theForum » The Criminal Justice System » Police » SHPO - devices that can connect to the internet

SHPO - devices that can connect to the internet

Mark15788 — Wed, 02 Sep 2020 14:07:17 GMT

Morning everyone,

One of my SHPO conditions is to report to the police any new devices with the capability of connecting to the internet within 3 days of purchase.

That’s fine and always adhered to it.

I’m not tech savvy so here’s my question.

I have a very old style big bulky TV, I want a new one.

I know if I get a smart TV that would need to be reported, right?

What about a non smart TV? The spec says it has a Ethernet connection, does that mean it’s capable of connecting to the internet and therefore I’d need to report?

I’d rather be safe than sorry and just planning ahead.

RE: SHPO - devices that can connect to the internet

JASB — Wed, 02 Sep 2020 14:07:17 GMT

[quote]

[b]Mark15788 - 29 Aug 20 10:52 AM[/b]

Do these systems get used on everyone or just dependant on offence? My offence was not related to images and I’ve never had any software mentioned to me.I’m managed by the neighbourhood team so not even sure how much training they receive. My laptop seems to get less attention than my mobile.

[/quote]

Hi

As others say it is amazing the attitude / intruputation of the PPU to defined processes.

The last of my visits - end of last year- the accompanying officer who looks at my mobile and laptop (even though I have not any IT/internet etc offences) shows concern because of my "admin" habits built over 30 odd years as an IT consultant.
I always clear my history on all devices including old messages and calls on my mobile for both security and operating purposes. However he is not happy and always drops a few words to see my reaction; which I ignore unless asked a direct question.
They have asked to do a software based check on my laptop and not to delete my history which after gaining a statement that they agree I do not have a legal requirement to do so, it is a one off and as a nicety statement "they promise they are not trying to catch me out". I agreed but also asked why do it then but gained no reply.

I say this not to humiliate the PPU who I believe have a horrendous role, but really just to point out that their actions can give an air of positivity. In that they must have no other concerns so going to the extremes of searching OR their search of my laptop will show my behaviour to be better than the social normality and go on to support my case to have my SOPO/SOR discharged.

RE: SHPO - devices that can connect to the internet

punter99 — Tue, 01 Sep 2020 16:04:16 GMT

[quote]

[b]Was - 1 Sep 20 11:19 AM[/b]

[quote]do you really think they are trying to look good at appraisal time.?[/quote]

If you are asking my opinion, rather than on the basis of cold hard facts. Yes. Yes I do. I have previously been involved in interfacing with the police (although not in the area of PPUs) and forces are so target driven that it is inevitable. Preventing an offence is notoriously hard to quantify and document and it looks exactly like doing nothing, but an arrest looks like they are doing something (whether or not it is justified) and which they can publicise, Each month I'd get presented with lovely charts of their activities, most of which had little effect on reducing crime.

In the area of SHPO's the wording is usually so open to interpretation that a non-intent to offend easily becomes a gotcha, so you are at the mercy of individual officers rather than official policy, and the hugely divergent behaviours documented here show this to be the case. I don't think some of them can help themselves. The only slack I'll give them is that they only have to make one mistake and it's all over the papers.

[/quote]

Although policing in general is all about catching and arresting people, I don't think that the PPUs are measured in the same manner. Their job is to prevent reoffending, by people who have already been caught. If a PPU officer were arresting more people, that would indicate a failure on their part, to prevent reoffending, which would arguably look bad for them. Whether they realise it or not, the PPU are employed to work with ex-offenders, to help those people manage their own risks.

Things that PPU are measured on, include the number of outstanding visits. Because of huge numbers on the register and big cuts to police numbers, most forces have built up a backlog of overdue visits. Reducing that backlog is now a priority for PPU teams and that is what will look good for them, at appraisal time.

RE: SHPO - devices that can connect to the internet

Was — Tue, 01 Sep 2020 11:19:13 GMT

RE: SHPO - devices that can connect to the internet

Neal — Tue, 01 Sep 2020 10:53:29 GMT

[quote]

[b]Was - 20 Aug 20 3:13 PM[/b]

[quote]

[b]Mark15788 - 20 Aug 20 2:40 PM[/b]

I’m not new to it no, my community order is now complete, I’m nearly 3 years In so fast approaching 2 years left on SOR and SHPO. Was just interested in the TV situation. Why would you need to take every new device to the police station? I’ve always just went the same day as delivery with the information I need and got a written confirmation from them. Hardly going to take a new TV in there to be fair.

[/quote]

It is the capriciousness of the whole process that is worrying.

