Amidst the ever-escalating battle against computer crime, law enforcement receives a new tool. The Aircheck, by Fluke, is a WiFi tester for network professionals. Its capabilities include detecting all 2.4 Ghz and 5 Ghz wireless networks in the vicinity and indicating the presence of traffic on those networks (as opposed to interference in the same frequency range), identifying the type of wireless security used (if any), and performing basic network diagnostic functions such as ping and DHCP requests for an IP address.
At the Crimes Against Children conference, Fluke announced the issuance of these devices to police. With their “one button interface”, Fluke claims they enable police to drive by a suspect’s location and identify any WiFi networks in use, determine if a given WiFi network is secured with a password, more confidently enter a suspect’s residence if they’ve determined the WiFi networ
k in use is secured (knowing illegal content is actually being downloaded at that residence), and track a suspect’s location when an unsecured wireless signal is found. The thought that justifies this entry into houses by police is the chance a non-resident is borrowing the connection, nearby, to download child porn or do other illegal activities.
I have several problems with this strategy. First of all, police are not network professionals. Fluke’s simplistic explanation of the usefulness of the Aircheck glosses over some of the facts. Secured WiFi networks may be borrowed by neighbors or others in the vicinity, if those individuals successfully hacked their passwords. WEP encryption is often used in residential WiFi setups where older hardware doesn’t support the more secure WPA protocol, and WEP is trivial to hack. Basic information gleaned by police wielding an Aircheck does not constitute proof or even strong evidence that they’ve determined the source of illegal internet traffic. Sergeant Dave Mathers of the Electronic Crimes Unit of the City of Martinez, CA says, “It provides us an additional layer of certainty that the person we are targeting is, in fact, the suspect that we are looking for. We don’t have to go in blindly anymore.” That I can agree with, but it leads me to my second problem with this arrangement. How much taxpayer money should we spend for that additional layer of certainty? The Fluke device retails for roughly $2,000, while devices like the Canary HS-20 are available for around $50 at Amazon. Surely, police departments can get a better deal than I can. Even though the Fluke is clearly built in a more industrial-strength enclosure and may be a little more user-friendly to operate, a cash-strapped police department can buy forty Canary hotspot detectors for the price of just one Fluke!
Perhaps the police should concentrate more on their core proficiencies and hire actual computer security experts to analyze technical situations. Every true computer security specialist I know already owns a laptop or netbook capable of identifying and analyzing WiFi signals without needing a dedicated handheld device for the task. Expecting regular officers to carry WiFi diagnostic devices on their belts to make snap decisions about the source of illegal internet traffic is no more practical than letting computer security specialists borrow police cruisers and pairs of handcuffs to make arrests when the situation arises.
My thoughts?
Besides the obvious (as you pointed out, we can do the job cheaper and more efficiently, based on the description of the canary):
Maybe they should mandate electronic locks next, that the police could override and open at anytime…, in case someone had broken in and was about to steal our stereo systems, if they saw a high volume of electronic boxes outside earlier in the week.
Better yet, let’s go down the other path:
GEEK COPS!
http://www.geek.com/articles/news/catch-me-if-you-can-fugitive-taunts-cops-on-facebook-they-in-turn-catch-him-20110729/
They’re already out there!
Uh… This line to me doesn’t make any sense!
“The thought that justifies this entry into houses by police is the chance a non-resident is borrowing the connection, nearby, to download child porn or do other illegal activities.”
The word justify shouldn’t be followed by…. CHANCE. This seems to be bordering on Guilty until Proven Innocent. I believe our motto is Innocent until Proven Guilty. I abhor children pornography. But here’s the condition, cops aren’t trained on real network monitoring. A tool is like the idea of script kiddies. You think you are all “skilled” and suddenly you find out you didn’t know what you were doing. What if the network is unsecure or WEP and a hacker for fun infiltrates your system and injects child porn on it? Then it’s on YOU. A real hacker isn’t going to be simple about things. IE TOR. It is a way to be anonymous. What about DNS poisoning? ARP poisoning? How does that look on this tool? Am I missing something?
Or they could just teach them how to use an automated wireless security assessment tool like Silica. http://www.immunityinc.com/products-silica.shtml Which seems very impressive to me based on a couple of video demos I’ve seen on YouTube.
http://www.youtube.com/watch?v=tpcrjkR-OrY&feature=sh_e_top&list=SL
The easiest alternative, for all you nay-sayers… Police skip doing any WiFi check and just serve the search warrant. I wonder why people are all upset that the police are trying to use commercial tools to improve the results of their work and maybe save a few children at the same time.
– From a guy that’s served a FEW warrants and understands technology.