SWAT Raids Wrong House Based on IP address.

[General Zod]

http://arstechnica.com/tech-policy/2012 ... i-network/

The long-standing, heavily documented militarization of even small-town American police forces was always going to create problems when it met anonymous Internet threats. And so it has, again—this time in Evansville, Indiana, where officers acted on some Topix postings threatening violence against local police. They then sent an entire SWAT unit to execute a search warrant on a local house, one in which the front door was open and an 18-year old woman sat inside watching TV.

The cops brought along TV cameras, inviting a local reporter to film the glorious operation. In the resulting video, you can watch the SWAT team, decked out in black bulletproof vests and helmets and carrying window and door smashers, creep slowly up to the house. At some point, they apparently "knock" and announce their presence—though not with the goal of getting anyone to come to the door. As the local police chief admitted later to the Evansville Courier & Press, the process is really just “designed to distract." (SWAT does not need to wait for a response.)

Officers break the screen door and a window, tossing a flashbang into the house—which you can see explode in the video. A second flashbang gets tossed in for good measure a moment later. SWAT enters the house.

On the news that night, the reporter ends his piece by talking about how this is "an investigation that hits home for many of these brave officers."

But the family in the home was released without any charges as police realized their mistake. Turns out the home had an open WiFi router, and the threats had been made by someone outside the house. Whoops.

So the cops did some more investigation and decided that the threats had come from a house on the same street. This time, apparently recognizing they had gone a little nuts on the first raid, the police department didn't send a SWAT team at all. Despite believing that they now had the right location and that a threat-making bomber lurked within, they just sent officers up to the door.

"We did surveillance on the house, we knew that there were little kids there, so we decided we weren't going to use the SWAT team," the police chief told the paper after the second raid. "We did have one officer with a ram to hit the door in case they refused to open the door. That didn't happen, so we didn't need to use it."

Their target appears to be a teenager who admits to the paper that he has a "smart mouth," dislikes the cops, and owns a smartphone—but who denies using it to make the threats.

While the open WiFi issue has caused many problems over the last five years—especially in child porn cases—the FBI is becoming more savvy about how it executes search warrants. As we noted last December, a well-run FBI child porn investigation (also in Indiana) took rather obvious precautions before executing a warrant:

On April 30, two FBI special agents drove past the Carmel home and noted the existence of two WiFi networks reachable from the property. One used WEP encryption, the other had the more robust WPA2, but the key point from the FBI's perspective was that neither network was unsecured. A search thus seemed much more likely to find its proper target.
Because most people aren't stupid enough to make obvious threats from their own home Internet connection, the corollary principle also holds: if a home does have an open WiFi connection, investigators might want to ease away from the flashbangs-and-SWAT-team approach; the threat of getting it wrong is a real one.

But Evansville police aren't backing down from their initial SWAT raid (read more about their later justification for using such force). And the targets of that raid aren't pleased. As the owner of the first house told the paper, "The front door was open. It’s not like anyone was in there hiding. To bring a whole SWAT team seems a little excessive."

The city will be paying to repair the damage it caused.

Not that all Evansville residents think the SWAT raid was in any way improper. Writing on the same Topix message boards where the initial threats emanated, one resident responded to critics: "They had a warrant. Sometimes warrants turn up nothing. Her home was repaired. On with your life now crusader!!! Lol"

"Noodle heads come on here thinking they are just big bad asses, threatening cops and their families," wrote another, "then the cops come back and bitch slap them with SWAT teams and flash bang grenades. Awesome. Teach these fools a lesson and make examples out of them."

But when all you have is an IP address, some non-trivial percentage of the time you teach a lesson to the wrong fools.

I wonder if they would have sent in SWAT to the second house if they had a dog?

[TheFeniX]

Not that all Evansville residents think the SWAT raid was in any way improper. Writing on the same Topix message boards where the initial threats emanated, one resident responded to critics: "They had a warrant. Sometimes warrants turn up nothing. Her home was repaired. On with your life now crusader!!! Lol"

Nah, it's totally cool to throw explosives into peoples homes and jam guns in their faces as long as you're willing to repair the physical damage afterward. It's not like the 18-year-old girl in the home is going to be fucked up at all or anything.

"Noodle heads come on here thinking they are just big bad asses, threatening cops and their families," wrote another, "then the cops come back and bitch slap them with SWAT teams and flash bang grenades. Awesome. Teach these fools a lesson and make examples out of them."

Ah yes, I remember they passed the "teach them a lesson by expending thousands of tax payer dollars on botched SWAT raids" law last September. I'm sure this is a much better use of police resources rather than just sending 2 on-duty police officers by the house to inform the home owner of the threats made and that they would be investigating further. Same net effect, much lower cost, but would make for a much more boring video.

Really though, this is a pretty good case for wireless APs and hotspots to be factory configured with some form of WPA and a randomly generated password, requiring you to disable security (rather than enabling it). Of course, this would cause all sorts of issues and would likely cause the same blow-back as it did with Windows ISA 2004.

[PeZook]

Uh...when a guy says he's going to KILL COPS and that he HAS EXPLOSIVES, it's a textbook high-risk warrant case. If there's any place for SWAT executing a search warrant, it's this.

Of course, I can't help but point and laugh when the cops declared that their actions have "sent a message" despite not catching the actual suspect and hitting the wrong effin' house

TERRORISTS, BE WARNED: If you threaten police officers, they will raid a random house!

[General Zod]

Uh...when a guy says he's going to KILL COPS and that he HAS EXPLOSIVES, it's a textbook high-risk warrant case. If there's any place for SWAT executing a search warrant, it's this.

Unless the house has little kids in it, then it's okay to just knock. Let this be a lesson to terrorists, if you want to avoid the full SWAT treatment, make sure you have screaming brats.

[Beowulf]

I think y'all are missing the real lesson: if you want to get the police to freak out and SWAT somebody, use a smartphone to make threatening posts from your target's WIFI. If they're only half smart, they'll have put up WEP encryption, which can be broken in about 15 minutes. Or take advantage of the brokenness of WPS.

[TronPaul]

I think y'all are missing the real lesson: if you want to get the police to freak out and SWAT somebody, use a smartphone to make threatening posts from your target's WIFI. If they're only half smart, they'll have put up WEP encryption, which can be broken in about 15 minutes. Or take advantage of the brokenness of WPS.

WEP in 15 minutes? More like 1.

Goes to show that unless you're on a secure network and you trust everyone on the network, IP addresses do not directly map to people.

[Tanasinn]

Let this be a lesson to all computer criminals: you better watch your behavior, or the police will send a SWAT team to the wrong person's house and destroy their property while wasting wads of their tax dollars on a spectacle for the news before arresting you normally.

[Skgoa]

Actually, the bit at the end about the FBI not raiding houses that have open WiFi has much more significance. Because what it means is that to be really safe, you should only have unsecure WiFi. There was a ruling not long ago (also from the US) where the judge said basicly the same thing: when the WiFi is unprotected, nobody can proove who used it to do illegal deeds.