[AusNOG] OT: Police Wardriving. Where else but QLD!
yahoo at vapourforge.com
Fri Mar 23 13:48:43 EST 2012
Given that 50% of the population has an IQ over 100, I'll wager that all
of the *really dumb* methods people have suggested probably won't
happen, on the grounds of them being really dumb, and the cops I know
are all quite smart.
If somebody asked me to set this up I'd tie into their existing in car
computing resources, worst case add a wifi and GPS + computer in a box
that can sit in the light rack somewhere (Pi anybody?).
As somebody said, complete the transaction and try and get online, hit a
web page, log the IP address server side, and the page content client side.
Then I'd go to the major ISP's and say we have noticed these customers
at IP address *foo* at time T have open wifi.
We don't want to know their names but we suggest you contact your
customers by physical means, include a cover letter of your own and this
one with our letterhead with warnings and resources, hell even print an
official looking police envelope so people don't chuck it in the bin.
ISP's would do it if only to reduce their network traffic and the "2 day
quota used" calls.
If you can't come up with a way of scrubbing out most of the false
positives within 20 minutes you loose 200 internet points. (to a
flowchart level, if you implement it in 20 minutes you will be awarded
200 points, a scary single line regex returns you back to 0 points)
Administration of said system would be the job of somebody at "high tech
crimes" and I reckon would take probably an hour or so once a week to
scan through the logs of the automagic systems and look for anything
suss, maccas changing their wifi, some new fancy captive portal system etc.
Also the police now have a handy list of open WIFI ip addresses, if one
happens to pop up in the course of an investigation well it could be useful.
That and they could probably come up with some kind of charge if you
were warned about it and then your Internet connection was used as part
of a crime, though this one would probably be dubious.
On 03/23/2012 01:53 PM, Terry Manderson wrote:
> Hi Rob,
> On 23/03/2012, at 12:06 PM, Robert Brockway wrote:
>> On Thu, 22 Mar 2012, Greg Lipschitz wrote:
>>> If this isn't a waste of tax payer money I don't know what is!
>> Hi all. Many of the comments seem to assume that police officers will be dedicated to this. I think it is more likely that this will be done as part of regular police patrols.
> From the release: "Officers from the Hi Tech Crime Investigation Unit", So it does seem that regular patrols uniformed police won't be used.
>> Police already engage in a variety of proactive activities while patrolling, and having them note the locations of open APs in the log will be easily slotted in to their existing duties. Even targetting specific areas is consistent with their existing duties. During a typical shift a police crew will be tasked with patrolling a variety of areas anyway.
>> Modern policing doesn't work the way most people seem to think it works. A lot of effort goes into intel and practive activities. If intel suggests that open APs are related to a significant amount of criminal activity (eg fraud) then this could indeed make sense.
> I get intel collection, I get fraudulent use of wifi, and collection of personal details over an open wifi network, I can even buy into the idea that criminals hop between APs to implement their plans. But its still a stretch to suggest that this follows a line of viable proactive policing. My definition of proactive policing is engaging the criminals. How does this successfully engage the criminal set?
> I also get dumpster diving and car jacking - I don't expect any police officer to check my wheelie bin for old un-shreded cc/card bills nor stand on a street corner and advise me to lock my car doors at the red light. Last time I had few beers with a US based friend who is in law enforcement he said that in fraud terms, dumpster diving, data correlation, and point of sale events are the biggest locus points to fraud. I would like to see if that correlates to the australian experience.
>> The letters will presumably be sent out by public servants, so this won't drain operational resources either.
> The number of support staff was apparently reduced recently - police wide, there is enough press about that for me to not expand..
>> It may or may not be a successful program but I don't think it will be a significant drain on resources.
> I went to one of the QLD hi-tech crime symposiums a few years ago. There I found out that the unit was no more than 5 sworn officers. I hope it has increased - but doubt it. I also have heard rumour that a couple of the officers (that are and were well qualified to understand both the policing and technical sides) have since moved on. My fear is that the Unit's resource level is already phenomenally low. I doubt they have any of the cool toys imagined on NCIS, CSI etc. nor could afford them. And I can only hope they are inundated with training - however when there is only a handful I can't imagine them having the redundancy to send folks off to learn how TOR or honeypots work.
> So honestly when you only have a handful of officers in a unit, adding even a questionable level of success for an activity that really isn't in the mandate of police work - I see that has a poor, very poor, choice. So since someone on QLD police seems to think this is a good idea, I want to see a causality assessment of this effort after 6-12 months.
> ie how many open wifis found, how many notices delivered, how many wifis closed after 2/4/6 months, drop in open wifi borne crime... then and only then will I see this as anything more than a misguided effort of police publicity.
> AusNOG mailing list
> AusNOG at lists.ausnog.net
More information about the AusNOG