Forgot your password?
typodupeerror
Google Government Security

Using Google Maps To Intercept FBI and Secret Service Calls 137

Posted by Soulskill
from the enjoy-your-stay-on-government-watchlists dept.
An anonymous reader sends in a story about a network engineer named Bryan Seely, who was tired of seeing fake listings and spam on Google Maps. He contacted the company and tried to convince them to fix their system, but didn't have much luck. Afterward, he thought of an effective demonstration. He put up fake listings for the FBI and the Secret Service with phone numbers that sent the calls to him. When people called, he forwarded them to the actual agencies while he listened in. After recording a couple of calls for proof, he went to a local Secret Service office to explain the problem: "After that, Seely says, he got patted down, read his Miranda rights, and put in an interrogation room. Email correspondence with the Secret Service indicates that the special agent in charge called him a 'hero' for bringing this major security flaw to light. They let him go after a few hours. Seely says the fake federal listings, which were both ranked second every time I checked Google Maps, were up for four days. He took them down himself when the Secret Service asked."
This discussion has been archived. No new comments can be posted.

Using Google Maps To Intercept FBI and Secret Service Calls

Comments Filter:
  • Gee, didn't they tell us only Apple Maps had problems?
    • Gee, didn't they tell us only Apple Maps had problems?

      Only if "they" refers to Slashdotters or tech pundits. But Apple Maps *did* have significant - even egregious - errors/problems at launch. It seems quite usable now.

      My preferred navigation app has been Waze, but that is unfortunately going downhill since the Google acquisition. They seem more interested in adding ads rather than fixing the app's shortcomings. It's usually really good for highways and major thoroughfares (although oddly enough it picked a really weird and obviously wrong route for me after t

    • by jc42 (318812)

      Gee, didn't they tell us only Apple Maps had problems?

      Actually, if you were paying attention, you'd have noticed that google documented and discussed their mapping problems quite openly. They did this especially around the time they started up their fleet of "google vans" that have been remapping the world. Their explicit, stated reason for this was the ongoing problems with the bad data they were getting from their map sources. These were ultimately the thousands upon thousands of local maintainers of the the maps for their jurisdictions, combined with th

      • Gee, didn't they tell us only Apple Maps had problems?

        Actually, if you were paying attention, you'd have noticed that google documented and discussed their mapping problems quite openly.

        Yeah, they just refused to fix them. Which TFA is all about.

  • by K. S. Kyosuke (729550) on Saturday March 01, 2014 @10:45AM (#46375401)
    "I got a pat on the back...and them some."
  • Old news. (Score:4, Interesting)

    by Antarell (930241) on Saturday March 01, 2014 @10:50AM (#46375421) Homepage

    When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.

    • by Ungrounded Lightning (62228) on Saturday March 01, 2014 @01:57PM (#46376545) Journal

      When I was working in retail about 5 years ago competitors of ours did the same. Our store name, their phone number.

      That reminds me of why dial phones were invented.

      Early telephone exchanges used an operator to connect all calls. You picked up the phone and this lit a lamp and sounded a buzzer at an operator's console in the central office. The operator pulgged a cable into a jac and talked to you, found out who you wanted to talk to, and plugged another cable into the other customer's jack (or a trunk to another operator) to hook you up. Similarly when you hung up, or (if the call needed some other modification and you "flashed" by flicking the hook switch).

      Some businesses bribed unscrupulous operators to redirect their competitor's calls to them, stealiing some of their buiness (especially in high customer turnover businesses, where a large fraction of the calls were initial contacts.) There was much flap over this, of course.

      One such customer - an undertaker - decided to attack this problem at its root. He also happened to be what we'd now call a hacker (in the "exceptionally competent technologist" sense). He developed the earliest version of a dial telephone system, and got one of the telephone companies serving his area to install it. Electromechanical stepper switches were not susceptable to bribery, problem solved.

      Of course electromechanical stepper switches are also cheaper than even low-wage people. So dial systems caught on very quickly. You still needed operators for non-simple stuff, but a company handling the bulk of the calls mechanically needed far less of them, and when such service was available businesses switched over en masse.

      • by Solandri (704621)
        This is much. much older than that. Once upon a time, probably soon after paper and writing were invented, someone invented the bulletin board. Initially people used it to post messages. Then someone posted an advertisement for their apple wagon just up the street. Then someone else changed the location in the ad to the location of their apple wagon just down the street.
        • by mooingyak (720677)

          This is much. much older than that. Once upon a time, probably soon after paper and writing were invented, someone invented the bulletin board. Initially people used it to post messages. Then someone posted an advertisement for their apple wagon just up the street. Then someone else changed the location in the ad to the location of their apple wagon just down the street.

