wrong-way-red-signI used to work in an area where we would attempt to trace the origin of an email, location of someone downloading illegal files or other various “digital” frauds. This was generally accomplished by identifying the Internet Service Provider in use by our target (Cox, Century Link, Comcast, etc.) and then contacting that company to figure out which customer had been using the IP Address used during time of the bad act. An Internet Service Provider (ISP) usually has billing information including their customers name and address where service is provided thus working through the ISP usually provided accurate results.

Over time, private businesses began logging which IP Addresses were used by their customers and ultimately began selling that information. It would be improper for a company to sell your name, home address, phone number, birthday, etc. (they do anyway) but to sell a general list of IP Addresses that had items shipped to specific zip code or city / state doesn’t specifically identify any one individual. Thus businesses began selling lists tying an IP Address to a physical address even though there was no confirmation the IP Address was indeed associated with the physical location. One could easily order something online and have it shipped to a work address, friend or family member thereby getting the IP Address used during the order associated with the wrong physical location.  ISP’s did not have this issue since the physical location information is based off where their services are provided, not from a log purchased from a 3rd party.

Continuing with the bad practice of assuming an IP Address is associated with a physical address, one online company allowed public searches of IP Addresses to determine their physical location in the world. Of course they obtained their information from these 3rd party logs of assumed information. Everything was ok however since the words “approximate location” were used in the disclaimer.

This all leads to a fun story about a farm house in Kansas. This farm house is somewhere around the very middle of the United States. What does an online company who assumes physical locations tied to IP Addresses do when they only know the IP Address is in the United States? You guessed it, they pick the middle of the location and assume that is close enough. This practice caused our nice little farm house in Kansas to be associated with nearly 600 million IP Addresses. Would you be surprised to learn some of those 600 million IP Addresses were used by bad guys?

Which comes full circle back to the first paragraph of this story…we used information provided by Internet Service Providers not some 3rd party advertiser or website that makes assumptions. So the FBI, various law enforcement and other investigatory agencies who raided a small farm house in Kansas or thought this farm house was the central location for the world’s largest online crimes really need to get their act together and understand what they are doing. Sorry, off my soap box now.

The original story – http://www.techworm.net/2016/08/farmhouse-called-digital-hell-600-million-ip-addresses-linked.html

Share This