Feeds

The Rozzers don't know what they're on about

It's techie versus bobby

  • alert
  • submit to reddit

High performance access to file storage

[We criticised the police for their inability to trace emails. A Chief Inspector took issue with us. And our readers took issue with him.]

Readers' Letters: It's a biggy
Email is the British Jerry Springer
UK police no idea about the Net
Even the government thinks UK police are Web-stupid



Hi,



Just read the mail you got from Chief Inspector R M Crorie where he stated:

And what is wrong with "good policing" if she DID conceal the originating IP address (probably allocated dynamically - and do you have any idea how difficult it is to get any information out of an ISP or to get a warrant to force them?)

First of all, she was in a cybercafe (apparently), which generally have a leased line. Leased lines generally have static IPs. In fact, if somebody had told the police where to look in the headers to get the IP address, and then did a reverse lookup on it, it would probably resolve to something like townname.cyberia.net or somesuch.

In fact, the IP address probably wouldn't be required, because mail headers or so full of information that it would probably have the resolved name in it anyway. SMTP is clever like that. The Police evidently are not.

Secondly, as somebody who has worked for a few ISPs, I take exception to the Chief Inspector claiming that it is difficult to get information out of us. I have in the past helped several Police forces track down and arrest a whole host of people using the Internet to commit crime (think children/sex, ex-husbands scaring ex-wifes, bomb threats, etc.).

Unfortunately there are a few laws under the Data Protection Act which state that we have to protect our customers information - in other words you need to have a 'release' from the Police (not a warrant). This kind of helps us make sure that some random Police officer doesn't demand the address of the bloke who has been net-sexing his missus and then goes and beats him up. If the Chief Inspector is advising that we should start breaking the law, then perhaps I should be writing to my MP rather than you.

All an ISP requires is the appropriate documentation signed by a senior officer and most, if not all, ISPs will be happy to help. If the Chief Inspector (or indeed any officer or policeman reading this) need to find out how all this works, I would suggest that they contact the Manchester Obscene Publications Unit, who know this procedure inside out, and whom I have had the pleasure of assisting on several occasions back when I was working for Telinco as a sysadmin/security officer/scapegoat.

Paul Robinson



Let's see, I have an IP address that's dynamically allocated; let's pick one at random within the .co.uk TLD... Let's say 193.115.134.130



So, I run up Sam Spade (because I'm too sodding lazy to use a DOS or UNIX command line to do the same thing) and search for the owner of the IP. Turns out that belongs to CYBERZONE-LTD and it's assigned to www.cyberzone.co.uk (obviously not an actual dynamic IP, but I haven't much time to waste showing up the police for the network boneheads they appear to be).

One more mouse click in Sam Spade (personal version 1.14 for whatever that's worth - I find it faster than the Web version most of the time) shows me that CYBERZONE.CO.UK is registered by goodgem@uk.psi.com so we go look up UK.PSI.COM and find they are owned by PSI.COM in Herndon, VA, USA. Well, police budgets being what they are, a transatlantic call is out of the question, so let's look closer to home. Going to the Cyberzone Web page, we find them in Croydon, and the entire sordid story of their location, how to reach them by phone, fax, or email, and who's in charge, is right there on the "contact" link.

Took me, oh, 15 minutes, while answering the Hell Desk phone and wiping users' files off the server. Surely Cheshire's Finest could do that much? After all, they managed to find www.theregister.co.uk didn't they?

Rich Tietjens ®

High performance access to file storage

More from The Register

next story
Forget the beach 'n' boardwalk, check out the Santa Cruz STEVE JOBS FOUNTAIN
Reg reader snaps shot of touching tribute to Apple icon
Happy 40th Playmobil: Reg looks back at small, rude world of our favourite tiny toys
Little men straddle LOHAN, attend tiny G20 Summit... ah, sweet memories...
Oz bank in comedy Heartbleed blog FAIL
Bank: 'We are now safely patched.' Customers: 'You were using OpenSSL?'
Lego is the TOOL OF SATAN, thunders Polish priest
New minifigs like Monster Fighters are turning kids to the dark side
Dark SITH LORD 'Darth Vader' joins battle to rule, er, Ukraine
Only I can 'make an empire out of a republic' intones presidential candidate
Chinese company counters pollution by importing fresh air
Citizens line up for bags of that sweet, sweet mountain air
Google asks April Fools: Want a job? Be our 'Pokemon Master'
Mountain View is prankin' like it's 1999...
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.