Tags:




Am I Being Tricked? Probably Not. But Just To Make Sure...
November 8, 2006 5:19 PM   RSS feed for this thread Subscribe

Help me figure out whether I'm being scammed. The question, which involves theft prevention, MAC addresses, and the University of Washington Campus Police, follows after the break.

Today, I got the following email: "If you have already sent me your mac address information disregard this email." The attachment, which I have partially copied below, contains info about giving the UW campus police the MAC address of my laptop as part of their theft prevention program. I do remember filling out some stuff with my iBook's serial number at the beginning of the year, but they didn't say that they would be following up like this.

Anyway, the email (attached in .doc format) is:

Thank you for registering your electronics with the UW police. The crime prevention unit is organizing a theft-recovery program for computers/laptops. In order to do this we must have your Machine Access Code also known as MAC Address and or Physical Address. Each computer/laptop has it own unique MAC Address.

We are asking all of you who have registered your computers/laptops to provide us with your MAC Address so that we can have them on file for when our new data-base is created.

MAC Addresses consist of 12 letters and or numbers. Example: 02:55:89:d5:0a:00.

Listed below are instructions on how to retrieve your MAC Address from a PC or Mac computer

Should I respond? Is this some sort of illegitimate scheme by someone other than the UWPD? One of the things that raises a red flag for me is the poorly capitalized email. I realize that I should just call the number listed in the email, but they are closed right now and, to be honest, I'm immensley curious as to what they're trying to do here.

Forgive the extreme paranoia. I guess I'm a bit of a conspiracy theorist.
posted by rossination to computers & internet (23 comments total)
What can you do with a MAC address? I suppose it could be used by the ISP to track down a stolen piece of equipment, but seeing as this address can be easily changed, it doesn't make much sense. Will they provide theft prevention without the information?
posted by aberrant at 5:24 PM on November 8, 2006


Call up the chief of the Campus Police and ask him if this program is for real.
posted by Dasein at 5:26 PM on November 8, 2006


If you decide to call, you should look up the number independently rather than using the one on the email, which could be fake.

I'm not sure what good a MAC address can do potential scammers except that it allows someone to spoof your computer name (for example, if your school's DHCP server uses MAC addresses).
posted by JMOZ at 5:28 PM on November 8, 2006


[Sorry, I should clarify - I do not live on campus, but occasionally use on-campus wifi].

Keep the suggestions coming!
posted by rossination at 5:30 PM on November 8, 2006


In addition to being able to get your IP and in general know who you are while running a packet sniffer, they could spoof your MAC address.

I can't think of anything too sinister to do with a MAC address, but it is good for anti-theft: if I report that my laptop was stolen, and they spot the MAC address being used afterwards, they can (in a well-designed network) track where it's coming from.

My campus police department has sent out poorly-capitalized e-mails before.

Anyway... Do NOT call the number in the e-mail. Look up the number for the actual UWPD (non-emergency) and call them. If they confirm it, you can respond; if not, you can file a police report (for impersonating a police officer, no less) while you're on the line. ;)
posted by fogster at 5:30 PM on November 8, 2006


It's Media Access Control, to be pedantic. I wouldn't put it past the genuine police to be happily unaware of this fact.
posted by kcm at 5:34 PM on November 8, 2006


If you do call, you should also ask whether they need ALL MAC addresses - you likely have one for your wired ethernet, one for your wifi, and (possibly) others depending on your setup.
posted by aberrant at 5:37 PM on November 8, 2006


(even more sinister: could they use it to nail you if the RIAA or the Feds come a-knockin'? They can probably ID you in other ways, but this might be one more piece of info that they could use against you....)
posted by aberrant at 5:38 PM on November 8, 2006


sorry for the multiple posts, but ideas keep coming to me - what I'd suggest, if they insist that they need it, is that you keep it yourself, and if your laptop is ever stolen, you given them the information at that time. Why do they need it in advance?
posted by aberrant at 5:39 PM on November 8, 2006


A word attachment? Asking for something that is easily spoofed to use as an identifier? Yeah, these guys are on the case. Me, I'd forget about it.

/end snark
posted by -t at 5:53 PM on November 8, 2006


The WU police site is pretty nice, I'm sure you can dig something up or just ask them.

If you end up having to give them an address, and you don't need it to get on the network, just make one up. I keep Macshift as a startup item on my laptop. It's like getting a new, temporary identity with every reboot!

There's really not a whole lot they can do with a MAC address, as mentioned before if you give them the one hard coded in your computer they can identify that computer at future dates. If you give them a made up one, and someone inspects your computer the MAC addresses won't match.
posted by Science! at 6:00 PM on November 8, 2006


Incidentally, if you want to give them a made-up one, I suggest:

de:ad:be:ef:ca:fe

Or the less obvious:

b0:0b:13:55:ba:be

If they raise any objections, then just change your network adapter's MAC to match.

Personally, though, I would just send a reply pointing out the numerous flaws in their request. One is that the MAC address can be easily be changed without extra software. Two is that it identifies a network adapter, not a computer -- replace the network adapter and you get a new MAC on the same computer. Three is that every computer from a major manufacturer already has a unique identifier, often one that's written into the BIOS and *can't* be easily changed: the serial number.

Of course, I wouldn't be so cocky as to present it to them in the same way...but I would definitely make my objections known, and ask why they aren't taking the more-useful serial number.
posted by CrayDrygu at 6:32 PM on November 8, 2006


If they raise any objections, then just change your network adapter's MAC to match.

It will be obvious that your MAC address is fake if it doesn't begin with 00.
posted by oaf at 6:38 PM on November 8, 2006


MAC address registration is so stupid in so many ways...

1. If you have a relatively recent laptop, your laptop probably has two MAC addresses, one for the wired port and one for the wireless.
2. It takes about 10 seconds to change the MAC address either of your network adapters (or both) transmit.
3. Every single ethernet adapter adapter out there -- whether it's built-in, PCI, USB, PCMCIA, etc. -- has its own MAC address. Which can be spoofed and/or changed easily.

I can't say that it's a scam though. It's entirely possible that this is a genuine -- if futile and misguided -- attempt at providing theft protection.
posted by clevershark at 6:54 PM on November 8, 2006


1) Bob steals your laptop.
2) You report the theft to the police, who have your MAC address.
3) The police enter your MAC address into a "stolen" list.
4) Bob plugs your laptop into the campus network (or potentially uses the wifi on campus) and does not know that A) he can, and B) he should change your MAC address.
5) The DHCP server gets a request from your laptop for an IP, notices the MAC address is in a "stolen" list, and tells the police when and at which physical port the laptop was plugged in.
6) The police rappel down from the roof, crashing through windows, and take down Bob with judicious application of tear gas and batons.
7) Your laptop is returned to you, safe and sound.

Listen, it's not foolproof, but it's not futile either. How many laptops are stolen by MAC-address-aware thieves compared to how many are stolen by some dude walking by and seeing an unattended laptop? Registering your MAC address is harmless (they could get it other ways if they really cared to, and honestly campus police aren't in the business of indiscriminate electronic surveillance, as far as I know), and it could get your laptop back to you in some set of theft cases. Call up, ask if it's a real program (it very likely is), ask if they want all MAC address (like others have mentioned), and go for it.

And I don't believe any hard-coded manufacturer's serial number will be sent to the DHCP server, so that won't help them automatically spot your laptop on their network - it will just help identify the laptop if they stumble across it somewhere.
posted by whatnotever at 7:35 PM on November 8, 2006


For what it's worth: the UWPD, in my experience, almost always sends correspondence via attached Word documents.
posted by pril at 7:39 PM on November 8, 2006


It certainly doesn't sound like a scam and it's not easy for most laptop theives to change MAC addresses (seriously, most of them do it for a quick meth buck and don't give two shits about the machine).

It is a fairly unique (not perfectly so) way to identify a machine and what whatnoever said a couple comments above is the reasoning behind it. I would be happy to give my campus that info if they are sharp enough to help locate stolen goods with it. It's a nice little insurance policy against total loss in the future on campus.
posted by mathowie at 7:42 PM on November 8, 2006


It's certainly possible that it's real, as the UW does track MACs upon connection to their network, so they could be assembling a list such that when a stolen laptop shows up the network, Computing & Communications can alert them. I would look up the number independently and call them as has been advised.
posted by j.edwards at 8:24 PM on November 8, 2006


"It will be obvious that your MAC address is fake if it doesn't begin with 00."

1) Do you really think it'll be obvious to the same folks who think a MAC address is a good anti-theft measure?

2) If by "fake" you mean "non-factory," sure. But if I tell you my MAC is de:ad:ca:fe:ba:be, and you look on my PC, and that's actually my MAC...then so what?
posted by CrayDrygu at 8:56 PM on November 8, 2006


I tend to be a little paranoid but I would ignore their email, write down your MAC address and then give it to the police if your computer is ever stolen. If that's why they really want it the end result will be the same.

Most large universities have programs like Campus Manager that work completely off of MAC addresses. With thousands of unsecured computers on your network, a program like this is a necessity. Once they put your MAC address in their database, they can do preferred VLAN switching and monitor\control your access on any port on campus. A friend of mine makes his living with these types of programs and it's truly scary what can be done to your computer without your knowledge.
posted by bda1972 at 9:44 PM on November 8, 2006


Yeah, they do this, and the form for registering a laptop has a place for MAC addresses (if you click on "Registration of Electronic Equipment" it will re-direct you to a page that wants a UW net id - google cache)
posted by milkrate at 10:03 PM on November 8, 2006


Yeah, that's probably legit. If you bounce a copy of the email to help@cac.washington.edu, though, we'll take a look at the headers and give you a more official-sounding answer. I've registered my bicycles with UWPD and they usually send a followup email or letter later; I wouldn't be surprised if they do this for electronics registrations, too.
posted by hades at 10:23 PM on November 8, 2006


Cray: Actually, a MAC address starting with 'de' is clearly not your laptop's builtin address, since the "locally administered address" bit is set. Also, the OUI portions of the address space are generally well known, and if yours doesn't correspond to an assigned block, then it another good hint that the address is fake.

Are the campus police going to notice this? No, of course not.

I'm guessing they want the MAC address because it's effectively a serial number for that piece of hardware. It can be used to identify stolen hardware. The thief could change it, just like serial numbers can be filed off, but a lot of the time the thief doesn't bother.

(As for spoofing: anyone who wants to spoof your MAC address to connect to a wireless network can find out what your address is just by being near you while your laptop's on and in use. It is, after all, attached to every packet that goes in or out of your wifi card.)
posted by hattifattener at 11:06 PM on November 8, 2006


« Older What's the legal ramifications...   |   How can I improve the quality ... Newer »
This thread is closed to new comments.