Slashdot Mirror
Laptop Thief Caught via AOL Login
Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
Mac address perhaps ?
More than likely, the computers had some sort of software built into them to 'phone in' and notify a central location of its IP address. Then they just traced the IP address to his AOL account. Not very fancy detective work, just standard stuff.
There may be some good in the fact that they are able to trace someone like this...but the ramifications make me shudder.
That and make me glad I am in Canada..
I guess the AOL software might "accidentially" transmit the ethernet hardware (MAC) id of the machine...
Maybe the computer systems were set up to call a certain IP address in the event that they were stolen. There's software like this for laptops already. If this is the case, all the FBI had to do was contact AOL to find out who was accessing the site, and from where.
The World is Yours.
a dailup account that already was on the laptop? I dont know AOL but would they really be interrested in what kind of unique hardware coonected to their network?
I would assume MAC addresses of the ethernet jacks/boards/whatever are being transmitted, no?
For a notebook-- this would be built-in, and probably tracable in the inventory. It would be pretty simple for the FBI to wait for a specific MAC address, trace the corresponding IP address, and then narrow it down to a router (now we have the neighborhood/village). It`s simple drive-around from there...
davejenkins.com |
I guess if AOL take a note of the hardware ethernet address (not surprising, because DSL lines aren't supposed to be shared, right :-) then just doing a query for the address on AOL's db would be enough to get a (very) shortlist...
Simon.
Physicists get Hadrons!
"You've got jail!"
1. When you steal computers, don't steal laptops.
2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
If you keep throwing chairs, one day you'll break windows....
Once in a while, yes, it is your friend.
But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...
Isn't it totally shocking to see how less companies take care to protect customer's data. Somebody should tell them that there's sonthink called encryption
The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.
This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.
No-one loses here. What's the story?
http://pcblues.com - Digits and Wood
Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...
Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?
Anyone care to give that answer that?
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted
If the guy tell the fbi his laptop got stolen, he may laos have given them some info about a recent internet connection which would have allowed them to find his mac address which was then looked for in some isps' logs until they found out who did it.
I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.
Trolling using another account since 2005.
Also the first thing I'd do is reprogram the MAC address (and ensure that the BIOS had CPU serial number feature disabled - if possible?).
I'm no thief, but I I were to try something illegal I think I'd plan it out a bit better first.
Did this machine have 'phone home' software installed?
Also, aren't most stolen laptops (and other computers) quickly sold on anyway? the perp is a total idiot for keeping it and using it. If you sell something in an untracable way, say to a guy in a bar for cash, then you're less likely to get caught.
That last line should have been...
"Anyone care to give that an answer?"
Which I had thought to change to...
"Anyone care to answer that?"
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
I know sometimes obscurity can be useful, but I still believe it is violation of privacy. Which means the thief should be set free since the methods that were used to trace him were unlawful.
When you install AOL it knows your "Master account" name. From there you can pick one of the other account names or use the "Guest" login feature.
My guess is that when the theif loged in they use the guest feature.
AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine
So if this guy installed his own software or OS on a stolen box and then got caught, that leaves precious few other options.
Processor Unique ID?
WindowsXP Phone Home?
Keystorke Logger?
In any case, it certainly appears that some "known" piece of identifying data was present and easily flagged.
I for one would like to know more about the exact method used, because if there is indeed some kind of government back-door that has the potential to circumvent encryption or anonymity, we ought to find out.
Maybe the FBI's "Magic Lantern" is a 2-piece system with 1/2 on the network, and the other half in the OS or the Silicon?
Maybe all the bank employees are being spied upon without their knowledge?
Maybe Patriot Act rears its head in the authorization of certain methods and practices?
If im correct ipv6 stores your 48 bit mac address in the last 64bits (wasteful) so that should make the fbi's job nice and easy
hmmm.
It just takes a few seconds, and being able to get it back in the event of theft is great peace of mind.
I use RegisterForFree. Better safe than sorry.
Not that this guy isn't a scumbag, but WF customers should be asking themselves how this breach of security could take place. Information like this should NOT reside on an unprotected laptop. Someone at WF is VERY dumb.
How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?
I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...
I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Using a GUID or UUID you can track specific computers/users. A little more reliable than a MAC address as far as AOL's software goes (since the guy could have just changed modem/network PCMCIA cards or something). Not to say spoofing isn't a possibility, but the fucker used AOL. How likely is it he knows what the word "spoof" means?
cached Google description of GUID
It just be something as silly as the dial-up/broadband connection being bound to a windows login through a domain server. As soon as thief logged into AOL they get a Username and Password prompt for the Walls Fargo domain. For all we know, he could've paniced and accidentally hit OK.
An invalid password for a user whose laptop was nicked from a whacky AOL IP address sure sounds suspicious to me.
I know they can trace the IP to a general area, but how were they able to find his street and address(even assuming they had the MAC)? Just curious, that's all.
A blog like any other.
He logs in to his AOL account, in his real name, from a stolen laptop?
Man, I would have just removed the hard drive, imaged it, and put the image up on Kazaa or Limewire or what have you. But then again, B&E at a bank was never exactly my style.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
what IT idiot at Wells Fargo let users run AOL from within the corporate firewall?
stupid if you ask me.
Anyone prosecuted as a result of this could probably claim that the information was obtained unlawfully from the PC, unless the AOL EULA actually states that certain items of personal information will be collected by their software during login.
"Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
Same old stuff, user account, billing address, name on the acount, shit you dumb fucks! Did you not read the article? Phone home stuff? Hardly, simply stupid user error from a thief. Hardware identification??? Get real. Sure it can be done, and MAC address might a part, yet you can spoof a MAC address. Come on you technoweenies. Read , Research, and stop posting drivel.
US 6 5 3 4 1 2
If a company is stupid enough to store customer information as sensitive as this on an easily removable (i.e. stealable) machine it should be heavily encrypted.
Maybe if they used Apple Powerbooks and OS X they could use the 'File Vault' feature. As well as this similar features as available for Windows and Linux. What do you think?
that's right. this stuff is unbreakable, & wwworks on several (more than 3) dimensions. it's a real nightmare for those involved in unprecedented evile.
creators want compensation for planet use/damage? (Score:mynuts won)
by Anonymous Coward on Friday November 28, @06:57AM (#7581317)
not really? they just want US to stop wrecking it/killing innocents.
they're not just kidding about that.
the daze of the felonous ?pr? ?firm? scriptdead payper liesense georgewellian fuddite corepirate nazi softwar gangster stock markup execrable FraUDsters, is WANing into coolapps/the abyss, at the speed of right/light.
consult with/trust in yOUR creators.... almost all of us will be seeing the light.
