Slashdot Mirror
Laptop Thief Caught via AOL Login
Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
More than likely, the computers had some sort of software built into them to 'phone in' and notify a central location of its IP address. Then they just traced the IP address to his AOL account. Not very fancy detective work, just standard stuff.
I guess the AOL software might "accidentially" transmit the ethernet hardware (MAC) id of the machine...
I would assume MAC addresses of the ethernet jacks/boards/whatever are being transmitted, no?
For a notebook-- this would be built-in, and probably tracable in the inventory. It would be pretty simple for the FBI to wait for a specific MAC address, trace the corresponding IP address, and then narrow it down to a router (now we have the neighborhood/village). It`s simple drive-around from there...
davejenkins.com |
I guess if AOL take a note of the hardware ethernet address (not surprising, because DSL lines aren't supposed to be shared, right :-) then just doing a query for the address on AOL's db would be enough to get a (very) shortlist...
Simon.
Physicists get Hadrons!
The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.
This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.
No-one loses here. What's the story?
http://pcblues.com - Digits and Wood
Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...
Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?
Anyone care to give that answer that?
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted
When you install AOL it knows your "Master account" name. From there you can pick one of the other account names or use the "Guest" login feature.
My guess is that when the theif loged in they use the guest feature.
AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine
Not that this guy isn't a scumbag, but WF customers should be asking themselves how this breach of security could take place. Information like this should NOT reside on an unprotected laptop. Someone at WF is VERY dumb.
How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?
I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...
I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
Avantslash - View Slashdot cleanly on your mobile phone.
While this is possible, I find it unlikely.
Why? Because the feds would not put down investigative resources on a simple theft, especially from a private person.
I find it more likely that the original owner pleaded with AOL into checking whether the account had been used after stolen, and then again pleaded with them to give that information to the detective assigned to the case.
Which would be a perfectly normal story, if it had been a small ISP. The story here is that someone actually got a big ISP to check their logs and cooperate with the customer in informing the police, instead of just reading scripted responses from a call center in Bangalore.
Regards,
--
*Art
Did you read the article? There is nothing related to privacy in this story. No stealth software allowing the laptop to be traced. It is much simpler than that: the thief used the AOL account found on the stolen computer and connected to AOL using his own phone. The phone call was traced back to his home, and then he was caught.
There is no story, and no real need to bring privacy into the picture. Sure, all you wrote is true. But it is irrelevant for this story.
...when almost nothing is known about a topic...
(I dont want to be Jacko at the moment =;-D)
The checkbox said "Requires Windows 98, NT, or better. And so I installed Linux
Contrary to the Luddite tone of most reaction here, I suspect the only "hooks" the FBI had into AOL was a subpoena. I lived for several years near AOL in Loudoun County, Virginia. Law enforcement officials looking for info from AOL routinely sought subpoenas from judges in that jurisdiction. Sometimes they got them, sometime they didn't.
Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.
The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?
-- Slashdot: When Public Access TV Says "No"
If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.
The absolute gall that you demonstrated by being a lowly private citizen cannot be tollerated and our law enforcement agencies cannot and will not encourage such anti-social behavior.
Read, L
I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.
Set your ISP account to remember your password on your laptop; it's your best chance of catching a thief.
But he used his own AOL account.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Yeah, not quite. It says that he used his own account. So it's not like the FBI is looking for a specific AOL account to be used and then tracking it.
More likely is that there was a seperate piece of software "phoning home" over TCP/IP, giving the FBI the IP address. They know it's AOL at time yadda yadda and AOL gives them the number that was used to connect to the service, which gives the address.
Still a lot of help from AOL's needed. We can only assume they had a court order or something. What happened to ISPs protecting user's identities?
----- rL
" I think that I'd wipe the harddrive and install a new OS (read: Linux) before I even thought about connecting it to the net."
The only problem with that is that this guy was trying to pull off sensitive information from the box. But yes, if he had more than a couple of functioning grey cells he certainly wouldn't have hooked it up to any kind of public network until he had pulled off any useful information, done a thorough drive wipe (not just a format) and installed a new OS.
Of course, the FBI probably likes the less technically inclined computer lifter....
Not every crook can be The Napster, Left-Ear or Handsome Rob. Hell, most of 'em aren't, that's why they're crooks. :)
-sam
I was just here, where did I go?
If they have AOL, maybe they only have a modem therefore no NIC and no MAC address.
It WOULD be interesting to see what was actually sent and identified wit this laptop.
Maybe when AOL installes, a uniqe ID is assigned to the device. Wells Fargo reports that laptop (and the the name of the person who would normally log in with it) to AOL, who then can watch for the computer to log in. Once it logs in with someone else's ID, they can then look up that ID's financial information, which probably has an address attached to it. They would also have the Caller-ID info for the dial-in line.
Was the Wells Fargo employee using AOL already? Or did the theif install it after the fact?
Maybe Wells Fargo should consider keeping senstive customer information on a central file server so that laptops don't end up with that data on them when they are stolen.
Considering how many more people die annually from traffic accidents (speed often considered a contributing factor) than murders, I'm inclined to be happy with that situation.
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
Apparently, someone thinks that the IP address is constant. That's probably why the reporter misparaphrased (is that a word?) Sgt. White.
Whoever wrote the story just plain bungled it.
In fairness, this laptop represented a pretty serious amount of crime potential.
The laptop was stolen from a Wells Fargo contractor, and if contained a whole mess of Really Important customer data (social security numbers and what have you) that would have enabled any halfway competent identity thief to get all they needed to start opening credit lines.
The real issue here (which nobody's talking about) is how can Wells Fargo get away with this? Seriously, they left a mess of Real Important confidential customer data unencrypted on a highly mobile computer. Talk about negligence! This'd the the same as if they had customers dropping their night deposits into a large suitcase they left outside the front door of the bank (except in that situation all you stand to lose is one deposit).
Is it so much to ask that institutions who have our Really Import Data take some basic steps to protect it? This whole thing could have been rendered moot with something as simple and easy as an encrypted filesystem.
But nobody, nobody is talking about it. So they'll continue putting customer data on laptops, HMOs will keel putting patient records on tablet PCs or shipping it overseas for testing or whatever... I wonder what it'll take to change it...
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
No, I think he's referring to the other stuff from 1984, namely that the government can and does retract all printed newspapers and books and updates the history written in them at will.
Honestly, if people are going to rant about ever-closer dystopian futures, why not look a little deeper. The society of 'orgy porgy' infantilism that Aldous Huxley warned against in Brave New World is far closer in our 'sexually liberated' society. Then again, all the knobs rant about coming from that book is testtube babies.
The way High School teachers who forcefeed little snippets of Orwell and Huxley ignore the obvious anti-Stalinism in Orwell's work and the anti-cultural-infantilism in Huxley's work, one wonders if they are simply stupid or if it's a deliberate attempt to blunt the thrust of those works by corrupting the message.
A Good Intro to NetBS
They cared because the computer involved had enough information to carry out identity theft on many, many folks, they were probably investigating this as a potential large-scale identity theft case, not just a computer theft.
They say the number of folks involved was "a small percentage ... of Wells Fargo's 22 million customers." One percent would be 220,000 people. I don't know if it was even one percent, but I do know someone (not myself) who got a letter from Wells Fargo about the incident, I thin this was a very big loss of private data.
I'm a nature photographer.
_Laptop_
how many laptops do you know about that do not have builtin ehternet these days?
just because he connected over the modem does not mean that the AOL client could not look up and report the MAC address.
Is there anyone who has AOL that can verify if the client sends the MAC address????
If you're going to rip off hardware from a large, powerful, incluential company like WF, make sure that you wipe the HD, toss the PCMCIA NICs and start from scratch.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano