed up I want my covert message backed up and I want it available anywhere in the world and we call that Facebook so the ramifications here if I can like divert just for a second is I can put all of my data on Facebook and I don't own it anymore right it's not mine I'm not going to get in trouble for it they might say well you know track my IP like in CSI or whatever but I stopped owning that data and they take care of it all for me in fact I can put apples on it right I can have certain people who can see it now obviously if law enforcement gets involved on the other end or if I type the word destroy in an email then they're going to have access to that data but in so far as a bad guy Facebook is kind of the perfect vehicle for us to be able to exchange information so we've got a bad guy persona and and this is actually somebody who's on Facebook that Johnny long insisted that I use this guy I don't know why but here's the bad guy his name is Mr. Poon Tang what y'all know him or something so law enforcement's got a whiff of Poon Tang right they know what and they want to stick it to Poon Tang and they want you know law enforcement wants Poon Tang because let's face it their law enforcement and it's really hard for them to get Poon Tang so here we have he's on the run we need comms offload storage redundant free ACLs global access so what we have here is Poon Tang was at a waterfall with Kevin Bacon they're hanging out I actually was Kevin Bacon I put it on there it's like he didn't remove it there's probably just some kid named Kevin Bacon but anyway it's still up there and so I'm just going to post this video now there is a little hint in this next video that I want you to to listen to you might want to sit on the volume sir because I it might be a little loud because it's a waterfall the waters like hitting oh yeah yeah yeah all right so here's the waterfall this is actually my wife and I at Snow Kwamili snuck will allow me what you right there you scared the shit out of me so what she said so okay when that I shot that video by the way thank you thank you almost as good as my drawing so did anybody get the hint did you hear something different huh well so you heard something up on the front end and then where I loaded that you heard like just the waterfall sound right and so I did that on purpose just so as you could you could see the difference in what we're doing here so I'm going to rip that analog well it's a digital signal but I'm going to rip the audio off Facebook and I'm going to analyze it now we can see here that my signal changed where it's like regular waterfall you can actually see a change in the decibel level right but what's interesting is that it maintains pretty much the same decibel level decibel level decibel level in each little segment note the spectrogram sorry I couldn't take it anymore all right so there's a couple of things that we want to look at with this guy the DB level drops right there as I said whenever we hear the real waterfall sound we have a consistent DB level on the bottom where each I'm going to call it the segment was playing back but we have a clipping at 10,000 Hertz does anyone know why that would be you know I don't know why I ask because I can't hear shit yes whatever you said Facebook processes audio and video into their format once you post that video that was actually posted to Facebook I mean I don't just make this stuff up that's go look up poontang and you'll see that video in fact friend poontang I'm around what that makes me poontang so we ripped the audio a couple of ways I used screen flow which is a Mac application that allows you to capture your screen and JD my man say hello to JD everybody yeah I do the same thing oh I'm over him already so that allows us to record as if it were a virtual audio cable and then of course we have a virtual audio cable product called audio hijack pro if you have a sound blaster you can all it's the what you hear interface so anything that you're playing is you can record whatever that that audio is so now that I've ripped that audio I'm going to take it and rather than drawing my spectrogram and processing that into sound like we've seen I'm going to push the audio in to see what the spectrogram looks like my is a mouse moving so it's going to load from the bottom and so this is that waterfall sound wait for it look at that so if you guys can't see this let's tweak this image a little bit that image up at the top was a synthesized graphic being illustrated in spectral density that allows me to recreate a map of Beirut in the waterfall sound yeah hell yeah I've got the coordinates 31.607 blah blah blah it says Beirut here you can make out the roads it's the level of detail that you can represent is outstanding so let's look at it the the other side remember when I said that the waterfall was the real waterfall I lied that was the real waterfall as our enemies have found that we can reason like men so let them find that we can fight like men Thomas Jefferson amen so the implications of something like this are pretty far reaching the ability to embed spectral density graphics in an analog frequency which can be transferred anywhere is pretty awesome now in this case the bad guy has to have a computer which he probably will somewhere but that computer on the net accessing Facebook probably not the smartest thing to do whenever you are accessing covert data sources right but I mean there I mean nobody's going to know it's there so what I did here was and I know you can't see it back there very well every here come on up here the this is me holding my cell phone up to the speaker and recording it so that's the equivalent of going into a cyber cafe playing my little video recording it and then taking it back offline and doing whatever I want with it it doesn't look like much in these guys but maybe along the bottom you can kind of make out those the letters in there there is an art to designing the input graphic in such a way that you can mess with the gamma ratios and you can change some of the algorithms and it uses a there's some different logarithmic functions that you can apply during the generation of the the gammas but that was just base right off the top no processing so and up at the top that that one's no good right the the top one that's the map of Beirut again I have not been able to get that right however this bottom one again this is a cell phone recording the damn thing off of the speaker the cell phone one is is pretty good so can you can anyone kind of guess why so let's take this a step further that's a little squiggly line and up at the top it says this is the time for all good men to come to the aid of their country so if you notice that's awesome the blank white background and the black lettering is the strongest contrast that I can get right now but also notice the positioning of that of that sentence it's placed at the very top of the document so it will map over to coordinates in a frequency range that humans can't hear so earlier with that lower that's why Beirut screwed up a little bit because it's a lower frequency it takes a lot of room and thus you could actually hear you could you could hear it there was something like a flange sound that you probably picked up on and that's because I was you're trying to saturate that signal now if I was only processing the graphic the Beirut image it would have come out fine but what I had to do was layer those sounds together and then pull the waterfall back and pull the graphic sound up enough to where you could read it but still have sound halfway decent so that you don't know immediately that something's up so if we take that we're going to reverse the process again this is straight off the bat that white and the little graphic now white is still a sound so here's what this sounds like a couple of things one the whole spectrum just sounds fine right and that was what the waterfall sound in this case if I wanted to hide that sound I'd have to find something that I could hide it in something that sounds like a waterfall which is why I chose it that's why we drove all the way out there actually there was another reason so the other thing that you'll see is the frequency range goes all the way up to 20 kilohertz it's not clipped at the 10 that Facebook clips it whenever they're processing audio because there's no reason for them to take up more data whenever they know people can't hear it so let's do something that's a little different I'm going to play huh that was it playing so let's do that again so watch the spectrometer and you'll see all of the frequency has been filtered because I have a high pass filter right there at the end that is only going to allow about 12.5 to 20,000 kilohertz through so that's filtered down and I know that since my graphic is up at the top it's going to be at around the 20k level right so if I go down just enough and put in whatever graphic I want we can reproduce reproduce new word reproduce thank you I didn't know what you were doing for a minute there the rain man came down here something oh you're like yes sir sorry so I was saying something what so the oh yeah yeah so the high pass filter pulls everything down and the interesting thing here is that the decibels stayed the same and that's something that you need to keep in mind here is that though we can't hear it you can see that it keeps a good and the level down here is is lower we're not peaking but it still has a decent decibel level and so there we have a and I can I can put this on any video I could put this anywhere YouTube or anything like that I couldn't put this one on Facebook but I could put it on a website anywhere and I think the the fact that I can have something you can't hear I can put messages that you can't hear somewhere on the web that you would never know were there and that you could read perfectly fine and that is using Facebook as your cyber mew mule and that's the show ladies and gentlemen