Slashdot Mirror
Laptop Thief Caught via AOL Login
Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
Mac address perhaps ?
More than likely, the computers had some sort of software built into them to 'phone in' and notify a central location of its IP address. Then they just traced the IP address to his AOL account. Not very fancy detective work, just standard stuff.
There may be some good in the fact that they are able to trace someone like this...but the ramifications make me shudder.
That and make me glad I am in Canada..
I guess the AOL software might "accidentially" transmit the ethernet hardware (MAC) id of the machine...
I guess if AOL take a note of the hardware ethernet address (not surprising, because DSL lines aren't supposed to be shared, right :-) then just doing a query for the address on AOL's db would be enough to get a (very) shortlist...
Simon.
Physicists get Hadrons!
"You've got jail!"
1. When you steal computers, don't steal laptops.
2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
If you keep throwing chairs, one day you'll break windows....
Once in a while, yes, it is your friend.
But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...
The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.
This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.
No-one loses here. What's the story?
http://pcblues.com - Digits and Wood
Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...
Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?
Anyone care to give that answer that?
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted
If the guy tell the fbi his laptop got stolen, he may laos have given them some info about a recent internet connection which would have allowed them to find his mac address which was then looked for in some isps' logs until they found out who did it.
I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.
Trolling using another account since 2005.
When you install AOL it knows your "Master account" name. From there you can pick one of the other account names or use the "Guest" login feature.
My guess is that when the theif loged in they use the guest feature.
AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine
So if this guy installed his own software or OS on a stolen box and then got caught, that leaves precious few other options.
Processor Unique ID?
WindowsXP Phone Home?
Keystorke Logger?
In any case, it certainly appears that some "known" piece of identifying data was present and easily flagged.
I for one would like to know more about the exact method used, because if there is indeed some kind of government back-door that has the potential to circumvent encryption or anonymity, we ought to find out.
Maybe the FBI's "Magic Lantern" is a 2-piece system with 1/2 on the network, and the other half in the OS or the Silicon?
Maybe all the bank employees are being spied upon without their knowledge?
Maybe Patriot Act rears its head in the authorization of certain methods and practices?
How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?
I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...
I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
The MAC address goes no further than the first router , in this case his broadband modem if thats what he's using.
If he's using dialup the MAC address doesn't even come into it.
Avantslash - View Slashdot cleanly on your mobile phone.
I found this version posted on www.securityfocus.com. It says the thief used the laptop owner's dial-up AOL account, which the FBI had asked AOL to monitor.
- Use WHOIS to find out which ISP owns the IP address
- Get the ISP to look at their logs to determine which dial-up session was assigned that IP at the time.
- Look at the logs for the access platform to identify the caller's line ID. This is usually the same as the telephone number, but not necessarily, and is *always* known to the remote system, even if you withhold you phone number because it's used in call setup.
- Take that number to the Telco that owns it and look at *their* logs to give you the physical location of the phone that made the connection (or owner of the mobile).
- Arrest the perp.
While that glosses over the paperwork, and assumes that the ISP maintain sufficiently details logs of calls and authentication, which many small ones don't, that's pretty much it.UNIX? They're not even circumcised! Savages!
Why make it so complex? The computer was reported stolen by Wells Fargo with all the information, so the FBI issued a request to AOL to notify them if anybody logs into such and such accounts. Once it happens, the FBI simply had to check the phone records to know what is the number of the guys connected and voila!
I work at a phone company in a country without secret services and sophisticated hooks into any ISP and we would be able to pull that out in a matter of minutes.
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
i bet it wasn't that complicated.
fbiAgentd00d99: Yo man, what's up?
LaptopThief2310: Not much, i just ripped off some computers! HA HA WOOT!
fbiAgentd00d99: SWEET!
LaptopThief2310: Yeah I rockxxorz. Now I'm takin' a pic of me, an all the computers i stoled w/ a sony cybershot i "found".
fbiAgentd00d99: You pwn3! Send me that pic! I'm gonna put it on my website!
