How pre-teens using metadata found a whistleblower in two hours
Yes.....primary School Students...(generally 12 and under)
Team Sherlock began the scenario with one clue: the leaked documents about fracking chemicals had been sent to firstname.lastname@example.org.
With access to the kind of metadata that has been retained and made available to Australian government agencies for the past year, the team of three primary school students were then able to track down the mock corporate whistleblower in two hours.
They were part of a 'cyber fox hunt' co-hosted by University of Melbourne to explore how Australia's 2015 metadata laws affect our privacy.
In the scenario, twelve teams used software to filter through a database of mobile, internet and location metadata.
All but one team tracked down the home address of the whistleblower, and the winning team took just one hour.
Step One: Search Google for suspicious searches
Step Two: Link the IP address with an email address
Step Three: Use email address to access address and phone number
Step Four: Use phone number to get a recent location
Step Five: Find out who else has contacted the journalist
Gen, the 12-year-old from Team Sherlock, said she had expected it would be harder to find the whistleblower.
"It's interesting how easy it is to find small pieces of data, and then linking them you can find out so much about a person."
Her brother, Miles, 10, said that it was fun and his team beat half the adults.
The Snitch Hunt is co-sponsored by partners ThoughtWorks, CryptoParty Sydney, the Platypus Initiative, Hack for Privacy, Blueprint for Free Speech, Digital Rights Watch and Electronic Frontiers Australia.