Using Google Maps To Intercept FBI and Secret Service Calls

← Back to Stories (view on slashdot.org)

Using Google Maps To Intercept FBI and Secret Service Calls

Posted by Soulskill on Saturday March 1, 2014 @02:28AM from the enjoy-your-stay-on-government-watchlists dept.

An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."

28 of 137 comments (clear)

Min score:

Reason:

Sort:

Patting down by K.+S.+Kyosuke · 2014-03-01 02:45 · Score: 3, Funny

"I got a pat on the back...and them some."

--
Ezekiel 23:20
1. Re:Patting down by Impy+the+Impiuos+Imp · 2014-03-01 02:48 · Score: 4, Funny
  
  I like my coffee like I like my Secret Service agents -- black helicopters.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Old news. by Antarell · 2014-03-01 02:50 · Score: 4, Interesting

When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.
Directly contacting gov agencies. Good idea? by 140Mandak262Jamuna · 2014-03-01 02:53 · Score: 5, Interesting

Is it really a good idea to contact these law enforcement agencies directly, via a cold call? These agents come with varying background and knowledge about various spheres of life. You can't expect all FBI agents to be well versed in cyber crime etc. And most of them deal with law breakers most of the time. After spending decades in that mode, they would be suspicious of everything. Yes, most criminals would not contact the cops voluntarily. But many mentally unstable people would, so would people with political axes to grind looking to find some patsy to create a media story. So cops would be quite suspicious of people, even if they voluntarily call them. So even if I stumble on some serious security hole, I am not sure I would directly call the cops.
But there will be access logs and ip addresses saved in all kinds of places that will have evidence that I had stumbled on to that security hole. If I try to cover my tracks that would be even more trouble for me.
I don't know what the right thing to do would be. May be I should spring for a lawyer, document everything with my lawyer and use the lawyer to contact the agencies.
Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone and point out such security flaws? It is in the interest of FBI to maintain such a unit.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re:Directly contacting gov agencies. Good idea? by Anonymous Coward · 2014-03-01 03:40 · Score: 5, Interesting
  
  I've done it, exposing criminal fraud of spammers. I happened to be visiting DC, so took the time to meet the agent whom I'd been corresponding with and trying to get Secret Service interest because I thought it would fall under wire fraud. Local police departments had been unwilling to deal with it without proving that the spammers were from their jurisdiction, and wouldn't bother obtaining the warrants needed to get ISP logs without that proof. And the FBI kept blowing me off.
  The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.
  It's a lesson that's been helpful to me in security work: It really helps to have a killer risk or a single incident to hang justification for the change in practices or policies on, as a managerial justification for time and money and resources.
2. Re:Directly contacting gov agencies. Good idea? by TheGratefulNet · 2014-03-01 04:22 · Score: 4, Insightful
  
  yes, even being near a crime can get you in trouble.
  there was a time that I saw a car up on blocks with its wheels gone (down the street from where I used to live, a nice safe area in mtn view). I thought it odd that there was such a theft like this and I had my camera with me at the time so I shot a few pics. a cop came by and started hassling me. at the time, I had no idea why.
  when I asked around (and did some research) it seems that some thieves do their deed and then come back again to photo it, maybe for bragging rights or something. and so, if you take pics of something like this, you may run into some 'questioning' from those in blue. sad but true.
  I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys. I don't need problems in my life so I avoid those guys at all cost even though I'm not doing a single thing wrong.
  lesson: don't tangle with authority unless you have all your bases covered. even then, if its not your business, just stay the hell out of their sphere. these days, we are all 'suspects' and even a perfectly innocent person can run into trouble in spite of having neutral or even good intentions.
  
  --
  
  --
  "It is now safe to switch off your computer."
3. Re:Directly contacting gov agencies. Good idea? by fahrbot-bot · 2014-03-01 04:47 · Score: 5, Insightful
  
  The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.
  On the other hand... had that spammer tried to sell *one* bootleg copy of a movie...
  
