Two Harvard students have unmasked around 229 drug and weapon dealers with the help of pictures taken by criminals and used in advertisements placed on dark web markets.
Do you know each image contains a range of additional hidden data stored within it that can be a treasure to the investigators fighting criminals?
Yeah it's true — "A picture is worth a thousand words."
Digital images come with basic metadata, as well as EXIF data that contains information about the device with which it was taken.
EXIF, stands for "Exchangeable Image File Format," may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it's creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken.
If a criminal, let's say a kidnapper, has taken a photo or video of their captive from a GPS enabled phone or camera and send it as proof of life to victim's family for ransom, the police would be able to trace back the kidnapper to the exact location where photo was taken.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
"In our investigation, we searched for the presence of these geotags in the images of items for sale on darknet market sites," the pair say in a blog post. "Using Python and bash scripts, we checked each image's EXIF data for longitude [and] latitude data, saving the coordinates for each geotagged photo and its file path to a text file."
The duo found 229 images that contained unique GPS coordinates which, unless spoofed, can be used by investigators to locate the places where the photos were taken within the range of two kilometers.
Higinio O. Ochoa III, a.k.a Anonw0rmer, an alleged member of Anonymous-linked CabinCr3w hacking team, who was responsible for hacking into the United States law enforcement agencies and releasing the personal information including phone numbers and home addresses of police officers.
He took picture of his girlfriend's boobs using his iPhone and posted it on Twitter without realizing the picture contained GPS data pointing directly to his house in Melbourne, Australia.
While the majority of metadata in photos is harmless, but removing EXIF data, especially geo-coordinates, is a smart idea, if you are privacy-conscious.