          Probably took a little longer than that, if only because for the trick to work you need:

          1) enough literate people to matter
          2) a community large enough that not everybody knows everyone else.

  • by 140Mandak262Jamuna (970587) on Saturday March 01, 2014 @10:53AM (#46375437) Journal
    Is it really a good idea to contact these law enforcement agencies directly, via a cold call? These agents come with varying background and knowledge about various spheres of life. You can't expect all FBI agents to be well versed in cyber crime etc. And most of them deal with law breakers most of the time. After spending decades in that mode, they would be suspicious of everything. Yes, most criminals would not contact the cops voluntarily. But many mentally unstable people would, so would people with political axes to grind looking to find some patsy to create a media story. So cops would be quite suspicious of people, even if they voluntarily call them. So even if I stumble on some serious security hole, I am not sure I would directly call the cops.

    But there will be access logs and ip addresses saved in all kinds of places that will have evidence that I had stumbled on to that security hole. If I try to cover my tracks that would be even more trouble for me.

    I don't know what the right thing to do would be. May be I should spring for a lawyer, document everything with my lawyer and use the lawyer to contact the agencies.

    Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone and point out such security flaws? It is in the interest of FBI to maintain such a unit.

    • by Anonymous Coward on Saturday March 01, 2014 @11:40AM (#46375685)

      I've done it, exposing criminal fraud of spammers. I happened to be visiting DC, so took the time to meet the agent whom I'd been corresponding with and trying to get Secret Service interest because I thought it would fall under wire fraud. Local police departments had been unwilling to deal with it without proving that the spammers were from their jurisdiction, and wouldn't bother obtaining the warrants needed to get ISP logs without that proof. And the FBI kept blowing me off.

      The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

      It's a lesson that's been helpful to me in security work: It really helps to have a killer risk or a single incident to hang justification for the change in practices or policies on, as a managerial justification for time and money and resources.

      • by fahrbot-bot (874524) on Saturday March 01, 2014 @12:47PM (#46376079)

        The Secret Service agent I spoke with was interested, but let me know why he couldn't justify further investigation. Without a clear abused victim with a clear monetary damage of at least $30,000, he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers and the fraud. So I learned a hard lesson: getting the specific criminal act of large enough damage to *justify* prosecutorial interest is key. It's why so many low scale spammers and fraudsters continue so long: they operate under the radar of police or FBI or Secret Service wire fraud thresholds.

        On the other hand... had that spammer tried to sell *one* bootleg copy of a movie...

        • by tlhIngan (30335)

          On the other hand... had that spammer tried to sell *one* bootleg copy of a movie...

          Why do you think the punitive fines for copyright infringement are easily $125,000+ per violation?

      • he couldn't justify obtaining the necessary necessary agency time to get the warrants to track the spammers

        Snowden's documents showed that the FBI was getting information from the NSA on drug traffickers without obtaining warrants.

    • by Anonymous Coward

      Sorry, you seem to be under the impression that there exist in the U.S. "non-criminals" from the perspective of L.E. agencies.

      • by camperdave (969942) on Saturday March 01, 2014 @02:01PM (#46376573) Journal

        Sorry, you seem to be under the impression that there exist in the U.S. "non-criminals" from the perspective of L.E. agencies.

        Of course they exist. They're everyone above you in the chain of command.

        • by Fjandr (66656)

          It can even include those above you in the chain of command. Anyone below the highest person in the chain of command whose backing you have is also a potential criminal target.

    • by TheGratefulNet (143330) on Saturday March 01, 2014 @12:22PM (#46375915)

      yes, even being near a crime can get you in trouble.

      there was a time that I saw a car up on blocks with its wheels gone (down the street from where I used to live, a nice safe area in mtn view). I thought it odd that there was such a theft like this and I had my camera with me at the time so I shot a few pics. a cop came by and started hassling me. at the time, I had no idea why.

      when I asked around (and did some research) it seems that some thieves do their deed and then come back again to photo it, maybe for bragging rights or something. and so, if you take pics of something like this, you may run into some 'questioning' from those in blue. sad but true.

      I would not ever voluntarily go talk to a cop or walk into a cop station, these days. you put yourself at risk every time you encounter one of those guys. I don't need problems in my life so I avoid those guys at all cost even though I'm not doing a single thing wrong.

      lesson: don't tangle with authority unless you have all your bases covered. even then, if its not your business, just stay the hell out of their sphere. these days, we are all 'suspects' and even a perfectly innocent person can run into trouble in spite of having neutral or even good intentions.

    • Is there a recommended way by FBI or Secret Service where one can go, establish the non-criminal bona-fide of oneself and have an intelligent conversation with someone

      I did some minor computer consulting for the Secret Service a long time ago. I was too young at the time to realize what was going on; only in retrospect years later did I realize that there had been zero effort to preserve electronic evidence, share it with the defense, or any of the other niceties one is supposed to expect from the justice

    • ....any interest.

