The dark web abounds in criminals, being the preferred marketplace to sell drugs, weapons, starter kits, arrange some type of foul play or promote the shadiest pornography. The encryption protocol of Tor keeps communication anonymous, making it hard to track them down; or so criminals think.
Two Harvard students have just proven otherwise after using GPS coordinates in pictures posted on the dark web to unmask 229 drug dealers. Although it’s become common among criminals to erase or disable altogether the metadata from JPG or TIFF formats, some weren’t that smart.
Paul Lisker and Michael Rose created an archive with pictures they saved from the dark web used initially by hackers to promote their services. The two collected some 223,471 unique images, out of which 229 revealed precisely where they had been taken because the EXIF data hadn’t been removed.
“First, it was common in many cases to observe sites, typically residential, surrounded by 5–10 tagged images separated by a few meters. This suggests the behavior of sellers who are careless on a regular basis, rather than the occasional forgetfulness of not stripping data or purposeful manipulation,” the pair said. “We also found several instances of these clusters incorporating listings on multiple sites, pointing to sellers with activities across the dark net and failing to strip their products’ location on any of the sites up.”
It was only a matter of time until someone took advantage of this negligence. Not removing EXIF data from photos posted on the dark web is a massive security failure since criminals use the dark web to protect their own anonymity and that of their clients. As well, researchers have found that not even the most popular marketplaces on the dark web, such as Agora or Silk Road 2, bothered to strip the metadata from the photos when they were up and running.