Guy Gets SWAT Team-ed for Not Securing His Wireless Connection

Sunday, April 24th, 2011

Buffalo, New York:

Lying on his family room floor with assault weapons trained on him, shouts of “pedophile!” and “pornographer!” stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He’d gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

“We know who you are! You downloaded thousands of images at 11:30 last night,” the man’s lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, “Doldrum.”

“No, I didn’t,” he insisted. “Somebody else could have but I didn’t do anything like that.”

“You’re a creep … just admit it,” they said.

You know where this is going. They got the wrong guy. Someone else had used Covert’s wireless connection to download child porn.

Law enforcement officials say the case is a cautionary tale.

It sure is. I can certainly think of some lessons we might draw. One might be: Maybe the cops should check to see if a suspect’s wireless network is secure, and therefore that they have the right guy, before they break into his home and point their guns at his head.

Another lesson: Maybe it’s not such a good idea to send the SWAT team after someone suspected of downloading—not even manufacturing—child porn in the first place. Are people who download kiddie porn known to be heavily armed?

As you might suspect, these aren’t the lessons the police drew from their violent, mistaken raid on Barry Covert. This is:

Their advice: Password-protect your wireless router.

Probably good advice, given that they don’t seem particularly concerned about their own mistakes in this case. Not doing so could well get you (or more likely, your dog) killed.

The case reminds me of one of the more amusing botched raids I’ve covered: The wrong-IP address, mistaken kiddie porn raid featuring lawman/SWAT officer Shaquille O’Neal.

Digg it |  reddit |  del.icio.us |  Fark

49 Responses to “Guy Gets SWAT Team-ed for Not Securing His Wireless Connection”

  1. #1 |  Bill | 

    the more I see the se SWAT teams in action around the country, the closer they get to being more military than LE. Frightening. I know Posse Comitatus prevents the military from acting as LE, but what about the the police becoming more like the military?

  2. #2 |  Mike | 

    The militarization of the police is reaching horrific levels. We need to end the War on Drugs and get rid of the ridiculous LE budgets that allow for this to occur.

  3. #3 |  writerJames | 

    Although the odds of child porn enthusiasts being heavily armed might not be high, I don’t see incidents like this resulting in any kind of scaling back of the use of force in such cases. Rushing to defend the civil rights of someone suspected of downloading kiddie porn might not seem like the best way for most people to spend their time, even though we’re all in danger from this kind of abuse of authority.

  4. #4 |  kamt | 

    Bradley, I think you’re forgetting one critical point. That is police are no longer expected to do actual investigative work. Besides these kiddie porn watchers are clearly terrorists just waiting to ambush police.

  5. #5 |  Matt Moore | 

    I leave my wifi network open as a courtesy to my neighbors. I fully expect this to happen to me someday, but I’m not caving to these bullies.

  6. #6 |  Jason Gooljar | 

    Ok besides the IP address that the perp has used to download the images. Surely there must’ve have been other ways to discern that it wasn’t this person. Besides IP information often the computer’s name and MAC address should be able to retrieve no?

  7. #7 |  IP | 

    This style of law enforcement is becoming the new norm. They have TV shows about it to desensitize us. Cameras everywhere, and your every move is tracked. Everything is in place.

  8. #8 |  Ben | 

    My wireless router is password protected, but the idea that if it isn’t means that you deserve a visit from the SWAT team is disgusting. As a matter of fact, my father-in-law asked me to secure his wireless network. The problem is that I couldn’t get some of his computers to authenticate no matter what WPA or WEP mode I tried. After updating the firmware on his router and the NIC firmware on all of his computers, and spending 3.5 hours trying to do it, I gave up. (Doing it in my house took about 2 minutes) His local WLAN is still unsecured to this day.

  9. #9 |  Marty | 

    I’m with Matt…

  10. #10 |  Kim Scarborough | 

    Jason: Not to defend the police in this case by any means, but no, they wouldn’t have been able to get the MAC address of the real downloader. The only way to get that would be from the guy’s router (which is what they ended up doing after the raid, according to the article).

    Also, Radley: I think Barry Covert is the lawyer of the guy who got raided, not the guy himself. I don’t think the victim of the raid was named in the article.

  11. #11 |  Mattocracy | 

    I thought people were innocent until proven guilty? Or is it until the SWAT Team shows up and declares you to be one of the worst fucking things you can be.

