The Perils of Metadata

February 19, 2006 10:06 PM

The Washington Post publishes an extended interview with a botnet-running hacker, known only as 0x80:

The young hacker... has agreed to be interviewed only if he isn't identified by name or home town...

The article still has a lot of magazine-style colour:

Tall and lanky, with hair that falls down to his eyebrows, 0x80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station / convenience store and a strip club, where 0x80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

There's also an artfully disguised photo, presumably of 0x80:

With all this detail (and more) about 0x80's circumstances and history, it's a good thing the Post is keeping his identity secret. In a small town of a few thousand people, it would otherwise be pretty easy to track the hacker down from his description.

The article is then linked from Slashdot, where an astute commenter downloads the image and checks out the EXIF IPTC data:

Location: Roland OK

Roland OK is indeed a piece of small-town Middle America, population 3,000. Another commenter quickly finds the most likely used car lot, gas station and strip club.

I think there's a lesson in there somewhere.

Update: In a comment to a Post blog entry, someone claiming to be 0x80 says:

funny is that that is way off from where i reside apprently from what i gathered from brian kreps was it was old metadata so im still safe. haha i guess luck is on my side :)

So who knows, maybe 0x80 dodged a bullet after all?

Update 2: On the other hand, in the comments to this blog entry, the journalist responsible to the article responds to the issue only with "I am aware of it, yes. Thank you." You'd think that if he were in a position to say the metadata was wrong, he would have done so just to nip the whole thing in the bud.

Update 3: Another "no comment" in the live chat talkback for the original article (bugmenot required).

As you know we take our obligations with sources very seriously and I don't want to comment about any speculation about sources.

13 Comments

Those fields aren't EXIF - they're IPTC. Whereas almost all of EXIF is automatically generated by the camera, the IPTC fields need to be hand-entered.

As a couple of other Slashdotters noted, these appear to have been entered by The Washington Post photographer. It's probably completely routine for them. After all, that's what IPTC (International Press Telecommunications Council) fields were designed for: to help periodicals manage their huge number of digital photographs.

Oh man, I remember reading this article, unable to determine if the guy was a scumbag or just misunderstood. Suddenly, I feel a whole new world of unhappy for that guy.

Still, great sleuthing by whoever did it.

I hope this has consequences for the newspaper. I remember I thought about this when I first read the story. Sloppy journalism.

Somehow I am reminded of the old Benny Hill skit where the mob informant has agreed to be interviewed, but instead the interviewer is in the dark and the informants face is in the light.

Shortly after the interview a shot rings out...

And what if this is a stock photograph, someone that concerened would not let a photo be linked to them.

"adware, also known as spyware,"

Adware and spyware are 2 different things... stupid jernolism... stupid english class...

Subtle help from a journalist. Kudos! C'mon, the guy is a terrorist. Drop your sympathy tissues and grow up. He needs to be nabbed and prosecuted.

Subtle help from a journalist. Kudos! C'mon, the guy is a terrorist. Drop your sympathy tissues and grow up. He needs to be nabbed and prosecuted.

Oh my god -- I was looking for ways to add more metadata to my photos...I'm not so sure I want to do that now, maybe what we need is a good document / process for cleansing photos of metadata.

Damn I Used to live in this junk hick town when I was in 7th grade. bunch of stupid hicks I do recall.

His employers need to be convicted.

"In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves."

LOL. The press is a bunch of idiots. Its not like thats a hard thing to do. and only 2,000? the 'scanning software he wrote' must be freaking slow!

I'm closing comments on this post: not because I don't want the comments, but because my server is a really, really small user-mode linux partition, and the comment script wasn't playing very nicely with the rest of the server when all the digg people arrived. :)

Previously: A Slice of Life

Next: Can you digg it?