Pretty straightforward description of how to grab an IP (probably via a honeypot) and attribute it to a downloading user.
From U.S. v. Carter, No. 2:07-CR-00184-RLH (GWF), 2008 WL 623600, at *4 (D. Nev. March 6, 2008):
The Affidavit then described the steps taken by the Government to identify the user of Internet Protocol (IP) address 68.108.184.145. A search of the publicly available website arin.net revealed IP address 68.108.184.145 was controlled by Cox Communications. On October 31, 2006, the Government served an administrative subpoena on Cox Communications to identify the individual subscriber to IP address 68.108.184.145 on October 25, 2006 at 7:12 p.m. PDT when a user of this IP address first attempted to download the posting created by SA Luders on the Ranchi message board. On November 10, 2006, Cox Communications responded to the subpoena by identifying Luana Carter, 3815 North Nellis Boulevard, Number 26, Las Vegas, Nevada 89115, telephone number 702-860-7293, as the subscriber to IP address 68.108.184.145. Exhibit “A”, p. 16, ¶¶ 35-38. On January 17, 2007, the Government conducted a search of the public records data base LexisNexis which indicted that Luana Carter resided at the above listed address and that Defendant Travis Carter was a household member at that address. Id., ¶ 39. On January 17, 2007, the Government also checked Nevada Department of Motor Vehicle (DMV) records which revealed a current driver’s license for Luana Carter, with the same social security number, date of birth and physical address obtained through LexisNexis. Exhibit “A”, pp. 16-17, ¶ 40. On February 8, 2007, the Government also served an administrative subpoena on Nevada Power Company for subscriber information for 3815 North Nellis Boulevard, Number 26, Las Vegas, Nevada 89115. Nevada Power Company’s response to the subpoena listed Luana Carter as having an active account at that address since June 22, 2001 and listed her home telephone number as 702-860-7293. Id., ¶ 4.
A recent thread of comments on Lifehacker shows how non-governmental organizations are using this method to track down copyright infringers. If you use a P2P service such as BitTorrent, you reveal your IP to any seeder (or any other leecher in the swarm), and if the seeder is, for example, the RIAA, then they know your IP. A simple request to your ISP will cough up your name and address. And then they can get a search warrant to grab your computer(s).
If you read the rest of the case, then you’ll see that part of defense hinges upon a “wireless defense”–the “I have an open wireless router, and it could have been someone else besides me” defense. Well, that might be true, but it can’t upset the “fair probability” that the person doing the downloading the IP might have been the owner of the wireless router. I wonder, though, what the physical circumstances of the defendant was… Was he merely positing the hypothetical for his house in the countryside? Was he merely hoping for war drivers? Or was he living in an apartment building where folks on his floor and the floors above and below him–as well as war drivers–could leech his wireless bandwidth?
I wonder if the “fair probability” might erode a bit more in a high-density situation. If you really do share your wireless bandwidth with a handful of other users, is there still a “fair probability” that any Internet traffic is attributable to the router owner? Looked at another way, if someone could leech off another person’s wireless bandwidth, then maybe that person would be given freer rein to use the bandwidth in less savory ways. I mean, that’s largely why people war drive in the first place.
Blogs, Technology | paul | 
April 21, 2008 11:32 am | 
Comments (44) 
Subscribe