  12. #12 |  KnownAlias | 

    Cautionary tale, indeed, to be aware that you need to do law enforcement’s job for them since you’re automatically guilty when they inevitably don’t.

  13. #13 |  A McGillican | 

    Its important to note that the security on most home wireless routers can be broken within minutes. All it takes is some time on google to find the a tutorial and the software. So even if you have a password secured router, it doesn’t mean you did it.

  14. #14 |  Zargon | 

    The hilarious part is that password protecting your router doesn’t do jack if the person who wants to use your network is capable of operating google.

    Standard wireless router encryption (both WEP and WPA) is breakable by anybody who wants to google it to find out how.

    Which leads to the obvious dilemma – is it safer to leave your network open, or pass-worded such that anybody who wants to can get in anyways? Methinks that if he had succeeded in setting the password, he’d have quite a bit more trouble on his hands, because although the WPA vulnerabilities were discovered almost 2 years ago, I’d put money on the court system viewing it as rock-solid secure, and wouldn’t put it past them to exclude expert witnesses that try and tell them otherwise.

  15. #15 |  Juice | 

    I’m always curious to know how they know when someone downloads something. Are they constantly monitoring everyone’s internet traffic?

  16. #16 |  C. S. P. Schofield | 

    My experience of military types is that they would be unlikely to blunder one half as much as these SWAT teams seem to. Perhaps my experience has been skewed, but I really think we are seeing what I call the ‘wannabe’ effect. Since my teens it has been my observation that the very worst, most obnoxious, least capable rent-a-cops are invariably the ones that ‘wannabe’ cops, but can’t get on the force (mostly because of room temperature IQs).

    It makes sense to me that SWAT team members would tend to be Cops that ‘wannabe’ Green Berets …. and have little to no idea what that really means. What they really want to be is Rambo, having completely missed that the book on which the first movie was based was a horror novel.

    One of the sanest people I ever knew wanted to be a Green Beret medic, because such men go to the absolute sinkholes of the earth and teach people basic medicine and sanitation, and deliver babies. I don’t know if he made it, but I suspect that he did. And that what he actually did as a Green Beret would baffle the average SWAT team member.

  17. #17 |  Whim | 

    The homeowner should SUE, SUE, SUE. That’s really the only recourse since the police have qualified immunity.

    It is totally disproportional to kick down doors and throw people down stairs for an alleged software download, or an unsecured router.

    The danger to the homeowner was extreme. SWAT teams trip over their over shoe laces and riddle homeowners on a regular basis.

    In one recent case, an 86 year old man was shot through the head when a SWAT member ALLEGEDLY lost his balance, and naturally having his finger on the rifle trigger, put a rifle bullet through grandpa’s head. Allegedly, because no one else on the SWAT team actually saw the incident.

    May have simply been a psycho policeman itching to kill.

  18. #18 |  Difster | 

    If you really want to secure your wireless there are a few things you need to do.

    1. Obviously set the wireless encryption – though that isn’t enough.
    2. Turn off SSID broadcasting. That way, no one can see the name of your wireless access point. It makes it a little more difficult to actually get your computers attached to the network but it’s worth it.
    3. MAC address restrictions. The MAC is the hardware address of your wireless device. It’s usually on the bottom of your laptop. If you have a wireless card for your PC, it’s usually printed on the card itself.
    4. Change the router password. Making a long password (such as a phrase) is more secure than dumb combinations of letters and numbers. Anything over 12 characters takes a long time to brute force.

  19. #19 |  Whim | 

    Correction: The 86 year-old grandfather of 12 shot in the head “accidentally” by a SWAT member was actually only 68. Framingtham MA. Radley blogged about it back in March.

  20. #20 |  Salt | 

    When you observe someone in a car parked near an apartment complex or in a neighborhood using a laptop/tablet/smartphone, they may simply be piggybacking an open wifi.

    They may also be up to other things.

    I always assume its other things they are up to.

  21. #21 |  TheNakedObserver | 

    All of this fails to call into account that federal laws against the possession, though not manufacture, of child pornography are unconstitutional. Furthermore, the penalties for the crimes are harsh to the point of being cruel and unusual, and many contain mandatory minimum sentences which are a violation of the nation’s system of checks and balances. Most people who download child pornography would be better served with therapy than jail, which would cost the taxpayers a great deal less.