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
This is just the stuff you can see, in
Program Files\Aol 8.0\SysInfo.ini
God knows what's being transmitted behind the scenes. And no, I would not have been using this evil poison code if I had had any choice :(
Sensitive info deleted. And some that probably wasn't sensitive is obfuscated, but hey, I'm paranoid...
[SYSTEMGOTO]
TotalDiskDrives=TotalDiskDrives=7
DiskDrive0=DiskDrive0=Floppy Drive A:
DiskDrive1=DiskDrive1=HardDiskDrive C: FreeSpace: 2345 MB , TotalSpace: xxxxx MB
DiskDrive2=DiskDrive2=HardDiskDrive D: FreeSpace: 189 MB , TotalSpace: xxxxx MB
DiskDrive3=DiskDrive3=HardDiskDrive E: FreeSpace: 8325 MB , TotalSpace: xxxxx MB
DiskDrive4=DiskDrive4=CD-ROM Drive F:
DiskDrive5=DiskDrive5=CD-ROM Drive G:
DiskDrive6=DiskDrive6=CD-ROM Drive R:
AppPath=AppPath=C:\Program Files\AOL 8.0
AppVersion=AppVersion=AOL xx.xxxx.xxx gb (a)
Processor=Processor=x86 Family 6 Model 8 Stepping 3
PageFileUsage=PageFileUsage= 98% free
Memory=Memory=448 MB total ( 48% load)
OS=OS=Windows xxxx
Video=Video=800 x 600 , True Color (32 bit)
Browser=Browser=Microsoft IE Build 6.0.xxxx.xxxx
Multimedia=Multimedia=CD-ROM , Sound
AppSerialNum=AppSerialNum=
[STATUS]
NumSessions=NumSessions=1, 2, 1
NumAbnExits=NumAbnExits=100.0%, 0.0%, 0.0%
InstallDate=InstallDate=xx/xx/xx
OrigVersion=OrigVersion=xxxx.xxxa
SessionSpeed=SessionSpeed=32000 bps
[ERRORLOG]
Error1=Error1=23:22:22 7/20/03 Address Book Sync Checker Timeout
Error2=Error2=22:22:22 7/20/03 ABSyncError:233
Error3=Error3=22:12:33 7/20/03 You have not completely filled out this form.
Error4=Error4=21:47:24 7/20/03 The modem has reported that there is no dial tone.
Error5=Error5=18:56:28 7/20/03 Attempt 1) [Modem: xxxxxxx-SM PCI Modem on COM3] The modem has reported that there is no dial tone.
[CACHE]
CURCACHE=CURCACHE=0 KB
MAXCACHE=MAXCACHE=1024 KB
[NETWORK]
CPUMake=CPUMake=Intel Celeron
CPUSpeed=CPUSpeed=xxxx
USB=USB=Detected
NIC=NIC=Not Detected
Adapter1=Adapter1=Name: WAN (PPP/SLIP) Interface, IPAddress: xxx.xxx.xxx.xxx, SubnetMask: 255.255.255.255, DefaultGateway: xxx.xxx.xxx.xxx
Adapter2=Adapter2=Name: Realtek RTLxxxx(AS)-based Ethernet Adapter (Generic), IPAddress: xxx.xxx.xxx.xxx, SubnetMask: xxx.xxx.xxx.xxx, DefaultGateway: xxx.xxx.xxx.xxx
Plugin1=Plugin1=Name:Viewpoint, Version:xx,xx,xx,xx
Plugin2=Plugin2=Name:Direct Draw, Version:xx.xx.xxxx.xxx
Plugin3=Plugin5=Name:Shockwave Flash, Version:xx,xx,xxx,xx
[CONNECTIVITY SUMMARY]
Device1=Device1=TCP/IP: LAN or ISP (Internet Service Provider)
Device2=Device2=Modem: xxxxxxx-SM PCI Modem on COM3, Default Device, ModemSetupString: Axxxxxxxxxxxxxxxxx,x;xx4xM, PPPSetupString: , AlwaysReconnect:
TotalLocations=TotalLocations=1
Location1=Location1=TotalConnections: 3, Name: Home, Tries: 5,Current Location
Connection1 at Location1=Connection1 at Location1=Name: xxxx xxx xxxx (1) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0
Connection2 at Location1=Connection2 at Location1=Name: xxxx xxx xxxx (2) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0
Connection3 at Location1=Connection3 at Location1=Name: xxxx xxx xxxx (3) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0
Nothing particularly sinister. The "hooks" they have is probably caller ID on the modems. If he connected via DSL, they have the port he connected from (via the IP or MAC address). AOL is probably completely free to give out that information, with no need for wiretap authorization.
That's the last time I steal a computer to login to AIM again.
Comment: Yes I realise the username 'fuckfuck101' makes me sound intelligent, no you cannot buy it from me.
Avantslash - View Slashdot cleanly on your mobile phone.
I found this version posted on www.securityfocus.com. It says the thief used the laptop owner's dial-up AOL account, which the FBI had asked AOL to monitor.
" Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
That is a bit of a conspiracy theory. It is just the PC Call Home software such as http://www.absolute.com or any of the others.
My only suggestion for laptop owners is to get the most difficult to remove laptop security software. There is none that is impossible to remove, but stuff that resides in the MBR, etc will make life much more difficult for the thief...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
Daniel
http://people.cinn.ca/daniel/
You don't need the hardware information if you already know the owner's account name..
"It's too bad that stupidity isn't painful." - Anton LaVey
his Mac address and machine name.. what an idiot
Don't Tread on OpenSource
Answering cnelzie I'd say that you just have to format the HD and install the OS to have a new fresh machine. But this broght me some though: 1) a fresh new install would also inform AOL the computer's MAC address? 2) does AOL maintain a database of USER_ID - MAC addresses? if so.. what for? 3)I don't believe the idea the WF keeps the MAC address of every computer the sell.. If doing so.. what for?
Perhaps they used the SMBIOS Serial number
SMBIOS fields such as make, model, serial number and chassis type are populated on pretty much all tier 1/2 machines these days.
SMBIOS table method extraction is really safe, really fast, non-intrusive and can be performed with basic level user access (doesn't require local administrator) on any Windows box without any resident drivers or services (unlike DMI).
Moving one step futher - The collection of SMBIOS information by a large ISP such as AOL would allow for some pretty sophisticated profiling for future service provision.
From a big brother perspective, SMBIOS will not tell your ISP your name, your credit card details or what you've been doing since your last online session.