I bought a new laptop, installed Windows (and nothing else) and within hours of it arriving, well within the 3 days notification period, informed my PPO and asked when they wanted me to bring it in to have the monitoring software installed. She told me I was in breach of my order and they could confiscate it. This is not true, they would need a court order to "confiscate" it, but, in my understanding they could arrest me, wait for their behaviour to be chucked out in court with no legal comeback and seize it for "examination" which could take several years.

My next laptop I took in the box straight from Argos to the police station and asked them to set it up themselves, which to be fair they did.

As others have said, they only seem interested in computers, when anyone with an inkling of the Internet of Things knows to be foolish if there is someone who really wants to continue committing offences. But protect yourself. Who knows if your PPO suddenly wants to pad their stats because they are getting near their appraisal?

[/quote]

Hi it is interesting how varied the actions of the PPO are across the country, I have been in three police areas, the first where I was sentenced and received my SOPO were very poor giving me an indefinite SOPO and restrictions not allowed for a internet only offence. However in the other two areas the PPO have been very pleasant inspecting my phone on one visit. Why is there such a difference across the country, do you really think they are trying to look good at appraisal time.?

Neil

RE: SHPO - devices that can connect to the internet

Mark15788 — Sun, 30 Aug 2020 15:37:10 GMT

Nearly at the half way point you mean?

RE: SHPO - devices that can connect to the internet

jcdmcr — Sun, 30 Aug 2020 14:28:26 GMT

[quote]

[b]Mark15788 - 29 Aug 20 5:37 PM[/b]

Thanks for that. I’m all new to this side of stuff, even though I’m almost over the halfway point of a 5 year SHPO. I don’t even know much about my risk level, but I believe here the neighbourhood teams here are only managing low risk so I must be assessed as that. I’ve never breached and they are always saying I’m doing great. So was just very curious how different peoples experiences were.

[/quote]

I'm the same just under a year to go.

RE: SHPO - devices that can connect to the internet

Mark15788 — Sat, 29 Aug 2020 17:37:44 GMT

RE: SHPO - devices that can connect to the internet

punter99 — Sat, 29 Aug 2020 17:10:12 GMT

[quote]

[b]Mark15788 - 29 Aug 20 10:52 AM[/b]

[/quote]

I guess if they are not IT trained, they won't have access to the software. As for being offence related, I suppose it partly depends on that, partly on what your SHPO says you are not allowed to do and partly on the police's own level of concern about your risk.

Their biggest worry will be indications of the SHPO being breached, but they could also be fishing for clues as to any other offences that might have been committed.

RE: SHPO - devices that can connect to the internet

Mark15788 — Sat, 29 Aug 2020 10:52:16 GMT

Do these systems get used on everyone or just dependant on offence? My offence was not related to images and I’ve never had any software mentioned to me. I’m managed by the neighbourhood team so not even sure how much training they receive. My laptop seems to get less attention than my mobile.

RE: SHPO - devices that can connect to the internet

punter99 — Sat, 29 Aug 2020 09:19:34 GMT

Monitoring software and ostriage are two seperate things. Monitoring software checks your device in real time and feeds things like screenshots back to the PPU, so if you typed in one of their watchwords, it would grab a screenshot of what you were doing at the time. It is very intrusive, because it is running in the background all the time. I offered to let them install it on my device but they said they only have a small number of licences, so they weren't going to bother.

Ostriage is basically taking a snapshot of what is on your device, at the time the PPU visit you. Sometimes they just do a manual check of my browsing history, but other times they insert a USB stick, which runs the ostriage software. As far as privacy is concerned, it probably comes under the very broad definition of checking or inspecting your devices, which is allowed by the SHPO.

It's intended for digital forensic investigators to use, when they arrest somebody and seize their devices. The idea is to let them inspect the device for anything naughty, on the spot, rather than having to take it to a lab. The main focus is images (obviously), and certain keywords, but it hoovers up lots of other stuff which might be useful for an investigation. How much use it is to the PPU depends on their level of IT knowledge. Mine is only really interested in the images.

But by playing around with tools like osforensics, I was able to see what they see. It can be a real eye opener, to find out just how much data they can extract.

RE: SHPO - devices that can connect to the internet

Mark15788 — Fri, 28 Aug 2020 21:00:38 GMT

Mine says something like “if they choose to” I’m nearly at the three year point and never had anything mentioned about it.

RE: SHPO - devices that can connect to the internet

xDanx — Fri, 28 Aug 2020 19:59:46 GMT

One key thing to remember is, they are not your friends.
They will use every tactic possible to bypass your civil rights to collect all the information so they can to use against you.
And they get away with many things because most individuals simply do not know what rights they even have, and police exploit this.

