Man i have seen other DefCon Lectures too and the guys were screaming from laughter even if something was not very funny!! This guy made some excellent jokes and no response....tough audience! :P Nice Presentation!!!
10 years in jail for guessing passwords and distributing pictures yikes. certainly should be illegal but damn... 10 years... he must have done other stuff too
I have a prety simple idea for law enf.. how about equipping LEO agencies with laptops or other small devices , preferably capable of logging running say kali linux rolling or again, a similar distro specifically with kismet running, looking for with airodump-ng as well (logging with that too) the MAC address(es) of the stolen device(s).. think that might be helpful? At least to a degree.
Very cool video, the idea that the exif info could be used to track down criminals is pure genius (geo-tagging aside of course) , I guess one question is if the exif info of photos on Facebook or Instagram for example have been indexed. This seems like a really great way to recover stolen items. If only every digital device that takes pictures stored serial numbers.
Jack Kraken I would assume the compression would wipe the exif data. I could be wrong though. Definitely worth a try. He gave you the link to the tools. (Edited due to autocorrect fail)
Nerd Habit exif is not wiped on Facebook as if you take a photo with geotagging (picture from a camera with gps activated), Facebook asks you to set the place where the photo has been taken, and it's always the right place where it was taken.
Great example of hackers using their skills for good. In order to scrape the exif data from all flickr (or other source) does that means downloading all 4 billion images or can you scrape exif without downloading? What language did you program your scrape from php? Some older cameras do not have exif compatible metadata, what would you do in that case just call it a lost cause? Excellent presentation. Kind of sad that some hackers out there are more ethical than data mining/marketing companies. Great publicity for gadgettrak too, I'll remember the name. Congratulations.
+Eric Norton you meant burn it? haha Because when you just wipe it, the data is still there, you just lose the pointers to them. What you can do is to overwrite all the data and then format again
Some tracking software is embedded in the BIOS. Even if you format the device it will reinstall itself back onto the OS and report home. I had an Asus laptop that had this feature a long time ago. And once it gets turned on in the BIOS there was no way of turning it off even if you disabled it there!
but what if it's got a hidden partition? or something in the firmware? I'd just use a new harddrive, and make sure to spoof your mac after you reinstall on a new HDD.
Lets say I offer people a phone recovery service. People register there phones with me and upload the s/n of there device. I then sub-license with app developers to report back if any of there apps are running on a device with a s/n on a list I provide to them, they get a bounty for finding a device. Tell me how are is your wiping of the phone going to stop me?
I got involved with alot of dudes in my past who where crocks and would steal laptops. They paid me 10% of what it sold for to wipe the drives and install the OS. Needless to say they all ended up in jail and I got away with 20k for school. No joking was the easiest money I ever made. But now Im on the Up and Up and dont do black hat.
Man i have seen other DefCon Lectures too and the guys were screaming from laughter even if something was not very funny!! This guy made some excellent jokes and no response....tough audience! :P
Nice Presentation!!!
that's cause this mostly appeals to feds, and they don't have any sense of humor
Agent800 Hahaha maybe that's the case..
very tough ·~·
I thinks it's because you just can't hear the audience most of the time.
Funny enough, one of the faces wasn't actually blurred.
Clever use of GPS and cameras - which are really proliferating in electronics now.
10 years in jail for guessing passwords and distributing pictures yikes. certainly should be illegal but damn... 10 years... he must have done other stuff too
No, computer crimes is a harder punishment than for example rape or drug dealing :)
Nice guy, great conference.
Nice Job. That is work to be proud of Ken.
THANKS!
I have a prety simple idea for law enf.. how about equipping LEO agencies with laptops or other small devices , preferably capable of logging running say kali linux rolling or again, a similar distro specifically with kismet running, looking for with airodump-ng as well (logging with that too) the MAC address(es) of the stolen device(s).. think that might be helpful? At least to a degree.
Very cool video, the idea that the exif info could be used to track down criminals is pure genius (geo-tagging aside of course) , I guess one question is if the exif info of photos on Facebook or Instagram for example have been indexed. This seems like a really great way to recover stolen items.
If only every digital device that takes pictures stored serial numbers.
Jack Kraken I would assume the compression would wipe the exif data. I could be wrong though. Definitely worth a try. He gave you the link to the tools.
(Edited due to autocorrect fail)
Nerd Habit exif is not wiped on Facebook as if you take a photo with geotagging (picture from a camera with gps activated), Facebook asks you to set the place where the photo has been taken, and it's always the right place where it was taken.
Great example of hackers using their skills for good. In order to scrape the exif data from all flickr (or other source) does that means downloading all 4 billion images or can you scrape exif without downloading? What language did you program your scrape from php? Some older cameras do not have exif compatible metadata, what would you do in that case just call it a lost cause? Excellent presentation. Kind of sad that some hackers out there are more ethical than data mining/marketing companies. Great publicity for gadgettrak too, I'll remember the name. Congratulations.
Man, he didn't even get a chuckle out of his jokes. It was a good talk otherwise though.
He did, lots in fact. The audience is very quiet in the audio.
This guy is brilliant.
Sooooo always wipe the hard drive after you steal a computer/cellphone?
+Eric Norton you meant burn it? haha
Because when you just wipe it, the data is still there, you just lose the pointers to them. What you can do is to overwrite all the data and then format again
Some tracking software is embedded in the BIOS. Even if you format the device it will reinstall itself back onto the OS and report home. I had an Asus laptop that had this feature a long time ago. And once it gets turned on in the BIOS there was no way of turning it off even if you disabled it there!
but what if it's got a hidden partition? or something in the firmware? I'd just use a new harddrive, and make sure to spoof your mac after you reinstall on a new HDD.
and then change the serial numbers on every chip.
Lets say I offer people a phone recovery service. People register there phones with me and upload the s/n of there device. I then sub-license with app developers to report back if any of there apps are running on a device with a s/n on a list I provide to them, they get a bounty for finding a device. Tell me how are is your wiping of the phone going to stop me?
what was the crazywall software he mentioned. Multigo? didnt find anything
That grin at the end lol, so proud of himself
How can I search the EXIF Database?
Took a while to get up to steam, but this is a great talk!
Interesting...
What an ending.
I got involved with alot of dudes in my past who where crocks and would steal laptops. They paid me 10% of what it sold for to wipe the drives and install the OS. Needless to say they all ended up in jail and I got away with 20k for school. No joking was the easiest money I ever made. But now Im on the Up and Up and dont do black hat.
how do u spy on someone?
Cool
iss switched to linux in may
i already knew to be paranoid while online, now im fukn freaked, boogey data got all my shiet
has anyone download the tools
Good, I hate thieves!
A lot of these Def Con videos are really...meh.
I likeded dis 1 a lotz
it all depends what you are into...
how in the fuck do you take a picture from a laptop's webcam that is not yours ?? HOW
Blackhat had an ethics issue? I thought you had to have a 0day in your presentation to have a talk there
hi
No!
Imean, hello sir. gday 2u
k