Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can You Really Be Traced From an IP Address?

Posted by CmdrTaco on from the who-are-you-who-who-who-who dept.

Barence writes "Identifying individuals using nothing more than their IP address has become a key part of anti-piracy and criminal investigations. But a PC Pro investigation casts serious doubt on the validity of IP-based evidence. 'In general, the accuracy of IP address tracing varies depending on the type of user behind the IP address,' Tom Colvin, chief technology officer with security vendor Conseal told PC Pro. 'Whilst big businesses can be traceable right back to their datacenters, standard family broadband connections are often hard to locate, even to county-level accuracy.'"

14 of 246 comments (clear)

  1. Sure. Don't be paranoid! by Chas · · Score: 5, Insightful

    Depending on what data is being captured by the ISP for management purposes, this COULD be true.

    But, if they can track you well enough to meter you (Comcast, AT&T, etc), they can track you down to your IP too.

    --


    Chas - The one, the only.
    THANK GOD!!!
  2. WTF? by YodasEvilTwin · · Score: 4, Insightful

    This is not the problem with IP tracking. In most instances the ISP will have logs linking IPs to customers, and people can be easily traced. The real problem is that AN IP IS NOT A PERSON. You cannot trace a person through an ISP (except through strong circumstantial evidence such as someone using their email account from that IP). If all the info you have is that someone/something at IP 12.34.56.78 downloaded kiddie porn, that's no evidence at all. Was it the suspect? Was it a family member or friend? Was it some random on the street who cracked the WEP key or accessed an open network? You have no idea and you never will unless you can find 1) evidence on a computer and 2) evidence that the suspect was using said computer at the time.

    1. Re:WTF? by MokuMokuRyoushi · · Score: 3, Insightful

      Interestingly, the article says much the same. If you're going to get pissed off about an article, shouldn't you at least read it first?

      --
      Humans are terrible replicators of Godly things.
  3. reverse dns + office workers = trouble by jaymz2k4 · · Score: 5, Insightful

    I'm often having to remind users in the office that a simple reverse lookup on our IP and there's the company name sat right there, a few clicks and you've got the building address. Go onto linked in and you've probably got half the employees full names. A lot of people forget just how much information you can get from work IP's. It's not CSI style VB GUI interface level but if you're about to go make some stupid edits on wikipedia don't do it from your office connection.

    --
    jaymz
    1. Re:reverse dns + office workers = trouble by value_added · · Score: 3, Interesting

      I remember doing a reverse lookup on my ATT (then SBC) DSL account years ago. When I discovered my name was shown (for all the world to see), I called ATT to complain and they replaced my name with "Private Customer".

      A year or so later, I upgraded to a 5 static IP account, had ATT delegate the /29 to me, and started hosting my own DNS, mail, web, etc. services. Now, a simple WHOIS not only listed my name, but my address and telephone number as well!

      Somehow, the new setup made more sense, and felt more acceptable.

  4. Depends if someone... by mario_grgic · · Score: 4, Funny

    has written a Visual Basic application to track your IP.

    --
    As the island of our knowledge grows, so does the shore of our ignorance.
    1. Re:Depends if someone... by danhuby · · Score: 5, Informative

      I had no idea what you meant until I saw this: http://www.youtube.com/watch?v=hkDD03yeLnU

      Made me cringe!

    2. Re:Depends if someone... by L4t3r4lu5 · · Score: 3, Interesting

      The problem is that the real thing is so much more time consuming and boring. You remember one of the Matrix movies showed Trinity using nmap? It was on screen for about 0.75 seconds, because using nmap is really, really tedious if you're not into that kind of thing.

      How does this sound for action packed fun: "We need to get hold of his laptop and pull out the hard disk drive. We can then mount it as a slave and wait for 6 hours while it takes an image of the entire contents, then put it back in his laptops. From there, we can mount the image in a read only state and use a tool to brute force the encrypted partition key. It should take around 8 years."

      Or "He has a 2048 bit encryption! We need to hack all of the code walls with a GUI worm!"

      --
      Finally had enough. Come see us over at https://soylentnews.org/
  5. Re:Sure. Don't be paranoid! by rolfwind · · Score: 4, Informative

    Apparently they can't meter you too well.

    http://www.digitaltrends.com/computing/att-vows-to-improve-inaccurate-broadband-metering/

    As to the tracking, I'm sure it can be done, however, unlike DNA, spoofing is completely trivial, so I would never be comfortable having it as the only evidence in some type of trial.

  6. Re:Static & resolves? by Anonymous Coward · · Score: 3, Insightful

    I would say if your address is static OR you ISP is happy to cooperate; only takes one for you to be quite trackable. What worries me a bit is that this article seems to advocate for legal precedent to be based on this idea, which is quite short sighted. Yea, right now it might be a bit hard to authoritatively determine the end user of a dynamic IP, but IPv6 is coming and when it does, everything and everyone will have their own, easily traceable IP address. Privacy laws need to be based around that assumption now.

  7. Quote in summary is misleading by Coopjust · · Score: 3, Informative

    RTFA and you see that, as many of us already know, you can get a court order to get the exact identity of the account holder, so the problem as described by the summary quote is not the real issue. Rather, just because you know the account holder does not mean that you can prove that the account holder, or whoever you have on the stand, is the one that infringed.