      It just seems to me that the best policy is to not have your name put on any law enforcement list of any kind unless there is some moral imperative that would compel you to, like being a witness to a crime.

      This is kind of sad, because I would think it would be nice to be able to provide meaningful information to law enforcement but there just seems to be too many ways it could turn around and bite you, especially if your helpful information was deemed to be something that could be embarrass

    • I have. I asked a question to the FBI; once. They say they won't tell you if you're doing right or wrong. I state, "you can tell me the law, and then I can make a decision." I then ask, "do you know which law applies to this non sense my client wants me to do."

      The FBI are nice folks, they get to deal with some really messed up people.
    • by AK Marc (707885)
      When I was young and naive, I thought the FBI investigated crimes. When I had someone obviously trying to scam me (over state lines) I called the FBI to report it. Of course, I was told "if you haven't lost any money, we will not investigate, just don't send the guy any money". Explaining that he probably did it 1000 times and that I was a living honeypot that could help them catch someone who did take money from others, the FBI hung up on me. But yes, I called the national crime number, and was told t
  • Lucky (Score:4, Insightful)

    by Optimal Cynic (2886377) on Saturday March 01, 2014 @10:57AM (#46375463)
    He's one lucky bastard to get away with that. A less forgiving agent would have had him in custody for months, "just in case".
    • Re:Lucky (Score:4, Insightful)

      by amiga3D (567632) on Saturday March 01, 2014 @11:04AM (#46375503)

      The Secret Service actually hires intelligent people. If it had been the TSA he'd still be in jail.

      • Re:Lucky (Score:5, Funny)

        by russotto (537200) on Saturday March 01, 2014 @12:06PM (#46375843) Journal
        If it had been the TSA, someone with a vaguely similar name would still be in jail.
      • by Sciath (3433615)
        I'm not convinced intelligence has anything to do with it. I'd be more inclined to attribute motivation as the main ingredient in deciding whom to detain.
    • I agree. In today's law enforcement climate, I don't think I would be trying that stuff.
    • He's one lucky bastard to get away with that.

      Don't worry. He's in for a nice surprise the next time he travels abroad and tries to reenter the country. He may as well prelube before hitting customs. Emperors don't like the peons who point out that they have no clothes.

    • The FBI mostly doesn't hire ass clowns.

      I wouldn't try this with the local sheriff's office.

  • about Google Maps? Is he going to pull the same stunt with fake listings on other sites/apps, local newspapers, shops, etc? And will he then repeat the process with the local police, hospitals, schools, shops etc etc? Where does it end?

  • I don't understand. How is Google supposed to fix every wrong map listing? Does he have an algorithm to spot more of the fake listings? And how is this a security flaw, when there is no way to fix it? Ya, you can post any phone number you want in many different places, and label it as for the FBI, it just illegal to pass yourself off as a government agent. If it were me, I think I just world of arrested him.

    But reading the original article, it starts to make sense when he mentions making a decision based on

    • by jtara (133429)

      - "I don't understand. How is Google supposed to fix every wrong map listing?"

      By relying primarily on official and/or reliable sources.

      - Business licenses
      - Property tax rolls
      - yellow pages listings

      Yea, I get it. Google wants to make things more up-to-date by crowd-sourcing data. But you can't trust the "crowd". They need to make sure that new/changed listings are confirmed by multiple independent reports. And it would't hurt to at least glance at Street View to confirm...

      "Here comes the Google van! Quick,

      • by AK Marc (707885)
        The problem is they trusted the "crowd" to put up bad information, but not to pull it down. The inconsistent crowd trust is frustrating, and is the source of this man's issue.
  • Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.

    Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few year

    • by PPH (736903)

      I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis.

      Reading between the lines: Do more business with Google or they'll make your life miserable with crappy listings. That's a nice little business ya' got there buddy. It'd be a shame if something happened to it......[Heh, heh, heh.]

    • If they're putting you through the the sales department, maybe you could buy some ads if they thrown in "fixing the damn address" as a bonus?

      Then, sue them, I guess, for holding you address for ransom....

    • Whoever looks up contact information for an federal office on google map rather then on the federal office web site is a fool.
    • Yes, there as idiots out there.
    • What Bryan Seely did could be qualified as "pretending to be a cop/agent" which is illegal over here.
    • by Soulskill (1459) Works for Slashdot

      Whoever looks up contact information for an federal office on google map rather then on the federal office web site is a fool.

