Skip to content

Terrorists Don't Use Google Maps

A while back, we got an e-mail from a customer who was concerned that terrorists might be using her site to plan an attack on the space shuttle. Please note, this is a real ticket that was submitted to our security department by one of our customers. Identifying information has been removed and replaced with asterisks (*). See the entire story after the jump.

From the customer:

Posted on Nov 19 2008 10:04 AM Your assistance is requested to perhaps quiet an overactive imagination, or confirm a legitimate concern.

Our primary domain is **********.com, we also have another domain, **********.com.

The Kennedy Space Center is located in our county, and since I have noticed a spiking in hits on our website from the Netherlands at a time of heightened terrorist alerts, I would like to know more about where in the Netherlands these hits are coming from. The Netherlands is a known location of Arab communities, and Florida was a known location of terrorists that were involved in 9/11.

We have on our website a calendar that utilizes Google maps and identifies our parks in clear proximity to Kennedy Space Center.

I can think of no reason for such a consistent amount of unusual high hits from another country (unless a University were using it for "park planning").

My concern is that terrorists could be using it for reference to our parks as sites to shoot missiles at Kennedy Space Center.

I would rather this concern just be my overactive imagination, but I would like to know the source IP and location for the Netherlands hits, and any other information you feel is pertinent.

http://**********.com/stats/ http://**********.com/stats/

Please look at the Origin Countries and you will see what I mean. Also, the unresolved IP addresses.

You can see how convenient our Calendar maps make it for people to find their way around here on the Space Coast:

http://www.**********.com/calendar/events/index.php?com=location

Please let me know ASAP. Thank you!

Security Response:

Posted on Nov 19 2008 10:29 AM I don't think you have anything to be concerned about, I cannot see anyone using a parks website to get information when they can just use Google maps to pull the same details. Looking at the logs, I don't see any specific pattern to the .nl traffic over any other specific ip or host in your logs. As for the physical location of the various .nl ips, the Netherland ISP's do not publish physical locations to IP lookups. You can contact the local ISPs, telfort.nl and chello.nl but I do not think they will give you any more detailed information. As for unresolved IP addresses, those are just IP addresses without a reverse lookup. That is normal. Please let us know if you have any further concerns.

Customer:

Posted on Nov 19 2008 12:19 PM Thank you for checking on our server stats.

However, as convenient as Google Earth and Google maps are, without our website, Google maps don't pinpoint and cluster all of the parks, nor do they provide what our website provides: park opening/closing hours, narrative driving directions, photos, and links to add'l information in our website that help people get quickly oriented, including a list of I-95 Exit ramps, and so on.

I would like to think a lot of Netherlands folks are planning a lot of vacations, but our Tourism Director tells me most tourists from other countries to the Space Coast come from Canada, UK, and Germany (Netherlands being about 10th on the list); or, that they are using our website for park planning, however when folks do that they usually correspond with us also.

That leaves a big question mark as to why Netherlands hits have been consistently so high since July.

Security Response:

Posted on Nov 19 2008 12:58 PM More than likely, this is all innocent traffic, but if you are concerned I would suggest forwarding this information to our local FBI branch. They will be able to investigate this, and if they determine there is a legitimate threat, be able to act upon it. Please go to http://www.fbi.gov/contact/fo/fo.htm for more information.

Customer:

Posted on Nov 19 2008 04:49 PM Thank you. I am inclined to believe so too, but it's unusual, and I don't want to brush off something that might be regrettable later.

In attempting to dispel any possibility, I used a Netherlands search engine and entered some strings (Nederland **********, Nederland **********) that brought up only 1 or 2 results. http://zoek.lycos.nl/ So the hit level that far exceeds Canada, UK & Germany is still a mystery.

Thanks again for your assistance.

However, it didn't end there. A few days later our security department got a call from the FBI requesting the logs for the site, citing privacy concerns our security department declined the request. The response from the FBI was basically, "that's fine, we're pretty sure this is a non-issue."

So far we haven't had any more crazy tickets from that customer.