I have said it before in a previous post, but it really does frustrate me reading about people who get sentenced for dishonesty. Yet the whole justice system is entirely based on dishonesty.

Far as I am concerned, if it does not state in the orders that you must have monitoring software installed then you simply are not forced to have it.

RE: SHPO - devices that can connect to the internet

Mark15788 — Fri, 28 Aug 2020 19:24:37 GMT

Yeah that dies make sense. I’m only curious as never heard much about this side. Checks for me have always been literally a two minute browse of my history. Not sure if the actual sexual offence makes a difference to the checks they tend to do or what they look out for.

RE: SHPO - devices that can connect to the internet

lotsofquer — Fri, 28 Aug 2020 19:21:35 GMT

[quote]

[b]punter99 - 28 Aug 20 5:01 PM[/b]

I know that my PPU tried to run lazagne.exe (password stealer) on my device, but windows stopped it. Although ostriage isn't available for downloading you could try osforensics - free 30 day trial. shows you the kind of thing ostriage can do

https://forums.passmark.com/osforensics-osfmount-osfclone/48008-osforensics-v8-beta-release

lots of fun for techies...

[/quote]

Ok the amount of information they collect is scary and I actually can't see why a lot of it is required. Why would they need all of the wifi passwords on your machine for instance????

RE: SHPO - devices that can connect to the internet

lotsofquer — Fri, 28 Aug 2020 18:48:54 GMT

[quote]

[b]Mark15788 - 28 Aug 20 6:33 PM[/b]

If your order has no requirement to install that sort of software than surely they can’t? Or does your order include that?

[/quote]

Likely the order is to do with making devices available (for checking) - it's not actually installing any software but just running the software. The software is taking whatever they specify I would imagine and they analyse it later. . Given punter99 mentioned that windows stopped it from stealing passwords then I'd imagine that they use anything they can regardless of legality of doing so or any privacy concerns.

If you don't allow them then possibly a breach of the order (for not allowing access to devices) or you could make them do it manually meaning they are there for longer but probably not as thorough as the software. Obviously I'll make a decision based on the situation at the time (dependant on what orders I end up subject to) but I'd imagine that I wouldn't be too happy about them stealing passwords or using automated software to take everything and anything. I'll likely make them do it manually if thats an option (obviously one they're not going to present to you or deny exists but - and I'm just spitballing here - I would think that unless your order states they can do so then you can refuse provided you make the device available for checking. Whether that means they take it away for to analyse (and probably use the software anyway but deprive you of a laptop for however many months) or not I don't know.

RE: SHPO - devices that can connect to the internet

Mark15788 — Fri, 28 Aug 2020 18:33:11 GMT

If your order has no requirement to install that sort of software than surely they can’t? Or does your order include that?

RE: SHPO - devices that can connect to the internet

punter99 — Fri, 28 Aug 2020 17:01:01 GMT

RE: SHPO - devices that can connect to the internet

lotsofquer — Fri, 28 Aug 2020 16:43:08 GMT

[quote]

[b]jcdmcr - 28 Aug 20 4:38 PM[/b]

[quote]

[b]lotsofquer - 28 Aug 20 4:11 PM[/b]

[quote]

[b]jcdmcr - 28 Aug 20 3:40 PM[/b]

[quote]

[b]jcdmcr - 28 Aug 20 3:16 PM[/b]

Hi
I've just had a visit from my public protection office, I have file auditing turned on filled my c drive event log store in under an hour!! I've had a look through and their tool appears to be proprietory and access a number of areas. I'm still going through the log but it appears to do the following
Scan for all executables on your hard drive on all partitions
Scan for all images
Checks for any proxy usage
Scans for all images - to what end i'm not sure. I mean does it copy them or just write the names into a text file?
The program is called: osTriage2.0.0.3.exe and the event log entry is below
There is also a helperapp that runs.

My concern is that if the app does the following
1 - Copies personally identifiable informaiton to an unencrypted drive
2 - is designed to allow someone with little or no experience to run and potentially arrest someone for just ticking a box.

==========================================================
An attempt was made to access an object.

Subject:
Security ID:J***********\*****
Account Name:james
Account Domain:***************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object Name:D:\onedrive\OneDrive - **********\private\salvage\recovered\DSC02402.jpg
Handle ID:0x840
Resource Attributes:S:AI

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Accesses:ReadData (or ListDirectory)

Access Mask:0x1
================================================

It also accesses the recycle bin too

A handle to an object was requested.

Subject:
Security ID:J*******
Account Name:********
Account ******************************
Logon ID:0x2A7F0696

Object:
Object Server:Security
Object Type:File
Object Name:D:\$RECYCLE.BIN\S-1-5-21-81388288-117615736-41980065-1001\$R5TN288.JPG
Handle ID:0x2b4
Resource Attributes:-

Process Information:
Process ID:0x40e0
Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe

Access Request Information:
Transaction ID:{00000000-0000-0000-0000-000000000000}
Accesses:SYNCHRONIZE
ReadData (or ListDirectory)
ReadAttributes

Access Reasons:SYNCHRONIZE:Granted byD:(A;ID;FA;;;BA)
ReadData (or ListDirectory):Granted byD:(A;ID;FA;;;BA)
ReadAttributes:Granted byD:(A;ID;FA;;;BA)

Access Mask:0x100081
Privileges Used for Access Check:-
Restricted SID Count:0

==========================================

This is the process starting
A new process has been created.

Creator Subject:
Security ID:***************
Account ***************
Account Domain:***************
Logon ID:0x2A7F0696

Target Subject:
Security ID:NULL SID
Account Name:-
Account Domain:-
Logon ID:0x0

Process Information:
New Process ID:0x29a0
New Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\Plugins\__tmp\c5865ccc-74af-498f-bba3-6157e3a3b34b\osTriageHelperApp.exe
Token Elevation Type:%%1937
Mandatory Label:Mandatory Label\High Mandatory Level
Creator Process ID:0x40e0
Creator Process Name:\Device\HarddiskVolume12\osTriage2.0.0.3 - SOPO\osTriage2.0.0.3.exe
Process Command Line:

[/quote]

oh as a side note - it appeared to monitor my arp cache and dns servers!!

[/quote]

Monitored or took a copy?

The software isn't proprietary but seems to have been removed from public view (so I guess making it pseudo proprietary). Looks like you have to have law enforcement training to get a copy now. One thing I've just discovered (although not all that surprised) while looking up the software is that Windows logs everything you access and keeps it forever even if you delete a file. If you want to take a look check out Shellbag Analyzer & Cleaner by Goversoft. Given one of the tools on the developer of ostriage website (not goversoft btw - that was another one I found) pulls this information I'd imagine they're taking a copy of it.

I guess if you have nothing to hide the only issue is the privacy intrusion and potentially some explaining to do if you happen to download something with a name that looks dodgy.

[/quote]

I'm not sure - i'm guessing tho they took a copy. Its the latter that bothers me on names of files. Whos to say you access (for example) a news site or any site for that matter where they have given a dodgy name to a file...

Windows only keeps the thumb cache and the search indexer.

I have file auditing set up, so I log every file accessed and keep the logs..... BUT i have nothing that audits USB drives. Besides, the only way i can do it is to switch auditing on the USB drive and thats not easily done.

[/quote]

You can turn off the thumb cache on windows. Not sure about the search indexer. It keeps more than that - take a look at the software I mentioned above (or go directly in to the registry yourself if you don't trust it). It's all there. That software also has the option to delete it.

RE: SHPO - devices that can connect to the internet

jcdmcr — Fri, 28 Aug 2020 16:38:43 GMT

[quote]

[b]lotsofquer - 28 Aug 20 4:11 PM[/b]

[quote]

[b]jcdmcr - 28 Aug 20 3:40 PM[/b]

[quote]

[b]jcdmcr - 28 Aug 20 3:16 PM[/b]

[/quote]

oh as a side note - it appeared to monitor my arp cache and dns servers!!

[/quote]

RE: SHPO - devices that can connect to the internet

jcdmcr — Fri, 28 Aug 2020 16:34:03 GMT

[quote]

[b]Mark15788 - 28 Aug 20 4:28 PM[/b]

So it’s just monitoring software they have installed? Is that part of your order?

[/quote]

No - its some analysis software that they ran

RE: SHPO - devices that can connect to the internet

Mark15788 — Fri, 28 Aug 2020 16:28:53 GMT

So it’s just monitoring software they have installed? Is that part of your order?

RE: SHPO - devices that can connect to the internet

lotsofquer — Fri, 28 Aug 2020 16:11:08 GMT

[quote]

[b]jcdmcr - 28 Aug 20 3:40 PM[/b]

[quote]

[b]jcdmcr - 28 Aug 20 3:16 PM[/b]

[/quote]

oh as a side note - it appeared to monitor my arp cache and dns servers!!

[/quote]

RE: SHPO - devices that can connect to the internet

jcdmcr — Fri, 28 Aug 2020 15:40:12 GMT

[quote]

[b]jcdmcr - 28 Aug 20 3:16 PM[/b]

[/quote]

oh as a side note - it appeared to monitor my arp cache and dns servers!!

RE: SHPO - devices that can connect to the internet

jcdmcr — Fri, 28 Aug 2020 15:16:27 GMT