 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
I'm a big fan of the TV series NCIS. But sometimes it really makes me laugh.
For those that don't know, the series follows the exploits of a
fictional team working for the US Navel Criminal Investigative Service.
Considering it's a show about people who investigate murders and other
violent crimes, it's actually surprisingly humorous. Naturally every
investigation is different, and the guy who did it is never, ever who
you think it was.
The characters are pretty much what you'd expect:
- There's the team leader, the intense, silent authority figure that
everybody both fears and deeply respects. He has a strong sense of moral
justice and can be guaranteed to always do what's right, regardless of
what the rule book says. He can read people like a book, he knows how to
make people talk, and he always figures it out before everybody else
does. Being an older guy, he is completely inept with any technology
more modern than a telephone.
- There's the wildcard. The smug, annoying, arrogant self-important
jerk. Always wisecracking, always quoting obscure movie references. He
thinks he is The Big, Mr Big, The Cool Guy. And the ladies are always
all over him - as he constantly reminds everybody, every three seconds.
In short, he has no redeeming qualities whatsoever. And yet, everybody
really likes him, for no defined reason.
- There's the obligatory computer nerd. He can crack any cipher, and
hack any computer system. (Unless it doesn't suit the script writer for
today's episode.) Naturally, the guy is a high-calibre wimp. Oh, he will
tackle people to the ground. But somehow he manages to make even that
look wimpy. And he's really easy to intimidate. (Although, there was
that one episode... nevermind.)
- There's the Israeli girl on loan from Mossad. She's very beautiful
(but not stereotypically so), absurdly dangerous in close combat, and
fiercely loyal. Highly intelligent, exquisitely skilled in observation
and deception. In her country, when a suspect is interviewed, the
interview does not always end with the suspect still alive. (Apparently
that's illegal somehow in America.) She speaks a dozen languages, yet
seems oddly unfamiliar with American customs. Stereotypically, she is
forever getting various figures of speech wrong. ("Does a bear sit in
the woods?")
- The medical examiner, an old wise man with a degree in psychology and
a stereotypical English accent. He talks to the dead people he dissects,
and has a strong tendency to conclude almost every observation with
"...you know, this reminds me of my days at XYZ when a rather unusual
event occurred. Yes, it was -" Uh, dude, this case??
- The ME's enthusiastic, bright, but inexperienced assistant.
- The forensic scientist and ballistics expert. She's a goth. She sleeps
in a coffin and struts around a lab wearing the most ridiculous outfits
under her lab coat. Obviously, she's brilliant at her job. She's also a
big-time computer nerd, and apparently cannot function correctly without
a constant supply of a mysterious substance known as "Caf-Pow".
If you look at that list for more than a few seconds, it ought to be
obvious that all of these people are /highly/ unsuitable for working at
NCIS. I don't care how much of a forensics genius you are, if you dress
like something out of a comic book and are prone to highly impulsive
behaviour, you wouldn't be hired to work in a criminal laboratory. And
if you disregard the rules every time you think justice isn't being done
right, you won't be in your job very long, much less the leader of an
investigation team.
Throughout the series, the team leader also has various highly
implausible alliances and confrontations with the Director of NCIS (a
post that has been filled by several actors to date), the Secretary of
the Navy, and various shadowy FBI figures.
So, this is fiction, right? But it's entertaining fiction.
Sometimes I have to wonder though... Who is their scientific advisor?
And do they know what they're talking about?
A few specific tips:
- CCTV footage does *not* look exactly the same as studio camera footage
but with a bit of extra static added in post-production. It looks grainy
and unrecognisable, and it's usually black and white. :-P
- You *cannot* take CCTV footage, enlarge it 20x, "run an imagine
enhancement algorithm" and then read a car numberplate from 300 yards.
It doesn't work like that. (Amusingly, this trick only works when it
furthers the plot. When the script writers don't want the killer to be
found yet, mysteriously the picture can't quite be enhanced enough to be
readable...)
- Examining a secret hidden radio transmitter does *not* allow you to
"triangulate" where the receiver is. It also does *not* matter whether
the transmitter is active or not while you do this. Having multiple such
transmitters also does *not* help.
- You do *not* need two independent Internet data streams directed at
the same destination to "triangulate" where that destination is.
- IP addresses are generally *not* "registered" to individual human
beings in the same way that telephone numbers are. Generally they are
just registered to your ISP (for home customers) or your employer (if
you're doing this from your place of work).
- If an attacker is "marking their signal by bouncing it off proxy
servers all over the world", the geographic locations of those servers
do not magically pop up on a world map when you try to "backtrace the
signal".
- A pillow is not the same as a gun silencer.
- Even silenced guns are still PRETTY DAMNED LOUD.
- There is no such thing as "a steganography detection algorithm".
That's kind of the entire *point* of steganography; you can't detect it.
- "DAMN! The files are password-protected. Hmm... I know! Password
cracker!" This is *not* a brilliant logical deduction. This is basic
standard operating procedure for any computer forensics department. They
do this stuff every single day, for goodness' sake!
- If you "upload the firmware" from a device onto your computer, it
*canoot* infect your computer with a virus that secretly steals your
data or modifies computer evidence. You see, a virus doesn't *do*
anything - anything at all - unless you actually *run* it. Any
half-competent computer forensics expert wouldn't make such a mistake.
Plus the "firmware" on a device is usually not runnable on a desktop PC
in the first place. (Not that this prevents hiding a PC virus somewhere
inside the firmware image...)
Also, something bothers me: I'm PRETTY SURE that if a suspect refuses to
give you a DNA sample, then you CANNOT simply offer them a drink, and
then lift their fingerprints and DNA from the glass afterwards. It
strikes me that there must be some kind of LAW against that kind of
thing. (Otherwise why would you even need consent in the first place?)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] dev null> wrote:
> - You *cannot* take CCTV footage, enlarge it 20x, "run an imagine
> enhancement algorithm" and then read a car numberplate from 300 yards.
> It doesn't work like that.
Actually it's not *that* far-fetched. When one understands the basics of
image manipulation and computers, it's intuitive to think that image data
that's so noisy or blurry is so destroyed that no useful information can be
retrieved from it. However, in many cases the information isn't *completely*
destroyed and there are very clever heuristic algorithms to try to guess
what the information was. This is especially true if you have video footage
instead of one single still image (because the combined information of
video footate can amount to a significant amount of the original information;
noise averages out, and any kind of movement will give sub-pixel-sized pieces
of information which can be used for interpolation; even a very low-resolution
video can give surprising amounts of information when you take into account
movement).
> - IP addresses are generally *not* "registered" to individual human
> beings in the same way that telephone numbers are. Generally they are
> just registered to your ISP (for home customers) or your employer (if
> you're doing this from your place of work).
The ISP knows which one of their clients has which IP address at any
given moment, and they usually have in record the home address of their
clients. While the computer might not be at this home address, it's most
often so. Thus *in theory* it could be possible to locate any individual
by IP address (even if it's behind a NAT), assuming you also hack into the
ISP's client database to get the home address.
(In many countries that would be illegal, though, at least without a
court order.)
> - If an attacker is "marking their signal by bouncing it off proxy
> servers all over the world", the geographic locations of those servers
> do not magically pop up on a world map when you try to "backtrace the
> signal".
Actually IP addresses can be mostly mapped on a world map. That's how
they track eg. internet traffic amounts per country. (This is especially true
if the proxy servers are owned by ISPs, as their locations are known, and
IP addresses can be attributed to ISPs because that's public information.)
Of course *showing* such a map on the fly is just for the viewers.
> - There is no such thing as "a steganography detection algorithm".
> That's kind of the entire *point* of steganography; you can't detect it.
I wouldn't claim that without some actual references.
> - If you "upload the firmware" from a device onto your computer, it
> *canoot* infect your computer with a virus that secretly steals your
> data or modifies computer evidence. You see, a virus doesn't *do*
> anything - anything at all - unless you actually *run* it. Any
> half-competent computer forensics expert wouldn't make such a mistake.
So-called zero-day exploits can sometimes surprise even the best
experts (which is why they are extremely valuable in the cracker community),
and there have been cases where a buggy computer can be made to execute
code from the outside (or, at the very least, there have been cases that a
computer could be made to crash by just sending it certain IP packets).
> Also, something bothers me: I'm PRETTY SURE that if a suspect refuses to
> give you a DNA sample, then you CANNOT simply offer them a drink, and
> then lift their fingerprints and DNA from the glass afterwards. It
> strikes me that there must be some kind of LAW against that kind of
> thing. (Otherwise why would you even need consent in the first place?)
The DNA obtained that way cannot be used as evidence, but it can rule
out or confirm a suspect, so that further investigation can be directed
better. But I don't know if even doing that is legal.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> - You *cannot* take CCTV footage, enlarge it 20x, "run an imagine
>> enhancement algorithm" and then read a car numberplate from 300 yards.
>> It doesn't work like that.
>
> Actually it's not *that* far-fetched. When one understands the basics of
> image manipulation and computers, it's intuitive to think that image data
> that's so noisy or blurry is so destroyed that no useful information can be
> retrieved from it. However, in many cases the information isn't *completely*
> destroyed and there are very clever heuristic algorithms to try to guess
> what the information was.
Especially as in the example mentioned, car number plates, you know the
font and size characters that are used. Even with a very low resolution
image (I'm talking just a few pixels for each character) you can often
make a very good guess what the original letters were. Given multiple
frames, each with random noise and/or slightly different positions you
are going to home in on one set of characters that is most likely. That
would probably seem impossible to most humans.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> - You *cannot* take CCTV footage, enlarge it 20x, "run an imagine
>> enhancement algorithm" and then read a car numberplate from 300 yards.
>> It doesn't work like that.
>
> Actually it's not *that* far-fetched.
> This is especially true if you have video footage
> instead of one single still image
I doubt it's ever as easy as just clicking a button and the computer
flashing a few boxes up and then showing you the pristine, original image.
>> - IP addresses are generally *not* "registered" to individual human
>> beings in the same way that telephone numbers are.
>
> The ISP knows which one of their clients has which IP address at any
> given moment
Really? That's news to me.
> Thus *in theory* it could be possible to locate any individual
> by IP address (even if it's behind a NAT), assuming you also hack into the
> ISP's client database to get the home address.
>
> (In many countries that would be illegal, though, at least without a
> court order.)
Not sure if or how this changes when you're in the military or
investigating a murder.
>> - If an attacker is "marking their signal by bouncing it off proxy
>> servers all over the world"
Damn. I meant "masking". >_<
>> the geographic locations of those servers
>> do not magically pop up on a world map when you try to "backtrace the
>> signal".
>
> Actually IP addresses can be mostly mapped on a world map.
Probably. But if you can just *follow* the signal from proxy to proxy
automatically like that, it's not really "masking" very much, is it?
> Of course *showing* such a map on the fly is just for the viewers.
Yeah, clearly. ;-)
It's even more amusing when they do this with bank wire transactions...
What, so all the banks across the globe allow the US Navy to see their
transaction lists now?
>> - There is no such thing as "a steganography detection algorithm".
>> That's kind of the entire *point* of steganography; you can't detect it.
>
> I wouldn't claim that without some actual references.
The *ideal* is for steganographically hidden data to be undetectable
unless you know where it's hidden. How well actual real-world system
approach that ideal? I couldn't say. It's not my field of expertise.
>> - If you "upload the firmware" from a device onto your computer, it
>> *canoot* infect your computer with a virus that secretly steals your
>> data or modifies computer evidence. You see, a virus doesn't *do*
>> anything - anything at all - unless you actually *run* it. Any
>> half-competent computer forensics expert wouldn't make such a mistake.
>
> So-called zero-day exploits can sometimes surprise even the best
> experts (which is why they are extremely valuable in the cracker community),
> and there have been cases where a buggy computer can be made to execute
> code from the outside (or, at the very least, there have been cases that a
> computer could be made to crash by just sending it certain IP packets).
I'd imagine a computer forensics lab would be more prepared than most to
deal with the possibility of viral threats.
Now, certain software has security flaws that allow arbitrary code
execution. But as I understand it, these tend to be /extremely/ specific
to the particular software you're using and the exact point-release in
question. It's *very* improbable that an outside adversary would know
precisely what software your forensics lab runs.
>> Also, something bothers me: I'm PRETTY SURE that if a suspect refuses to
>> give you a DNA sample, then you CANNOT simply offer them a drink, and
>> then lift their fingerprints and DNA from the glass afterwards. It
>> strikes me that there must be some kind of LAW against that kind of
>> thing. (Otherwise why would you even need consent in the first place?)
>
> The DNA obtained that way cannot be used as evidence, but it can rule
> out or confirm a suspect, so that further investigation can be directed
> better. But I don't know if even doing that is legal.
NCIS seem to use it to force confessions out of people. Guy sits there
in the chair, smirking "you can't prove anything". Other guy shows him
an evidence bag with the glass in it, and the DNA report from the lab.
(I'm pretty sure those /don't/ actually have "100% positive match"
stamped on them in red letters IRL...) And the guy breaks down. "OK, I
did it! The guy deserved it anyway! Don't bust me, man! I did it for my
kids..." They take him to jail. (Because, let's face it, it isn't like
these cases go to *trial* or anything...)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
scott <sco### [at] scottcom> wrote:
> Especially as in the example mentioned, car number plates, you know the
> font and size characters that are used.
That's certainly true. The algorithm doesn't even have to guess what
the original shape was, it only has to compare the image (after correcting
for perspective) against the known font and estimate the closest match.
It probably helps if the image is first filtered to remove as much
extraneous noise as possible, and any extra information from additional
frames added.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] devnull> wrote:
> > The ISP knows which one of their clients has which IP address at any
> > given moment
> Really? That's news to me.
And exactly how would an ISP charge for bandwidth usage if it has no
idea which client is behind which IP address?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 27/04/2012 01:23 PM, Warp wrote:
> Invisible<voi### [at] devnull> wrote:
>>> The ISP knows which one of their clients has which IP address at any
>>> given moment
>
>> Really? That's news to me.
>
> And exactly how would an ISP charge for bandwidth usage if it has no
> idea which client is behind which IP address?
It's news to me that any ISPs *do* charge by bandwidth usage...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 27/04/2012 1:31 PM, Invisible wrote:
> On 27/04/2012 01:23 PM, Warp wrote:
>> Invisible<voi### [at] devnull> wrote:
>>>> The ISP knows which one of their clients has which IP address at any
>>>> given moment
>>
>>> Really? That's news to me.
>>
>> And exactly how would an ISP charge for bandwidth usage if it has no
>> idea which client is behind which IP address?
>
> It's news to me that any ISPs *do* charge by bandwidth usage...
Boggle! Boggle!
They often have a cap where anything above it is charged at a high rate
in addition to your basic charge.
--
Regards
Stephen
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> It's *very* improbable that an outside adversary would know
> precisely what software your forensics lab runs.
Actually, if they were wanting to attack you they would quite likely
know precisely what software was running.
http://en.wikipedia.org/wiki/Stuxnet
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>>> The ISP knows which one of their clients has which IP address at any
>>>> given moment
>>
>>> Really? That's news to me.
>>
>> And exactly how would an ISP charge for bandwidth usage if it has no
>> idea which client is behind which IP address?
>
> It's news to me that any ISPs *do* charge by bandwidth usage...
How do you think they find people like this?: Of course they know which
IP address goes with which account.
http://news.bbc.co.uk/1/hi/technology/7029229.stm
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
