Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy

How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa (gizmodo.com) 118

Kashmir Hill, reporting at Gizmodo: The visitors started coming in 2013. The first one who came and refused to leave until he was let inside was a private investigator named Roderick. He was looking for an abducted girl, and he was convinced she was in the house. John S. and his mother Ann live in the house, which is in Pretoria, the administrative capital of South Africa and next to Johannesburg. They had not abducted anyone, so they called the police and asked for an officer to come over. Roderick and the officer went through the home room by room, looking into cupboards and under beds for the missing girl. Roderick claimed to have used a "professional" tracking device "that could not be wrong," but the girl wasn't there. This was not an unusual occurrence. John, 39, and Ann, 73, were accustomed to strangers turning up at their door accusing them of crimes; the visitors would usually pull up maps on their smartphones that pointed at John and Ann's backyard as a hotbed of criminal activity.

[...] The outline of this story might sound familiar to you if you've heard about this home in Atlanta, or read about this farm in Kansas, and it is, in fact, similar: John and Ann, too, are victims of bad digital mapping. There is a crucial difference though: This time it happened on a global scale, and the U.S. government played a key role. [...] Technologist Dhruv Mehrotra crawled MaxMind's free database for me and plotted the locations that showed up most frequently. Unfortunately, John and Ann's house must have just missed MaxMind's cut-off for remediation. Theirs was the 104th most popular location in the database, with over a million IP addresses mapped to it.

This discussion has been archived. No new comments can be posted.

How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa

Comments Filter:
  • by Dan East ( 318230 ) on Thursday January 10, 2019 @10:41AM (#57937554) Journal

    According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation. Further, the area in question has very few access points, so phones can potentially pick up these residential access points from thousands of feet away. Then they are geolocated to the exact position of the access point.

    A solution is to disable SSID on your home router(s) so that these data-grabbing sniffers won't see it and try to geolocate off of it.

    • To clarify, I mean to disable "SSID Broadcast" specifically.

      • by Fallon ( 33975 )

        All data traffic on that SSID still has the SSID name attached. Disabling SSID broadcast just means packets with the SSID name in them aren't beaconed constantly & only occur when traffic traverses that network. It's trivial to sniff still & is likely to still get logged by most WiFi sniffers & geolocation systems.

        • Disabling SSID broadcast just means packets with the SSID name in them aren't beaconed constantly & only occur when traffic traverses that network.

          Even for so-called "Hidden SSIDs" the SSIDs still get broadcast in AYT (Are You There) packets sent by previously connected clients enumerating the contents of their PNLs (Preferred Network Lists) while looking for an access point with better signal strength. You'd be surprised how many stores and shopping centres slurp up the AYT traffic to fingerprint who's visiting their premises at any given time so they can serve up targeted advertising.

    • by Thelasko ( 1196535 ) on Thursday January 10, 2019 @11:50AM (#57938024) Journal

      According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation.

      You read the wrong article. That's the case for the home in Atlanta.

      TFA is actually the result of someone at the NGA [wikipedia.org] deciding this guy's house was the geographical center of Pretoria. As is the case with the farm in Nebraska, any unknown location in Pretoria defaults to the geographical center. They emailed the NGA (who would have thought?) and the issue has been corrected. The default location is now Church Square [wikipedia.org] in the NGA database.

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Thursday January 10, 2019 @01:48PM (#57938962)

      According to TFA, this was caused by stolen devices being in areas without a cell signal, and falling back on WiFi access point geolocation. Further, the area in question has very few access points, so phones can potentially pick up these residential access points from thousands of feet away. Then they are geolocated to the exact position of the access point.

      A solution is to disable SSID on your home router(s) so that these data-grabbing sniffers won't see it and try to geolocate off of it.

      No, this was the result of bad IP geolocation information. Basically the guy's house happened to be where they said "South Africa" was because that's the best area they could get for an IP.

      Anyhow, WiFi geolocation (more accurate than GPS, actually) doesn't care about SSID. It only uses MAC addresses that are transmitted in the beacon packets. All any device has to do is switch channels and listen to capture the AP MAC addresses and signal strength. Send that information to Google and you'll get back a pretty good location. Same goes for cell towers - the modem will scan for available cell towers, note their IDs (this includes all cell towers in all bands it can receive, including ones that you don't have service for) and do the same thing.

