Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
9/22/2017 12:11:25 AM
Posted: 2/20/2006 9:18:08 AM EDT
http://fishbowl.pastiche.org/2006/02/19/the_perils_of_metadata



February 19, 2006
The Perils of Metadata

The Washington Post publishes an extended interview with a botnet-running hacker, known only as 0×80:

The young hacker… has agreed to be interviewed only if he isn’t identified by name or home town…

The article still has a lot of magazine-style colour:

Tall and lanky, with hair that falls down to his eyebrows, 0×80 almost never looks you in the eye when he talks, his accent a slurry of heavy Southern drawl and Midwestern nasality. He lives with his folks in a small town in Middle America. The nearest businesses are a used-car lot, a gas station / convenience store and a strip club, where 0×80 says he recently dropped $800 for an hour alone in a VIP room with several dancers.

There’s also an artfully disguised photo, presumably of 0×80:

With all this detail (and more) about 0×80’s circumstances and history, it’s a good thing the Post is keeping his identity secret. In a small town of a few thousand people, it would otherwise be pretty easy to track the hacker down from his description.

The article is then linked from Slashdot, where an astute commenter downloads the image and checks out the EXIF IPTC data:

Location: Roland OK

Roland OK is indeed a piece of small-town Middle America, population 3,000. Another commenter quickly finds the most likely used car lot, gas station and strip club.

I think there’s a lesson in there somewhere.
Posted to nerd at February 19, 2006 10:06 PM




here's the post article:


http://www.washingtonpost.com/wp-dyn/content/article/2006/02/14/AR2006021401342.html



....
In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.

Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as "0x80" (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands. At his behest, the commandeered PCs will begin downloading and installing software that will bombard their users with advertisements for pornographic Web sites. After the installation, 0x80 orders the machines to search the Internet for other potential victims.

....

Link Posted: 2/20/2006 9:30:29 AM EDT
reading that post article .... this kid is a real scumbag




He and his hacker friends are part of a generation raised on the Internet, where everything from software to digital music to a reliable income can be had at little cost or effort. Some of them routinely go out of their way to avoid paying for anything. During a recent conference call with half a dozen of 0x80's buddies using an 800-number conferencing system they had hacked, one guy suggests ordering food for delivery. Nah, one of his friends says, "let's social it." The hackers take turns explaining how they "social" free food from pizza joints by counterfeiting coupons or impersonating customer service managers.

"Dude, the best part is when you walk in, you hand them the coupon or whatever, they give you your [pizza], and you walk out," one of them enthuses. "Then, it's like, yes, I am . . . the coolest man alive."

"Dude, that's so true," echoes a 16-year-old hacker. "Free pizza tastes so much better than pay pizza any day."

0x80 expresses some ambivalence about this lifestyle and occasionally ponders what he should do next. He's toyed with the notion of going to a community college to get a degree in computer science, but the idea of getting an honest job with a legitimate tech company doesn't hold much appeal. "I'd probably have to take a pretty bad pay cut no matter where I worked," he says.

Asked whether he worries about getting caught, 0x80 stuffs his hands into his jeans pockets, shrugs his shoulders and looks down at his shoes. "To tell the truth, man, I'm sorta surprised they haven't caught me yet." He claims he doesn't care but then confesses that he dedicates quite a bit of time to covering his tracks. "I do stay up very late each night trying to make sure nobody is going to kick in my front door . . . If I do [get caught], I'm not all that worried. I've got enough money. I can always get a good lawyer."

Link Posted: 2/20/2006 11:32:50 AM EDT
Forget that kid, it's not his fault.

The guy you are looking for is named Bill, and he lives in Washington state. He's the real cause of all this.
~
Link Posted: 2/20/2006 11:43:56 AM EDT
So the guy puts his real location into his photo editor and gets nailed with it...

Nice.

Wonder how good that pay cut for a legit job is looking right about now??

Botnet scum need to be nuked from orbit.
Link Posted: 2/20/2006 11:49:33 AM EDT
[Last Edit: 2/20/2006 11:50:08 AM EDT by MillerSHO]
Loser

It's always about today, people like him NEVER think about tomorrow.
Link Posted: 2/20/2006 11:54:03 AM EDT
Roland.....