  --
  It must have been something you assimilated. . . .
4. Re:Directly contacting gov agencies. Good idea? by camperdave · 2014-03-01 06:09 · Score: 4, Insightful
  
  I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys.
  You've got serious problems there if a law abiding citizen cannot talk to the cops.
  
  --
  When our name is on the back of your car, we're behind you all the way!
5. Re:Directly contacting gov agencies. Good idea? by Seraphim1982 · 2014-03-01 06:16 · Score: 5, Insightful
  
  With all the laws we have now the idea of a "law abiding citizen" is a fantasy. Everyone has broken some law.
6. Re:Directly contacting gov agencies. Good idea? by BradMajors · 2014-03-01 06:33 · Score: 2
  
  he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers
  Snowden's documents showed that the FBI was getting information from the NSA on drug traffickers without obtaining warrants.
7. Re:Directly contacting gov agencies. Good idea? by AK+Marc · 2014-03-01 08:12 · Score: 2
  
  Where do you live where the goal of a cop isn't to put everyone behind bars? The only question left in the US is "who first?"
  
  --
  Learn to love Alaska
8. Re:Directly contacting gov agencies. Good idea? by Em+Adespoton · 2014-03-01 11:24 · Score: 2
  
  I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys.
  You've got serious problems there if a law abiding citizen cannot talk to the cops.
  You said it, not me....
  Now if only everyone else could connect those dots and vote/run for office appropriately.
9. Re:Directly contacting gov agencies. Good idea? by JustOK · 2014-03-01 12:43 · Score: 3, Funny
  
  Best way to fight a war is on drugs
  
  --
  rewriting history since 2109
10. Re:Directly contacting gov agencies. Good idea? by jc42 · 2014-03-01 13:36 · Score: 2
  
  ... the idea of a "law abiding citizen" is a fantasy. Everyone has broken some law.
  Actually, people have been discovering this and writing about it for decades. And it's not just an American problem; pretty much everywhere in the world, it's not possible for a mere human to follow all the laws.
  For lots of explanations of why, you can ask google about "everyone is a criminal" or "no one is innocent". This does get you lots of mere complaints similar to what we've been reading here, but it also turns up a lot of detailed explanations.
  It's common for writers to find funny examples of such situations. Thus, some years back, I lived in Florida for a few years, and when this issue came up in the media, one investigator presented a fun local case: The state of Florida has an old law banning "nude bathing", clearly intended to apply to beaches, but not actually saying so. It turns out that the wording of the law covers taking a bath (and quite likely also a shower) in the privacy of your own bathroom. OTOH, if you're in Florida and don't take baths (or showers?), there are a number of public health laws that you can be arrested for violating. Probably nobody has ever been arrested for bathing at home in Florida, but this doesn't change the fact that you could be if some official wanted to make your life difficult for a few days.
  In a city where I once lived, a similar story pointed out that there was a local law banning the possession of "gambling instruments" without a license, clearly intended to control unlicensed gambling organizations. If you know any of the various coin-matching games that children sometimes play, or the similar games with paper money, you'll understand that having currency in your pocket makes you in violation of this law. But if you don't have any currency, your local "vagrancy" laws apply, and you can be arrested and held for the maximum legal time on that charge.
  There's no shortage of such conflicts in local laws, and usually there are far too many laws on the books for even a trained lawyer to know (much less understand) them all. So no, you're probably not innocent, wherever you live, and you are probably in violation of several laws at this moment, no matter what you are (or aren't) doing.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
11. Re:Directly contacting gov agencies. Good idea? by Fjandr · 2014-03-02 13:27 · Score: 2
  
  To cops in the US, there's no such things as "law abiding citizens." There are two classes of people: cops, and potential criminals.
Lucky by OptimalCynic · 2014-03-01 02:57 · Score: 3, Insightful

He's one lucky bastard to get away with that. A less forgiving agent would have had him in custody for months, "just in case".
1. Re:Lucky by amiga3D · 2014-03-01 03:04 · Score: 3, Insightful
  
