Slashdot Mirror

← Back to Stories (view on slashdot.org)

Laptop Thief Caught via AOL Login

Posted by michael on from the you've-got-jail dept.

Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

14 of 524 comments (clear)

  1. Get over it by marko123 · · Score: 3, Insightful

    The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.

    This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.

    No-one loses here. What's the story?

    --
    http://pcblues.com - Digits and Wood
  2. ...or maybe... by cnelzie · · Score: 4, Insightful

    Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...

    Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?

    Anyone care to give that answer that?

    --
    If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
  3. You know... by mental_telepathy · · Score: 5, Insightful

    I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
    Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
    And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted

    1. Re:You know... by jkleid · · Score: 5, Insightful

      "I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested."

      Authorities now have a sizable fraction of the technology possessed by big brother in the book 1984. Whether or not to fear that power is a matter of trust.
      _______

  4. Wait a minute... by cnelzie · · Score: 4, Insightful

    How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

    I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...

    I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...

    --
    If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
  5. There is no story here by Mr_Silver · · Score: 5, Insightful
    From SFGate:
    Investigators knew where to look for the gear not because of unusually intrepid sleuthing but because Krastof allegedly used the computer to log on to an AOL account belonging to the system's owner, Peter Gascoyne.
    Please remove your tin foil hats, the idiot logged onto the AOL account of the person he stole the laptop from. The police and AOL merely traced it back to his house.
    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  6. Re:PC call home by miu · · Score: 4, Insightful
    One continuing problem that IT has is locking down computers. It is very common for employees to install their own software and dial connections on laptops.

    I agree with you that a laptop with the sort of sensitive data that this one contained should never be connected directly to a public network - but such is the state of data security these days.

    --

    [Set Cain on fire and steal his lute.]
  7. Re:PC call home by miu · · Score: 5, Insightful
    I should state exactly why I felt the Herald version is more credible.

    The Yahoo statement:

    Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said.

    and the Herald statement:

    "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address,'' White said.

    I felt that the direct quote of Chief White was more credible, and less likely to be subject to an error of interpretation on the part of the reporter.

    --

    [Set Cain on fire and steal his lute.]
  8. AOL Likely Got a Subpoena; No Need For Paranoia by reallocate · · Score: 3, Insightful

    Contrary to the Luddite tone of most reaction here, I suspect the only "hooks" the FBI had into AOL was a subpoena. I lived for several years near AOL in Loudoun County, Virginia. Law enforcement officials looking for info from AOL routinely sought subpoenas from judges in that jurisdiction. Sometimes they got them, sometime they didn't.

    Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.

    The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?

    --
    -- Slashdot: When Public Access TV Says "No"
  9. Re:Similar Experience by qtp · · Score: 5, Insightful

    If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

    The absolute gall that you demonstrated by being a lowly private citizen cannot be tollerated and our law enforcement agencies cannot and will not encourage such anti-social behavior.

    --
    Read, L
  10. "You've got jail" by trance9 · · Score: 4, Insightful

    I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.

  11. Re:Good vs Bad by AllUsernamesAreGone · · Score: 3, Insightful

    " I think that I'd wipe the harddrive and install a new OS (read: Linux) before I even thought about connecting it to the net."

    The only problem with that is that this guy was trying to pull off sensitive information from the box. But yes, if he had more than a couple of functioning grey cells he certainly wouldn't have hooked it up to any kind of public network until he had pulled off any useful information, done a thorough drive wipe (not just a format) and installed a new OS.

    Of course, the FBI probably likes the less technically inclined computer lifter....

  12. Re:Similar Experience by Skyshadow · · Score: 4, Insightful
    If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

    In fairness, this laptop represented a pretty serious amount of crime potential.

    The laptop was stolen from a Wells Fargo contractor, and if contained a whole mess of Really Important customer data (social security numbers and what have you) that would have enabled any halfway competent identity thief to get all they needed to start opening credit lines.

    The real issue here (which nobody's talking about) is how can Wells Fargo get away with this? Seriously, they left a mess of Real Important confidential customer data unencrypted on a highly mobile computer. Talk about negligence! This'd the the same as if they had customers dropping their night deposits into a large suitcase they left outside the front door of the bank (except in that situation all you stand to lose is one deposit).

    Is it so much to ask that institutions who have our Really Import Data take some basic steps to protect it? This whole thing could have been rendered moot with something as simple and easy as an encrypted filesystem.

    But nobody, nobody is talking about it. So they'll continue putting customer data on laptops, HMOs will keel putting patient records on tablet PCs or shipping it overseas for testing or whatever... I wonder what it'll take to change it...

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
  13. Re:Mac address perhaps ? by Joe+Decker · · Score: 3, Insightful
    Yeah, but why did they care about this case?

    They cared because the computer involved had enough information to carry out identity theft on many, many folks, they were probably investigating this as a potential large-scale identity theft case, not just a computer theft.

    They say the number of folks involved was "a small percentage ... of Wells Fargo's 22 million customers." One percent would be 220,000 people. I don't know if it was even one percent, but I do know someone (not myself) who got a letter from Wells Fargo about the incident, I thin this was a very big loss of private data.

    --
    I'm a nature photographer.