I used to buy Sunday beer in Roland.
Link Posted: 2/20/2006 12:57:21 PM EDT
The hacker-guy himself didn't put that info into the photo metatags; the photographer who took the pic for the newspaper did it.
~
Link Posted: 2/20/2006 2:20:57 PM EDT

Originally Posted By Sub-MOA:
So the guy puts his real location into his photo editor and gets nailed with it...

Nice.

Wonder how good that pay cut for a legit job is looking right about now??

Botnet scum need to be nuked from orbit.



nah, he gave the interview on the condition that he not be named and they don't mention the town he lived in. Then the photographer added the name of the town to the data attached to the image file and left it on when the published the photo to the web. So the photographer gave him away. ... I hope it was intentional.
Link Posted: 2/20/2006 2:27:07 PM EDT

Originally Posted By Red_Beard:

Originally Posted By Sub-MOA:
So the guy puts his real location into his photo editor and gets nailed with it...

Nice.

Wonder how good that pay cut for a legit job is looking right about now??

Botnet scum need to be nuked from orbit.



nah, he gave the interview on the condition that he not be named and they don't mention the town he lived in. Then the photographer added the name of the town to the data attached to the image file and left it on when the published the photo to the web. So the photographer gave him away. ... I hope it was intentional.



yeah, that would be a real travesty...

I hope when karma finds him it doesn't bother using any lube.
Link Posted: 2/20/2006 2:34:55 PM EDT
I work in the computer industry. The problem is nobody cares to go after these guys. Even if you do its hard to prove they actually did anything. I have seen corp break ins, personal computer intrusions, and more. Nobody cares. You just clean up afterwards and hope they didn't get anything good.

I have gone after a few people that have gotten into friends' systems. By the time I was done I was talking to the guy who had done the hack and had control of his botnet. Most of the time they are just script kiddies.

You too can do this exact same thing! Just download a few programs from the net. Mess around. And you too will be cracking computers in no time!

I bet if you guys have seen and know what I know you might not even own a computer. When you get into this stuff you begin to see just how deep the rabbit hole goes.

-Foxxz
Link Posted: 2/20/2006 2:40:28 PM EDT

Originally Posted By Foxxz:
I work in the computer industry. The problem is nobody cares to go after these guys. Even if you do its hard to prove they actually did anything. I have seen corp break ins, personal computer intrusions, and more. Nobody cares. You just clean up afterwards and hope they didn't get anything good.

I have gone after a few people that have gotten into friends' systems. By the time I was done I was talking to the guy who had done the hack and had control of his botnet. Most of the time they are just script kiddies.

You too can do this exact same thing! Just download a few programs from the net. Mess around. And you too will be cracking computers in no time!

I bet if you guys have seen and know what I know you might not even own a computer. When you get into this stuff you begin to see just how deep the rabbit hole goes.

-Foxxz



It amazes me how much the definition of "hacker" has changed in the past few years. It used to be a good thing, or a bad thing, depending on how the person used their knowledge....now, they've taken what was once called a script kiddie (annoying punk who likes to DDoS and other malicious attacks) and now refer to them as the "hacker" and it puts a bad light on it. There's not a damned bit of hacking involved in any of the crap these kids are up to today.
Link Posted: 2/20/2006 2:47:46 PM EDT
There is no spoon.
Link Posted: 2/20/2006 2:48:22 PM EDT
Hacking use to mean that you had some degree of talent, most of these shit birds are no talent and get all there tools from the web.

I am not a huge IT guru but this I know.
Link Posted: 2/20/2006 2:49:10 PM EDT

Originally Posted By Zack3g:

Originally Posted By Foxxz:
I work in the computer industry. The problem is nobody cares to go after these guys. Even if you do its hard to prove they actually did anything. I have seen corp break ins, personal computer intrusions, and more. Nobody cares. You just clean up afterwards and hope they didn't get anything good.

I have gone after a few people that have gotten into friends' systems. By the time I was done I was talking to the guy who had done the hack and had control of his botnet. Most of the time they are just script kiddies.

You too can do this exact same thing! Just download a few programs from the net. Mess around. And you too will be cracking computers in no time!

I bet if you guys have seen and know what I know you might not even own a computer. When you get into this stuff you begin to see just how deep the rabbit hole goes.

