From an IP address to a street address: using wireless signals to locate a target

How quickly can somebody convert an IP address of a target into a real-word street address? Law enforcement regularly has need to determine a suspect's exact location when investigating crimes on the Internet. They first use geolocation software and databases to determine the suspect's rough location. Recent research has been able to scope a targeted IP address to within a 690m (0.43 mile) radius circle, which is enough to determine the relevant law enforcement department that has jurisdiction. Unfortunately, investigators face a "last half mile" problem: their only mechanism to determine the exact address of the suspect is to subpoena the suspect's Internet Service Provider, a process that can take weeks. Instead, law enforcement would rather locate the suspect within the hour with the hope of catching the suspect while the crime is still on-going, which leads to stronger evidence and straightforward prosecution.

Given these time constraints, we investigate how quickly an adversary can locate a target without any special law enforcement powers. Instead, we leverage the use of ubiquitous wireless networks and a mobile physical observer that performs wireless monitoring (akin to "wardriving," which seeks to search for wireless networks). We develop an approach that allows an adversary to send traffic to the target's address that can be detected by the observer, even if wireless encryption is in use.

We evaluated the approach in two common real-world settings. In one of these, a residential neighborhood, we used a single-blind trial in which an observer located a target network to within three houses in less than 40 minutes (with potential for more exact results using hardware such as directional antennas). This approach had only a 0.38% false positive rate, despite 24,000 observed unrelated packets and many unrelated networks. These results show significant promise for the geolocation strategy and demonstrate that adversaries with multiple potential observation points, such as law enforcement personnel, could quickly locate a target.