Washington Post Leaks Info on Hacker

A botnet herder that goes by the handle of “0x80” wanted to brag about his “l33t sk1llz” to a Washington Post reporter. The hacker, wisely, asked for his identity to be protected (ironic, considering he uses botnets to commit identity theft), and the WaPo agreed to do so. However, the metadata of the photo that was posted online in the WaPo article included information about the location of the photo shoot.

You can read the whole article here at E-Week.

The Washington Post’s online arm has apparently been caught in a metadata gaffe that exposed the whereabouts of a 21-year-old hacker who confessed to controlling thousands of compromised PCs for malicious use.

The hacker agreed be interviewed by Washington Post reporter Brian Krebs on the condition that he not be identified by name or home town, but when the article was posted on the newspaper’s Web site, an accompanying photograph included metadata that pinpointed the location to Roland, Okla., a small town with a population of 2,842.

In the feature story titled Invasion of the Computer Snatchers, the hacker known online as “0x80” (pronounced X-eighty) openly boasted about breaking into thousands of computers around the globe and infecting them with malware that turned them into botnet drones.

In 0x80’s case, the hacker openly admitted to illegally installing adware and spyware on infected computers and earning money from online marketing companies that pay for advertisements delivered to users.

However, because of the metadata slip-up by the Washington Post, it is very likely that law enforcement authorities will be looking in the direction of Roland, OK to find the hacker, who was described in the story as “tall and lanky, with hair that falls down to his eyebrows,” and speaking with a “heavy Southern drawl and Midwestern nasality.”

The reporter also wrote that 0x80 lives with his religious parents in a small town in Middle America where the nearest businesses are a used-car lot, a gas station and convenience store and a strip club, where 0x80 claimed he recently dropped $800 for an hour alone in a VIP room with several dancers.

The article was published with several photographs, including one with a doctored image of half of the hacker’s face.

But, as eagle-eyed Slashdot posters discovered, the online images by photographer Sarah L. Voisin contained tags about the location of the shoot.

Immediately after the metadata discovery, the images were removed from the Washington Post’s Web site.

The Slashdot community, however, insisted on attempting to track down the hacker. Using Google Maps and other search-related data, the posters were able to figure out that the male population of Roland, Okla., was just over 1,300.

“Any flatfoot could find him in an hour,” said one Slashdot commenter who posted details of the metadata from the online image.

In internet lore, being “slashdotted” means that Slashdot.com links to your server or an online article that was written, and the crush of traffic coming from the slashdot article causes the site to go under. In this case, however, the hacker in Podunk, OK has discovered a new definition to being slashdotted. He will likely end up in jail soon, experiencing another type of lapdance, but he won’t have to spend $800 bucks on it.

And how is it that the American Media insists on protecting the identity of criminals? From the leakers of national secrets to hackers, the media believes that protecting the identities of criminals is more important than public safety and security. Way to go, WaPo. Your ineptness is what helps keep this nation safe. And congrats to slashdot for their mob justice.