A month ago, Brian Krebs’ excellent Security Fix blog mentioned the problem of metadata mistakenly leaking information. Here’s an excerpt:
But metadata isn’t all bad — sometimes it helps law enforcement officials track down the bad guys. Case in point: In August, the FBI and Moroccan authorities arrested an 18-year-old hacker Farid Essebar, who went by the online screen name "Diabl0" for creating the "Zotob" worm that infected thousands of computers at a number of high-profile companies last summer.
Just this week, Brian has a fascinating interview with a 21-year old hacker in the Washington Post. An excerpt here:
The young hacker, who has agreed to be interviewed only if he isn’t identified by name or home town, takes a deep drag of his smoke and leans back against the couch to exhale. He smiles. This is his day job, and his work is finished in less than two minutes. In two weeks, he will receive a $300 check from one of the online marketing companies that pays him for his services.
"Most days, I just sit at home and chat online while I make money," 0×80 says. "I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days." He says his work earns him an average of $6,800 per month, although he’s made as much as $10,000. Not bad money for a high school dropout.
Here comes the irony: the SlashDot crowd pulled metadata from the photos to locate 0×80. One guy even has a link to a Google map that factors in other "color" references.
I suspect Brian wasn’t directly involved in the photo work, but it shows how leaky this stuff can be.
[Thanks to TaoSecurity for the links].