Slashdot Mirror

← Back to Stories (view on slashdot.org)

Laptop Thief Caught via AOL Login

Posted by michael on from the you've-got-jail dept.

Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

10 of 524 comments (clear)

  1. ...or maybe... by cnelzie · · Score: 4, Insightful

    Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...

    Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?

    Anyone care to give that answer that?

    --
    If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
  2. You know... by mental_telepathy · · Score: 5, Insightful

    I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
    Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
    And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted

    1. Re:You know... by jkleid · · Score: 5, Insightful

      "I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested."

      Authorities now have a sizable fraction of the technology possessed by big brother in the book 1984. Whether or not to fear that power is a matter of trust.
      _______

  3. Wait a minute... by cnelzie · · Score: 4, Insightful

    How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

    I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...

    I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...

    --
    If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
  4. There is no story here by Mr_Silver · · Score: 5, Insightful
    From SFGate:
    Investigators knew where to look for the gear not because of unusually intrepid sleuthing but because Krastof allegedly used the computer to log on to an AOL account belonging to the system's owner, Peter Gascoyne.
    Please remove your tin foil hats, the idiot logged onto the AOL account of the person he stole the laptop from. The police and AOL merely traced it back to his house.
    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  5. Re:PC call home by miu · · Score: 4, Insightful
    One continuing problem that IT has is locking down computers. It is very common for employees to install their own software and dial connections on laptops.

    I agree with you that a laptop with the sort of sensitive data that this one contained should never be connected directly to a public network - but such is the state of data security these days.

    --

    [Set Cain on fire and steal his lute.]
  6. Re:PC call home by miu · · Score: 5, Insightful
    I should state exactly why I felt the Herald version is more credible.

    The Yahoo statement:

    Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said.

    and the Herald statement:

    "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address,'' White said.

    I felt that the direct quote of Chief White was more credible, and less likely to be subject to an error of interpretation on the part of the reporter.

    --

    [Set Cain on fire and steal his lute.]
  7. Re:Similar Experience by qtp · · Score: 5, Insightful

    If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

    The absolute gall that you demonstrated by being a lowly private citizen cannot be tollerated and our law enforcement agencies cannot and will not encourage such anti-social behavior.

    --
    Read, L
  8. "You've got jail" by trance9 · · Score: 4, Insightful

    I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.

  9. Re:Similar Experience by Skyshadow · · Score: 4, Insightful
    If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

    In fairness, this laptop represented a pretty serious amount of crime potential.

    The laptop was stolen from a Wells Fargo contractor, and if contained a whole mess of Really Important customer data (social security numbers and what have you) that would have enabled any halfway competent identity thief to get all they needed to start opening credit lines.

    The real issue here (which nobody's talking about) is how can Wells Fargo get away with this? Seriously, they left a mess of Real Important confidential customer data unencrypted on a highly mobile computer. Talk about negligence! This'd the the same as if they had customers dropping their night deposits into a large suitcase they left outside the front door of the bank (except in that situation all you stand to lose is one deposit).

    Is it so much to ask that institutions who have our Really Import Data take some basic steps to protect it? This whole thing could have been rendered moot with something as simple and easy as an encrypted filesystem.

    But nobody, nobody is talking about it. So they'll continue putting customer data on laptops, HMOs will keel putting patient records on tablet PCs or shipping it overseas for testing or whatever... I wonder what it'll take to change it...

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.