  The Secret Service actually hires intelligent people. If it had been the TSA he'd still be in jail.
2. Re:Lucky by russotto · 2014-03-01 04:06 · Score: 5, Funny
  
  If it had been the TSA, someone with a vaguely similar name would still be in jail.
I see it as less about Google being bad... by mark-t · 2014-03-01 03:27 · Score: 3, Interesting

... and more about people who blindly trust whatever they see on the Internet... even if it is from a company that is prominently known, and thus often implicitly trusted by many. If the people utilizing these fake numbers had actually done any serious fact checking of their own, outside of google maps, they would have quickly realized that the fake numbers on google maps were incorrect, at the very least, even if not actually realizing they were deliberately faked.
And IMO, knowingly deceiving people (ie, deliberately misrepresenting your own number as a conduit for contacting somebody else) to try to expose a security flaw is still deception... and IMO, a severe ethical infraction, even if the law allows it when no real harm has been done.
Good ends should not require bad means to achieve. I believe that the means must justify themselves... and if that is just not possible, then... well, you just do the best that you can with whatever it is that you have, and go forward from wherever it is that you are.

--
File under 'M' for 'Manic ranting'
1. Re:I see it as less about Google being bad... by aviators99 · 2014-03-01 03:48 · Score: 4, Informative
  
  True. One of the comments in TFA mentioned that this could be used for bank/credit card phishing. I thought that was an important insight to note. I think you'd get even more people blindly calling their bank based on a number on Google Local, and one could listen in and get all sorts of card numbers, social security numbers, secret passcodes, etc.
2. Re:I see it as less about Google being bad... by turkeydance · 2014-03-01 04:46 · Score: 2
  
  Do what you can, with what you have, where you are. Theodore Roosevelt
3. Re:I see it as less about Google being bad... by mark-t · 2014-03-01 07:21 · Score: 2
  
  His goal was to help people by closing the security hole. He contacted Google, but they didn't fix it. What would you have done to get the hole fixed? No one was harmed here, after all.
  What I would have done? Warned as many people as I could that the numbers they see on there may not be accurate. Even if no deliberate deception was involved in them, they could be out of date and incorrect, because there are no safeguards in place to prevent errors.
  And saying that nobody was harmed as a means to justify the act is something that The Ethics Scoreboard refers to as a "Results Obesssion", and an example of a slippery slope argument:
  
  Many argue that if no tangible harm arises from a deception or other unethical act, it cannot be "wrong:" "No harm, no foul." This is truly an insidious fallacy, because it can lead an individual to disregard the ethical nature of an action, and look only to the results of the action. Before too long, one has embraced "the ends justify the means" as an ethical system, otherwise known as "the terrorism standard."
  Closely related to The Results Obsession is the "white lie" syndrome, which embodies the theory that small ethical transgressions are not ethical transgressions at all.
  Both carry the same trap: the practice of ethics is based upon habit, and one who habitually behaves unethically in small ways is nonetheless building the habit of unethical behavior. Incremental escalations in the unethical nature of the acts, if not inevitable, are certainly common. Thus even an unethical act that causes no direct harm to others can harm the actor, by setting him or her on the slippery slope.
  
  I stand by the points I made previously that people shouldn't just blindly trust everything they see online, and that "nobody was hurt" should not *EVER* be considered a justification for doing something that was still, in the end, an ethical infraction.
  The means should not have to be justified by the ends... the means should justify themselves. If he can't make that happen, then it doesn't somehow become his fault for not doing anything further, because the situation was not something within his realm of control in the first place. If it bothered him that much, he could have started up an education program warning people about the dangers of trusting the numbers that are on google maps, and advising them that not only can they be considerably out of date and incorrect, but that there are absolutely no safeguards to prevent people from putting up deliberately false numbers, which may be used by phishing scams. If someone doesn't understand his point without it happening to them first, that's hardly the fault of the person who's trying to educate people... one might as well blame the police programs that teach young women maneuvers in self defense for not actually trying to rape young women who don't come to their classes just so that they will finally understand the importance of learning such skills. I trust you can appreciate the absurdity of this example.
  But no... he felt he needed to commit a deliberate deception as part of of an effort of trying to make his point, misrepresenting himself and his phone number to unsuspecting people, and without any authority whatsoever, essentially commit an act that by all rights, IMO, should have been fraud. Nope. Not somebody I'd have any respect for.
  