    Despite rear-end covering clauses in the terms of most home ISPs that state that the account holder is liable for everything that goes across their connection, most courts won't accept that. I wouldn't be willing to test it, but it's a very valid point of defense. The number of people with open Wi-Fi is staggering, and even then there are attacks which work on WEP (a ton) and WPA (GPU accelerated attacks can get passphrases in under a minute on many routers), which is the maximum security many home routers in use are capable of. That makes this point even more valid.

  8. No they can not by Charliemopps · · Score: 5, Informative

    Having worked for several large ISPs in their "Copyright infringement" department (ironic I know) I can tell you that no, tracing an IP address back to its original user is not likely and shouldn't be admissible in court.

    The way the system works is this:
    The ISP gets an email claiming copyright infringement on a certain date and time by a paticular IP.
    It's important to note, the ISP has no way of verifying any of the following:
              The email came from the person it's claiming to come from
              That person is the copyright holder
              There is even a copyright on the file in question
              The person sending the email did anything to confirm what they were downloading was a copyrighted file (is batman.zip the new or fan fiction?)
              The ISP can not even confirm that anything at all was downloaded.
    The ISP then takes the IP address provided and the time claimed and compares this to their DHCP server and looks for lease statements before and after the time the file was claimed to be downloaded. So if the complaint was at 10pm and we had that IP time stamps at 9:30pm and 11:00pm for Jim, then Jim gets a letter.

    As you can imagine there are all kinds of holes in this. There are a zillion and one ways that could be inaccurate inside the ISP alone. This doesn't even include all the failures on the part of the copyright holders. We had one that was so inaccurate they were sending us multiple complaints on a daily basis against IPs we hadn't had leased out to anyone for days surrounding the times of their complaints. We made repeated inquiries with the "Company" to try and clarify their problem. But in the end just blacklisted their email accounts. We had other incidents in which the complaint was that the user downloaded a dozen or so movies... but a quick check of their usage logs showed they were using less than a couple hundred meg a month.

    It was clear that the copyright holders were using automated scripting software to flood us with complaints with no real checks and balance on their part and then expected the ISP to do the heavy lifting when it came to investigation.

    1. Re:No they can not by Charliemopps · · Score: 4, Informative

      They are not "helping" the copyright holder, no information is returned to the copyright holder. In every case that I'm aware of they did not even acknowledge receipt of the emails.

      OCILLA (part of the DMCA) gives ISPs safe harbor against litigation for copyright infringement if they take "some action" to prevent the copyright violations. What that "action" is, isn't really defined by the act. In most cases, ISPs send a letter to the customer informing them of the complaint, request that they desist and threaten to disconnect them if they do not. I think disconnections are ebcoming increasingly rare. Most companies do not want to lose customers over this. The entire process is a waste of resources and money to them... and they certainly don't want to be disconnecting paying customers when they really have very little proof that the customer had done anything that would put the ISP in legal jeopardy. Add to that the fact that no lawsuit has been filed against an ISP much less won... and you have a situation in which ISPs are doing the very bare minimum to comply with the law. I've seen this at 2 major ISPs and have a friend working at a 3rd that confirms the same things happen there. Yes, if you're using some antiquated service like limewire, are hosting 50 of the most popular movies in release atm, have a 20mb connection and are uploading gigs and gigs of data a night... Your ISP is probobly going to get a FLOOD of complaints about you and will likely have to do something. But that's your own dumb fault.

  9. You wouldn't like the answers.... by Dcnjoe60 · · Score: 4, Interesting

    ...which of the 4 people living here and on which of the 9 computers (7 physical, 2 virtual) behind my NAT firewall committed the act based on the evidence you have already? Which subnet of my internal network were they using (the virtual machines are subnetted away from the rest of the network)? Is it possible that someone outside my home cracked my wireless security, joined my network, and committed the act in question?

    If you have 9 computers in your possession, the authorities really don't care which is infringing, they are still in your possession. Subnets don't really matter, nor does your NAT firewall, as all they have to do is show that the content in question was transmitted to whatever device you have that is connected to your ISP (usually a router). That is enough to give probable cause for a search warrant (at least in the US). From there, they can confiscate said computers and analyze them looking for signs of the data in question.

    It may be possible that somebody outside your home cracked your security. You could try to use that as a defense, it wouldn't be up to the prosecutor to show that it didn't happen, anymore than they would need to show that somebody broke into your home or business and used your computer. That would be your burden to disprove the prosecutor's case. Besides, a good prosecutor would point out that if you have the smarts to create the network you have described, then you have the smarts to adequately protect it. Negligence usually is not a good defense at a trial.

    Here is an analogy for you. If you loan your car to somebody and they commit a crime with it, the authorities are coming after you. If you have an alibi, that is great, otherwise, you'd better be ready and willing to turn over who borrowed your car. Even with an alibi, if you don't want to be an accomplace, you'd better be ready and willing to turn over who borrowed your car.

    So, back to your 9 computers. If it wasn't you who did whatever, which of your family or users (depending on whether this is a home or work system) did? That is the information they will find out when they confiscate your equipment. Happens every day, all the time.