February 23, 2006
Written by Ryan Naraine
The Washington Post’s online arm has apparently been caught in a metadata gaffe that exposed the whereabouts of a 21-year-old hacker who confessed to controlling thousands of compromised PCs for malicious use.
The hacker agreed be interviewed by Washington Post reporter Brian Krebs on the condition that he not be identified by name or home town, but when the article was posted on the newspaper’s Web site, an accompanying photograph included metadata that pinpointed the location to Roland, Okla., a small town with a population of 2,842.
In the feature story titled Invasion of the Computer Snatchers, the hacker known online as “0×80″ (pronounced X-eighty) openly boasted about breaking into thousands of computers around the globe and infecting them with malware that turned them into botnet drones.
Posters to Slashdot noticed the photo location in the metadata of the photos (which have since been removed). Read the slashdot thread.