Slashdot Mirror
Using Google Maps To Intercept FBI and Secret Service Calls
An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem:
"After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."
Gee, didn't they tell us only Apple Maps had problems?
Of course news about a fake are Fake News.
"I got a pat on the back...and them some."
Ezekiel 23:20
When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.
But there will be access logs and ip addresses saved in all kinds of places that will have evidence that I had stumbled on to that security hole. If I try to cover my tracks that would be even more trouble for me.
I don't know what the right thing to do would be. May be I should spring for a lawyer, document everything with my lawyer and use the lawyer to contact the agencies.
Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone and point out such security flaws? It is in the interest of FBI to maintain such a unit.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
He's one lucky bastard to get away with that. A less forgiving agent would have had him in custody for months, "just in case".
That's the only aspect of the story to takeaway, we all know systems have flaws and spammers/fuzzers WILL find them.
It's all about how you respond to that, or don't for years.
about Google Maps? Is he going to pull the same stunt with fake listings on other sites/apps, local newspapers, shops, etc? And will he then repeat the process with the local police, hospitals, schools, shops etc etc? Where does it end?
I don't understand. How is Google supposed to fix every wrong map listing? Does he have an algorithm to spot more of the fake listings? And how is this a security flaw, when there is no way to fix it? Ya, you can post any phone number you want in many different places, and label it as for the FBI, it just illegal to pass yourself off as a government agent. If it were me, I think I just world of arrested him.
But reading the original article, it starts to make sense when he mentions making a decision based on having just watched The Rock. I don't think this guy has all his marbles, and the FBI did not want to arrest a mentally challenged guy and charge him with breaking past their security.
Troll is not a replacement for I disagree.
Is there a reference for your "claim"? Is there something besides your word on this subject? (I apologize for the pun in the title.)
Some day Google will fix Google... maybe.
Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.
Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few years (pity the poor guy who works in the office with the address they keep listing). They post addresses that they scrape from the underside of some toilet seat somewhere or pull off of someone's twit-pick of their salami and provolone sandwich, but are absolutely deaf when the easily verifiable owners of the municipalities/businesses/addresses in question can give them authoritative information to use. And try reaching a human being at Google that doesn't work in the sales department, good luck.
I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis. The motto may be Don't be Evil, but they never said anything about not being a pain in the ass.
Regularly, a couple of times a day now, because of all the corporate buyouts in the last couple of decades, when searching online for who now owns / manufactures / provides replacements for industrial equipment, I am directed to the COMPETITOR for the product I am looking for. Happened twice yesterday with one of the largest manufacturer's of electrical test equipment.
Shirley (look it up) is a LIAR!
Shirley (look it up) is a LIAR!
Which, also, is why I 'post' only anon.
And IMO, knowingly deceiving people (ie, deliberately misrepresenting your own number as a conduit for contacting somebody else) to try to expose a security flaw is still deception... and IMO, a severe ethical infraction, even if the law allows it when no real harm has been done.
Good ends should not require bad means to achieve. I believe that the means must justify themselves... and if that is just not possible, then... well, you just do the best that you can with whatever it is that you have, and go forward from wherever it is that you are.
File under 'M' for 'Manic ranting'
He is not out of the woods yet. He should have received permission first or setup a pre-approved trial with a local business as a proof of concept.
Sorry, you seem to be under the impression that there exist in the U.S. "non-criminals" from the perspective of L.E. agencies.
Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone
I did some minor computer consulting for the Secret Service a long time ago. I was too young at the time to realize what was going on; only in retrospect years later did I realize that there had been zero effort to preserve electronic evidence, share it with the defense, or any of the other niceties one is supposed to expect from the justice system. They knew the guy was guilty, and that was all that mattered.
Given the direction law enforcement at all levels in the US has taken in the past 20 years or so, things today are far worse: increasing militarization at all levels, an even worse mentality of "us vs. them" (where "they" are the entire civilian population). If they decide to target you for something, you are SOL. Getting involved involved with these agencies has huge risks and essentially no advantages. This guy is bloody lucky they didn't charge and prosecute him.
If you've just got to play white knight, at least get a good attorney on board from the very start, and have your attorney with you for all interactions.
Enjoy life! This is not a dress rehearsal.
You have to look at the type of crime they handle. The first is attacks on the President and financial fraud. Both of those require intelligent people. The first because the President gets loons threatening him everyday and it takes smarts to figure out which are the real threats. The second does too because it is a lot of forensic accounting. Actual fieldwork would be done by a very specialized unit in the former and the FBI working with the SS for the latter.
....any interest.
It just seems to me that the best policy is to not have your name put on any law enforcement list of any kind unless there is some moral imperative that would compel you to, like being a witness to a crime.
This is kind of sad, because I would think it would be nice to be able to provide meaningful information to law enforcement but there just seems to be too many ways it could turn around and bite you, especially if your helpful information was deemed to be something that could be embarrassing to the agency in question.
I quit using Google maps a long time ago when they showed the location of an address in the total opposite side of town when I knew darn good and well it wasn't where it said it was. Also showing my address on the WRONG side of the railroad tracks and 1 mile east of where it REALLY was. That is on top of all the spam garbage all over it. I have found MapQuest much more accurate and full of less BS. Google maps is just to "hackable". Anyone can make it show whatever they want - heck just see how easy it was for this guy to do it. Google has just become Micro$oft 2.0.
The Truth is a Virus!!!
When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.
That reminds me of why dial phones were invented.
Early telephone exchanges used an operator to connect all calls. You picked up the phone and this lit a lamp and sounded a buzzer at an operator's console in the central office. The operator pulgged a cable into a jac and talked to you, found out who you wanted to talk to, and plugged another cable into the other customer's jack (or a trunk to another operator) to hook you up. Similarly when you hung up, or (if the call needed some other modification and you "flashed" by flicking the hook switch).
Some businesses bribed unscrupulous operators to redirect their competitor's calls to them, stealiing some of their buiness (especially in high customer turnover businesses, where a large fraction of the calls were initial contacts.) There was much flap over this, of course.
One such customer - an undertaker - decided to attack this problem at its root. He also happened to be what we'd now call a hacker (in the "exceptionally competent technologist" sense). He developed the earliest version of a dial telephone system, and got one of the telephone companies serving his area to install it. Electromechanical stepper switches were not susceptable to bribery, problem solved.
Of course electromechanical stepper switches are also cheaper than even low-wage people. So dial systems caught on very quickly. You still needed operators for non-simple stuff, but a company handling the bulk of the calls mechanically needed far less of them, and when such service was available businesses switched over en masse.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
The agency abbreviation is USSS. It doesn't help that everyone knows them as "Secret Service", which is intuitively abbreviated to SS.
Serious? Seriousness is well above my pay grade.
"you put yourself at risk every time you encounter one of those guys"
nail! head! SMACK!
here's my philosophy which I'm teaching our kids: NOTHING good can come from interacting with a cop - NOTHING! the best you can do (& to be fair likely will majority of time) is break even & the alternatives go downhill in a hurry... it's like a reverse lottery ticket - 99.9% of the time (& I think that #'s generous) you get nothing but when you "hit" you get arrested for taking a picture of an ATM or resisting arrest w/o being arrested for an actual crime.
cops are a necessary evil & they're still less bad than the alternative but the needle is moving in the wrong direction...
This is much. much older than that. Once upon a time, probably soon after paper and writing were invented, someone invented the bulletin board. Initially people used it to post messages. Then someone posted an advertisement for their apple wagon just up the street. Then someone else changed the location in the ad to the location of their apple wagon just down the street.
in the morgue with 20 tazer sets of tracks on him.
Just to godwin the thread, this is where Hitler came with the 'SS' for his most loyal troops...
Sleep your way to a whiter smile...date a dentist!
If he'd gotten arrested and charged at least he would have learned that you don't talk to cops. Ever.
Someone please correct me if I'm wrong but it seems that he violate wiretap laws by listening in to the conversation. Neither party knew he was listening in. I would have though for sure they would have charged him for listening which in reality wasn't necessary to prove his point.
What would have been a better way to deal with this? Send in a warning and watch it be ignored?
This is much. much older than that. Once upon a time, probably soon after paper and writing were invented, someone invented the bulletin board. Initially people used it to post messages. Then someone posted an advertisement for their apple wagon just up the street. Then someone else changed the location in the ad to the location of their apple wagon just down the street.
Probably took a little longer than that, if only because for the trick to work you need:
1) enough literate people to matter
2) a community large enough that not everybody knows everyone else.
William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
You're being naive by writing that this has started happening "these days" -- it's not new, although your awareness of it is.
Innocent people being harassed by the state, and even convicted, has happened for centuries, and things like the right to not incriminate oneself, which comes from the 17th century, exist to protect people from the state -- which is an indicator that they had the same problem back then.
For an *excellent* layman explanation of a lot of law related topics, and history, see http://lawcomic.net/ and check the archives. It's a goldmine.
"... and more about people who blindly trust whatever they see on the Internet... even if it is from a company that is prominently known, and thus often implicitly trusted by many. If the people utilizing these fake numbers had actually done any serious fact checking of their own, outside of google maps, they would have quickly realized that the fake numbers on google maps were incorrect, at the very least, even if not actually realizing they were deliberately faked."
This is more than people "blindly trusting whatever they see on the Internet". They are being actively deceived, and it's irrational to expect a person, who has better things to do with his or her time, to do "any serious fact checking of their own, outside of Google maps", when the whole point is the convenience of it.
Instead of blaming the victims for not knowing better, we have to think about this more clearly. The people posting the fake listings are obviously to blame, but it's impossible for Google to not be aware of this, and if Google is aware of this and hasn't effectively dealt with it -- which it hasn't -- then Google is also to blame, because Google is profiting from the service they're providing.
3) an interested enough police to stop wagon owners from get into a duel over something like that
Back when I was in high-school and discovering some new things, like pot and alcohol, I had a quarter oz stashed in a box of my grandma's old 72inch records which was in the closet. Her and my cousin went to go eat at Fudruckers, and it just so happened that while there, they played some oldies that she had on those records. Looking for a bit of nostalgia, she went though the records and found my bag of shwag. She got the bag, got in the car, drove to the police station, walked in with it and turned it in to the police. She was placed under arrest for possession.
The funny thing at the time was when I was later accused of "getting my grandmother arrested" I let them know that it didn't appear Karma was on their (family authorities) side, that anyone who betrays their family over something so harmless deserves any coincidence that happens to them. It's a great piece of history, any time I need to bring up the fact that police are after anyone and everyone, not just "criminals", I pout out this story and say "remember that, see what being a good samaritan gets you?"
to post wrong numbers for the FBI/SS?
No it isn't. The SS was named for the Schutzstaffel which in German roughly translates into Protection Squadron or defense corps. http://en.wikipedia.org/wiki/S...
The fact that Secret Service (in English) has the same alliterative letters, SS, is purely coincidental.
~~
And there is no relationship between homeland and fatherland. Of all the things they could have maned DHS, did they really need to Godwin themselves? :)
Serious? Seriousness is well above my pay grade.
I called my carrier 3 times regarding the same type of problem. Thanks for figuring out a way to solve the problem.
Violating laws is never a good way to try to right a wrong. This could have gone very poorly for him, luckily whoever he contacted didn't press charges.