The Perils of Metadata

by Charles Miller on February 19, 2006

The Washington Post publishes an extended interview with a botnet-running hacker, known only as 0x80:

The young hacker... has agreed to be interviewed only if he isn't identified by name or home town...

The article still has a lot of magazine-style colour:

Tall and lanky, with hair that falls down to his eyebrows, 0x80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station / convenience store and a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

There's also an artfully disguised photo, presumably of 0x80:

With all this detail (and more) about 0x80's circumstances and history, it's a good thing the Post is keeping his identity secret. In a small town of a few thousand people, it would otherwise be pretty easy to track the hacker down from his description.

The article is then linked from Slashdot, where an astute commenter downloads the image and checks out the EXIF IPTC data:

Location: Roland OK

Roland OK is indeed a piece of small-town Middle America, population 3,000. Another commenter quickly finds the most likely used car lot, gas station and strip club.

I think there's a lesson in there somewhere.

Update: In a comment to a Post blog entry, someone claiming to be 0x80 says:

funny is that that is way off from where i reside apprently from what i gathered from brian kreps was it was old metadata so im still safe. haha i guess luck is on my side :)

So who knows, maybe 0x80 dodged a bullet after all?

Update 2: On the other hand, in the comments to this blog entry, the journalist responsible to the article responds to the issue only with "I am aware of it, yes. Thank you." You'd think that if he were in a position to say the metadata was wrong, he would have done so just to nip the whole thing in the bud.

Update 3: Another "no comment" in the live chat talkback for the original article (bugmenot required).

As you know we take our obligations with sources very seriously and I don't want to comment about any speculation about sources.

Previously: A Slice of Life

Next: Can you digg it?