  22. #22 |  C.E. | 

    Some general information: there are lots of ways cops can learn that someone is downloading child pornography, but the two most common ways are (1) people using peer-to-peer file sharing programs like Limewire and (2) people who subscribe to web sites that specialize in child pornography. Other ways that are common are people who give access to their computer to other people who see child pornography and report it to police (e.g., computer repair services), and people who chat up cops pretending to be minors (a la “To Catch a Predator”), whose computers are searched incident to their arrest. I suspect this incident was a peer-to-peer (p2p) case.

    P2p programs, unless specially configured by the user, broadcast to other users the files downloaded to the user’s computer, as well as their own IP address–that’s the point of p2p, it allows you to download from others’ computers, and others can download from yours. Law enforcement types search for known child pornography files on p2p networks. When a file is located, they obtain a subpoena from the ISP that owns the IP number for the computer where the file is; they then obtain a search warrant for the residence of the subscriber who was assigned that IP number on the relevant date and time.

    I suspect this was a p2p case. What’s strange is that where I am, federal agents usually just pay a “friendly” visit to the house where they think the child pornography is being downloaded, knock on the door, and start asking questions before even serving a search warrant. You’d be surprised how many people will admit what they were doing and even show the officers where they store their child pornography collection. I don’t know that I’ve ever seen a case where a SWAT team was sent in. But I guess that every law enforcement agency in every region of the country is going to develop their own approach.

  23. #23 |  JP | 

    The only cautionary tale I see is the one screaming at us to do something about the completely out of control police state we are slowly being crushed by.

  24. #24 |  freebob | 

    Related, but off topic:
    http://sentencing.typepad.com/sentencing_law_and_policy/2011/04/the-distinctive-whiteness-of-federal-child-porn-offenders.html
    In almost every crime stat less than 50% percent of offenders are white; with kiddie porn 89% of offenders are white. Now I’m not saying all white people watch kiddie porn but if you watch kiddie porn you’re probably white. Now all we need to do is gather all the proponents of racial profiling and thanks to this unassailable logic we can finally start profiling whites. I can see no reason why they would oppose this.

  25. #25 |  Highway | 

    Does anything scream out ‘disproportionate response’ more than this? The cops have no excuses on this one. There’s absolutely no reason for a dynamic raid. He’s not going to erase thousands of images so that they’re unrecoverable immediately. He’s not accused of any sort of violence, or weapon possession, although I don’t know if he’s a registered gun owner (not like the cops have a history of checking into that before their raids), but even then, it’s a HUGE step for someone to shoot someone if there’s no history of violence.

    So basically, this is “Let’s dress up and go take down this sicko”, and you know they worked themselves into a froth talking about how much ‘scum’ and ‘bastard’ and a ‘kid fucker’ this guy was. Of course, it’s another leap from ‘viewing child pornography’ to ‘pedophile’, but that distinction won’t dawn on the dim bulbs that populate the local cop shop’s raid team.

  26. #26 |  Buddy Hinton | 

    Professor Kerr’s comment are completely off point, as per usual. Instead of pointing out that there is no probable cause because of the open network issue (and probably also because of potential spoofing issues), and that the search was just plain unreasonable because of the SWAT tactics, he is blaming the victims of his beloved executive branch bullies.

  27. #27 |  Jesse | 

    Even given the vastly over-reaching offense of a home invasion in this case, it’s the alleged self-righteousness of the agents that bothers me most. These are not unemotional agents who serve the law without passion or prejudice—–these are people who truly believe they are a class apart. They are the holy and the just, and the rest of us are all either criminals or potential criminals. Thus, they have no problem overlooking their own tyranny, because in general they are justified as “the good guys”. The perfect example of why those that wish to be police officers should never be allowed to be one.

  28. #28 |  Nash | 

    @15

    Unless they’re the NSA, probably not. Most law enforcement goes through the legal channels (such as a warrant) to make a request of an ISP for a tap to monitor someone’s traffic. Kinda like a phone tap, but with packets.

  29. #29 |  Yizmo Gizmo | 

    How was it established they got the wrong guy?
    Did they not find the files? Did they
    find the “real” perp?

