Feeds

The Rozzers don't know what they're on about

It's techie versus bobby

  • alert
  • submit to reddit

Eight steps to building an HP BladeSystem

[We criticised the police for their inability to trace emails. A Chief Inspector took issue with us. And our readers took issue with him.]

Readers' Letters: It's a biggy
Email is the British Jerry Springer
UK police no idea about the Net
Even the government thinks UK police are Web-stupid



Hi,



Just read the mail you got from Chief Inspector R M Crorie where he stated:

And what is wrong with "good policing" if she DID conceal the originating IP address (probably allocated dynamically - and do you have any idea how difficult it is to get any information out of an ISP or to get a warrant to force them?)

First of all, she was in a cybercafe (apparently), which generally have a leased line. Leased lines generally have static IPs. In fact, if somebody had told the police where to look in the headers to get the IP address, and then did a reverse lookup on it, it would probably resolve to something like townname.cyberia.net or somesuch.

In fact, the IP address probably wouldn't be required, because mail headers or so full of information that it would probably have the resolved name in it anyway. SMTP is clever like that. The Police evidently are not.

Secondly, as somebody who has worked for a few ISPs, I take exception to the Chief Inspector claiming that it is difficult to get information out of us. I have in the past helped several Police forces track down and arrest a whole host of people using the Internet to commit crime (think children/sex, ex-husbands scaring ex-wifes, bomb threats, etc.).

Unfortunately there are a few laws under the Data Protection Act which state that we have to protect our customers information - in other words you need to have a 'release' from the Police (not a warrant). This kind of helps us make sure that some random Police officer doesn't demand the address of the bloke who has been net-sexing his missus and then goes and beats him up. If the Chief Inspector is advising that we should start breaking the law, then perhaps I should be writing to my MP rather than you.

All an ISP requires is the appropriate documentation signed by a senior officer and most, if not all, ISPs will be happy to help. If the Chief Inspector (or indeed any officer or policeman reading this) need to find out how all this works, I would suggest that they contact the Manchester Obscene Publications Unit, who know this procedure inside out, and whom I have had the pleasure of assisting on several occasions back when I was working for Telinco as a sysadmin/security officer/scapegoat.

Paul Robinson



Let's see, I have an IP address that's dynamically allocated; let's pick one at random within the .co.uk TLD... Let's say 193.115.134.130



So, I run up Sam Spade (because I'm too sodding lazy to use a DOS or UNIX command line to do the same thing) and search for the owner of the IP. Turns out that belongs to CYBERZONE-LTD and it's assigned to www.cyberzone.co.uk (obviously not an actual dynamic IP, but I haven't much time to waste showing up the police for the network boneheads they appear to be).

One more mouse click in Sam Spade (personal version 1.14 for whatever that's worth - I find it faster than the Web version most of the time) shows me that CYBERZONE.CO.UK is registered by goodgem@uk.psi.com so we go look up UK.PSI.COM and find they are owned by PSI.COM in Herndon, VA, USA. Well, police budgets being what they are, a transatlantic call is out of the question, so let's look closer to home. Going to the Cyberzone Web page, we find them in Croydon, and the entire sordid story of their location, how to reach them by phone, fax, or email, and who's in charge, is right there on the "contact" link.

Took me, oh, 15 minutes, while answering the Hell Desk phone and wiping users' files off the server. Surely Cheshire's Finest could do that much? After all, they managed to find www.theregister.co.uk didn't they?

Rich Tietjens ®

Reducing security risks from open source software

More from The Register

next story
Motorist 'thought car had caught fire' as Adele track came on stereo
'FIRE' caption on dashboard prompts dunderheaded hard shoulder halt
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
Japanese artist cuffed for disseminating 3D ladyparts files
Printable genitalia fall foul of 'obscene material' laws
Carlos: Slim your working week to just three days of toil
'Midas World' vision suggests you retire later, watch more tellie and buy more stuff
Brit Rockall adventurer poised to quit islet
Occupation records broken, champagne corks popped
Apple: No, China. iPhone is NOT public enemy number 1
Beijing fears it could beam secrets back to America
Canuck reader threatens suicide over exact dimensions of SPAAAACE!
How many As? Reg hack's writing cops a shoeing
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.