February 19, 2006

The Perils of Metadata

The Washington Post publishes an extended interview with a botnet-running hacker, known only as 0×80:

The young hacker… has agreed to be interviewed only if he isn’t identified by name or home town…

The article still has a lot of magazine-style colour:

Tall and lanky, with hair that falls down to his eyebrows, 0×80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station / convenience store and a strip club, where 0×80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

There’s also an artfully disguised photo, presumably of 0×80:

With all this detail (and more) about 0×80’s circumstances and history, it’s a good thing the Post is keeping his identity secret. In a small town of a few thousand people, it would otherwise be pretty easy to track the hacker down from his description.

The article is then linked from Slashdot, where an astute commenter downloads the image and checks out the EXIF IPTC data:

Location: Roland OK

Roland OK is indeed a piece of small-town Middle America, population 3,000. Another commenter quickly finds the most likely used car lot, gas station and strip club.

I think there’s a lesson in there somewhere.

Update: In a comment to a Post blog entry, someone claiming to be 0×80 says:

funny is that that is way off from where i reside apprently from what i gathered from brian kreps was it was old metadata so im still safe. haha i guess luck is on my side :)

So who knows, maybe 0×80 dodged a bullet after all?

Update 2: On the other hand, in the comments to this blog entry, the journalist responsible to the article responds to the issue only with “I am aware of it, yes. Thank you.” You’d think that if he were in a position to say the metadata was wrong, he would have done so just to nip the whole thing in the bud.

Update 3: Another “no comment” in the live chat talkback for the original article (bugmenot required).

As you know we take our obligations with sources very seriously and I don’t want to comment about any speculation about sources.

Posted to nerd at February 19, 2006 10:06 PM
Comments currently disabled due to spam. If you want to comment on a post, email me, and I'll try to incorporate your feedback somehow.
Trackbacks <http://fishbowl.pastiche.org/mt-tb.cgi/701>
Comments

Those fields aren't EXIF - they're IPTC. Whereas almost all of EXIF is automatically generated by the camera, the IPTC fields need to be hand-entered.

As a couple of other Slashdotters noted, these appear to have been entered by The Washington Post photographer. It's probably completely routine for them. After all, that's what IPTC (International Press Telecommunications Council) fields were designed for: to help periodicals manage their huge number of digital photographs.

Posted by: Doug at February 20, 2006 06:14 AM (#link)

Oh man, I remember reading this article, unable to determine if the guy was a scumbag or just misunderstood. Suddenly, I feel a whole new world of unhappy for that guy.

Still, great sleuthing by whoever did it.

Posted by: Phil Renaud at February 20, 2006 06:44 PM (#link)

I hope this has consequences for the newspaper. I remember I thought about this when I first read the story. Sloppy journalism.

Posted by: Geir Smestad at February 21, 2006 03:41 AM (#link)

Somehow I am reminded of the old Benny Hill skit where the mob informant has agreed to be interviewed, but instead the interviewer is in the dark and the informants face is in the light.

Shortly after the interview a shot rings out...

Posted by: David M at February 21, 2006 04:35 AM (#link)

And what if this is a stock photograph, someone that concerened would not let a photo be linked to them.

Posted by: Alex at February 21, 2006 04:44 AM (#link)

"adware, also known as spyware,"

Adware and spyware are 2 different things... stupid jernolism... stupid english class...

Posted by: seventoes at February 21, 2006 07:22 AM (#link)

Subtle help from a journalist. Kudos! C'mon, the guy is a terrorist. Drop your sympathy tissues and grow up. He needs to be nabbed and prosecuted.

Posted by: Fellowes at February 21, 2006 07:22 AM (#link)

Subtle help from a journalist. Kudos! C'mon, the guy is a terrorist. Drop your sympathy tissues and grow up. He needs to be nabbed and prosecuted.

Posted by: Fellowes at February 21, 2006 07:23 AM (#link)

Oh my god -- I was looking for ways to add more metadata to my photos...I'm not so sure I want to do that now, maybe what we need is a good document / process for cleansing photos of metadata.

Posted by: Tanner at February 21, 2006 07:26 AM (#link)

Damn I Used to live in this junk hick town when I was in 7th grade. bunch of stupid hicks I do recall.

Posted by: JD at February 21, 2006 07:28 AM (#link)

His employers need to be convicted.

Posted by: John of Played Films at February 21, 2006 07:50 AM (#link)

"In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves."

LOL. The press is a bunch of idiots. Its not like thats a hard thing to do. and only 2,000? the 'scanning software he wrote' must be freaking slow!

Posted by: nitroburn at February 21, 2006 08:00 AM (#link)

I'm closing comments on this post: not because I don't want the comments, but because my server is a really, really small user-mode linux partition, and the comment script wasn't playing very nicely with the rest of the server when all the digg people arrived. :)

Posted by: Charles Miller at February 21, 2006 08:18 AM (#link)