Skip to main content

Ralsina.Me — Roberto Alsina's website

I knew the CS in CSI was not for Computer Science!

Last night I saw an episode of CSI Mi­a­mi.

While I like a tech­no-geeky po­lice pro­ce­dur­al show as much as the next guy (and most guys do :-), it left me with a queasy feel­ing.

Have I been bam­boo­zled?

In this episode, one of the corpses was killed in his of­fice, where ap­par­ent­ly he had been us­ing his note­book to con­nect via Wi-­fi to use an­oth­er build­ing's ac­cess point to reach an es­cort via email, by­pass­ing the se­cu­ri­ty of his of­fice net­work.

Now, that's all cool and nice, but the prob­lems start­ed quick­ly.

First, they man­aged to read an email the de­ceased had sen­t, by in­spect­ing some com­put­er in the ac­cess point LAN.

Ok, maybe they had a SMTP prox­y, or the guy had used the SMTP serv­er and they had full mes­sage log­ging (but no send­ing ad­dress con­trol?).

Un­like­ly, but pos­si­ble.

The big prob­lems came when they re­cov­ered the note­book and could see two re­sponse mails from the es­cort.

  • They had IP ad­­dress­es like 24.123.43.12.1109

  • They saw that one had that ad­­dress, and the oth­­er mail had .1108, so they de­­cid­ed that:

  • One was a forgery

  • Both came from com­put­ers in the same net­­work

  • They could find both com­put­ers in the cy­ber­­porn out­­­fit where the es­­­cort worked

What's wrong?

Well, Those IP ad­dress­es are might­ly long and have very large bytes. Al­so, why on earth did the com­put­ers that sent the mes­sages have stat­ic IP ad­dress­es?

Should­n't both have been NAT­ed to the same IP?

Un­less they used a pri­vate SMTP server, of course! In which case, it would have had email ad­dress checks on the sender. Re­mem­ber, this was a cy­ber­porn out­fit, the porn peo­ple KNOW IT. Bet­ter than most com­pa­nies!

Fi­nal­ly: they went af­ter a sus­pect be­cause of the IP ad­dress in an email???????

That is so easy to fake it's not fun­ny. If the stuff I know about is so wrong, how right are the things I don't know about, like DNA test­ing and what­ev­er.

BTW: one of the in­ves­ti­ga­tors had a blood sam­ple "done", with­out telling the lab work­er the rea­son, had a sin­gle page print­out, and com­par­ing two num­bers to a sim­i­lar page of a dead guy, he knew the blood was from the dead guy's daugh­ter.

I am pret­ty sure that to test ge­net­ic re­la­tion, you need to do some­thing a bit hard­er than that! ;-)

So, in short, sure, we are bam­boo­zled ev­ery week. All the mag­ic is smoke and mir­rors. But hey, it's fun, and the CSI of­fices look like star­ship En­ter­prise cir­ca 2300, ex­cept the desks are cov­ered with bot­tles of pret­ty colours :-)

Roberto Alsina / 2006-04-03 05:30:

I don´t usually see it because I have no cable (or time to watch TV). Only when I visit my parents :-)



But sure, I wouldn´t be surprised if it were product placement.



What´s the CSI effect?

Capz / 2006-04-03 05:38:

Bamboozled.. is that some sort of actual game and not just something the producers of Friends came up with?



I'd like a wicked Wango card, by the way.

Roberto Alsina / 2006-04-03 05:39:

Check out dict:bamboozled in your nearest konqueror window ;-)


Contents © 2000-2024 Roberto Alsina