Imagine a situation that you have got a photo and you need to find its author, what will you do?
The answer to this question will be all over this chapter, we will tell you what information ill-wishers can get from the received photo.
IP address of the person who uploaded the photo
Let’s suppose you have uploaded a photo to a file sharing or image hosting service. Both file sharings and image hostings always save quite a lot of information about the one who uploaded the photo, including their IP address, date and time of uploading. Some file sharings store the same information about the ones who view or download the photos.
But that's not all. Some file sharings even use employees and machine algorithms to analyze uploaded photos. For ordinary users this is hardly a serious threat, but for courier – drug dealers it is.
The most popular way to sell drugs involves selling prohibited items through some special marks. In short, the essence of it is as follows: the customer calls or writes to the seller, makes an order, pays for it. Then the courier travels and in the client’s area of residence in some secluded place makes a mark, for example, sticks it to the garage with sellotape. Then the courier takes a photo using the phone, uploads it to the image hosting and sends the link to the manager along with information about the place of the mark.
Sometimes the marks are placed over in advance, and the client is immediately informed about the place. In this case, we are interested in the photograph of the mark that the person is making.
At the largest Russian-speaking forum dedicated to the trade of drugs and psychotropic ones, even a special topic appeared. Here is its word for word text:
Dear users. We received irrefutable information that the service Radical has started over the anti-drug photo program. To be more precise, they arranged a real hunt for all the photographs of outright drugs, copies of the passport of the markers (who write confirmations for any sellers) and what is the most important the places of the marks.
All of you know that at least every second salesperson or customer uploads such pictures to Radikal or ipicture. Once there were no reasons for concern, these were convenient quick sites and everyone used them without fear. But now these services work directly with the Federal Drug Control Service, and all this data is sent directly to them.
According to our information, these photographs are also hunted by personnel of these services and special automated detection methods, meaning the photos are found by both special programs and specially trained people, moderators of the Radical.
Data about the photos (the pictures themselves and the IP addresses of those posting them) are collected and sent to be examined where they should be. Photos are collected and sent promptly, so the client on the hoard can already be waited for by the squad. That will be red-handed receiving. It is more than real.
What does this mean for ordinary users who have no relation to the drug business? Only that there is a high probability that the downloaded image will be analyzed, the IP will be saved and “if something happens” they will be transferred to the right place.
Do not exclude the possibility of data leak from photo hosting, especially since such examples are still fresh in memory. Once over 1.7 million user accounts, including logins, passwords and user information, were stolen from the popular photo hosting site Imgur. The most unpleasant thing in this story is that data leak became known only after three years.
The exact place to take a photo
You probably noticed that when uploading photos from a smartphone to some sites, such as social networks, they accurately determine the place of their creation and even offer to mark it on the map. Do you know how this happens?
The vast majority of modern smartphones and cameras by default add the GPS coordinates of the shooting location to the photo metadata. The data added to a photo is called EXIF (Exchangeable Image File Format).
EXIF is a standard that allows you to add additional information (metadata) to images and other media files, commenting on this file, describing the conditions and methods of obtaining it, authorship, etc. Information recorded in this format can be used by both the user and various devices, like a printer. The EXIF standard is extremely flexible (for example, it allows you to save the coordinates of the location taken from a GPS) and allows for extensive development, as a rule, cameras add information specific only to that particular camera to a file. Correct interpretation of this information can be made only by programs from the camera manufacturer.
As an example of the information recorded in the EXIF, one can specify the following:
- camera manufacturer,
- model,
- information about ownership,
- shutter speed,
- diaphragm,
- ISO,
- usage of flash,
- frame resolution,
- focal length,
- the size of the matrix,
- equivalent focal length,
- date and time of shooting,
- camera orientation (vertical / horizontal) for cameras with a built-in accelerometer,
- white balance type,
- geographical coordinates and address of the place of shooting.
The source is Wikipedia.
As you can understand from the information above, all the data is relatively harmless, except for geographical coordinates and addresses of the place of shooting.
How to find out where the photo was taken, based on the metadata? The first option is that you can check the EXIF-metadata of the photo, take the GPS coordinates from there and see the place on the map on Google.
The second option is that you can use a service like Pic2Map. It works very simply, as you just upload a photo, if the service detects GPS coordinates in the metadata, it marks the place where the photo was created on the map.
Do you think de-anonymization through photo metadata is just a joke? The hacker Higinio Ochoa, also known as w0rmer, a member of the hacker group CabinCr3w, thought the same when he was hacking into government websites and was uploading data about police officers to the network. And to make the hacking beautiful along with the data received he posted a photo of a busty woman with a printed greeting.
However, the metadata of the photo taken on the iPhone preserved the GPS coordinates of the place of its creation, which made it possible to identify the woman. And then, having studied her Facebook page, they managed to reach her boyfriend, who turned out to be the wanted hacker.
