Slashdot Mirror
German Police Ask Router Owners For Help In Identifying a Bomber's MAC Address (zdnet.com)
An anonymous reader quotes ZDNet: German authorities have asked the public for help in surfacing more details and potentially identifying the owner of a MAC address known to have been used by a bomber in late 2017... The MAC address is f8:e0:79:af:57:eb. Brandenburg police say it belongs to a suspect who tried to blackmail German courier service DHL between November 2017 and April 2018. The suspect demanded large sums of money from DHL and threatened to detonate bombs across Germany, at DHL courier stations, private companies, and in public spaces. [The bomb threats were real, but one caught fire instead of exploding, while the second failed to explode, albeit containing real explosives.]
Investigators called in to negotiate with the bomber managed to exchange emails with the attacker on three occasions, on April 6, 2018, April 13, 2018, and April 14, 2018. One of the details obtained during these conversations was the bomber's MAC address, which based on the hardware industry's MAC address allocation tables, should theoretically belong to a Motorola phone... Now, they're asking router owners to check router access logs for this address, and report any sightings to authorities. Investigators want to know to what routers/networks the bomber has connected before and after the attacks, in order to track his movements and maybe gain an insight into his identity.
Investigators called in to negotiate with the bomber managed to exchange emails with the attacker on three occasions, on April 6, 2018, April 13, 2018, and April 14, 2018. One of the details obtained during these conversations was the bomber's MAC address, which based on the hardware industry's MAC address allocation tables, should theoretically belong to a Motorola phone... Now, they're asking router owners to check router access logs for this address, and report any sightings to authorities. Investigators want to know to what routers/networks the bomber has connected before and after the attacks, in order to track his movements and maybe gain an insight into his identity.
Router logs? Really?
You have the MAC address, so you can identify the manufacturer. You call them, ask them for the IMEI, and the supply chain details.
From the supply chain details, you can track it to a retailer. You then ask the retailer for the details of whomever bought it.
From the IMEI, you ask the cellular telcos for details of the SIM associated with it in the period in question, and all the other data they hold - call history, SMS, whatever.
You ask the SIM vendor for any details on the subscriber - even if it's a PAYG and they paid cash, the location of the transaction will be available.
From the other telco data, you can track down the suspect's associates, always presuming they might be entirely uninvolved beyond being an acquaintance
Unless this suspect bought the phone from a second-hand store (or stole it), never put a SIM in it, and used public WiFi for their scheme, you stand a moderate chance of getting close.
Hoping that random people will (a) see you request, (b) understand what it means, (c) own a router with open access, (d) know how to look at their logs, (e) be bothered to do so, and (f) have logs that go back at least nine months, seems to be a long shot.
I get the impression that some policeman has equated a MAC address to a car's registration number, so decided to ask if anyone has seen it...
This sig left unintentionally blank.