|Geolocation can help track Internet thugs|
On Monday evening, Legal Schnauzer received an anonymous comment that I interpreted to be a death threat. How should a blogger handle such a situation? I'm not aware of any textbook or position paper on the subject, so there seems to be no clear-cut answer. But I can tell you what I've done, so far.
In the four-plus years that I've been producing this blog, I've received probably 50 to 75 anonymous messages that had a threatening tone. I'm guessing that 20 to 30 of those have been ugly enough to cause me some measure of alarm. I've never described any blog-related communication that I thought caused me to be in danger of bodily harm or death--until now.
What's different about this most recent message? Well, I explained that, in a general sense, with a post yesterday afternoon. Mainly, the timing of the comment--and the content of the post to which it was attached--made me think the individual behind this one might be dangerous.
But I've done a layman's investigation that adds some troubling specifics to the story. We're going to examine some of those specifics, as revealed by a few common Web tools. And we're going to ask, "Have I been the victim of a federal crime?"
In a broader sense, I would like to pose several "big picture" questions: What should a blogger do when an anonymous messenger veers from "disagreeable" or "nasty" to "menacing"? Can writing a blog, or practicing citizen journalism as we do here, truly put your life at risk? If you report such threats, will law-enforcement officials take them seriously? What kind of law governs such behavior?
I welcome comments and ideas from readers because I don't claim to have the absolute answer to all, or any, of these questions.
A good analytics service, many of which are available for free on the Web, might be your best weapon against those who spread fear via e-mail or blog comments. Google Analytics probably is the best known such service, but there are many others out there. Here is a list of the top five blog statistics trackers.
I first read the threatening message, through my Blogger comment-moderation notice, at about 9 p.m. on Monday (August 29). After deciding to publish the comment, I promptly went to my stat service to scroll back about two hours; that's because the comment was time stamped at 6:55 p.m., on a post dated Tuesday, August 23. Could I find someone who had clicked in the comment section of that post in the appropriate time frame?
The answer was yes--and there was only one visitor who proved to be a suspect. (Memo to bad guys: When you click on a post that is several days old, it is likely to have less traffic than a new post. That makes it much easier to track your activities. We never said these people were smart.)
What information did my stats service provide about this visitor? Here is the rundown:
Visitor Analysis and System Spec
Search Referral: www.bing.com — legal schnauzer blog
Host Name: 99-71-178-13.lightspeed.brhmal.sbcglobal.net Browser: IE 9.0
IP Address: 220.127.116.11 — [Label IP Address]
Operating System: WinVista
Location: Birmingham, Alabama, United States
Returning Visits: 0
Visit Length: Multiple visits spread over more than one day
ISP: Sbc Internet Services
What does all of this mean? Well, I'm hardly an expert, but this seems to be the key information:
* The visitor uses SBC Internet Services;
* He made multiple visits spread over more than one day;
* His location, or at least that of the server he uses, is Birmingham, Alabama;
* Most importantly, his IP address is 18.104.22.168
I took this last piece of information and did a search at an IP-address tracking site on the Web. Here is what that search yielded:
General IP Information
ISP: SBC Internet Services
Organization: SBC Internet Services
Services: None detected
Assignment: Static IP
We learn that this is a static IP--probably a home user--with a decimal of 1665643021. (Not sure what this decimal number tells us, but it might mean something to a genuine technophile.)
Perhaps the most intriguing data, to me, comes under the heading of "geolocation," which is the art (or science) of matching an IP address to a physical location on the globe. Here is what we find:
Country: United States
Area Code: 205
Postal Code: 35242
Here comes the really fascinating (or creepy) part. If you key in my IP address, it produces a latitude and longitude that is identical to the one above. Does this mean my threat came from someone who lives nearby? It sure looks that way. How close might they be? I'm still trying to figure that out--but I'm guessing it is pretty darned close.
A little research on the Web turns up all sorts of caveats about the accuracy of geolocation software. The general consensus seems to be that a good service is about 80 percent accurate within a 25-mile radius.
Some layman's experimentation has me thinking the geolocation in our area is more accurate than that. I searched on an IP address that I know is about 15 miles from my house and on another that I know is about eight miles away. Both had different coordinates than those for my location.
Did my threat come from several neighborhoods over, from several streets over, from a few houses down the street, from right next door? I'm still working on that question, but I have a definite suspect or two in mind. Do I think these suspects are capable of violence? Yes, I do.
Has my "correspondent" committed a federal crime by using the Internet to send a threatening message? We will turn to that question next.
(To be continued)