      Or just not very tech-savvy -- like the majority of internet users. Maps has taken the place of a phone book for a lot of people. I'll commonly get restaurant phone numbers out of Maps and not think twice about. I probably wouldn't trust it for 'important' information, but then I know well how easy it is to manipulate certain data online.

      Think of it from the perspective of somebody w

    • Federal offices are merely an example. I know businesses that absolutely refuse to put their mailing address or the location of their offices or their business office telephone number on their website or in local telephone listings, to avoid physical spam or having angry customers show up at their door. And in the business world, just try to find the street address of the ISP data centers near you.

      Google Maps has been a reliable way for me to actually _find_ the data center I need to visit, when the staff o

      • by JWSmythe (446288)

        The addresses are frequently wrong too. Sometimes it's only off by one building. Sometimes it's off by miles. I usually give people coordinates to the entrance.

        Of course, Google had to redo maps, removing features I used all the time, like "Drop Coordinates", which would display the coordinates at the point you selected. The distance ruler is gone too. They were beta features, but I used them all the time.

        You can still pull the coordinates sometimes. Not always though. Sometimes it'll show in the

    • How did you find the URL for the website?
      Which agencies have a location based search on their website? (FBI does, Secret Service does not, etc.)

      How long would you mess around with that before you gave up and switched to Google Maps and searched for the agency starting with the map centered on your current location to find the closest local office for that agency?

  • by mark-t (151149) <markt@nOSPam.lynx.bc.ca> on Saturday March 01, 2014 @11:27AM (#46375617) Journal

    ... and more about people who blindly trust whatever they see on the Internet... even if it is from a company that is prominently known, and thus often implicitly trusted by many. If the people utilizing these fake numbers had actually done any serious fact checking of their own, outside of google maps, they would have quickly realized that the fake numbers on google maps were incorrect, at the very least, even if not actually realizing they were deliberately faked.

    And IMO, knowingly deceiving people (ie, deliberately misrepresenting your own number as a conduit for contacting somebody else) to try to expose a security flaw is still deception... and IMO, a severe ethical infraction, even if the law allows it when no real harm has been done.

    Good ends should not require bad means to achieve. I believe that the means must justify themselves... and if that is just not possible, then... well, you just do the best that you can with whatever it is that you have, and go forward from wherever it is that you are.

    • by aviators99 (895782) on Saturday March 01, 2014 @11:48AM (#46375721) Homepage

      True. One of the comments in TFA mentioned that this could be used for bank/credit card phishing. I thought that was an important insight to note. I think you'd get even more people blindly calling their bank based on a number on Google Local, and one could listen in and get all sorts of card numbers, social security numbers, secret passcodes, etc.

    • Do what you can, with what you have, where you are. Theodore Roosevelt
    • His goal was to help people by closing the security hole. He contacted Google, but they didn't fix it. What would you have done to get the hole fixed? No one was harmed here, after all.
      • by mark-t (151149)

        His goal was to help people by closing the security hole. He contacted Google, but they didn't fix it. What would you have done to get the hole fixed? No one was harmed here, after all.

        What I would have done? Warned as many people as I could that the numbers they see on there may not be accurate. Even if no deliberate deception was involved in them, they could be out of date and incorrect, because there are no safeguards in place to prevent errors.

        And saying that nobody was harmed as a means to justif

    • by ACNiel (604673)

      How is this "Interesting". I am looking for a phone number, I don't got to 4 sources. I pick up the closest telephone book and dial what I see there.

      "Fact checking" a phone number, wtf.

      And then a +4 mod.

      Lewis Black wouldn't even scream, he'd be struck silent this is so bad.

  • I quit using Google maps a long time ago when they showed the location of an address in the total opposite side of town when I knew darn good and well it wasn't where it said it was. Also showing my address on the WRONG side of the railroad tracks and 1 mile east of where it REALLY was. That is on top of all the spam garbage all over it. I have found MapQuest much more accurate and full of less BS. Google maps is just to "hackable". Anyone can make it show whatever they want - heck just see how easy it was

  • by guevera (2796207) on Saturday March 01, 2014 @04:33PM (#46377525)
    If he'd gotten arrested and charged at least he would have learned that you don't talk to cops. Ever.
  • by g0es (614709) on Saturday March 01, 2014 @04:52PM (#46377615)
    Someone please correct me if I'm wrong but it seems that he violate wiretap laws by listening in to the conversation. Neither party knew he was listening in. I would have though for sure they would have charged him for listening which in reality wasn't necessary to prove his point.
  • What would have been a better way to deal with this? Send in a warning and watch it be ignored?

  • Violating laws is never a good way to try to right a wrong. This could have gone very poorly for him, luckily whoever he contacted didn't press charges.

We will have solar energy as soon as the utility companies solve one technical problem -- how to run a sunbeam through a meter.

Working...