
German police ask for help in identifying a bomber's MAC address - mariuolo
https://www.zdnet.com/article/german-police-ask-router-owners-for-help-in-identifying-a-bombers-mac-address/
======
mxscho
To everyone who is very smart in here saying "MAC addresses are not unique,
MAC addresses can be spoofed". The article is about German police trying to
find a criminal using one public identifier. It's not about German prosecutors
trying to prove guilt in court with a MAC address. Kind of like "have you seen
this person who is [non-unique changable identifier]?"

~~~
candiodari
You mean this police force will do nothing wrong and treat suspects fairly ?
No they won't. ESPECIALLY if the suspect is an immigrant, but it's not like
they haven't gone WAY overboard with German suspects as well.

[http://www.spiegel.de/international/germany/hanover-
police-o...](http://www.spiegel.de/international/germany/hanover-police-
officer-allegedly-tortured-two-refugees-a-1035098.html)

[https://www.nytimes.com/2003/04/10/world/kidnapping-has-
germ...](https://www.nytimes.com/2003/04/10/world/kidnapping-has-germans-
debating-police-torture.html)

[https://abcnews.go.com/International/video-showing-german-
po...](https://abcnews.go.com/International/video-showing-german-police-
appearing-beat-black-man/story?id=58209781)

[https://www.dw.com/en/child-murderer-wins-damages-over-
polic...](https://www.dw.com/en/child-murderer-wins-damages-over-police-
torture-threat/a-15295473)

[https://www.zeit.de/gesellschaft/zeitgeschehen/2018-10/jva-k...](https://www.zeit.de/gesellschaft/zeitgeschehen/2018-10/jva-
kleve-gefaengnis-zelle-brand-politik)

Think LONG and HARD before you ever either ask these people for help or point
these people to someone. There are many incidents with unprovoked violence and
even some incidents involving police torture and lethal force used against
immigrants with little or even no provocation at all.

I would say it is very much NOT moral to help here. I know, this won't be a
popular statement, but it just isn't.

~~~
MarsAscendant
> You mean this police force will do nothing wrong and treat suspects fairly ?

I'm failing to see what provoked such a response, given the comment you're
replying to.

~~~
candiodari
It is implicitly assuming good faith on the part of the German police, and
that just doesn't exist. I wanted to point out the error. At their best they
follow procedures, with regular disasters. At their worst, sometimes, they're
raging racists.

------
burtonator
I wonder if there are any unintended consequences for this.

For example, if you were able to identify the MAC address, and you were
unethical, you could just blackmail the "bomber" \- whether they are innocent
or not.

Also, some devices allow you to reprogram the MAC address so you could in
theory use this to blackmail someone as well, or at least get them harassed by
the police.

~~~
f-
I'm no expert, but "blackmailing a bomber" does not sound like a particularly
solid business plan...

~~~
noobermin
The former possibility is problematic, but using it to get the police to
harass someone is a real possibility. Just look at "swating" in the US.

------
Shihan
Wow, that website starts playing the most annoying music in like 100 db.
Thanks for wakeing my kid up.

------
netsharc
They probably can ask a lot of free WiFi providers for this info, and these
providers may have his phone number as well (I'll explain below). And to get a
SIM card they would've needed to register with their ID, so the authorities
could identify the bomber that way (assuming it wasn't a SIM that someone
bought with their ID and sold to someone else, etc).

Some cafe chains or even national train networks offer free WiFi, but they ask
you to register with your phone number and SMS verification, I've done this
too but only now do I realize this means they can track my phone as it travels
between train stations/cafe locations and automatically connect to their
WiFi...

~~~
Merem
Needing an ID to buy a SIM card is a rather recent requirement though (1st
July 2017). So it is unlikely that the perpetrator used his/her ID to buy one.

------
peterwwillis
Fun fact: MAC addresses are not unique.

~~~
dehrmann
Sure, they can be spoofed, but do nic vendors _try_ to keep them unique, or do
they reuse them from a pool, like after the card is 10+ years old?

~~~
peterwwillis
"It depends."

Sometimes vendors would burn duplicates by accident. Sometimes they would
simply run out and production would loop (there's "only" 16.7mil addrs per
manufacturer prefix). Sometimes they print the same run in different
geographical areas, because the MAC only matters in a broadcast domain. Often
they just wouldn't keep track of what they assigned.

I just think it's funny to realize that people read "unique (to a broadcast
domain)" and assumed that could mean "unique (everywhere)" because it's a
really big number.

------
anotheryou
Even windows has an OOTB setting to randomize it (default off though). (Quite
likely he did't activate it though, so it makes sense to publish the mac)

------
evil-boi
Nice, living in germany right now i was just wondering which mac adress i
might spoof next, to satisfy my attention seeking..

------
Waterluvian
Can wifi APs capture/log a MAC address just because a device polled and then
listed it as a possible connection option?

~~~
c22
Yes. In fact, completely passive devices can log the MAC address of any device
"searching" for a wireless network whether or not any AP is even in the area.

~~~
Waterluvian
Fascinating. Oh gee. I could set up a device in my home that over time can
probably give me enough data to figure out schedules of my neighbours.

~~~
crtasm
Found this in my bookmarks just yesterday, haven't experimented with it yet:
[https://github.com/calebmadrigal/trackerjacker](https://github.com/calebmadrigal/trackerjacker)

------
zorked
... but wouldn't that be a violation of the GDPR? :)

~~~
detaro
Probably not, in the same way a "wanted" poster with a photo isn't, assuming
proper protocol is followed. (Now if someone reports a find in logs, you can
of course ask why they had and looked at those)

~~~
blattimwind
> (Now if someone reports a find in logs, you can of course ask why they had
> and looked at those)

The police is not around to enforce GDPR.

~~~
detaro
Not sure why you feel the need to point that out, I didn't claim that.

------
cronix
Sorry, we quit collecting that kind of info a year ago so we don't violate
GDPR, so we can't help you.