      The problem is the devices last pinged some tracker from an IP and that was last that device was heard of, and that IP had only country level resolution.

      (The US database of countries contains latitudes and longitudes that are often returned when you look up a country to get a specific location, and a lot of these IP geolocation companies use it without realizing the radius of uncertainty is "country" and not "city block").

      • by sjames ( 1099 )

        Anyhow, WiFi geolocation (more accurate than GPS, actually) doesn't care about SSID.

        There was an incident where people in NYC were getting a location in the Netherlands (IIRC). It turned out there was a cruise ship with WiFi in the harbor.

  • So, in sum (Score:5, Insightful)

    by SlaveToTheGrind ( 546262 ) on Thursday January 10, 2019 @10:48AM (#57937602)

    1. Cartographers for a U.S. intelligence agency published coordinates for the center of the populated area of Pretoria, South Africa.
    2. An IP location service provided those coordinates, along with an uncertainty radius, for Pretoria IP addresses.
    3. Other IP location services threw away the uncertainty radius.
    4. South African government officials, bounty hunters, etc. used the IP location services that threw away the uncertainty radius.
    5. The U.S. intelligence agency changed the coordinates to the center of the town square after being apprised of the issue.

    That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

      Where did this last sentence come from?

      Everything you listed happened. It's affecting people, and it's newsworthy.
      The /. post doesn't say anything about blame; the /. title notes that it was inadvertent.

      Are you such a weak snowflake that you are offended by anything which isn't pure "U.S.A." cheerleading?

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The headline is blatantly false:

        How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa

        The Cartographers for the U.S. military did not intentionally nor inadvertently create the problem. The problem was created by the people that threw away data and used data without understanding what they were doing. Those people, as far as I can tell, were not U.S. military.

        Now the U.S. National Geospatial Intelligence Agency, once they were aware of ignorant use of the data, did

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        It wasn't the US who caused the problem, others who willfully mislabeled data did. Yet the title says, "How Cartographers For the US Military Inadvertently Created a House of Horrors in South Africa"

        Application of cause for a bad situation. That's blame.

        The US == Evil narrative is so tiring. Even your post has that narrative running. Nobody sensible believes it. Yet people and bots like you push it every second of every day to destabilize for your own ego and geopolitical position at the cost of truth.

    • Re: (Score:2, Informative)

      1. Cartographers for a U.S. intelligence agency published coordinates for the center of the populated area of Pretoria, South Africa. 2. An IP location service provided those coordinates, along with an uncertainty radius, for Pretoria IP addresses. 3. Other IP location services threw away the uncertainty radius. 4. South African government officials, bounty hunters, etc. used the IP location services that threw away the uncertainty radius. 5. The U.S. intelligence agency changed the coordinates to the center of the town square after being apprised of the issue.

      That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

      But ... but ... how could we feel superior to our fellow men if we couldn't bash the US today?

      "Post apartheid South Africa is a house of horrors in general" is not the headline that anyone wants, but it would be the accurate one.

    • Re:So, in sum (Score:5, Insightful)

      by PPH ( 736903 ) on Thursday January 10, 2019 @11:27AM (#57937846)

      That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

      You seem to have ignored the broad distribution of blame for this situation and homed in on what appears to be the apparent centroid of the problem.

      • by pz ( 113803 )

        Wow, just wow. Not only did you get a whoosh over just one person, but at least four moderators. Well done, sir!

        MODS: the post, which is now at +5 insightful, should be +5 FUNNY.

        Why? Because he is satirising the parent!

    • Re:So, in sum (Score:4, Interesting)

      by flink ( 18449 ) on Thursday January 10, 2019 @11:31AM (#57937886)

      2 & 3 are why I like grid systems like MGRS. The precision is inherent in the coordinate data, and there is no illusion that the coordinates represent a precise point.

    • by amicusNYCL ( 1538833 ) on Thursday January 10, 2019 @01:35PM (#57938864)

      That seems like fairly thin gruel for Slashdot's "U.S. sux" article du jour.

      You just have to dig a little deeper for the meat.

      "It's almost with religious zeal that these people come, thinking their goodies are in my yard," John told me. "The Apple customers seem to be the worst."

      ah HA! You thought was "U.S. sux", but is "Apple sux" instead! Bamboozled again.

      Clearly this homeowner is just an Android zealot, because those are the only people who ever criticize Apple users. I've learned this fact right here on Slashdot.

    • Your news summary service is of higher value than the site it's hosted on.

    • Re: (Score:2, Interesting)

      by thegarbz ( 1787294 )

      Slashdot's "U.S. sux" article du jour.

      After reading TFS and your comment I come to the conclusion you are incredibly insecure on behalf of your country.

  • by Anonymous Coward

    Problem solved.

    I had this same issue because I live in Rural America, and my house is within 100 yards of where most mapping software pins my zip code, and within a mile of the nearest Interstate. To cover my entire property, I have an outdoor AP with an omni antenna on top of my 90 foot ham radio tower, so my Wifi network is visible from that Interstate.

    Once I disabled SSID broadcasting, people stopped showing up. I suspect that people were driving by on the Interstate, where there is poor cell coverage be

  • by Archtech ( 159117 ) on Thursday January 10, 2019 @10:51AM (#57937624)

    Seriously, any company that causes so much distress and harm deserves to be put out of business. Unless it has enough money to pay appropriate damages to all of its victims - whether they complain or not - and to fix its utterly insane software decisions.

    The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA". I know it rankles to big business, but when all else fails you can always try telling the truth.

    • ... and the NGA. Although sueing the US government might be difficult and counterproductive.

      I like this bit:

      'When he looked up the National Geospatial-Intelligence Agency’s website, he discovered it’s both a U.S. intelligence agency and part of the United States Department of Defense and “delivers world-class geospatial intelligence that provides a decisive advantage to policymakers, warfighters, intelligence professionals and first responders"'.

      In view of the article and what it reveals,

    • by SlaveToTheGrind ( 546262 ) on Thursday January 10, 2019 @11:12AM (#57937734)

      The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA".

      If you read the fine article, that's exactly what they did:

      But computer systems don’t deal well with abstract concepts like “city,” “state,” and “country,” so MaxMind offers up a specific latitude and longitude for every IP address in its databases (including its free, widely-used, open-source database). Along with the IP address and its coordinates is another entry called the “accuracy radius.”

      The accuracy radius does what you might expect. It says how accurate the coordinates are; it indicates the 5-mile, or 100-mile, or 3,000-mile area included with “a point” on a map. Unfortunately, it is ignored by many geo-mapping sites such as IPlocation.net, which gets its data from IPInfo and EurekAPI, two more IP geolocation databases that use MaxMind as a source.

      The issue is users / other services ignoring the accuracy radius. The question from the CEO was about the best approach to try to dumb down the system for people who were not using the information as intended/provided.

      • by Anonymous Coward

        The issue is users / other services ignoring the accuracy radius. The question from the CEO was about the best approach to try to dumb down the system for people who were not using the information as intended/provided.

        The obvious solution is to use separate data fields for each level of accuracy. If you're accurate to the country, give the country code. If you're accurate to the postal code, give the country code and postal code. Leave anything you can't specify blank. Then it's on the idiots downstream when they translate a country code into the geographic center of the country.

        Alternately, inject random errors based on the uncertainty radius, updated every time a location is requested. Bonus points for limiting reporte

      • by Ichijo ( 607641 )

        Along with the IP address and its coordinates is another entry called the âoeaccuracy radius.â

        Doesn't the precision of the returned coordinates--the number of significant figures, if you remember your high school science classes--imply the accuracy radius?

        Is the database populated with falsely precise coordinates?

        • by mejustme ( 900516 ) on Thursday January 10, 2019 @02:36PM (#57939290)

          Is the database populated with falsely precise coordinates?

          No. The locations are the center of a circle. The size of the radius -- which is yet another field in the database -- then determines the precision. But some users (some web sites, some apps, etc) look at the center of the circle, place a pin at that location, and then forget to indicate that the radius is hundreds or thousands of km.

          Here is an example from the MaxMind database when I look up a Google address, 65.44.217.6:

          { "city" : { "names" : { "en" : "Fresno" } },
                "continent" : { "code" : "NA", "names" : { "en" : "North America" } },
                "country" : { "iso_code" : "US", "names" : { "en" : "United States" } },
                "location" : { "accuracy_radius" : 200,
                                                "latitude" : 36.6055,
                                                "longitude" : -119.752,
                                                "time_zone" : "America/Los_Angeles" },
                "postal" : { "code" : "93725" },
                "subdivisions" : [ { "iso_code" : "CA", "names" : { "en" : "California" } } ]
          }

          Note the "accuracy_radius" field, which is in km. But if you ignore that field and only look at latitude and longitude, you have a single pin on a map, incorrectly making it look like an IP address maps to a specific house or business, while it should map to a large circle with a 200 km (124 miles) radius.

          • Here is an example from the MaxMind database when I look up a Google address, 65.44.217.6:

            Took the wrong line from my Apache log file, that IP address is not a Google one but a msn.com bot address.

          • by Ichijo ( 607641 )

            But if you ignore [accuracy_radius] and only look at latitude and longitude, you have a single pin on a map

            Not a rectangular-ish shape with upper left coordinate (-119,7524999,36.60554999) and lower right coordinate (-119.7515,36.60545)?

    • by c6gunner ( 950153 ) on Thursday January 10, 2019 @11:13AM (#57937742) Homepage

      The CEO actually didn't know what to do about IP addresses that couldn't be located more precisely than "the USA"? I can do that one instantly. Tell the user that the IP address can't be located more precisely than "the USA".

      That's what they did. "The IP address is located somewhere within this massive circle". It's not their fault that idiots interpreted that as "at the centre of this massive circle".

      I agree that changing the coordinates of the centre of the circle to an unpopulated area makes sense given that the world is full of idiots, but not doing it by default isn't malicious and certainly shouldn't be grounds for a lawsuit in any sane legal system.

    • by gtwrek ( 208688 ) on Thursday January 10, 2019 @11:23AM (#57937816)

      My read is actually the MaxMind CEO is acting fairly reasonably in working towards a solution. His firm had no malintent and worked reasonably in trying to solve both the problems in the US, and now the one in this article.

      The first pass attempt at a fix in the US - moving the geographical center of the US to the middle of a lake (which I think is a great idea, BTW) resulted in a further lawsuit from the property owners of the lake. Which was settled. I think this was all a reasonable solution by all parties.

      We should encourage this sort of response by companies, not demonize them. As opposed to the often relied on solution by companies when exposed to these sorts of problems - a shoulder shrug perhaps, if the problem is even acknowledged at all.

      Put away the pitchforks.

      • Pointing it to the middle of a lake is stupid. While MaxMind may not have any ill intent here, their incompetence is incredible. If the problem is that stolen hardware is being tracked down to the GPS coordinates and the accuracy number associated with those coordinates is being ignored, set the GPS coordinates to somewhere more responsive than the middle of the lake. Perhaps the nearest police, sheriff, FBI office? You know, somewhere that will be able to respond to these concerns with some authority?
        • by gtwrek ( 208688 )

          Sorry, I think the middle of the lake is a great idea. You can't fix stupid - I'd rather just have stupid railing on about the center of a lake than bothering the police with their ramblings. (Again, preferable if the lake is public accessible)

          It could be a learning experience - when one googles around and sees the location of some suspicious activity as the center of a lake - it might lead one to think "hmm is this reasonable..."

        • by Sique ( 173459 )
          Any of those solutions is arbitrary and will create arbitrary problems, and then some wise guy will appear and point to another foolproof method to solve exactly this problem and creating a chain of new problems by the way. You can't store the information about an area into a single point. So any application that returns a single point will fail if that point is not known exactly enough.
  • Actual summary (Score:5, Informative)

    by psnyder ( 1326089 ) on Thursday January 10, 2019 @11:01AM (#57937680)

    Many mapping systems give specific latitude and longitude coordinates and an accuracy radius for an IP address. When the accuracy radius is inaccurately large (like searching for a city, or a country) the coordinates arrow points in the middle, which can be someone's house. Someone using location services (like "Find My Lost Phone", and even police) often get these coordinates without understanding the accuracy sucks.

    This particular case in South Africa happened because of a mapping service created by "National Geospatial-Intelligence Agency", which is part of the US Dept of Defense.

    I'm not sure why useful information like this wasn't in the summary, but... I guess it made me read the article, so the jokes on me.

    My favorite quote was from a guy that lives in this house. Right after the article says, "a team of police commandos stormed the property, pointing a huge gun through the door at Ann, who was sitting on the couch in her living room eating dinner", a few sentences later he says, "The Apple customers seem to be the worst."

    • You should ride with my uncle, who trusts his GPS 100 percent. (The weakest link is the one entering the data, for example Here is the address, which I recite to him verbatim, and he decides to just punch in the zip code -- "quicker" he says. Two and a half hours later, still on the highway, he does not understand that the GPS picked the center of that zip code, and that neanderthals would have made it to the job interview by the scent of office furniture.

    • by Anonymous Coward

      The police probably stood-down when the situation was explained to them. But Apple customers....

  • MaxMind can be a boon to test geolocation.
    Now, believe it pinpoint to exact locations in some cases can be quite far fetched.
    I was once tracking someone that was harassing me via skype; managed to get his IP however the location was to...an hairdresser....and on the other side of the street of the ISP that person was using.
    I already new the provider from whois data, so MaxMind did not allow me to narrow it more than the city.
    As usual, tools can be quite useful, but part of the craft is knowing until w
  • Dunno what South Africa gun laws are like, but in America, these people would be greeted with a gun to their face.

    • Sure they would. Gun owners are regularly protecting their "freedoms".
    • I don't want to know what part of our country you live in, but please just stay there.
    • by gtall ( 79522 )

      reanjr goes to house to ask directions, he's lost:

      reanjr: Can you give me directions to blop.

      gun owner: Oh yeah, take that...BLAM...and that....BLAM....

      reanjr: (in dying breath) but all I wanted was directions....THUNK.

      gun owner: That'll learn ya to ask directions in America!!

    • Comment removed based on user account deletion
    • And since some of "these people" were law enforcement, that would quickly result in the death of the homeowner.

      • If law enforcement shows up to my door more than once for such specious shit, then I'm going to get a multi-million dollar settlement from the police for harassment.

        • No, you can't file a lawsuit after they've killed you for drawing a gun on them.

          • Those are different strategies. My point is that if you have an ongoing, recurrent problem with this, then it's not the police, because the police would have been sued already; so anyone coming to the door now gets a gun to the face.

            • My point is that if you have an ongoing, recurrent problem with this, then it's not the police, because the police would have been sued already

              There was an ongoing, recurrent problem with this in the US, on one farm in Nebraska.

              No lawsuits.

  • The vast majority of IP addresses can be traced to either a relatively small space - a dot on map surrounded by an uncertainty radius - or a fixed "shape" such as a country or ISP service area, perhaps surrounded by its own "radius of uncertainty" around that area if the IP address is mobile.

    MaxMind, one of the companies in the story, already takes the first approach.

    Adding links to computer-readable map data of political entities and ISP service areas along with a "boundary of uncertainty" and providing th

  • I'm assuming the only evidence they had was an IP address it was last connected to. With that they were able to secure a warrant to search a house half way around the world. That seems to be the bigger problem. Someone needs to tell them that an IP address does not directly relate to physical address; it also does not directly relate to a single person/computer.

    Also how hard would it be to run a query to group common gps coordinates and order them by instances. Then looking at the highest instances fi
    • by AHuxley ( 892839 )
      South Africa would have tried to work with police around the world since such cooperation was an option.
      During the South African Border War South Africa always tried to follow police methods to tell the world about the people and Soviet mil supplies its police and mil found.
      When the government changed South Africa again knew it had to work with international policing efforts.
      For that support South Africa could expect help in finding its own citizens around the world as it had always been helpful and resp
  • The article goes to great lengths to say that this went on for years. Why didn't they ask the first guy to show up the simple question, "Why did you think you would find your phone here?" They would say, "Because I used this free IP Adress locating website." Contact the website, and you're off to the races. It might not have gotten resolved until the second or third visit from SWAT, but they'd at least KNOW why it was happening. Having to hire a lawyer and then contact a university professor? Why didn

  • The cited Gizmodo article at https://gizmodo.com/how-cartog... [gizmodo.com] clearly indicates that geolocation from IP addresses is not accurate. The article contained a link to a Web page at What Is My IP Address that does geolocation for the IP address of whoever visits that Web page. While What Is My IP Address did get my correct IP address and correctly placed me in California, it also placed me in the wrong county with the wrong ZIP code about 4 miles away from my true location.

    I tried three other Web-based geolo

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...