-Foxxz



It amazes me how much the definition of "hacker" has changed in the past few years. It used to be a good thing, or a bad thing, depending on how the person used their knowledge....now, they've taken what was once called a script kiddie (annoying punk who likes to DDoS and other malicious attacks) and now refer to them as the "hacker" and it puts a bad light on it. There's not a damned bit of hacking involved in any of the crap these kids are up to today.



Correct, but I use the "slang" terms when discussing with the general populace. Trying to explain proper terms to people is like complaining about the differences between magazine and clip.

-Foxxz
Link Posted: 2/20/2006 2:58:18 PM EDT
Actual real world statistics for prosecution of computer crime is about 5 percent. Most law enforcement agencies and prosecutors are ill equipped to handle computer crime investigations. The FBI and other federal agencies won't get involved unless there is a substantial dollar involved. The average bank robber nets between $1500 and $3000 per bank robbery and runs the risk of a lengthy prison term if he's caught. A hacker committing Identity Theft, Credit Card Fraud,or other computer related crime has little to fear from prosecution. If one wanted to be a criminal and had the computer skills which would you do? Rob a bank and have a 100 percent certainty of prosecution if caught or commit a computer crime and have a 95% chance of no prosecution whatsoever.

Link Posted: 2/20/2006 3:08:03 PM EDT
my main jobs is computers... so.. like so many of us i have to fix friends and relatives computers.. and relatives have kids.. and kids do stupid things.. download stuff they shouldna or click on the stupid popup.. and get their computer screwed...

to me it is the worms and the rootkits..

let me tell you this. i really don't beleive in vengence.. but if i was a tony soprano type guy (and in this case i wish i was) i would like show up one day with my 'crew' at one of these people's home catch them somewhere out in the open and do a job on their knees and arms with nice aluminum bats.... i would love to do this....

but i aint mobbed up.. so... whatayagonna do?
Link Posted: 2/20/2006 3:19:40 PM EDT

Originally Posted By Sub-MOA:
So the guy puts his real location into his photo editor and gets nailed with it...

Nice.

Wonder how good that pay cut for a legit job is looking right about now??

Botnet scum need to be nuked from orbit.



Or he put fake "real" info in it to mislead.... Misdirection Stanley...
Link Posted: 2/20/2006 3:23:23 PM EDT
[Last Edit: 2/20/2006 3:36:15 PM EDT by mikejohnson]

Originally Posted By Zack3g:
It amazes me how much the definition of "hacker" has changed in the past few years. It used to be a good thing, or a bad thing, depending on how the person used their knowledge....now, they've taken what was once called a script kiddie (annoying punk who likes to DDoS and other malicious attacks) and now refer to them as the "hacker" and it puts a bad light on it. There's not a damned bit of hacking involved in any of the crap these kids are up to today.



+1 there. I was just about to post the same-- good thing I read a couple posts first....


also might mention this guy probably hangs out on alt.2600, or similar site, and learned a couple phreaking tricks.

another thing-- he obviously wants to brag about his "hacking abilities" since the reporter interviewed him... if he knew his shit, he wouldn't be talking to anybody.


It sounds like there are many botnets out there, and he's just one... I doubt he wrote it. Its time to find punks like this-- why hasn't the .gov cracked down on this adware/spam/spyware yet?
Link Posted: 2/20/2006 3:26:58 PM EDT
[Last Edit: 2/20/2006 3:46:12 PM EDT by mikejohnson]

"Most days, I just sit at home and chat online while I make money," 0x80 says. "I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days." He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.



Also sounds, from reading part of the post article, that this loser modified a bot and made a simple trojan for IRC or some chat app, called a bot... very common in the chat/IRC world... and easy to implement/modify for a script kiddie.
Link Posted: 2/20/2006 5:28:15 PM EDT

Originally Posted By Zack3g:

It amazes me how much the definition of "hacker" has changed in the past few years. It used to be a good thing, or a bad thing, depending on how the person used their knowledge....now, they've taken what was once called a script kiddie (annoying punk who likes to DDoS and other malicious attacks) and now refer to them as the "hacker" and it puts a bad light on it. There's not a damned bit of hacking involved in any of the crap these kids are up to today.



Screw them and their inaccurate use of the word "hacker". I am a hacker in the original, good sense of the word. Hardware, software, crypto, math...I like to take it apart and see how it works.

The word for people who do illegal things is "criminal". Maybe 'cracker' (CRiminal hACKER).

Jim
Top Top