Did Fried Brain Cells Bag John McAfee?

How is it possible that John McAfee–John McAfee, the pioneer in protection against hacking, for goodness sake–was tracked down in Guatemala by a hack so simple it doesn’t really deserve to be called a hack?

Fried EggsFirst, Vice magazine posted a picture of McAfee snapped by an iPhone-bearing staffer who was visiting the fugitive. Then, the enterprising Twitter user Simple Nomad downloaded the photo and extracted the metadata from special headers, EXIF tags, embedded in most digital images. Based on longitude and latitude, the type of device used, and sometimes even the name of its owner, the metadata can reveal precisely where a photo was taken.

Revealing Details

This isn’t even cutting-edge stuff. The capability to glean information from image headers has been around for years in traditional digital cameras, says Johannes Ullrich, who heads the Internet Storm Center for the SANS Technology Institute. “Its original intent was to help you store information like what type of lens you were using, or the aperture setting. But as cameras became fancier, more information was stored in these headers.”

While few digital cameras have GPS capabilities, they–like cameras–are a given in smartphones.

Getting Tagged

Back in 2010, Ullrich tested the prevalence of EXIF tags. He collected 15,291 images from Twitpic.com, analyzed their EXIF data and found:

  • Approximately 10,000 images had basic EXIF information, such as camera orientation and resolution.
  • 5,247 included camera model.
  • 399 noted camera location at the time the photo was taken.
  • 102 included the photographer’s name.
  • The bulk of images with GPS information came from iPhones. (Apparently, iPhones store the most extensive amount of EXIF data.)

Wanna Peek?

Ullrich offered up a photo he took with his iPhone:

Johannes Ullrich

Here’s image’s EXIF information, as it appears when collected with a tool called exiftags:

EXIF tag

Take the latitude and longitude, pop them into a mapping site and…Voilà:

Latitude and Longitude

Taking Precautions

The complications this can cause for pretty much anyone are apparent, whether they’re an on-the-run millionaire or someone just skipping work for the day. If you want to avoid any trouble, disable the location services on your smartphone. You won’t be able to arrange your pictures geographically, but that could be a small price to pay.

Unfortunately, removing data from images you’ve already posted online is harder. “There are some commercial tools, but it’s nothing I would recommend to consumers at this point because it’s too hard to use and too expensive for the use it would get,” Ullrich says.

There’s also the of time and effort. You’d have to download the images you wanted to scrub and then rub them through one of the available EXIF tools. But if you’re determined to do it, take a look at exiv2 and ImageMagick, which can help you review and strip out the image’s header information.

But before you freak out thinking about of all of the pictures you’ve got on Facebook, Google+ or wherever, Ullrich notes that some sites strip out the metadata before it’s posted.

In fairness, a number of reports say it was an “unseasoned” Vice staffer who posted the photo without scrubbing the metadata.

Image: Wikipedia

Comments

  1. BY Donna says:

    Grammar mistakes like using “it’s” instead of “its” are inexcusable as in the sentence found in this article, “It’s original intent was to help you store information like what type of lens you were using, or the aperture setting. But as cameras became fancier, more information was stored in these headers.” The posssessive pronoun “its” should be used in this case and not the contraction “it’s” meaning “it is.” I hope this mistake was made by someone other than this award-winning reporter or maybe she shouldn’t have won all those awards.

    • BY Mark Feffer says:

      Donna, thanks for pointing that out. The mistake was made by me. Unfortunately, in the course of editing an article I sometimes miss these things, which is why I appreciate your note.

  2. BY Thyme says:

    Tsk! Tsk! Tsk!. Good for you, Donna. I pointed out Dawn’s plethora of contractions when she first started at Dice. Suffice to say, the last I heard, McAfee was going to be let out of jail (Or whatever!) All this drama, McAfree. I kept on thinking to myself…”Why does he not just come home”? Additionally, any 15 or 16 year old knows how to hack. And, to let you computer guru’s know…the real word is “Cracker”….not hacker. Are you listening Mark? Have a good day.

    • BY Mark Feffer says:

      Hi Thyme. Indeed I’m listening. I keep hearing different opinions from different people about “hacker” and “cracker” (and, yes, I do believe they’re credible people). I’m happy to use cracker in these instances, though, if people here think I should. Meantime, what’s the problem with contractions?

      • BY Ken says:

        Well if you want additional editorial police on this, isn’t the word “matter” completely missing from “There’s also the of time and effort.”? (Or did I miss the intended word?) :)

      • BY Ken says:

        I see I missed a comma in my first note. PS Personally I’d like “it’s” to indicate posessive and its the contraction forms. (You’re contracting two words, if there is a conflict with possesive, contract it more.) The grammar police outvote me on that one.
        I did enjoy reading “Eats, Shoots, and Leaves” (She is so particular, it’s hilarious reading.)
        And yes I intentionally replied to the first one and I probably was wrong when I thought I was replying to the second one.

  3. BY J Muhonjer says:

    My. Some of us missed all that fuss with contractions. Speed readers don’t have the luxury. We read for the gist and sense – and pay greater attention if we are taking the SATs. Or is that SAT’s?

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>