GCN LAB IMPRESSIONS

'Elite' hacker done in by everyday iPhone function

It’s always amazing to see how the biggest criminals eventually get caught. I mean, Al Capone probably murdered hundreds of people, yet he eventually went to jail for tax evasion. Probably more ironic was the story this week that an allegedly elite hacker from the Anonymous collective was captured because he didn’t understand how his iPhone worked.

Higinio O. Ochoa III of Galveston, Texas, allegedly a member of the Anonymous offshoot CabinCr3w, is accused of posting hundreds of home addresses for police officers to a website, and also linked to the Twitter handle @Anonw0rmer. For a while, the hacker was covering his tracks pretty well, because feds were having a hard time tracking him down.

You know that if a suspect is endangering police officers they’ll put a high priority on finding him. So the hacker was doing a good job -- up to a point.

Related stories:

GPS devices could put American soldiers at risk

Geotagged – you’re it!

Now, let’s leave that scene for a moment and head over to my house, where my wife was recently playing with her brand-new iPhone, the first one she’s ever owned. With a shock, she realized that all the photos she had taken over the past few weeks with the iPhone were tagged and time-stamped, and could even be overlaid onto a map, so that someone could see where her parents’ house upstate was located, since she had snapped several pictures there.



I warned her that the data was embedded in the photos themselves, so that if she shared them on Facebook or whatever, someone could extract that data and get personal information. That revelation was a little eye-opening for her, but it's nothing that a lot of iPhone users probably already didn’t know. The geotagging of photos isn't exactly a secret. That function can even be turned off, although there is some debate whether doing do actually stops the Global Positioning System data from being embedded.

Back to the hacker. He allegedly began taking sexy, though clothed, photos of his girlfriend and posting them along with taunting notes for the investigators. The photos were cropped to show the woman’s body, but not her face.

Investigators took those photos off the website and found that all of them were GPS- and time-stamped, just like the ones my wife took of her family or the ones you are probably taking with your iPhones, or other smart phones, every day.

Apparently, the hacker pics were all snapped in Australia. And guess what? The alleged hacker had vacation photos on Facebook showing a recent trip to Australia and a blonde woman who he claimed was his girlfriend. Investigators matched up the times and even some of the bathing suits the woman in the hacker photos was wearing.

Armed with this, they stormed the alleged hacker’s home in Texas and arrested him.

I’m sure none of you fine folks are hackers yourselves. But knowing that GPS data is being captured in every photo you take should be in the back of your mind. If it can be used for nefarious purposes, you can bet someone will try.