For example, they could profile users by processor type, or memory capacity, they could even send out email offers to users who had free memory slots.
Back to the point - It would be relatively easy for ISPs to be given a 'stolen' list to compare detected serial numbers against, customers just need to use decent Asset Management processes so they know what was stolen........
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
i bet it wasn't that complicated.
fbiAgentd00d99: Yo man, what's up?
LaptopThief2310: Not much, i just ripped off some computers! HA HA WOOT!
fbiAgentd00d99: SWEET!
LaptopThief2310: Yeah I rockxxorz. Now I'm takin' a pic of me, an all the computers i stoled w/ a sony cybershot i "found".
fbiAgentd00d99: You pwn3! Send me that pic! I'm gonna put it on my website!
There we have it folks, probable cause, as well as an IP address.
Basically, it's legitimate spyware. I've personally never used the product, although we are about to evaluate it.
Never email donotemail@WeAreSpammers.com
You start thinking MAC address tracing and stuff.
The guy dials AOL. Opens Mozilla. Mozilla sends cookie PREVIOUS_LOGIN_NAME=WellsFargoLaptop. AOL admin greps log. Calls police. Police does phone caller id trace.
No sinister government MAC tracing conspiracy required.
Were they not running a password protected operating system, at least Windows 2000 or Windows XP?
You must be kidding, but I'm not sure.
It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy.
Done it a couple of times (on Windows 2000), for users who didn't know the admin password.
First of all, what kind of idiot steals a laptop? Those things are usually laden with security software and things. Second of all, this guy is a idiot for dialing up HIS AOL account on a STOLEN computer. That is just retarded. I mean, it is tied to your credit-card number/other personally identifiable information, IIRC. Third, it is most likely an ANONYMOUS hardware identification system, like the VIN for cars, only anonymous. This does not bother me one bit, no one knows about the number until your stuff gets stolen. Good idea, that would probably cut down on insurance fraud of people claiming to have their laptops "stolen", when in reality they just kind of hide it for a while.
I hate sigs.
If this is anything like 95% of the windows laptops I know of, it was littered with bonsai buddy and RealPlayer and Windows Update and tons of other calling home crap. And more than likely, this bozo didn't format the PC or anything else. All the FBI would have to do is find out whats on the PC, and contact these companies for that software's unique IDs.
There is no need for any "Phone Home" software or anything sending the CPUID to AOL. The story is much simpler than that and rather low-tech:
Nothing exceptional here. The FBI does not need any strange hooks into AOL. They only need stupid thieves. Case closed.
-Raphaël
It's simple. Everybody wants thieves to be locked up, but nobody wants to live in a police state. This means that we applaud whenever the authorities apprehend a baddie, but we boo whenever they give themselves even more powers and so bring the darker possibilities one step closer. There is nobody to guard the guardians, so we defend ourselves as best we can, by trying to postpone the day when their control might become total.
The two things are directly related, inasmuch as in a police state there would certainly be much less crime, since freedom cuts both ways. What you see as a conflict is just a reflection of this inter-relationship. We have to do both if we wish to safeguard both our present and our future.
Canada, 3 6 5 4 1 2
I had one of my notebooks stolen at the LA airport. I had one in my suitcase (there's only so many I can carry) because of a conference. One of the baggage handlers must have helped himself to my notebook.
...
The funny thing is that the notebook was my personal, and because I did travel a lot at the time, I had an AOL account for convenience. Out of a whim, I called AOL and asked them for a log of my sign-ins. Lo and behold, turns out whoever stole my notebook was using my AOL account to surf! I pleaded with the tech person to at least give me the IP address so I can track the thief down. He sympathized with my problem and passed me to one of the network engineers who was very keen on helping me. I got the IP address and the phone number that he used to dial-in. He said that the Telecom department could give me the number that was used to dial in to AOL but I would have to get law involved as certain FCC regulations prevented him from sharing that info.
So I collected all the info and sent the report to the security officer at the Airport, a copy to the LA sherrif's dept and another one to my insurance company (who I had hoped would be keen to solve the problem). After a few calls, I got nothing. Turns out that theft like that happens a lot at the LAX and the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.
The good thing is, my home insurance covered the theft, so I got a better model for basically the amount I paid for my notebook a year prior (minus deductible).
This was pre-2001 btw
Wearing pants should always be optional.
You are wrong. Read the story and the many comments posted here: the guy was using dial-up with a stolen AOL account. That means no MAC address, but a phone number instead. And a phone number means a home address. Then he got caught. What a surprise!
Did you read the article? There is nothing related to privacy in this story. No stealth software allowing the laptop to be traced. It is much simpler than that: the thief used the AOL account found on the stolen computer and connected to AOL using his own phone. The phone call was traced back to his home, and then he was caught.
There is no story, and no real need to bring privacy into the picture. Sure, all you wrote is true. But it is irrelevant for this story.
...when almost nothing is known about a topic...
(I dont want to be Jacko at the moment =;-D)
The checkbox said "Requires Windows 98, NT, or better. And so I installed Linux
A subject not considered yet is the idea that the guy had sensitive customer data on his laptop. Why is that not immediately considered a problem by everyone? Especially by Wells-Fargo security people? I am not a security ace, but when did that become ok? *cragen
You should read this comment or that comment. Both of them explain what happened. No MAC address involved.
Contrary to the Luddite tone of most reaction here, I suspect the only "hooks" the FBI had into AOL was a subpoena. I lived for several years near AOL in Loudoun County, Virginia. Law enforcement officials looking for info from AOL routinely sought subpoenas from judges in that jurisdiction. Sometimes they got them, sometime they didn't.
Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.
The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?
-- Slashdot: When Public Access TV Says "No"
What kind of moron steals a computer, hooks it up the internet without first 1. formatting it. 2. installing a firewall. 3. resetting the rule on any installed firewalls to only allow certain programs you know access to the internet. 4. uses someone elses account when it's just as easy to get a "new" account with AOL 5. uses AOL 6. Does it from their home. You would think that if this dipshit did this stuff for a living he would be better at it. Maybe he was fired from his job at the RIAA.
No matter how the guy was caught, simple or complex, the fact that the story comes up at all opens several interesting cans of worms.
We give ourselves, our populace and our government, a lot of credit. We walk down the street trusting people we wouldn't let drive our cars to make an intelligent decision on who should enjoy personal control over a powerful army and a large nuclear arsenal.
We live under a government made up of mostly of obscure appointed functionaries. During the last election, John Ashcroft was a man so despised by the people who best understood his personality and performance, that his first contribution to U.S. history was losing an election to someone the electorate knew to be deceased. Michael Powell first broke the surface as chairman of the FCC by vociferously supporting measures to further consolidate ownership of America's broadcast media.
