Skip to navigation
Analysis
Number data
 
Gallery

Can you really be traced from your IP address?

Posted on 28 Mar 2011 at 10:40

In that case, how useful is IP tracking in police investigations? David Wright is a detective constable with Devonshire and Cornwall police, which uses Quova’s IP geolocation database to support its criminal investigations. "This is a valuable tool in almost all e-crime investigations,” he said. “Despite the use of shared internet access or open wireless networks, law enforcement continues to have great success in resolving an IP address back to a suspect. Other traditional policing methods can often be brought into play which further assists in identifying a suspect user, should the need arise."

Unlike anti-piracy cases, however, IP tracking is only ever used as supporting, rather than primary, evidence in a criminal prosecution. “It is useful to track the movement and behaviour and match that to more traditional evidence," said Stuart Scott, solutions engineer at Quova. "The other important information available in IP geolocation is the ISP used by the suspect. The ISP will be able to provide an exact address where the IP address has been used; the primary evidence would be the actual computer used by the suspect."

Top stories on PC Pro


1) MP: it will take two years to fix Digital Economy Act
2) Lone Iranian claims credit for Comodo certificate hack
3) Android smartphones "to replace debit cards"
4) Named and shamed: the unlimited liars
5) Mechanical arm could spark memory breakthrough

ISPs are legally obliged to reveal who’s behind an IP address. "Account holder information relating to whom was assigned an internet protocol address is protected within the Regulation of Investigatory Powers Act," said DC David Wright.

The information held is considered to be communications data and is therefore able to be requested using this legislation, and a court order wouldn’t normally be necessary. "An application that fulfils the requirements of RIPA and is lawfully processed will in almost all cases result in account holder information being supplied," DC Wright confirmed.

Hiding behind proxies

Locating end users becomes decidedly trickier – if not impossible – when they’re hiding behind one or more proxy servers, which are designed to re-route traffic and obscure the source as well as the destination.

"Connections through a series of anonymous proxies are transient and change rapidly," said Rolf von Roessing, international vice president of the Information Systems Audit and Control Association (ISACA). "They are not logged, and any user can operate a TOR server or relay and take it off the network at any time."

As von Roessing points out, while ISPs might be legally required to disclose connectivity data and IP logs if these are available, most tend to delete those logs after a few days anyway. By the time you've traced an IP through a series of anonymous proxies back to the originating ISP, the data could have already been deleted.

So, not only is IP address evidence potentially unreliable, but if the perpetrators are smart enough, there’s little or no hope of tracing them in the first place.

Author: Davey Winder

1 2


Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

User comments

Also...

Surely to identify an individual you will need their local IP, since most users have a modem and a router, the ISP assigned the IP of the modem, which can or cannot be traced as per article, but within the network, i.e. router - it is virtually impossible to put the blame on any one person since IP to outside world is one for all. also unless setting are changed on the router you local IP may vary every time you connect to it.

By mobilegnet on 28 Mar 2011

IPv6

The bug question. Is it fool-proof that when IPv6 is fully implemented and everyone has a static IP addresses that a user can be traced?

I guess the problem is then proving that the user actually did it. This is where security comes in and who's responsibility it is to make sure your Wi-FI router isn't open or hacked...

By treadmill on 28 Mar 2011

All of this is completely pointless, as IP-identifying techniques doesn't prove without a shadow of a doubt that a particular person was sat downloading on that particular connection. For example, how can it tell that it is me or someone else who lives at my house? Clue: it can't.

By Cecil_EPU on 28 Mar 2011

the idea of static IPv6 addresses need rethought

This is one thing that I'm not to keen on about IPv6.

At least with IPv4, NAT and a Dynamic IP you had a certain degree of privacy through obfuscation. With IPv6 and every device having a static IP this reeks of a Orwellian Big Brother future.

By broccauley on 28 Mar 2011

IP cant even link to a dsl account holder

IAside from all the other flaws in using IP addresses to trace P2P users. Your article misses out some of the most common flaws.

The fact that an IP can hang around as a potential source on most networks long after the user has loged out and even that is no guarentee the file was ever available on that address. Add to that the fact that certain trackers now throw up fake user IPs intentionally to create false positives as a security countermeasure.

But I wa shocked to find after reading a cambridge uni technical report (www.cl.cam.ac.uk/techreports/UCAM-CL-TR-653.pdf ) that an IP address of a ADSL user can only reliably trace back to the DSLAM in the exchange and not to the subscriber. Read section 3.2.2 of report listed above

By DonDilly on 28 Mar 2011

Regarding static IPv6

The issue of IPv6 addresses being somewhat static or at least relating to the user's MAC address has already been considered greatly and solved. There are well known and supported IPv6 privacy extensions that randomise the host portion of the address and at do this at intervals. This should give you even more privacy than previously on IPv4.

By Eising on 28 Mar 2011

Would an IP address ever be enough?

If I was to share a file via P2P which one of these monitoring services identfied and then logged my IP address unless they actually download the file have I committed an offence? Downloading 5% of a movie file is pretty useless as you've not actually got any data that could be viewed as the movie.

By stuscott1978 on 28 Mar 2011

actual

in reality yes..if they wanted to find you returning the squared differences would im afraid be sufficient....
what have you done wrong that would require this ...i wonder ?!

By promark on 29 Mar 2011

and what does this mean for mobile broadband?

how can one be traced if using a dongle?

I can't see any way for tracing the user if using this method. they are virtually giving dongles away for free - without documenting who has what. One could argue ip-mac association, but this info is only valuable when one registers their dongle.

I eagerly await your comments.

By pentest7 on 23 Apr 2011

and what does this mean for mobile broadband?

how can one be traced if using a dongle?

I can't see any way for tracing the user if using this method. they are virtually giving dongles away for free - without documenting who has what. One could argue ip-mac association, but this info is only valuable when one registers their dongle.

I eagerly await your comments.

By pentest7 on 23 Apr 2011

Leave a comment

You need to Login or Register to comment.

(optional)

Office 365: A complete Guide

For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on pictures@dennis.co.uk

advertisement

Latest News StoriesSubscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

Create an account

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.