Case Study: Metadata Used to Track Craigslist Theft & Assault
We have been hearing a lot about metadata the last few months thanks to the ongoing revealing of NSA tactics and partnerships. Many have stated it is only “metadata” however there is a lot more to “metadata” than many think. I will use an example of a case I was involved in where a victim was targeted on Craigslist that led to an assault and theft of an expensive camera. The victim was in the process of moving and decided to sell a high end digital camera on Craigslist.
The victim was in the process of moving and decided to sell a high end digital camera on Craigslist and posted it. A supposed interested buyer contacted him and arranged to meet him at his home. The victim showed him the camera and the supposed buyer snatched the camera from his hands and punched him in the face. The assailant then ran to a running vehicle where a partner was driving and they sped off.
The police were contacted, took the report, but had very little information to go on to track the assailant and thief. The phone number used by the assailant was from a pre-paid SIM card and was not traceable and the email address was a throwaway with the IP address mapping to a public Wi-Fi hotspot.
The victim contacted me after using a tool I had build that tracks images posted online extracting metadata from them including the serial number of the camera that took them. I was able to confirm that the photo was in fact taken by the victim’s stolen camera three months after the theft and assault took place. By conducting additional scans utilizing additional tools I was able to find more images taken by the suspect with the same stolen camera, including photos of the suspect and friends smoking marijuana while driving and a photo the suspect’s speedometer at 110MPH.
In addition I was able to scan and identify other photos take by the suspect that were uploaded across various social media websites, many of them taken by other high-end expensive cameras. The suspect also uploaded several photos of large amounts of marijuana as well as he and his friends smoking it. He also uploaded photos of himself posing with various firearms information that can aid law enforcement in keeping them safe when they move in on a target with a warrant.
By mapping the usernames and accounts across multiple media websites I was able to identify the suspect’s name and business. The suspect promoted himself as both a professional photographer and DJ and even had his own website of which the domain information provided the suspects last known address and phone number.
Through one piece of metadata I was able to unveil a full profile and a great deal of information that was provided to law enforcement a in case that would have otherwise had no evidence.