We trust faceless strangers to *NOT* use terrorism as an excuse to pass nasty laws that sidestep the principles which define us as a people.
Now, it is perfectly possible to imagine that the person who stole the laptops was the kind of (darwinian) mastermind who *would* log on to someone else's AOL account, using their stolen computer from their home connection and leaving us to ask, 'Hey, why not just turn yourself in...?'
Be that as it may, as some pieces here and elsewhere have shown, at all levels, governments are happy to adapt law and technology to purposes that civil libertarians dislike with good reason. This time it was nothing, but one day, it could very well be something that makes us all wish we could go back to telephones and paper.
The point that started this thread might very well be moot, but unless you are completly satisfied with whom we have in office and whom they have appointed to positions of power most of us are scarcely aware of, you have to wonder what things will be like when things are different.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
It seems this guy used an AOL account already set up on one of the stolen laptops to dial in to AOL. All AOL had to do was check the records for that account to identify the telphone number used to make the call.
This is equivalent to stealing someone's credit card, using it to fund a trip to Las Vegas, and being surprised when the police knock on your hotel room.
-- Slashdot: When Public Access TV Says "No"
Time to start using IP spoofing. Even if your on a Windoze you can do it thanks to raw sockets.
Red eye's at night, Hackers delight. Red eye's in the morning, Professors Warning.
This is the first thing that popped into my head. What the hell was the employee doing with sensetive client customer data on his frigging laptop? With a AOL client software? If I were his boss, he would be hearing some well chosen words from me...
The guy obviously didn't know what he had, he didn't steal it for the information.
Company goes to police, police call ISP and demand info. ISP refuses, citing numerous data protection laws. Police remind ISP that hey we're the police shithead and by the way looks like your car's illegally parked. ISP caves in and gives info.
Still it's amazing that the computer actually was recovered, I can't honestly imagine myself being taken seriously when reporting a theft then trying to explain how IP address tracing could help.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation
In relation to setting him free, I've heard of at least one case where someone walked free from a murder case due to the DNA evidence being invalidated; the DNA sample the police used to track down the killer was held longer than it should have been. In short, the guy definately killed someone, but legally the police shouldn't have been allowed to present the DNA evidence which convicted him (IIRC, he got off on appeal). Is it fair that a murderer walks free because police kept evidence for too long? Procedures are all well and good, but in my mind, justice should override that.
I have done something similar with yahoo auctions. At auction end I type the seller's name into my IM client. It registers that name under all IM clients.
I always request a phone number and email address if I pay by Paypal or PayDirect. If they don't give it to me and I can't validate it, I don't send the money.
I have sent money in the past; rather blindly. I have been able to catch two sellers by just pretending to be girls interested in them, through IM. I got their actual phone numbers and even got one ready to pick me up and meet me for a "date" LOL.
Of course it was a lot of hassle.
If you can catch a criminal at their own game - that's justice.
I wish eBay wouldn't have eliminated the contact information request without having a transaction with the othert party. Most sellers that cheat me on Yahoo, also have aliases identical on eBay.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
Imagine the look on a 14-year old filesharer's face when they're computer announces "you've got jail!" immeadiately after they install Kazaa.
nt
Fuck Beta. Fuck Dice
The guy that was caught was caught because like most criminals, he's stupid.
What none of the level 3 or higher posts have mentioned in all the theories flying about is the phone home (to bios manuf I think) that the bios' in most laptops have now.
Don't remember how it works, but the bios has the ability to alert the bios manuf or a third party automatically as soon as connected to the internet after being stolen. From what I remember reading, it may not even require owner intervention to enable the phone home feature. Maybe just notify manufacturer that laptop is stolen?
Sorry, don't have the article. I read this about a year ago somewhere online discussing the bios' from several manufacturers having this ability.
We configure the built-in windows dynamic DNS for all of our systems. If someone steals it and connects it to a network without bothering to reconfigure, their IP address will show up in our DNS logs. WINS works the same way. Not perfect, but free and easy.
ES
- If I had all the money I spent on cars, I'd spend it all on cars.
AOL logs your thumbprint if you use the thumbpad mouse :P
And this microphone hole in my monitor is really sampling my breath or somthing.
insert win98 boot cd /u
format c:
install windows ME or 2000 or XP PRO CORP
sell quickly.
I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.
This story sounds just too weird for me. First of all there is a bank that stores sensitive customer-related material on a laptop. How can this happen in the first place? Why would anybody do this?
And how can you let that computer get stolen? Since when do people leave sensitive stuff open in their offices? Why not simply lock it away?
Second, how can that thief still use the laptop? Because When you really have to store sensitive data on such a machine, you would do everything to secure this machine, right? At least strong Passwords in the OS and the Bios...
Or maybe that user was logged in when the laptop was stolen? That wouldn't make the situation much better though.
Also, would you install Internet Dial-Up on a machine that carries sensitive data? I don't think so. The news post aren't really clear in that matter, but if it was the private account of the notebook owner, then i ask myself again: 'How can this happen?'. How can a company allow personal internet dial-up on a computer with sensitive data?
And then why in the world would anybody use a dialup-account on a stolen computer? That's just so stupid...
Anyway, my impression from this whole story is that the guys at WF did a sloppy job in securing sensitive data and had more luck than they ever deserved in finding that thief.
Set your ISP account to remember your password on your laptop; it's your best chance of catching a thief.
Why do you think that AOL is spying you? What about this very simple scenario:
Fred sets his laptop up to log into AOL with a default account and password. The crook seals the laptop. Fred calls AOL asking what ANI-reported telephone number his account has logged in on since the theft. AOL tells Fred the phone number. Fred reports the number to the cops. The cops get reverse directory information from the phone company (without a warrant unless the number is unlisted.) The cops ask Fred to ask AOL to inform the cops upon the next login. The crook logs in again. AOL calls the cops. The phone numbers match. Cops bust down Crook's door without a warrant because they have knowledge that a crime is taking place. The crook is busted.
ZoneAlarms Bitch! The new ZoneAlarms uses GPS in case your computer is stolen!!!
true, but what about BIOS passwords? And then again why would that thief be smart enough to get the passwords but smart enough to avoid somebody elses AOL account?
Its ok to point out the mistake, IMO, but FGS, tell him what he is doing wrong.
If he never took the time to do highschool, is he even going to bother looking up why you advised him to change the word?
Grandparent:
Threw is the past tense (means you already did it) of throw, as in PReD threw a brick at the parent.
Through means to pass between the inner restrictions of something, as in go through a tunnel.
No, that's OK, don't mod me up +5 informative, I don't need the Karma, but all donations are gratefully accepted.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
But he used his own AOL account.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Really.
To the rest: Offering complete goofball theory after complete goofball theory, briefly resting only to scream 'violation of privacy' then going back and suggesting another goofball theory impresses nobody. CPUID/NIC MAC/Windows/Office/[you-name-it] identifers or serial numbers are not immediately accesssible just because you have a PPP sesion going over your modem. If a phone-home feature was installed, then fine, but that's a completely different story.
Another hilarious example was the the default-route theory, which someone suggested as a 'dead giveaway' to the feds. Hello!? Even if the routing table was accessible, routes associated with a NIC wouldn't be *in* the table unless the NIC was active, and the setting would only be visible in the registry, not typically accessible to the world, nor routinely queried by an ISP. And never mind the statistical probability that a corporate NIC is configured for DHCP, thus it wouldn't have a default route to begin with.
I simply can't believe the amount of idiotic pseudo-techies posting and feeling BIG because they could incorrectly apply page 254 of the MSCE prep guide to formulate a crackpot theory.
Bleeeeeeeeeeeechhhh.
I predict bank contractors all over the country are learning about Entrust over the next few weeks. It's like cfs, only under Win32 and with likely backdoors and corporate centralization of administration and key escrow and big brother (anyone's management chain can gets summaries of all their underling's files updated whenever they touch the server e.g.)
mod parent up.
Yeah, not quite. It says that he used his own account. So it's not like the FBI is looking for a specific AOL account to be used and then tracking it.
More likely is that there was a seperate piece of software "phoning home" over TCP/IP, giving the FBI the IP address. They know it's AOL at time yadda yadda and AOL gives them the number that was used to connect to the service, which gives the address.
Still a lot of help from AOL's needed. We can only assume they had a court order or something. What happened to ISPs protecting user's identities?
----- rL
I think I fragged someone yelling "Woo Ho" yesterday in America's Army... don't think they were named Doreen, tho...
John
A sojourn in the slammer might just do the trick.
true, but what about BIOS passwords?
In all the cases I have seen this problem, it was enough to remove the CMOS battery for a few seconds. It may be a bit more difficult with notebooks. For one, the case takes a bit more time to open. Then the battery may be soldered? Never had the problem with a notebook.
And then again why would that thief be smart enough to get the passwords but not smart enough to avoid somebody elses AOL account?
Indeed. Good point.
But I wasn't thinking about that specific looser, just replying to a general comment from someone who seemed to believe passwords were efficient protection.
So it sounded usefull to remind that there can be no security when physical access is possible.
Known stolen AOL account + phone number recorded by any ISP (radius does it by default) + call to phone comany by FBI = physical location.
No magic.
He tried to kill me with a forklift!
Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said.
So of course he was easy to pickup, he was using the stolen ip of the stolen machine on his AOL account, QED.
in my life God comes first.... but Linux is pretty high after that
Francis Smit
All this fuss, just because Yahoo messed up:
/.
elsewhere on
"He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address"
AOL KEYWORD:
GO FEDS
This issue is a non-issue. Cease discussion on this topic immediately, or continue to be morons.
Seriously we do. What kinda of thief, master mind, idiot, what ever you call him/her would still a computer_and_keep the same OS on it?!?! At least as other people have pointed out change the freakin NIC for typing out bold! But in general why not format the HD about ten times, take the NIC out, change the BIOS settings and then install a whole different OS of you choice. Granted more should be done like going out and buy a laptop instead of stealing one.
This allowed authorities to eventually trace the call back to Krastof's residence, said the Police Department's White, who acknowledged that cracking the case was, as much as anything, a matter of pure luck."
SOURCE:
http://www.sfgate.com/cgi-bin/article.cgi?file=/ c/a/2003/11/27/MNGUO3BN101.DTL
If by 'own', you mean his brand new own stolen AOL account that was on the laptop, then you're 100% right! If not, well, better luck next time.
The explanation is simple - he dialed up to the internet with dialup networking connection that alredy existed on the laptop. Possibly this was to an ISP, or possibly to the corporate net. The owners of the machine were looking out for this. Then he fired up a webbrowser and checked his AOL mail. The security guys then have the IP address, and so they ask AOL, which AOL account was accessed by xxx.xxx.xxx.xxx at such and such a time (they can't tell themselves because of the SSL). Easy.
MOST people that steal laptops aren't smart enough to know how to recover passwords using the methods you described. Also, MOST of those password recovery tools are rather pricey.
If they can't use the Laptop, they HAVE to format it and reinstall, if they are that smart, or they have to take it into a computer store somewhere and get someone to install an OS for them.
At the VERY least, proprietary information could be kept more secure, especially since MOST thieves would have to format the machine and put a new OS onto it in order to be able to use the laptop.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
All AOL have to do is log the user ID and the incoming phone number of the account. This identify where the person logging in with their ID. It is that simple no need for CPUID or MAC addresses. Like users write all that down anyway. Even if they have masked their number the Telecoms company company record all calls so the can bill people. In fact if I recall correctly when canceling AOL they ask you the last time you used it and why are you canceling so it would be likely that canceling process would raise this.
on the head. WTF is a laptop with CC info doing connecting to AOL?! I think that's why we see the discrepancy here:
The Yahoo statement:
Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said.
and the Herald statement:
"He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address,'' White said.
Not so easy as pulling out batteries on laptops.
If you lose the CMOS/Bios password you usually have to RMA the laptop back for a new bios (unless you can find it and solder or replace it yourself). Thus requiring receipt or tracking of serial numbers of which any big company can cross reference against service contracts.
he didn't reset the ip address of the machine
he was using the stolen ip of the stolen machine
[cringe] You can't "steal" an IP address in the sense you suggest. Every time you log on to AOL you are given a brand new IP address.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
I downloaded onto floppy disc the program here and had reset the admin password on my Win XP box within seconds. Never seen anything so simple in my life. Though others recommend LC4 which also works.
Phillip.
Property for sale in Nice, France
Nice post, jackass.
1. Install new os (read: linux)
2. Spoof MAC address
3. ???
4. Profit !!
Now, if they'd said it was a Big Mac address, at least I might laugh.
Mencken had it right. So glad that's old news.
You think that someone who uses AOL would know how to do all of that?
Prevent email address forgery. Publish SPF records for y
okay, since this discussion has gone haywire, I may as well ask an off topic (kinda) question. Lots of people are mentioning that you can use dynamic dns or special software to alert you to where your stolen laptop is. But it seems they all require you to allow the thief to completely log into your system. w00t ??!! I have THREE passwords to get to a desktop on my Linux laptop. BIOS, LILO, user. So Im screwed right ??? If I want some theft security I have to give up my data and day to day security ?? anybody know solutions ??
Actually, there are floppy images floating about freely that wipe NT/2K/XP passwords. They amount to miniature Linux distros that convince Windows that the account has no password. A Windows admin's best friend, I daresay, because there'll always be the user who loses passwords.
Again... Most thieves do the snatch and grab because it is convenient and have little to no desire to get involved in any of the intricacies of actually knowing how to circumvent any security on anything that they have stolen.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
The equivalent of that just snuck in the back door- any computer with built in networking hardware automatically has a permanent uniquie ID via the Mac address. Built-in means you can't switch the network card, and you probably can't change the Mac address in the BIOS. um, oops!
Now the article didn't say how he logged into AOL- he could've been connected via DSL and possibly used the included networking hardware to do it, nailing him with the MAC address.
Like that in the UK. The Police are too busy catching people doing 80mph on the motorway to bother with the boring stuff like murder and gangland shootings
By the way, THANKS for the seemingly endless streams of idjits doing silly things on the carriageway, makes for GREAT TV viewings!
You people are overcomplicating a very simple situation. He works at a hardware store and steals computers (?!?!), the solution can't be that complex.
The laptop belonged to a 'consultant' of WFB, not an employee. Which means WFB had no control over it (Don't ask me why they allowed it on their network in the first place!?!?). The result is that you end up with a laptop full of all sorts of crap. Most of it was probably set up to autostart on autologin. Our friendly neighborhood laptop thief probably plugged it into his "4 port DSL router" when he got home. When he fired it up, it connected 'automagically' to AOL using the stolen screen name. Upon noticing that, he either quickly logged out and back in as himself (phew! that was close) or another computer behind his DSL router was already logged in as his usual screen name or had been recently.
Don't over estimate the abilities of the hardware store employee-laptop stealing community. You'll get burned every time.
Either way, it has to be what most of us consider a dumb mistake and he's probably kicking himself right now.
(he used the AOL login on the computer)
I'd bet AOL and its "partners" use cookies to track users and target ads. If the former owners give the FBI their account info such as an AOL account name then they should be able to pick up the cookie trail and follow the ip address to the phone line.
except if they were that bright would they still be using aol to connect to the interweb?
Any transaction that goes in or out has at least two records -- the one on your computer and the one on any other computer that's on the other end of the transaction. Most users are pretty careless about trashing their histories in order to save space, memory, etc. But something tells me the federal government would prefer to just spend more on bigger and better storage equipment and faster memory in order to contain every miniscule detail of information they can.
Oh REALLY. Like...two way spying devices in EVERY room of EVERY house, and mind reading devices?
We must be living in rather different worlds my friend...
Please help metamoderate.
Considering how many more people die annually from traffic accidents (speed often considered a contributing factor) than murders, I'm inclined to be happy with that situation.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Here's an article about how someone got back his sister's stolen mac using Timbuktu and help from usenet.
Don't you guys realize that MAC addresses can be changed? It is fairly easy to do with software, but extremely hard to do directly to the hardware.
If you guys really want to know how the government does the forensics, read "Computer Forensics: Incident Response Essentials" by Kruse and Heiser. Well written book that is easy to read and teaches you a lot about this type of stuff and also analyzing machines.
It is easier to read the book than prove that Big Brother is out to get you.
"It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy."
The password recovery tools that have worked in the past, don't seem to work very well on more recent versions of windows. The last time I needed to do this, none of the freely available tools worked.
-fb Everything not expressly forbidden is now mandatory.
That Diebold uses commonly available software that reports home whenever the system connects to the internet, just in case a machine is stolen.
Slashdot users are such a bunch of paranoid freaks!
Just because you're paranoid doesn't mean they aren't after you... But why would they need information on your hardware other than the phone number that was used to connect to AOL?
download this software from Pentium: It's on this screen
Nothing exceptional here. The posters do not need any strange hooks into the article. They only need an uninformed opinion based on the headline. Case closed.
Yawn.
Apparently, someone thinks that the IP address is constant. That's probably why the reporter misparaphrased (is that a word?) Sgt. White.
Whoever wrote the story just plain bungled it.
Small local ISPs do not currently have any special hooks to the govt... there are no laws yet requiring us to. And since most smaller ISPs do not use any special software at all (the installation CD is just a new version of IE, with Netscape or Moz on the CD too), they cannot be detecting anything on your computer.
;-)
On a completely unrelated note, I work for a small ISP in Wisconsin that services the area from Green Bay to Milwaukee, and extending west of Lake Winnebago. Dump your AOL or Earthlink and go with a small provider that respects your privacy!* Go Dotnet!
* It's really not that we respect your privacy... it is more that we just don't CARE what you do online.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.
Delete the Sam database where the windows 2000 accounts are stored. When you startup again there won't be an Admin password. Same principle with linux and editing the shadow file.
Point of fact is there are very few desktop systems where you can't get root access so long as you have access to the machine.
Might be kinda interesting to install AOL and try and see what (if anything) it sends along with your user authentication to AOL HQ.....
maybe he spend ages cracking the login .. then logged in as Administrator ( like make users ) and tried to aol-connect ! .. hihi
I doubt very many ISP's will disobey a court order for this sort of information. I won't give out my customer's info without one, but I sure as heck will cooperate with them if they go through the proper channels.
Sounds like a neat system. If you want a beta tester for it, just post your address and the dates & times you leave your laptop all alone in your house, and I'll see what I can do!
HIV Crosses Species Barrier... into Muppets
If something like this ever happens again, try asking for your city council member and/or state legislator to put some pressure on the cops for you. That can sometimes get a case moved up the ladder, priority-wise. It would be particularly effective if your politician had also had a laptop stolen. There's nothing like a ticked-off politico to get a bureaucrat to haul his butt out of his chair.
Seems Reuters screwed up on the facts.
When I was buying my IBM Thinkpad, it came with a feature of calling home, should the machine be stolen. The call home mechanism is build in, and cannot be removed. What it requires is a subscription fee to activate the feature, sort of like LoJack for laptop.
For the people with sensative information, it's bitter price that must be pay.
It's way to obvious that most slashdotters are either:
a. Unix users or
b. Conspiracy theorists
I'd guess that the intersection between the two is enormous!
While I don't know how the AOL software works, one can easily imagine that it has something akin to cookies. So, if AOL issued a cookie to the previous user, that cookie would be held by the client software. There may be one or more cookie that would be machine, rather than user-specific, and would be sent back by a given machine regardless of which user account is used.
Alternately, it could be a GUID created by the client software, say on first use, and then sent to AOL upon connection.
A GUID is a Windows thingie, kinda similar to a cookie. It's a "Globally Unique ID". It's basically a hash of the MAC address and the current time. (But if there is no network card, there are other ways of making it machine-specific - Windows decides how.)
There are zillions of GUIDs used by Windows. They are typically used in the registry. But program data files often contain them - for example, Word files.
You can't reverse-engineer a GUID to find out what machine produced one. It's a one-way hash. But if you know that a given GUID came from a given machine, and you see that GUID again - you know that it came from the same machine.
(1 in a billion fluke excepted. The fluke could only happen in the case where there is no network interface on the computer.)
Probably, Wells Fargo reported to AOL that computers with those accounts on them had been stolen--perhaps simply to keep them from buying anything on company money or anything. When AOL noticed the login, they notified the FBI, who used normal techniques to get the account information.
This is not a scary Big Brother scenario; rather, it's a great model for how corporations and government can and should cooperate to fight crime. Does anyone here really think that AOL acted improperly by giving them the address of a computer and identity thief?
Hey, you try to find an open nick these days!
You wouldn't even need a lawyer; in this case you could've taken the law somewhat into your own hands by suing in small claims court. It sounds like you have enough evidence to win a civil suit against the a-hole that stole your computer. If the a-hole doesn't show-up, you win by default. If that a-hole did come to court, even better. You can ask to have him arrest after you win. At the very least it seems like he recieved stolen property. IANAL
ARP is a protocol (Address Resolution Protocol), the address in question is a MAC (Medium Access Control) address.
ARP can use a MAC address to resolve machine identification, IP assignment, etc
>> ...Slashdot is run by trolls for trolls. There's lots of banner revenue in trolling sucaks...
Exactly. Gotta keep those numbers up amd OSDN's creditors at bay.
Pity, though, that they have to demean themselves to do that.
-- Slashdot: When Public Access TV Says "No"
since you can't track a MAC address back across the Internet
While it is true you can't check a connected machine with netstat etc and say "hey, this machine has MAC xxx" there is nothing to say that a program can't capture a MAC address from local hardware and pass it on.
Generally, MAC address stop being readable somewhere after (correct me if I'm wrong) the local gateway. But a piece of software could still check the network interfaces and transmit it within a message to home-base.
Microsoft xp update Serial number
Email pop3.xxx.xxx server
Instant messenger auto login
Hot Mail
Laptop auto updates.
Heh, a practical use for spyware.
Back when I worked in the abuse department for a leading ISP, this was a daily thing. Why's it news? Beats me..
The dial-up equipment at ISPs keep a log on hand of the numbers you've connected from. The investigators get a warrant for this information, you email it to them, case closed.
The security guys where I work are fond of this story. We had someone steal a couple of college owned computers, and aparently resold one of them to a student halfway across the country. The computer had Norton Antivirus Corporate Edition configured to run as "managed" -ie it gets it's definitions of our servers instead of symantec's. Our network guys got suspicious when they noticed trafic on one of our NAV servers coming from several states away - turned out that the computer theif never changed the antivirus settings before selling it and it was trying to get virus definitions from us.
I have blog like everyone else
http://www.sfgate.com/cgi-bin/article.cgi?file=/ne ws/archive/2003/11/26/financial1853EST0113.DTL
Having just finished reading 1984 last night, I would like to know where it mentions "mind reading" devices anywhere in the book? The telescreens are obvious, we have torture and conditioning, but I don't remember any mind reading device...
If I did the first thing I would do is format the harddrive. I mean isnt that kind of common sense? That is, if you weren't trying to get information off of the drives. This guy said he didn't know that there was important information on there, so he probably was looking to sell or use them personally (although he may have lied about not knowing). And if he was trying to get information off of the drive, boot up with knoppix. I mean its a good thing that only dumb people are thieves. Writing a program that sends information out whenever there is a net connection isn't hard to do. If I stole these I would have assumed that they had something similar on there and taken every precaution. Neither side really thought this through.
Just because they have the IP that is not enough to trace the guy back to his house. He logged in a someone else's AOL account, they could get the IP from AOL. AOL could backtrack to the modem bank that gave out that IP.
The IP has no connection what so ever to someone's home when they are on a modem. So then AOL/FBI had to find out what phone number called and got that IP assigned, then they either looked up the guys address on a GOOGLE search or put the screws to the phone company to give them an address to the number.
Euphemism, what is that a euphemism for something.
at News.com claimed that the computer's IP address was traced. But how? Unless it was static and the guy didn't know, how would they trace it? If it has a static IP doesn't he need to change the settings to connect to AOL's network? I'm thinking there's something deeper here. Either they suspected him, or FBI has the capability to *find* you if they need to. I've always thought that we lived in a world which I couldn'd find something to compare it to, until THE MATRIX came out. Looks like (the real) agent Smith has prevailed in our world though.
The phaomnneil pweor of the hmuan mnid. Fcuknig amzanig eh!
http://www.crime-research.org/news/2003/11/Mess270 2.html
Check the above article. They say he logged into AN account registered on that computer. It could have been that he logged onto the Wells Fargo guy's account (with password saved). After all, he is a data thief, and not a very smart one apparently. If the FBI had AOL watching that guy's account, then they could have simply traced the IP Address. No big deal...if that's the case. It would help if the articles would be little more specific.
If you mod me down, I shall become less powerful than you could possibly imagine.
--I believe the site you are talking about is this, is it not? Correct me if I'm wrong. (I'm posting this because I didn't know about it before, and got nowhere trying www.arin.com.)
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
"Known stolen AOL account?" According to the article (and the writeup), he logged in using his own AOL. Somehow the authorities were able to link this login with the laptop itself, and that's what we're all discussing.
Those of us who troubled to read the writeup or the article, that is.
I read that as well. I was thinking to myself, "what are they smoking, the IP address wouldn't be the same if they're connecting to AOL by dialup."
$5 / month hosted VPS on linux = awesome!
Is the FBI refusing to divulge how they found out that he was on one of the stolen computers? Because if so that is a direct violation of the Freedom of Information Act. I sure as hell want to know if my computer transmits some form of identification information when I log in to my ISP.
What I am willing to bet that it really is though, without reading, is that the serial number of the computer led to the serial number of the nic, whether it be modem or ethernet, and then the mac address could probably be identified. Just my guess.
I'd be more interested in thoughts on the FoI Act thing though.
...of the byline in this very article that michael posted. Come on, moderators.
AOL (and all ISPs, as per law) keeps logs of which acct gets each IP. If you're LEA, you probably don't even need a court order to find out which acct had a given IP at a given time.
I'm sure the story is wrong and inaccurate in other ways, tho.
There's a space in news, that's the only problem with the link try:
e ws/archive/2003/11/26/financial1853EST0113.DTL
http://www.sfgate.com/cgi-bin/article.cgi?file=/n
Posting anonymously, so as to not tip myself off.
I think MS once recieved a very large batch of new 3com cards, all with the same MAC address. Needless to say it was a big mistake, and took some time to troubleshoot. Imagine upgrading/deploying ~300 NICS, all get link but they wont talk. No matter how you troubleshoot, your just not going to figure it out until you start sniffing.
Of course. Once they realized he was logged in with the stolen computer, that's how they traced his number and got his home address.
The question you should be asking yourself is, "How would they know that he was using the stolen computer in the first place?"
perhaps WF put some (not-so)spyware on their machines, and if they logon to the net, BAM! the IP address is made, and a traceroute grabs the identity of the gateway router, whois gets the ISP's info, tell the cops and you get one busted criminal.
Logistical Chaos Officer http://www.slagg.org - LAN Gaming in Sarasota FL,USA
My laptop doesn't have a floppy drive, watcha gonna do now smart guy?
My laptop doesn't have a floppy drive, watcha gonna do now smart guy?
:-)
Don't worry, I have the floppy drive. And the CD drive too. External USB.
Of course, if it's an old notebook without USB, the simplest is to put your hard drive into my desktop which does have a floppy to massage your admin password, and then back into your notebook
Moved to Archive at:
h ronicle/archive/2003/11/27/MNGUO3BN101.DTL
http://www.sfgate.com/cgi-bin/article.cgi?file=/c
... to write a script where on a network connection the computer attempts to access a server and basic security info about itself (i.e. IP address, CPU name, etc.). As the usage of AOL seems to indicate a lack of common sense in the first place, I would assume the thief wouldn't check for such a thing.
Be careful! Bears shouldn't consume large furry dogs.
As soon as a laptop is reported stolen, the Computrace people (a) check the last logged IP address and (b) send a special signal to the stolen device that causes it to lock up.
If it gets someone's stolen shit back whats the big deal. If you're being honest with your own laptop its a non-issue.
Now, if you're a criminal you might have a reason to be concerned.
"If you love someone, set them free. If they come home, set them on fire." - George Carlin
Wow. I have heard of typos, but to transpose words completely like that...its kind of strange.
When I first read it, I was trying to make sense of threw in its proper context, thought maybe it was some new slang for hacking!
Post apocalyptic gaming goodness
this looks as if the thief was simply attempting to log into the account of the *original owner*, which was preconfigured on the stolen laptop. Of course this is easily detectable and easy to trace back.
Routinely, the police bust people on unrelated charges and find apartments full of stolen goods. Sometimes they succeed in taking down a fence.
Then the police often can't return items to their owners because they don't have any record of the item.
Moving away from self-interest to social responsibility, reporting crimes makes it possible for the police to identify trends, prioritize patrols, and justify the budget for things like AFIS systems.
Ah, the many faces of Big Brother's love. It's so reasuring that so many non free software companies keep such close tabs. It would be beneath Big Brother's and your ISP's dignity to identify hardware, like XP does. God only knows that an OS call is too trivial for Big Brother especially when he has so much help. We might also be sure that our own masters who provide our daily bread have their own unique tracking software. Wells Fargo double plus good company, bellyfeel Ingsoc. We must support our troops in Eurasia. All else thoughtcrime. Kill Goldstien! Kill! Kill!
Friends don't help friends install M$ junk.
If you're going to rip off hardware from a large, powerful, incluential company like WF, make sure that you wipe the HD, toss the PCMCIA NICs and start from scratch.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Of course WF may have something hooked in themselves.
Probably the laptop contains a background task that auto-login to Wells Fargo once it connect to some sort of network. The moment he connect to AOL - the laptop gets a DHCP ip-address then the background daemon login to Wells Fargo telling another task that it is alive. That task would look up and notice that the laptop "secret key" is reported stolen. It then notify the Wells Fargo security and a reverse trace is then run.
They must mean MAC Address, the only way it could be IP Address is if AOL give fixed IP Addresses (for broadband) based on the MAC Address and then it's the MAC Address all over again.
Someone here quoted another - more detailed - article from SFGate where it was claimed that he used the AOL account he found on the laptop.
Mielipiteet omiani - Opinions personal, facts suspect.
"Shouldn't this be in the Your Rights Online section?
Obviously the constitutional rights of this poor thief have been grossly violated by the mean FBI guys"
How did this get modded down? It's a perfectly good point, and one I would have voiced had the poster not done so. Or has a "well-turned, insightful, pointed sarcasm" negative moderation category been added since the last time I had mod points?
I am not left-handed, either!
No, the SF article mentions that the thief didn't know there was any interesting information on the computer.
To protect your stuff, it is safest to not underestimate the intelligence of a thief. But most thieves aren't smart -- if they were smart they probably wouldn't be thieves.
Sounds like alot of people on here are just a tad bit hysterical. It's already been shown that the story was misreported by the mentioned source.
It's like the shootings at I-270 near Columbus. The newspaper said that a lady was shot and killed when a bullet penetrated the driver's door of the car she was riding in. If that's true, the driver was totally missed and she died. Obviously, they either meant that it hit the passenger door of the car she was riding in or it hit the driver door of the car she was driving.
Exactly. So this guy claims he had no idea what was on the machines... what if he was lying? What if the first thing he did upon booting up the machine was burn its contents to a dvd and mail that to his cohort offshore? Nobody's talking about this, and it's the real story here.
- First they ignore you, then they laugh at you, then ???, then profit.
I'm going to stick with the idea that the previous owner had it set up to dial home, somehow. Most likely, IE's homepage was set to the Wellsfargo website, which had previously stored a cookie with the previous owner's UUID in it. All they needed to do was set the Wellsfargo webserver to go off like an Xmas tree if it saw the UUID in another cookie.
Get the IP from the wellsfargo webserver, and ask AOL to finger the IP's lessor.
"The question you should be asking yourself is, 'How would they know that he was using the stolen computer in the first place?'"
My guess would be from the MAC address of the computer's NIC.
Ranges of MAC addresses are assigned to network device manufacturers much like IP addresses, only they are stored in the device's PROM.
You can change a device's MAC address, but it involves reflashing the PROM.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower