Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Police Ask Router Owners For Help In Identifying a Bomber's MAC Address (zdnet.com)

Posted by EditorDavid on from the got-your-number dept.

An anonymous reader quotes ZDNet: German authorities have asked the public for help in surfacing more details and potentially identifying the owner of a MAC address known to have been used by a bomber in late 2017... The MAC address is f8:e0:79:af:57:eb. Brandenburg police say it belongs to a suspect who tried to blackmail German courier service DHL between November 2017 and April 2018. The suspect demanded large sums of money from DHL and threatened to detonate bombs across Germany, at DHL courier stations, private companies, and in public spaces. [The bomb threats were real, but one caught fire instead of exploding, while the second failed to explode, albeit containing real explosives.]

Investigators called in to negotiate with the bomber managed to exchange emails with the attacker on three occasions, on April 6, 2018, April 13, 2018, and April 14, 2018. One of the details obtained during these conversations was the bomber's MAC address, which based on the hardware industry's MAC address allocation tables, should theoretically belong to a Motorola phone... Now, they're asking router owners to check router access logs for this address, and report any sightings to authorities. Investigators want to know to what routers/networks the bomber has connected before and after the attacks, in order to track his movements and maybe gain an insight into his identity.

3 of 141 comments (clear)

  1. Wait a damn sec by Squiddie · · Score: 2, Insightful

    So the police haven't even considered that he might have spoofed his MAC address? Or that he used a burner device? Nice police work.

    1. Re:Wait a damn sec by bill_mcgonigle · · Score: 4, Insightful

      Why would you assume they have assumed that? Those are just two of roughly eight scenarios I can think of without much effort - why would police not follow and extinguish all possible leads?

      Methinks they're doing OK without needing to hire you as a police consultant.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. A near impossible task by Artem+S.+Tashkinov · · Score: 4, Insightful

    There are several huge issues with this call:

    First of all, mostly likely the suspect has long gotten rid of the device and I'm not sure how finding his device in logs might help anyone (aside from narrowing down his whereabouts but then we have to presume that the CCTV footage at that location still remains which is highly unlikely).

    Second of all, assuming he's not a total idiot, he could have modified his device MAC address which is possible for most Android smartphones.

    Thirdly, this device was probably produced by Motorola/Lenovo, because F8E079 is their unique MAC prefix.

    Fourthly, most people keep their routers password-protected which makes the task even harder.

    Lastly, most Wi-Fi routers can barely keep more than a week worth of logs and they are not stored permanently, so reboot wipes them clean.