There we have it folks, probable cause, as well as an IP address.
Basically, it's legitimate spyware. I've personally never used the product, although we are about to evaluate it.
Never email donotemail@WeAreSpammers.com
Were they not running a password protected operating system, at least Windows 2000 or Windows XP?
You must be kidding, but I'm not sure.
It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy.
Done it a couple of times (on Windows 2000), for users who didn't know the admin password.
If this is anything like 95% of the windows laptops I know of, it was littered with bonsai buddy and RealPlayer and Windows Update and tons of other calling home crap. And more than likely, this bozo didn't format the PC or anything else. All the FBI would have to do is find out whats on the PC, and contact these companies for that software's unique IDs.
There is no need for any "Phone Home" software or anything sending the CPUID to AOL. The story is much simpler than that and rather low-tech:
Nothing exceptional here. The FBI does not need any strange hooks into AOL. They only need stupid thieves. Case closed.
-Raphaël
It's simple. Everybody wants thieves to be locked up, but nobody wants to live in a police state. This means that we applaud whenever the authorities apprehend a baddie, but we boo whenever they give themselves even more powers and so bring the darker possibilities one step closer. There is nobody to guard the guardians, so we defend ourselves as best we can, by trying to postpone the day when their control might become total.
The two things are directly related, inasmuch as in a police state there would certainly be much less crime, since freedom cuts both ways. What you see as a conflict is just a reflection of this inter-relationship. We have to do both if we wish to safeguard both our present and our future.
I had one of my notebooks stolen at the LA airport. I had one in my suitcase (there's only so many I can carry) because of a conference. One of the baggage handlers must have helped himself to my notebook.
...
The funny thing is that the notebook was my personal, and because I did travel a lot at the time, I had an AOL account for convenience. Out of a whim, I called AOL and asked them for a log of my sign-ins. Lo and behold, turns out whoever stole my notebook was using my AOL account to surf! I pleaded with the tech person to at least give me the IP address so I can track the thief down. He sympathized with my problem and passed me to one of the network engineers who was very keen on helping me. I got the IP address and the phone number that he used to dial-in. He said that the Telecom department could give me the number that was used to dial in to AOL but I would have to get law involved as certain FCC regulations prevented him from sharing that info.
So I collected all the info and sent the report to the security officer at the Airport, a copy to the LA sherrif's dept and another one to my insurance company (who I had hoped would be keen to solve the problem). After a few calls, I got nothing. Turns out that theft like that happens a lot at the LAX and the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.
The good thing is, my home insurance covered the theft, so I got a better model for basically the amount I paid for my notebook a year prior (minus deductible).
This was pre-2001 btw
Wearing pants should always be optional.
Did you read the article? There is nothing related to privacy in this story. No stealth software allowing the laptop to be traced. It is much simpler than that: the thief used the AOL account found on the stolen computer and connected to AOL using his own phone. The phone call was traced back to his home, and then he was caught.
There is no story, and no real need to bring privacy into the picture. Sure, all you wrote is true. But it is irrelevant for this story.
...when almost nothing is known about a topic...
(I dont want to be Jacko at the moment =;-D)
The checkbox said "Requires Windows 98, NT, or better. And so I installed Linux
If I'm not mistaking, ISP's have to keep the logs for several years by law (at least in Belgium they have to). That way they can still trace a cracker/scriptkiddy or a stupid thief like the one in the story months, even years after their actions.
In the federal building I used to work, we even needed to keep the proxy log (with date/time, login-id and visited sites)for 5 years... go imagine.
42 + 1 = 42
Contrary to the Luddite tone of most reaction here, I suspect the only "hooks" the FBI had into AOL was a subpoena. I lived for several years near AOL in Loudoun County, Virginia. Law enforcement officials looking for info from AOL routinely sought subpoenas from judges in that jurisdiction. Sometimes they got them, sometime they didn't.
Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.
The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?
-- Slashdot: When Public Access TV Says "No"
What kind of moron steals a computer, hooks it up the internet without first 1. formatting it. 2. installing a firewall. 3. resetting the rule on any installed firewalls to only allow certain programs you know access to the internet. 4. uses someone elses account when it's just as easy to get a "new" account with AOL 5. uses AOL 6. Does it from their home. You would think that if this dipshit did this stuff for a living he would be better at it. Maybe he was fired from his job at the RIAA.
No matter how the guy was caught, simple or complex, the fact that the story comes up at all opens several interesting cans of worms.
We give ourselves, our populace and our government, a lot of credit. We walk down the street trusting people we wouldn't let drive our cars to make an intelligent decision on who should enjoy personal control over a powerful army and a large nuclear arsenal.
We live under a government made up of mostly of obscure appointed functionaries. During the last election, John Ashcroft was a man so despised by the people who best understood his personality and performance, that his first contribution to U.S. history was losing an election to someone the electorate knew to be deceased. Michael Powell first broke the surface as chairman of the FCC by vociferously supporting measures to further consolidate ownership of America's broadcast media.
We trust faceless strangers to *NOT* use terrorism as an excuse to pass nasty laws that sidestep the principles which define us as a people.
Now, it is perfectly possible to imagine that the person who stole the laptops was the kind of (darwinian) mastermind who *would* log on to someone else's AOL account, using their stolen computer from their home connection and leaving us to ask, 'Hey, why not just turn yourself in...?'
Be that as it may, as some pieces here and elsewhere have shown, at all levels, governments are happy to adapt law and technology to purposes that civil libertarians dislike with good reason. This time it was nothing, but one day, it could very well be something that makes us all wish we could go back to telephones and paper.
The point that started this thread might very well be moot, but unless you are completly satisfied with whom we have in office and whom they have appointed to positions of power most of us are scarcely aware of, you have to wonder what things will be like when things are different.
To mail me, remove the 'mailno' from my email addy.
"Yeah. It smells, too..."
I have done something similar with yahoo auctions. At auction end I type the seller's name into my IM client. It registers that name under all IM clients.
I always request a phone number and email address if I pay by Paypal or PayDirect. If they don't give it to me and I can't validate it, I don't send the money.
I have sent money in the past; rather blindly. I have been able to catch two sellers by just pretending to be girls interested in them, through IM. I got their actual phone numbers and even got one ready to pick me up and meet me for a "date" LOL.
Of course it was a lot of hassle.
If you can catch a criminal at their own game - that's justice.
I wish eBay wouldn't have eliminated the contact information request without having a transaction with the othert party. Most sellers that cheat me on Yahoo, also have aliases identical on eBay.
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
nt
Fuck Beta. Fuck Dice
We configure the built-in windows dynamic DNS for all of our systems. If someone steals it and connects it to a network without bothering to reconfigure, their IP address will show up in our DNS logs. WINS works the same way. Not perfect, but free and easy.
ES
- If I had all the money I spent on cars, I'd spend it all on cars.
AOL logs your thumbprint if you use the thumbpad mouse :P
And this microphone hole in my monitor is really sampling my breath or somthing.
Many banks outsource work, and that was apparently the case here. For example, smaller banks outsource their mainframe/minicomputer work to a company that specializes in that work. In this case, it only dealt with certain type of customers. Wells Fargo should have a standard contract with them that requires the outsource provider to meet certain standards of data security. Having a laptop that was stolen from a locked firm probably isn't something the company can protect against. Geeze, I hate this, I'm defending them and I don't agree with the policy, but that's the Government (OCC) for you.
I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.
Set your ISP account to remember your password on your laptop; it's your best chance of catching a thief.