  30. #30 |  BillC | 

    From the article: “The government’s Computer Emergency Readiness Team recommends home users make their networks invisible to others by disabling the identifier broadcasting function that allows wireless access points to announce their presence.”

    This doesn’t really do anything.

    Difster, your first two suggestions are also useless. Your third suggestion is worthwhile, but let’s face it: if they are already in a position to log into your router, they are already on your network.

  31. #31 |  BillC | 

    To follow up on my previous post, the best security scenario for normal home users is WPA2-PSK with a strong password: http://en.wikipedia.org/wiki/Password_strength#Examples_that_follow_guidelines

  32. #32 |  Anthony | 

    #16 C. S. P. Schofield: I am another Veteran who dislikes the term “police militarization”. Not many of SWAT brutes would make it on SF teams, the Rangers or even rank and file Infantry for weapons handling violations alone. The military also emphasizes the Rules of Engagement, escalation of force, and proportional and appropriate force, SWAT teams do not.

  33. #33 |  TheNakedObserver | 

    Yizmo, it’s likely that they still seized the man’s computers and did a forensic search of them and found nothing. This likely took at least a couple of months, though I know of cases where it has taken more than a year between the initial search and the charge. The whole time, those “dangerous” criminals are walking around free. Even after being charged, most are out on bond, albeit with a curfew and some restrictions on travel. Nevertheless, it’s hard to reconcile this behavior by the government with the harsh sentences they hand down: if the people downloading these materials are such a big threat, why does the government allow them to move about so freely, even after being charged, and in some caese, after entering a guilty plea?

  34. #34 |  Curt | 

    Follow the link to the article and check out the comments. The top rated comment basically asks why this couldn’t be handled with a couple of cops walking up to the house and knocking on the door. It (currently) has 4,602 thumbs-up and 87 thumbs-down. Thankfully, this restores some of my faith in humanity.

    I want to know what the 87 people objected to. If it was simply the phrase “storm-trooper crap”, then I guess it’s tolerable. What scares me is the thought that even a single commenter would’ve read the article and thought that the SWAT team was truly required and a couple cops knocking at the door wasn’t sufficient.

  35. #35 |  Difster | 

    BillC, don’t be stupid, doing all of what I suggested will make your wireless router almost completely secure. You obviously have no idea what you’re doing.

  36. #36 |  Curt | 

    @ #32 Anthony… I’m also a veteran and don’t care for the way police try to borrow military tactics. But, I think “militarization” is an appropriate word. It reflects the increasingly powerful equipment and weapons and the increasingly aggressive and violent techniques. It just doesn’t account for the professionalism and restraint that you mention. Those attributes may describe our military but not all military forces.

    It’s also worth pointing out that the military can’t claim that its s#!t don’t stink. There are some service members that lack the professionalism that you talk about.

    The biggest problem is that, in the case of the police, their actions are being dictated by commanders that lack military experience and politicians (that lack a whole lot more). And, those actions are being directed against American citizens instead of foreign fighters. It seems to be an obvious recipe for disaster.

    At some point our country decided that using the military to enforce the laws wasn’t a good idea. Unfortunately, law enforcement negated that by becoming their own military.

  37. #37 |  Matt Moore | 

    @Difster – Bill is right, turning off SSID broadcasting is useless. Anyone with a clue can find the SSID in seconds.

  38. #38 |  albatross | 

    Yeah, it’s pretty obvious the cops wanted to bust this guy’s door in because they thought he was a pedophile, and wanted an excuse to follow up by knocking all his teeth out or shooting him. (Don’t worry–if he’d been “shot while resisting arrest” it would turn out that he was *definitely* a kiddie-porn consumer and pedophile, and of course, there would have been nobody around to contradict that story. Indeed, my guess is that the likelihood of his eventually having the charges dropped would have fallen off rapidly, had he been beaten up by the cops during the arrest.)

    If you want to justify unlimited police powers, no-trial punishments, detentions, etc., it’s useful to have enemies who are simultaneously superhuman scary foes who can only be defeated by the most extreme measures, and at the same time subhuman monsters deserving only of being ground underfoot once caught.

    Pedophiles and terrorists (and drug dealers and neo-nazis and various other contemporary versions of witches) are really useful for this. For their own reasons, both the news and entertainment branches of mass media are very willing to feed both the terror and the hatered of these bogeymen.

