Using Google Maps To Intercept FBI and Secret Service Calls

An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."

Directly contacting gov agencies. Good idea?

[140Mandak262Jamuna]

Is it really a good idea to contact these law enforcement agencies directly, via a cold call? These agents come with varying background and knowledge about various spheres of life. You can't expect all FBI agents to be well versed in cyber crime etc. And most of them deal with law breakers most of the time. After spending decades in that mode, they would be suspicious of everything. Yes, most criminals would not contact the cops voluntarily. But many mentally unstable people would, so would people with political axes to grind looking to find some patsy to create a media story. So cops would be quite suspicious of people, even if they voluntarily call them. So even if I stumble on some serious security hole, I am not sure I would directly call the cops.

But there will be access logs and ip addresses saved in all kinds of places that will have evidence that I had stumbled on to that security hole. If I try to cover my tracks that would be even more trouble for me.

I don't know what the right thing to do would be. May be I should spring for a lawyer, document everything with my lawyer and use the lawyer to contact the agencies.

Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone and point out such security flaws? It is in the interest of FBI to maintain such a unit.

Re:Directly contacting gov agencies. Good idea?

I've done it, exposing criminal fraud of spammers. I happened to be visiting DC, so took the time to meet the agent whom I'd been corresponding with and trying to get Secret Service interest because I thought it would fall under wire fraud. Local police departments had been unwilling to deal with it without proving that the spammers were from their jurisdiction, and wouldn't bother obtaining the warrants needed to get ISP logs without that proof. And the FBI kept blowing me off.

The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

It's a lesson that's been helpful to me in security work: It really helps to have a killer risk or a single incident to hang justification for the change in practices or policies on, as a managerial justification for time and money and resources.

Re:Directly contacting gov agencies. Good idea?

[fahrbot-bot]

The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

On the other hand... had that spammer tried to sell *one* bootleg copy of a movie...

Re:Directly contacting gov agencies. Good idea?

[Seraphim1982]

With all the laws we have now the idea of a "law abiding citizen" is a fantasy. Everyone has broken some law.

Re:Lucky

[russotto]

If it had been the TSA, someone with a vaguely similar name would still be in jail.