Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Google Maps To Intercept FBI and Secret Service Calls

Posted by Soulskill on from the enjoy-your-stay-on-government-watchlists dept.

An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."

11 of 137 comments (clear)

  1. Re:Patting down by Impy+the+Impiuos+Imp · · Score: 4, Funny

    I like my coffee like I like my Secret Service agents -- black helicopters.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  2. Old news. by Antarell · · Score: 4, Interesting

    When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.

  3. Directly contacting gov agencies. Good idea? by 140Mandak262Jamuna · · Score: 5, Interesting
    Is it really a good idea to contact these law enforcement agencies directly, via a cold call? These agents come with varying background and knowledge about various spheres of life. You can't expect all FBI agents to be well versed in cyber crime etc. And most of them deal with law breakers most of the time. After spending decades in that mode, they would be suspicious of everything. Yes, most criminals would not contact the cops voluntarily. But many mentally unstable people would, so would people with political axes to grind looking to find some patsy to create a media story. So cops would be quite suspicious of people, even if they voluntarily call them. So even if I stumble on some serious security hole, I am not sure I would directly call the cops.

    But there will be access logs and ip addresses saved in all kinds of places that will have evidence that I had stumbled on to that security hole. If I try to cover my tracks that would be even more trouble for me.

    I don't know what the right thing to do would be. May be I should spring for a lawyer, document everything with my lawyer and use the lawyer to contact the agencies.

    Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone and point out such security flaws? It is in the interest of FBI to maintain such a unit.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Directly contacting gov agencies. Good idea? by Anonymous Coward · · Score: 5, Interesting

      I've done it, exposing criminal fraud of spammers. I happened to be visiting DC, so took the time to meet the agent whom I'd been corresponding with and trying to get Secret Service interest because I thought it would fall under wire fraud. Local police departments had been unwilling to deal with it without proving that the spammers were from their jurisdiction, and wouldn't bother obtaining the warrants needed to get ISP logs without that proof. And the FBI kept blowing me off.

      The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

      It's a lesson that's been helpful to me in security work: It really helps to have a killer risk or a single incident to hang justification for the change in practices or policies on, as a managerial justification for time and money and resources.

    2. Re:Directly contacting gov agencies. Good idea? by TheGratefulNet · · Score: 4, Insightful

      yes, even being near a crime can get you in trouble.

      there was a time that I saw a car up on blocks with its wheels gone (down the street from where I used to live, a nice safe area in mtn view). I thought it odd that there was such a theft like this and I had my camera with me at the time so I shot a few pics. a cop came by and started hassling me. at the time, I had no idea why.

      when I asked around (and did some research) it seems that some thieves do their deed and then come back again to photo it, maybe for bragging rights or something. and so, if you take pics of something like this, you may run into some 'questioning' from those in blue. sad but true.

      I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys. I don't need problems in my life so I avoid those guys at all cost even though I'm not doing a single thing wrong.

      lesson: don't tangle with authority unless you have all your bases covered. even then, if its not your business, just stay the hell out of their sphere. these days, we are all 'suspects' and even a perfectly innocent person can run into trouble in spite of having neutral or even good intentions.

      --

      --
      "It is now safe to switch off your computer."
    3. Re:Directly contacting gov agencies. Good idea? by fahrbot-bot · · Score: 5, Insightful

      The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

      On the other hand... had that spammer tried to sell *one* bootleg copy of a movie...

      --
      It must have been something you assimilated. . . .
    4. Re:Directly contacting gov agencies. Good idea? by camperdave · · Score: 4, Insightful

      I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys.

      You've got serious problems there if a law abiding citizen cannot talk to the cops.

      --
      When our name is on the back of your car, we're behind you all the way!
    5. Re:Directly contacting gov agencies. Good idea? by Seraphim1982 · · Score: 5, Insightful

      With all the laws we have now the idea of a "law abiding citizen" is a fantasy. Everyone has broken some law.

  4. Re:I see it as less about Google being bad... by aviators99 · · Score: 4, Informative

    True. One of the comments in TFA mentioned that this could be used for bank/credit card phishing. I thought that was an important insight to note. I think you'd get even more people blindly calling their bank based on a number on Google Local, and one could listen in and get all sorts of card numbers, social security numbers, secret passcodes, etc.

  5. Re:Lucky by russotto · · Score: 5, Funny

    If it had been the TSA, someone with a vaguely similar name would still be in jail.

  6. That's similar to why dial phones were invented. by Ungrounded+Lightning · · Score: 4, Interesting

    When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.

    That reminds me of why dial phones were invented.

    Early telephone exchanges used an operator to connect all calls. You picked up the phone and this lit a lamp and sounded a buzzer at an operator's console in the central office. The operator pulgged a cable into a jac and talked to you, found out who you wanted to talk to, and plugged another cable into the other customer's jack (or a trunk to another operator) to hook you up. Similarly when you hung up, or (if the call needed some other modification and you "flashed" by flicking the hook switch).

    Some businesses bribed unscrupulous operators to redirect their competitor's calls to them, stealiing some of their buiness (especially in high customer turnover businesses, where a large fraction of the calls were initial contacts.) There was much flap over this, of course.

    One such customer - an undertaker - decided to attack this problem at its root. He also happened to be what we'd now call a hacker (in the "exceptionally competent technologist" sense). He developed the earliest version of a dial telephone system, and got one of the telephone companies serving his area to install it. Electromechanical stepper switches were not susceptable to bribery, problem solved.

    Of course electromechanical stepper switches are also cheaper than even low-wage people. So dial systems caught on very quickly. You still needed operators for non-simple stuff, but a company handling the bulk of the calls mechanically needed far less of them, and when such service was available businesses switched over en masse.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way