    So, while they’re uncaught, they justify absolutely anything. We’re so scared, save us from the terrorists who want to blow us up! Save us from the pedophiles who want to rape our kids! What? You need to wiretap every phone, install spyware on every computer, track every movement, put cameras everywhere, and arbitrarily arrest and detain anyone you want? Okay, fine, if it keeps us safe.

    And then, once caught, they’re fit for nothing but abuse. What, you’re worried about the treatment of terrorist scum? What the hell’s wrong with you–hanging’s too good for those bastards! You want proof of guilt in court for that kiddie-raper? Hmmm, what’s wrong, maybe you’re one too? Who else would care about what’s done to those scum?

    Frankly, we’re building the kind of society we deserve. And we’ll get what we’re paying for–we’re a society full of Germans with one Jewish grandparent, cheering as the filthy Jews are cleared out and loaded onto trains, without the slightest realization that we’re going to be next on the list.

  39. #39 |  albatross | 

    Matt Moore:

    If your goal is avoiding an attacker who wants to plant evidence on your computer or network, then you’re right, hiding the SSID isn’t all that useful.

    But if your goal is avoiding random people getting on your network, and making it marginally harder for some random a–hole to use your network to find kiddie-porn or whatever, then hiding the SSID is valuable. More generally, speedbumps aren’t brick walls, but they’re often valuable in security. If the bad guys (freelance or government) find another target a little more easily than they find you, that still works out for you.

    This is why you lock your doors and windows, right? Hardly anyone has a door and lock that would resist a man with a crowbar or a sledgehammer for more than a couple minutes. But the deadbolt and reasonably solid door and barking dog and alarm decals may convince the thief to move onto the next house, even if he could bypass the alarm and shoot the dog.

  40. #40 |  Mannie | 

    #32 | Anthony | April 25th, 2011 at 11:53 am
    #16 C. S. P. Schofield: I am another Veteran who dislikes the term “police militarization”. Not many of SWAT brutes would make it on SF teams, the Rangers or even rank and file Infantry for weapons handling violations alone. The military also emphasizes the Rules of Engagement, escalation of force, and proportional and appropriate force, SWAT teams do not.

    SF Hell! I wouldn’t trust most of those mopes to burn shit without supervision!

  41. #41 |  Matt Moore | 

    Locking your door isn’t akin to hiding your SSID. A better analogy would be camouflaging your door… all someone has to do to find it is watch for you to come and go. Hiding your SSID only works to keep morons out, and that’s fine as far as it goes, but don’t think you’re more secure because of it.

  42. #42 |  demize! | 

    And the irony is that they have probably now TRAUMATIZED HIS REAL LIFE CHILDREN!

  43. #43 |  weneedhelp | 

    Just another disgusting use of old military equipment in the hands of local yocals just dying to use it. Nice. America, as we have come to know, is long gone.

  44. #44 |  weneedhelp | 

    Oh yeah and dont forget

    but…. but…. but… the children.

  45. #45 |  Gerald A | 

    WPA2-PSK with a 63 charactor ASCII password is for all intents and purposes unbreakable. All the hacks into it are based on library attacks or inside help. Brut forcing it is currently time consuming.

  46. #46 |  Michiel van der Blonk | 

    Everyone who thinks they’re safe because of WPA2: trojans. It’s still possible for someone to operate your computer without your knowledge and download kiddie porn. No matter what you do to your router. Antivirus won’t help if it’s a custom trojan only made for this deal, one that doesn’t spread like wildfire. It could even be wrapped in an actual useful program so you yourself give permission for it to bypass your firewall and everything.

  47. #47 |  Cynic | 

    Perhaps the best way to discourage this would be to visit the parking lot of the PD or nearby and begin downloading (to /dev/null). Then report the PD to federal, state, and county law enforcement. Turnabout is always fair play.

  48. #48 |  Another Mistaken Raid for Child Porn | The Agitator | 

    […] no, it’s certainly not the first time this has happened. Digg it |  reddit |  del.icio.us |  […]

  49. #49 |  Special Weapons And Turdballs | Daily Pundit | 

    […] Special Weapons And Turdballs Posted on July 19, 2012 11:30 pm by Bill Quick “Disarmed by the very government that armed his murderers.” And remember this:  Those “bean bag” rules-of-engagement do not apply when government SWAT teams go after American citizens. […]

Leave a Reply