One nice morning 8 FBI agents visited Higinio Ochoa’s apartment for his arrest. His personality was identified thanks to a reckless act, like uploading a photo containing the GPS-coordinates of the shooting location to the network.
Not only Higninio Ochoa was let down by the GPS coordinates of the photo, John McAfee, the cyber security expert who created the same antivirus, also suffered from it.
At that time John was hiding from the government of Belize, that suspected him of murder. The charge was likely to be false, a fabricated case was required to extort money from the entrepreneur, and McAfee went on the run. But John did not want to escape and hide quietly and invited journalists to his office.
Journalists of Vice spent several days with the fugitive and even posted a photo of him. As you may have guessed, the photograph contained the GPS coordinates of the fugitive.
John was hiding in Guatemala.
Image Search
Probably, you already have a logical question, how can a search by pictures lead to deanonymization?
In fact, it can. For example, this is how I once identified the girl speaking to me. She shared only one of her photos with me, downloading which in the search, I found her pages on social networks.
How is this possible? A picture is nothing more than a collection of pixels, data, and also metadata; if the picture was published in public and indexed, one can find it.
The most popular search engine is Google Pictures, and I usually start searching with it. You can either download a picture from your device or specify a link.
The second one in my list is Yandex.Pictures.
The third search engine for pictures on my list is TinEye.
Getting valuable information from photo content
Here is a picture of a man. For information leading to his arrest the FBI is ready to pay $ 3 million. This is Evgeny Bogachev, about whom everything or almost everything is known today.
But 6-7 years ago it was the mysterious anonymous creator of the malicious software ZeuS, according to most experts, the best hackers' creations ever since the development of malicious software to steal finance.
Appeared in 2007, ZeuS personified a new era of malicious software, surpassing its competitors. ZeuS hit computers running the Windows operating system, the rights of the guest user account were enough to do harm. The total damage from ZeuS exceeded $ 1 billion. Almost all modern Trojans use the experience of ZeuS, and its author has taken the honorable first place in the list of the most wanted hackers.
FBI agents and independent experts did a great job of identifying the creator of ZeuS, but the first step was a photo taken from one computer, which was the temporary control center of the botnet. There was a photograph of a man in sun glasses. The experts did not have a chance to establish his identity, since a significant part of the face was closed, but they were able to analyze the vegetation on the photo outside the window. It was a palm tree, it was established based on it that the photo was supposedly taken in the area of Sochi or Anapa. That was what the media wrote at least.
And only a few years later, when the FBI published information, it became known for certain that Yevgeny Bogachev really lived in the city of Anapa at that time. So one palm outside the window helped to determine the location of the most wanted hacker in the world.
Have a look at the photo below: do you think this is an ordinary Russian tourist who was photographed in Amsterdam? Actually, this is Dmitry Smilyanets, that is the head of the Moscow Five cybersport team, and part-time hacker, who has been on the notice of the FBI for a long time.
It is not that simple. Dmitry Smilyanets is a member of a criminal gang that has stolen a total of over 160 million credit cards from the USA, Canada and Europe, the total damage from the activities of which exceeds 300 million euros. The FBI regularly viewed his social media page, and the photo from Amsterdam could not make them unhappy.
FBI agents, connecting their Dutch colleagues, phoned all the hotels nearby. So it was established Dmitry’s residence. In the morning the police visited him and a year later under the guard of FBI agents he flew to America, where he had trial.
Step-by-step instructions for searching data by photo
At the end we have prepared for you the most interesting part, which is the identification of the person by the photo. Imagine a situation that you had a picture of an unknown person and you really want to know who is depicted in the picture. Do you think it's impossible?
Actually speaking, it is really very difficult. But we will offer you a small check list.
First of all, it is necessary to understand whether there is no photoshop in front of us, since looking for a person by the photoshopped face is a waste of time. We have a separate chapter on checking photos on using Photoshop.
Then you need to look at the EXIF metadata whether there is anything interesting there.
How to check EXIF metadata on Windows, macOS, Linux, Android, iOS.
Next, the search engines by the pictures are connected, namely Google Pictures, Yandex.Pictures and TinEye. It was already told above about them, it works generally with well-known personalities. In the picture below I searched for the photo of Angelina Jolie, Google easily identified and found other images of the star.
Next, if you could not find it with the help of search engines, you can try a specialized search service in the social network vk.com FindFace. There were written a lot of good things about the service on the Internet, but it never helped me.
To use it, you will need to log in via VK and upload a photo of the wanted person. Then specify the gender, age range and some other data known to you. The system will offer you suitable, in its opinion, users of the social network Vkontakte.
That's how I searched for Angelina Jolie on VK.
Perhaps these are all the tools available to the simple user. The special services have their own solutions in the arsenal; however, even they, according to the reports of former employees, are not impressive with efficiency. It is much more effective to identify a person by the imprint of a voice, but we will tell about this in future chapters.