+ Reply to thread
Results 1 to 3 of 3

Thread: Could illegal actions committed only at WiFi hotspots be tracked to an individual user?

  1. #1
    Obeah Man, Mischief Maker, Lord of Bees Skald the Rhymer's avatar
    Registered
    Mar 2009
    Posts
    562

    Default Could illegal actions committed only at WiFi hotspots be tracked to an individual user?

    Let's say that I suspect someone is illicitly using my credit card to buy things online. Let's further say that the person I suspect has a laptop but no home internet connection. Whenever this person uses the internet he or she goes to a hotspot. Sometimes it's the public library, where no login is required; sometimes it's Starbucks, where the person must purchase a 2-hour connection from AT&T. Regardless, each time the person is finished with being nefarious , he or she logs off and deletes all the browsing history (or perhaps he or she opens a private browsing session each time). Lastly, let's say everything the person buys is virtual--downloaded porn clips, say--rather than anything physical that comes to a physical address.

    Would there be any way to connect this person to the misuse of the credit card?
    "Fairy tales do not give the child his first idea of bogey. The baby has known the dragon intimately ever since he had an imagination. What the fairy tale provides for him is a St. George to kill the dragon." (Chesterton)

  2. #2
    Elephant Feirefiz's avatar
    Registered
    Feb 2009
    Location
    Germany
    Posts
    802

    Default

    That person would still expose their MAC address to the hotspot. That doesn't mean that the hotspot operator keeps any records of it. There is also no general way to connect that to a user (only to a manufacturer) but it might confirm an identity once you have a suspect and in principle it might be used to trap the user later.

    Unfortunately the address can be spoofed, although not necassarily with all equipment. Because of that detection can be avoided and even if you have a match it isn't absolute proof.

  3. #3
    Stegodon
    Registered
    Mar 2009
    Location
    Foxbase Alpha
    Posts
    312

    Default

    The short answer: no.

    The long answer: probably not, if the thief was smart.

    The first thing to consider is the dollar amount in question. As a former (almost) full-time eBay seller, I can tell you that your local cops won't get out of bed to help you if the amount stolen from your is less than $500, and the Feds won't even take your call if the loss is under $5,000 (unless you could somehow prove that multiple stolen credit cards were used; multiple cards often means organized crime is involved). So unless a thief is charging thousands of dollars or has kidnapped the Lindbergh baby too, law enforcement won't even get involved.

    Then there's the matter of surveillance. Does the library or coffee shop have video cameras? Are they actually turned on and recording images? If not, then there's another way he or she can get away with it. A good thief would go to a place that doesn't have such cameras. He would also go at a busy time, so that other customers would "hide" his traffic. He would also be as discreet as possible, not drawing attention to himself or making his visit memorable in any way. The best way would be to not even enter the establishment at all, and simply use the Wi-Fi connection from a car in the parking lot.

    Then you have the technical aspects of such a hack. Honestly, there are a million ways to get away with something like this. You could use a private browser session to leave no tracks on the library's computer. You could use a portable version of Firefox on a thumb drive to leave no trace of your browsing on the computer. If the computers are not locked down (in real life, few are), you could use a proxy server (or something like Tor) to obscure your IP address from authorities. You could initiate a port scan for port 3389 (Microsoft's Remote Desktop) from location 1, then, once you've found a computer with an easy-to-guess password, go to location 2 and use Remote Desktop to connect to the remote computer and make the purchases from there. If the thief wanted to use their own laptop, there are a million ways to spoof a MAC address, or he or she could just use a virtual machine.

    Honestly, I could go on and on with the technical aspects of it. But it really boils down to covering your tracks physically. Using the best hacking tools on a public library computer won't work if you're the only one using the computers at 9am, or if you put your real name on the sign-in sheet, or if you wear your "I'm only here to fuck" shirt, which offends one of the librarians... or if you carry out your "hacks" at a place that has the latest and greatest DVR-based HDTV surveillance systems.

+ Reply to thread

Posting rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts