Anonymous Hacker Anonw0rmer: Unmasked By Embedded Data, Not Girlfriend’s Breasts

The escalating buzz around the recent arrest of Higinio O Ochoa III (a.k.a Anonw0rmer), of Galveston, Texas, just doesn't seem to subside even weeks after the incident. The person, an alleged member of the Anonymous-linked CabinCr3w, generated enough fanfare when reports of an FBI investigation tracking him down using a photo of his girlfriend in a bikini set the Internet ablaze.

It now appears, in a rather intriguing and tragic twist, the hacker was exposed after a rather simple error. It seems he either forgot or had no knowledge of the fact that EXIF data linked to every photo taken on a smartphone could expose his location and identity, according to ComputerWorld.

Most investigations into criminal activity famously wait for the alleged perpetrator to make the simplest of mistakes or act in haste to cover up tracks and this particular inquiry proved no different.

Ochoa, 30, a Linux administrator, is being charged by the FBI with hacking into US law enforcement agencies and also posting online the home addresses pertaining to more than 100 Los Angeles (LA) police officers.

It is still a mystery why the veteran hacker - Anonw0rmer - didn't think about the risks involved with one simple mistake of posting photos embedded with geo-tagging. It is a common knowledge that people do use EXIF data to organise their photos by date and location for creating personal albums in apps like iPhoto.

According to the FBI, Ochoa allegedly messaged on Twitter in February using the handle @Anonw0rmer, directing followers to a site where he had posted information stolen from various law enforcement agency websites.

The image of a woman, now identified as his girlfriend, was posted at the bottom of the site along with a sign reading "PwNd by w0rmer & CabinCr3w

Investigators collected those images along with several other photos from websites linking to Anonw0rmer and deduced that were indeed taken in a suburb of Melbourne, Australia. It was further ascertained that Ochoa had vacation photos on Facebook showing a recent trip to Australia, with a woman he identified as his girlfriend who lives in that same suburb.

The FBI officers successfully matched the time-stamps and the bathing suits of the woman in the hacker photos was wearing with the Facebook version and this identity confirmation lead to Ochoa's arrest on 20 March.

"It shouldn't be shocking that a hacker was taken down by such a simple mistake. Super, uber hackers sometimes act like regular consumers," says Gary McGraw, CTO of the software security consulting firm Cigital, according to ComputerWorld.

"Knowing that GPS data is being captured in every photo you take should be in the back of your mind. If it can be used for nefarious purposes, you can bet someone will try," writes John Breeden II in GCN (Government Computer News) on 18 April. "The episode should be a cautionary tale for anybody," he adds.