  --
  File under 'M' for 'Manic ranting'
That's similar to why dial phones were invented. by Ungrounded+Lightning · 2014-03-01 05:57 · Score: 4, Interesting

When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.
That reminds me of why dial phones were invented.
Early telephone exchanges used an operator to connect all calls. You picked up the phone and this lit a lamp and sounded a buzzer at an operator's console in the central office. The operator pulgged a cable into a jac and talked to you, found out who you wanted to talk to, and plugged another cable into the other customer's jack (or a trunk to another operator) to hook you up. Similarly when you hung up, or (if the call needed some other modification and you "flashed" by flicking the hook switch).
Some businesses bribed unscrupulous operators to redirect their competitor's calls to them, stealiing some of their buiness (especially in high customer turnover businesses, where a large fraction of the calls were initial contacts.) There was much flap over this, of course.
One such customer - an undertaker - decided to attack this problem at its root. He also happened to be what we'd now call a hacker (in the "exceptionally competent technologist" sense). He developed the earliest version of a dial telephone system, and got one of the telephone companies serving his area to install it. Electromechanical stepper switches were not susceptable to bribery, problem solved.
Of course electromechanical stepper switches are also cheaper than even low-wage people. So dial systems caught on very quickly. You still needed operators for non-simple stuff, but a company handling the bulk of the calls mechanically needed far less of them, and when such service was available businesses switched over en masse.

--
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Re:No solution... by camperdave · 2014-03-01 06:01 · Score: 3, Funny

Sorry, you seem to be under the impression that there exist in the U.S. "non-criminals" from the perspective of L.E. agencies.
Of course they exist. They're everyone above you in the chain of command.

--
When our name is on the back of your car, we're behind you all the way!
Re:I can't say I really understood by camperdave · 2014-03-01 06:31 · Score: 2

Is this seriously a thing? I just don't understand why anyone would do this.
Of course it is. For example, you are hankerin' for some Indian food, and you know there's a place over on Maple street, but you don't know the name. So you pull up google maps and zoom in on Maple. There it is - Bombay Palace. You click on the little knife and fork icon to bring up the data, et voila: the phone number. How else would you look something up when you know where it is, but not what it's called?

--
When our name is on the back of your car, we're behind you all the way!
I wish the guy had gotten charged by guevera · 2014-03-01 08:33 · Score: 2, Insightful

If he'd gotten arrested and charged at least he would have learned that you don't talk to cops. Ever.
1. Re:I wish the guy had gotten charged by jc42 · 2014-03-01 14:07 · Score: 3, Insightful
  
  ... even though I actually agree talking with law agents is risky in certain places of the world right now.
  When the topic is computer/communications security, talking to legal authorities is very risky anywhere in the world right now, but especially in the US. The usual reaction is to classify anyone with knowledge of security issues a "hacker", which is synonymous with "criminal" to most non-geeks. Demoing a security issue almost always leads to charges against the person doing the demo, not to fixes.
  This is a lot of why our computer and communication systems are so insecure now. The people who are knowledgeable and competent to fix the problems tend to understand (typically by being burned) that working on such topics entails a high risk to one's own freedom or career, so they find jobs in other areas that don't entail working with the security aspects.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Not in jail? by g0es · 2014-03-01 08:52 · Score: 2

Someone please correct me if I'm wrong but it seems that he violate wiretap laws by listening in to the conversation. Neither party knew he was listening in. I would have though for sure they would have charged him for listening which in reality wasn't necessary to prove his point.