Man i have seen other DefCon Lectures too and the guys were screaming from laughter even if something was not very funny!! This guy made some excellent jokes and no response....tough audience! :P Nice Presentation!!!
10 years in jail for guessing passwords and distributing pictures yikes. certainly should be illegal but damn... 10 years... he must have done other stuff too
Very cool video, the idea that the exif info could be used to track down criminals is pure genius (geo-tagging aside of course) , I guess one question is if the exif info of photos on Facebook or Instagram for example have been indexed. This seems like a really great way to recover stolen items. If only every digital device that takes pictures stored serial numbers.
Jack Kraken I would assume the compression would wipe the exif data. I could be wrong though. Definitely worth a try. He gave you the link to the tools. (Edited due to autocorrect fail)
Nerd Habit exif is not wiped on Facebook as if you take a photo with geotagging (picture from a camera with gps activated), Facebook asks you to set the place where the photo has been taken, and it's always the right place where it was taken.
+Eric Norton you meant burn it? haha Because when you just wipe it, the data is still there, you just lose the pointers to them. What you can do is to overwrite all the data and then format again
Some tracking software is embedded in the BIOS. Even if you format the device it will reinstall itself back onto the OS and report home. I had an Asus laptop that had this feature a long time ago. And once it gets turned on in the BIOS there was no way of turning it off even if you disabled it there!
but what if it's got a hidden partition? or something in the firmware? I'd just use a new harddrive, and make sure to spoof your mac after you reinstall on a new HDD.
Lets say I offer people a phone recovery service. People register there phones with me and upload the s/n of there device. I then sub-license with app developers to report back if any of there apps are running on a device with a s/n on a list I provide to them, they get a bounty for finding a device. Tell me how are is your wiping of the phone going to stop me?
I got involved with alot of dudes in my past who where crocks and would steal laptops. They paid me 10% of what it sold for to wipe the drives and install the OS. Needless to say they all ended up in jail and I got away with 20k for school. No joking was the easiest money I ever made. But now Im on the Up and Up and dont do black hat.
I have a prety simple idea for law enf.. how about equipping LEO agencies with laptops or other small devices , preferably capable of logging running say kali linux rolling or again, a similar distro specifically with kismet running, looking for with airodump-ng as well (logging with that too) the MAC address(es) of the stolen device(s).. think that might be helpful? At least to a degree.
Great example of hackers using their skills for good. In order to scrape the exif data from all flickr (or other source) does that means downloading all 4 billion images or can you scrape exif without downloading? What language did you program your scrape from php? Some older cameras do not have exif compatible metadata, what would you do in that case just call it a lost cause? Excellent presentation. Kind of sad that some hackers out there are more ethical than data mining/marketing companies. Great publicity for gadgettrak too, I'll remember the name. Congratulations.