[ISN] Digital DNA could finger Harry Potter leaker

From: InfoSec News (alerts@private)
Date: Fri Jul 20 2007 - 01:06:27 PDT


http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/article2104250.ece

By Jonathan Richards
Times Online
July 19, 2007

A few lines of 'digital DNA' could allow the publishers of Harry Potter 
to find and finger the person apparently responsible for leaking the 
final adventures of the boy wizard.

A leaked version of what is claimed to be the latest Harry Potter novel, 
painstakingly photographed page by page, has been posted on the internet 
before the book's worldwide release on Friday and circulated via 
file-sharing networks.

But computer experts said today that the identity of the person behind 
the leak could be revealed by tracing the digital camera that was used.

Information contained on the photographs uploaded to file-sharing 
websites could provide a trail which leads back to the photographer, 
said experts at Canon, the imaging company.

By examining the vital information - or 'metadata' - built into each 
photo, the company's technical officers have established the serial 
number of the camera that was used, which could in turn lead to the 
identity of the camera's owner.

The information, known as Exchangeable Image File Format (Exif) data, 
has already revealed that the camera used was a Canon Rebel 350. Because 
the model is three years old, the device would likely have been serviced 
at least once since it was purchased, in which case the owner's name 
would be known.

The serial number itself would not necessarily give away the name of the 
owner, Canon said, as it can only match serial numbers with owners if 
the purchaser registers the device after buying it. Every time a Canon 
camera is serviced, however, the serial number and owner are logged 
together.

"In theory, we can find out which country the camera was sold in and in 
turn the warranty and service centre records in that country could be 
checked," Vic Solomon, a product intelligence officer at Canon's UK head 
office, said. "It would take a lot of work, but there's a good chance 
they could find him or her.

"From what we know, the device is one of the original Rebel cameras, 
probably a 350D, and given that they've been out for three years, it's 
likely the owner would have had it cleaned or repaired in that time."

All that could be told initially from the number was that the camera was 
likely sold in either America or Canada, because the Rebel 350 was not 
distributed in any other territory.

Bloomsbury, the UK publisher of Harry Potter and the Deathly Hallows, 
the final book in the J.K. Rowling series, said today that its lawyers 
are investigating all potential leaks of material from the book and 
would take legal action wherever necessary.

Every image that is taken on a digital camera contains Exif data, which 
holds information about the picture such as zoom, contrast, focus and 
'distance to subject' measurements. It is typically used for 
'trouble-shooting', so an owner can ascertain why a picture may not have 
worked, but it also enables a court, for instance, to establish whether 
a picture has been digitally altered.

"The Exif data is like the picture's DNA; you can't switch it off. Every 
image has it. Some software can be used to strip or edit the 
information, but you can't edit every field," Mr Solomon said.

A post on the digg.com website claimed that the serial number of the 
camera which photographed the pages claimed to be from the unpublished 
Harry Potter, was 560151117.

Canon's head office in Japan confirmed that a serial number would reveal 
the country in which the camera was sold and possibly also the store, 
but declined to give any further information about the device used in 
this case.

The discovery reveals the extent to which people who distribute 
photographs online can be traced, which is especially relevant given the 
popularity of social networking sites such as Facebook, which have in 
some cases been sources of incriminating material.

If traced, the person who photographed the Harry Potter novel could be 
found guilty of copyright infringement, but would be unlikely to face 
criminal charges as the photos appear not to have been published for 
commercial gain, lawyers said.

"There are criminal provisions in copyright legislation, but they tend 
to be used in cases of obvious counterfeiting - such as selling fake 
computer games or DVDs in a car boot sale," Mark Owen, an intellectual 
property partner at the London firm Harbottle & Lewis, said. "If 
Bloomsbury were to pursue an action, it would more likely be a civil 
case, in which case any damages would be assessed according to the loss 
in book sales."

JK Rowling, the book's author, said she was "staggered" that "some 
American newspapers have decided to publish purported spoilers in the 
form of reviews in complete disregard of the wishes of literally 
millions of readers, particularly children, who wanted to reach Harry’s 
final destination by themselves, in their own time".



_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri Jul 20 2007 - 01:12:20 PDT