Fred sets his laptop up to log into AOL with a default account and password. The crook seals the laptop. Fred calls AOL asking what ANI-reported telephone number his account has logged in on since the theft. AOL tells Fred the phone number. Fred reports the number to the cops. The cops get reverse directory information from the phone company (without a warrant unless the number is unlisted.) The cops ask Fred to ask AOL to inform the cops upon the next login. The crook logs in again. AOL calls the cops. The phone numbers match. Cops bust down Crook's door without a warrant because they have knowledge that a crime is taking place. The crook is busted.
Its ok to point out the mistake, IMO, but FGS, tell him what he is doing wrong.
If he never took the time to do highschool, is he even going to bother looking up why you advised him to change the word?
Grandparent:
Threw is the past tense (means you already did it) of throw, as in PReD threw a brick at the parent.
Through means to pass between the inner restrictions of something, as in go through a tunnel.
No, that's OK, don't mod me up +5 informative, I don't need the Karma, but all donations are gratefully accepted.
Do not meddle in the affairs of geeks for they are subtle and quick to anger
Really.
To the rest: Offering complete goofball theory after complete goofball theory, briefly resting only to scream 'violation of privacy' then going back and suggesting another goofball theory impresses nobody. CPUID/NIC MAC/Windows/Office/[you-name-it] identifers or serial numbers are not immediately accesssible just because you have a PPP sesion going over your modem. If a phone-home feature was installed, then fine, but that's a completely different story.
Another hilarious example was the the default-route theory, which someone suggested as a 'dead giveaway' to the feds. Hello!? Even if the routing table was accessible, routes associated with a NIC wouldn't be *in* the table unless the NIC was active, and the setting would only be visible in the registry, not typically accessible to the world, nor routinely queried by an ISP. And never mind the statistical probability that a corporate NIC is configured for DHCP, thus it wouldn't have a default route to begin with.
I simply can't believe the amount of idiotic pseudo-techies posting and feeling BIG because they could incorrectly apply page 254 of the MSCE prep guide to formulate a crackpot theory.
Bleeeeeeeeeeeechhhh.
Known stolen AOL account + phone number recorded by any ISP (radius does it by default) + call to phone comany by FBI = physical location.
No magic.
He tried to kill me with a forklift!
Not so easy as pulling out batteries on laptops.
If you lose the CMOS/Bios password you usually have to RMA the laptop back for a new bios (unless you can find it and solder or replace it yourself). Thus requiring receipt or tracking of serial numbers of which any big company can cross reference against service contracts.
I downloaded onto floppy disc the program here and had reset the admin password on my Win XP box within seconds. Never seen anything so simple in my life. Though others recommend LC4 which also works.
Phillip.
Property for sale in Nice, France
okay, since this discussion has gone haywire, I may as well ask an off topic (kinda) question. Lots of people are mentioning that you can use dynamic dns or special software to alert you to where your stolen laptop is. But it seems they all require you to allow the thief to completely log into your system. w00t ??!! I have THREE passwords to get to a desktop on my Linux laptop. BIOS, LILO, user. So Im screwed right ??? If I want some theft security I have to give up my data and day to day security ?? anybody know solutions ??
I'd bet AOL and its "partners" use cookies to track users and target ads. If the former owners give the FBI their account info such as an AOL account name then they should be able to pick up the cookie trail and follow the ip address to the phone line.
Here's an article about how someone got back his sister's stolen mac using Timbuktu and help from usenet.
Don't you guys realize that MAC addresses can be changed? It is fairly easy to do with software, but extremely hard to do directly to the hardware.
If you guys really want to know how the government does the forensics, read "Computer Forensics: Incident Response Essentials" by Kruse and Heiser. Well written book that is easy to read and teaches you a lot about this type of stuff and also analyzing machines.
It is easier to read the book than prove that Big Brother is out to get you.
Apparently, someone thinks that the IP address is constant. That's probably why the reporter misparaphrased (is that a word?) Sgt. White.
