[rikur_]

I don't know whether any off the shelf system provides wifi MAC address recording, but it occurs to me that it's another way to identify the scrotes.

I'm not aware of anything off the shelf - but there are plenty of example Pi projects that have done just this. It's also been used commercially to understand the flow of customers around railway stations, supermarkets and shopping centres.
It doesn't give you an identify on its own - but if the police have an idea of who it is - it could prove that they were at the location concerned - or it could identify when that phone has previously been on site

[rogcal]

A friend with a strip and hangar located fairly remotely had one break in a few years ago and although the alarm alerted him the thieves still had enough time to steal a quantity of tools and fuel.

His response was to load the inside and outside of the hangar with every conceivable kind of camera, detector and for good measure a smoke generator.

The smoke generator is of the type that will keep on churning out smoke for 15 mins and not the type that has enough to fill the hangar and then runs out of oil. Even if the thieves open the hangar doors fully the continuous output of smoke still makes it difficult to see more than a few inches in front of you.

Cost him an arm and a leg but he sleeps more easily knowing that he can reach the hangar in 5 to 10 minutes and still find a smoke laden hangar with hopefully a few miscreants blundering about and coughing their lungs up.

[morticiaskeeper]

Resurrecting an old thread. Earlier I mentioned recording MAC addresses in the wifi vicinity.

A few weeks ago, I picked up the urge to try it.

What I have running at the moment is a discrete device that listens for wifi probe requests. It cannot be detected by a wifi analyser, as it just listens.

When it picks up a signal, it cross references the MAC address against a list of known devices. If there is no match, it records the details to a database.

As well as giving the MAC address, most devices also give the name of wifi access points they have connected to previously. One of the names given is highly likely to be the home wifi of the owner. In fact, a graffiti artist elsewhere has been collared by the data from such a system.

I tested it out last week, there was some noise late at night, unrecognised devices were recorded, one of the wifi names was traced on the Internet to a house about a mile away. A bit of "war driving" confirmed the address. If a crime had been committed, I could have given the police a big clue as to where to find the perpetrator.

So...

If I were to continue my playing about, what would you like to see? What do you foresee going wrong? Am I wasting my limited brain power?

[rikur_]

Glad it's proved useful.
Just don't tell too many people about it, it's only useful as a little known covert tool - if it went mainstream, it would become ineffective.

[morticiaskeeper]

Glad it's proved useful.
Just don't tell too many people about it, it's only useful as a little known covert tool - if it went mainstream, it would become ineffective.

Yes, it does rely on the perps not being too tech savvy. On the other hand, most of the under 30's round here can't keep from looking at a phone every 5 seconds!

One phone I'm using as a test device will still send probe requests when the wifi is turned off!

[cockney steve]

@rikur_ said

t's only useful as a little known covert tool - if it went mainstream, it would become ineffective.

How so? If it can't be detected, being a passive listening device, I would have thought that any slightly savvy villains would think twice before chancing their luck on a place that may have indeterminate security measures. Depriving them of mobile phone use will make thieving a bit harder.
It would appear the Rotax thieves were very carefully reconnoitering their victims' security and neutralising it, before striking.....
talking of which, they seem very professional. It's my belief they are laying low while things cool down again, winter months when there's less tourism less traffic and less flying may be when they start again. KEEP YOUR GUARD UP!

[Boswell]

I don't get it. This device will record the crook's home MAC address/WiFi access point, where he/she's relaxing in slippers after a hard day/night's Rotax lifting?

Any crook would be mobile and en route back to Albania, surely?

Come to think of it, any savvy criminal would be doing a web search for Rotax and land here reasonably quickly to pick up tips (Flyer Forum #1 and #2 for "Rotax stolen" on a well-known search engine).

[rikur_]

What this gives you is the mac address of their phone/smartwatch/etc and potentially the name of any wifi networks that they have connected to.

As a standalone piece of information, not that useful, but for example if the same device has been onsite previously you might be able to go back through CCTV and identify them from a scouting trip.
The names of networks connected to would potentially give a good clue of the country of origin of the suspects.... if they connected to the wifi network on the ferry you might even know their route.

GCHQ would potentially be able to link to other personally identifiable data (as mac address of devices accessing the internet performs part of a wider data trail of internet access, and you might speculate that similar sniffing techniques might be used by our security services at ports amd borders) .... however I don't believe the police have access to that for investigating thefts.

If the thieves know this sort of technique is in use (e.g. whilst doing their research on flyer forum) one assumes they will be leaving their phones at home.

[Maxthelion]

As an IT security professional, I think this is fascinating. What tool are you using MK?

[rogcal]

Once the crims have wised up to the fact that this technology is stalking them, they'll be back to using basic mobile phones and leaving their smart phones behind when they go out thieving or foraging for likely targets. Must put my old Nokia on Ebay!

[kanga]

..

Any crook would be mobile and en route back to Albania, surely?...

any evidence for any Albanian connexion ? As ever, in genuine curiosity ..

[Boswell]

You haven't visited the Sunday flea-market in Tirana's old town?

Er, no.

[kanga]

You haven't visited the Sunday flea-market in Tirana's old town?

...

Stalls selling Rotaxes ?

[morticiaskeeper]

On our little test on Saturday, there was a bit more noise than usual from the lane, but nothing too bad. The next day, some unknown MAC addresses showed up on the log, along with wifi access point names. Using certain websites, we narrowed it down to one road, son went off on his bike with his phone setup for war driving. Found the house!

The technology isn't particularly special, just a raspberry pi, with an extra wifi dongle (chipset is important) and some freely available monitoring software.

The bit I have done is write code to save the data to a SQL database, along with an exclude list of known devices, and a filter based on signal strength because it was too good!

I've been running something similar for about a year as an in/out board for family members, no point calling home to speak to SWMO if she is out. It is also useful as we have autistics in the family, so a gentle eye on movements can be useful. This has already helped us in checking on a vulnerable child, avoiding having to call the police because we found him on the system. If all family members are out, a PIR sensor will trigger a cctv camera if movement is detected.

I would still favour the tripwire & shotgun method, but every little helps.

[mr spog]

This all sounds fascinating MK, but if I was a savvy Rotax thief surely I would just switch my mobile off a few miles out from the airfield and not turn it on until well clear again. Even if they were not aware of such technology, surly it will won't be long before they are.