Fugitive Located by Spotify

The latest in identification by data:

Webber said a tipster had spotted recent activity from Nunn on the Spotify streaming service and alerted law enforcement. He scoured the Internet for other evidence of Nunn and Barr's movements, eventually filling out 12 search warrants for records at different technology companies. Those searches led him to an IP address that traced Nunn to Cabo San Lucas, Webber said.

Nunn, he said, had been avidly streaming television shows and children's programs on various online services, giving the sheriff's department a hint to the couple's location.

Posted on July 29, 2015 at 1:43 PM • 14 Comments

Comments

GodelJuly 29, 2015 6:22 PM

"Webber said a tipster had spotted recent activity from Nunn on the Spotify streaming service and alerted law enforcement."

From tipster.gov, no doubt.

Clive RobinsonJuly 29, 2015 6:45 PM

I guess most people do not realise that an IP address is the RSVP, or the "return address" on the back of a letter.

The more of our lives we put in electronic form the worse this is going to get.

It's been noted that even when people try to operate a laptop, netbook or tablet "off line" the device is setup to "go online" any which way it can.

So how long --if it's not already happening-- will it be before LEAs start driving around not just with "fake cell site" equipment but "fake access point" or even "bluetooth" equipment to do the FFF (Find Fix and Finish like drones do with hellfires in middle east and asian countries).


G. BaileyJuly 29, 2015 7:48 PM

@rgaff

There's an expert on parallel reconstruction that I know. Goes by the name of "Fuzzy Dunlop". Once I get in touch with him, I'll let you know.

rgaffJuly 29, 2015 8:30 PM

@G. Bailey

I guess I could say:
Awww... Gee... thanks, mate. I'll be looking forward to the answer....

Or I could say:
People still haven't learned from Snowden not to make fun of what they assume are "paranoid delusions" yet?


@Clive Robinson

I have thought the same thing about drones... it would be a great way to mass spy on your little jurisdiction from the air...

BradJuly 29, 2015 8:55 PM

Parallel reconstruction? For this? Did you even read the article? Are you seriously saying intelligence agencies are spending their time helping out on custody cases?

Lost CauseJuly 29, 2015 9:17 PM

It's only going to get a lot worse when bills like this run through US Congress:

http://thehill.com/blogs/congress-blog/technology/249521-cisa-the-dirty-deal-between-google-and-the-nsa-that-no-one-is

------------------------------------------------

As a privacy advocate, I feel like the star of the film in "Bambi vs. Godzilla":

https://www.youtube.com/watch?v=n-wUdetAAlY

------------------------------------------------

For me, public apathy regarding these issues indicates that it's time to dramatically reduce the attack surface, pull out of social media of all sorts (and use third party marketing companies to "front" for you if you sell craft soaps and flea market items), and encrypt with antiquated software on antiquated hardware while making use of a diesel generator and solar power. I refuse to participate in this form of bondage. I'd like to start a new country, but even the offshore oil platforms are already taken.

?July 29, 2015 9:26 PM

Why isn't the link leading to the original Washington Post article?https://www.washingtonpost.com/blogs/the-switch/wp/2015/07/15/colorado-police-used-spotify-to-find-abducted-kids-in-mexico/

rgaffJuly 29, 2015 9:37 PM

@ Brad

My point in bringing it up wasn't to seriously say "this is a smoking gun for parallel reconstruction here, this is definitely what's happened".... it's to point out that the practice of law enforcement systematically committing perjury and lying to courts about how evidence on cases is collected (by starting out with "we got an anonymous tip that x was happening" instead of "the NSA told us x was happening via an illegal-to-use-in-this-case-mass-wiretap-on-everyone" they bring into question EVERYTHING THEY DO! If they can do it to bust some druggie, why not some custody case? Why not anything? My point is to point out, over and over, as many times as it takes to sink in to everyone, that this system is so corrupt something has to happen to clean up this sewer! Or we're all doomed. This is not paranoia. This is fact.

You all can make fun of me if you wish, but I'm going to make fun of the emperor who has no clothes, thank you very much.

Special Agent Gerd WieslerJuly 29, 2015 9:45 PM

@Brad, The government used parallel construction to fight the global war on unlicensed gambling. It's crazy to think that the Stasi has more important things to do. They trade their secret-police tricks with all comers: any country they want to bribe, and any Mayberry LEA they want to impress. The fusion centers are retail outlets for domestic dirt our secret police collect. "The IC and LEAS work together with the understanding that one of their common objectives is to prosecute wrongdoers." And as you know, a wrongdoer is any poor sap who runs afoul of a fed goon or a pig.

https://s3.amazonaws.com/s3.documentcloud.org/documents/1011382/responsive-documents.pdf

TudorJuly 30, 2015 2:56 AM

Not exactly on-topic with the tracking subject via Spotify, but the new Microsoft Privacy Policy is a big "FU" to anyone who cares about their privacy. Just take these 2 paragraphs together:

"The BitLocker recovery key for the user’s device is automatically backed up online in the Microsoft OneDrive account."

"We will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to protect our customers or enforce the terms governing the use of the services."

There's basically no need for the NSA to actually try and weaken the encryption. Microsoft will be more than happy to hand over the encryption keys to the authorities based not only on court orders, bullying, but on their own abstract terms of what they consider to be "good faith". Under these circumstances, BitLocker should no longer be considered a good option to encrypt one's data.

https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/

http://thenextweb.com/microsoft/2015/07/29/wind-nos/

The advertising ID which is by default implemented with the new OS is also worrying, but an even bigger threat is the fact that the "telemetry" that they will gather from people's computer cannot be turned off unless you have an enterprise or server edition.

https://i.imgur.com/ilQfTUC.jpg

BoppingAroundJuly 30, 2015 9:26 AM

Tudor,
Interesting. I'll probably get a VM with Win10. Just want to see how hard it will object to being firewalled.

Ad ID, forced telemetry, 'privacy' statements. Bloody ludicrous.

GKokteJuly 30, 2015 1:05 PM

@Tudor

It is indeed worrying, but the quotes you reported are not actually accurate. Re. data collection, MS provides a (supposedly comprehensive) list of cases in which their "good faith" applies.

"when we have a good faith belief that doing so is necessary to:

1. comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;
2. protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;
3. operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or
4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services - however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer's private content ourselves, but we may refer the matter to law enforcement."

It seems to me that's a pretty standard list of scenarios, however i might be wrong.

Back OT, I find it absolutely baffling that fugitives have yet to learn that the first thing to do when you're running from LE is to disconnect one's self as completely and thoroughly as possible. I could link half a dozen cases where a mafia boss or someone from organized crime was caught because of Facebook/Twitter, for example.

rgaffJuly 30, 2015 3:31 PM

Complying with:
1. the law
2. legal process
3. law enforcement
4. government agencies

all sounds good and all, if you trust those 4 things to ALWAYS 100% DO THE RIGHT THING..... Otherwise, it's just a "we wash our hands of this and do whatever any overreaching law/process/officer/agency wants, regardless of any ethical or moral implications, and will never waste our time fighting it in court or complaining or even objecting to it" This kind of attitude can apply to any country, any form of government, even with an order to commit genocide. I as just following perfectly lawful orders after all, according to the totalitarian form of government I was under at the time.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.