Whoever wrote the story just plain bungled it.
Seems Reuters screwed up on the facts.
When I was buying my IBM Thinkpad, it came with a feature of calling home, should the machine be stolen. The call home mechanism is build in, and cannot be removed. What it requires is a subscription fee to activate the feature, sort of like LoJack for laptop.
For the people with sensative information, it's bitter price that must be pay.
No, I think he's referring to the other stuff from 1984, namely that the government can and does retract all printed newspapers and books and updates the history written in them at will.
Honestly, if people are going to rant about ever-closer dystopian futures, why not look a little deeper. The society of 'orgy porgy' infantilism that Aldous Huxley warned against in Brave New World is far closer in our 'sexually liberated' society. Then again, all the knobs rant about coming from that book is testtube babies.
The way High School teachers who forcefeed little snippets of Orwell and Huxley ignore the obvious anti-Stalinism in Orwell's work and the anti-cultural-infantilism in Huxley's work, one wonders if they are simply stupid or if it's a deliberate attempt to blunt the thrust of those works by corrupting the message.
A Good Intro to NetBS
Probably, Wells Fargo reported to AOL that computers with those accounts on them had been stolen--perhaps simply to keep them from buying anything on company money or anything. When AOL noticed the login, they notified the FBI, who used normal techniques to get the account information.
This is not a scary Big Brother scenario; rather, it's a great model for how corporations and government can and should cooperate to fight crime. Does anyone here really think that AOL acted improperly by giving them the address of a computer and identity thief?
Hey, you try to find an open nick these days!
Back when I worked in the abuse department for a leading ISP, this was a daily thing. Why's it news? Beats me..
The dial-up equipment at ISPs keep a log on hand of the numbers you've connected from. The investigators get a warrant for this information, you email it to them, case closed.
The security guys where I work are fond of this story. We had someone steal a couple of college owned computers, and aparently resold one of them to a student halfway across the country. The computer had Norton Antivirus Corporate Edition configured to run as "managed" -ie it gets it's definitions of our servers instead of symantec's. Our network guys got suspicious when they noticed trafic on one of our NAV servers coming from several states away - turned out that the computer theif never changed the antivirus settings before selling it and it was trying to get virus definitions from us.
I have blog like everyone else
http://www.sfgate.com/cgi-bin/article.cgi?file=/ne ws/archive/2003/11/26/financial1853EST0113.DTL
that won't do it. Many major firms have custom bios installed.
The laptop checks via the internet to see if its id (serial# ?) is on the stolen list. If it is it self-destructs.
Some friends who used to work for a major silicon valley firm said this was done at their place of employment.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
http://www.crime-research.org/news/2003/11/Mess270 2.html
Check the above article. They say he logged into AN account registered on that computer. It could have been that he logged onto the Wells Fargo guy's account (with password saved). After all, he is a data thief, and not a very smart one apparently. If the FBI had AOL watching that guy's account, then they could have simply traced the IP Address. No big deal...if that's the case. It would help if the articles would be little more specific.
If you mod me down, I shall become less powerful than you could possibly imagine.
Is the FBI refusing to divulge how they found out that he was on one of the stolen computers? Because if so that is a direct violation of the Freedom of Information Act. I sure as hell want to know if my computer transmits some form of identification information when I log in to my ISP.
What I am willing to bet that it really is though, without reading, is that the serial number of the computer led to the serial number of the nic, whether it be modem or ethernet, and then the mac address could probably be identified. Just my guess.
I'd be more interested in thoughts on the FoI Act thing though.
...of the byline in this very article that michael posted. Come on, moderators.
this looks as if the thief was simply attempting to log into the account of the *original owner*, which was preconfigured on the stolen laptop. Of course this is easily detectable and easy to trace back.
If you're going to rip off hardware from a large, powerful, incluential company like WF, make sure that you wipe the HD, toss the PCMCIA NICs and start from scratch.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano