We have developed an approach that can quickly geolocate Internet users that are connected through a WiFi network. To do so, we send specially-crafted signals to the user's IP address. When these signals are broadcast by the user's wireless router to the user's wireless device, they have a discernible signature. We then use other geolocation efforts to scope the Internet user's location (e.g., to the appropriate city or section of a city). We then drive through the search area listening on wireless channels for the discernible wireless signature. Once we find it, we use directional antennas and triangulation to exactly locate the user.
Law enforcement often needs to be able to quickly geolocate an online suspect (e.g., to catch individuals distributing child pornography). The current approach of subpoenaing Internet Service Providers (ISPs) is too slow: by the time the ISP responds, the suspect stops engaging in the illegal act and deletes evidence. It is further difficult to determine the criminal from just an ISP customer address, since the home may be occupied by multiple individuals.
Law enforcement would like to have the geolocation results to a fine granularity in as close to real time as possible. After meeting with officials from the Cybercrime Division of the Massachusetts Attorney General's office, the investigators have confirmed our work in the area would be useful.
Since the majority of US households use wireless networks, we use a geolocation technique that uses wireless signals to find a suspect's location.
We establish a connection with the suspect (e.g., double click a file the suspect offers via peer-to-peer software) and then send specially-crafted network traffic to the suspect. At the same time, we use traditional geolocation techniques to find the suspect's city. We then drive around the target's city looking for the special signals.
The approach allows fine-grain geolocation. In a summer experiment, a graduate student was able to geolocate one of the investigator's home to within three houses. Further refinements are likely to be able to exactly identify the appropriate house (though apartments may be harder). It is also quick: this effort took less than 45 minutes.
The technique works even if the suspect is using wireless encryption or using a mobile device using a WiFi network (e.g., a smartphone).
The approach does not require subpoenas or ISP cooperation. The approach does not violate wiretap laws (it does not examine the network data, only the sizes of packets transmitted).
Our prior efforts have allowed us to geolocate a single target to within three houses [ PDF ]. However, we would like to be able to generalize the approach to multiple targets and perform more fine-grained geolocation.