Slashdot Mirror
Post-Suicide Account Cracking?
An anonymous reader writes "A good friend of mine had her younger brother apparently commit suicide last week. He was a young, promising CS major who was close to being accepted into a very prestigious school. He was very into Linux as well as PHP/MySQL coding. He left absolutely nothing behind for the family as far as a death note or explanation, and there is some possibility that this was all somehow a tragic accident. The family is in a situation where proof of accidental death would change how this was viewed in terms of paying for parts of the funeral. More importantly, some members of the family are hoping to find something, anything, that might explain why this all went down. Since I'm the most computer-skilled person the family knows, they have asked me if I could help them try to find some information. My possible approaches are: his Linux laptop, his university, Gmail And Hotmail email accounts, and a second MySpace profile that apparently has been tagged as private. How ethical would it be to, say, try to crack his root password in a situation like this? I wouldn't attempt to crack a man's account for his wife because she thinks he is cheating on her, as his life is his own business. In death, would you have the same respect for a person's private thoughts? Secondly, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts? I have links to obituaries and such to prove that he is indeed gone. Would it be a matter of not giving it to me (maybe only to the family), or is this something that they would not do at all? Any opinions on if I should do this and if so, how I should go about it?"
dead people don't really care, one way or another.
a court order will streamline all this for you
This is really sad to hear.
A death certificate from the next of kin opens many doors.
They're not likely to help you since you're not a relative and certainly if all you do is point them to a link to an obituary.
Your friend is gone; he no longer owns anything. His worldly possessions, including his accounts and passwords, belong to those he left behind. They have asked you to open the locked box, open it.
There is no ethical delimma. You are being asked to open something by that something's owner. NOT cracking passwords would be wrong.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
If you have physical access to his laptop, you can just boot with any linux live cd and mount the partitions without any access control. This will not work if he is using encryption, but unfortunately, few people do.
c++;
"I don't know, therefore Aliens" Wafflebox1
I'd not try to crack online services. His Linux laptop is fair game though. In fact, probably not that hard to crack. Just boot it in runlevel 1, then change the password.
XML is like violence. If it doesn't solve the problem, use more.
How ethical would it be to, say, try to crack his root password in a situation like this?
Take 5 seconds to boot into single-user mode, or mount the disk elsewhere sans password.
Interested in open source engine management for your Subaru?
I'd say yes... but with sharp conditions: the *only* thing you look for are his words that might relate to his death. No just wandering around, looking for pr0n, or anything else. Intimate talk with someone... that's a *very* gray area, since loosing someone could have pushed this... or not.
You, personally, should you take this job, should *only* tell *anyone* what you found that was relevant, and nothing else.
Ever.
mark
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
I've experienced something similar, and all I can say is that your privacy dies with you. Anything and everything you ever wrote, thought, or believed is now the property of your heirs (along with your other assets and debts). So good hunting, hopefully you'll find something that'll convince the insurance types this wasn't done on purpose (at least not by him). But make sure the family understands they may not like what they find out.
As for getting access to his accounts, links to obituaries are useless, you'll need an actual death certificate, and possibly either a will or a ruling from a probate court stating that a certain person is to be given access to his stuff. That's how it works with banks, I imagine it's the same with email providers and such.
God invented whiskey so the Irish would not rule the world.
What if I were to die in an accident or by my own hand or someone else?
So many of us have our thoughts, feelings and memories digitally tied up in text, chat logs, emails etc.
Is it ethical for someone else to have it? Yes it was meant to be private but that person is now gone, you could lose valuble memories for the rest of the family if pictures are not found.
Example, I'm 30 and obviously a dork / geek (look where I'm posting) - the number of analogue photos of me after the age of 10 are slim at best, the quantity of digital photos of me that family and friends (which family know well!) have is pretty slim too.
To be honest, in death I don't think I care who finds what in my stuff, I'm gone - it should be there for someone to take.
Also on topic: how did this used to work previously? Lock boxes at the post office or bank, pin codes for bank accounts, car keys, safes, things like that?
I honestly think it's a little sad that if I were to die, no one will flip through a nice book of pictures or read handwritten letters to or from me, they'll just have a DVD or two with some files on it, it doesn't seem the same.
As I see things, continuing to keep his secrets would not help anyone, while revealing them has a chance of helping those he left behind. I say, go for it.
One document that's left for my family should something happen to me contains all my logins and passwords, as well as contact info for my most computer-able friends who will know what to do with it all. Your unfortunate situation would not have occurred had that person done something similar.
Slashdot Burying Stories About Slashdot Media Owned
If the family don't think it was a suicide, surely the authorities would be brought in to investigate further, or have they already closed the case as a suicide?
As for accessing his online accounts, again probably only the police would be able (if at all) to access that information.
I understand you need to know, but you'd be stepping into a tough area to worm your way through.
If the person was under 18, I think the parents would have better opportunity of getting access to these accounts with legal help. Probate courts might help also.
I'm sure there would be some sort of precident for this situation.
If you employ the help of hacks and get caught, even as justified your reasons are the reprecussions could be really ugly.
Good Luck.
Life takes interesting turns, but the most interest is when you're off the beaten path.
He's dead. Gone. For all human purposes, ceased to exist.
If you decide to not crack his accounts out of some sort of respect, then what you would be respecting would be your memory of him, not the man himself. He's not here anymore to care if you disrespect him or not.
That being said, if you want access to his online haunts, my guess is that you would need something more substantial than links to obituaries. You would probably have to have some documents that demonstrate you're next of kin and a death certificate, depending how bureaucratic the companies that managed his information are (my guess is very bureaucratic).
In order to rule out possible foul play (no suicide note?), I would say that you're morally obligated to do as much as you can to discover the circumstances of his death, or collaborate with the police to do it. If you find some brooding posts in MySpace, then you have good evidence that it probably was suicide. If not, get more suspicious.
If you saw your friend again, would you be able to explain why you did it? Would he agree with your reasoning or would he feel you had violated his sovereignty? You can still respect him in death, what would he say?
Happiness does not come from having much, but from being attached to little.
The deceased no longer owns anything, his heirs do. If his heirs want your help, there's no moral issue at all in doing so.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I would have thought the executor of his estate would have access to this sort of information.
XML is like violence. If it doesn't solve the problem, use more.
Well, if it was suicide, and there was anything he didn't want people seeing, then he had his chance to delete it. If it was not suicide then I think you have to tread more carefully, but in the end the dead have no right to privacy (or reason to care).
For FSM's sake, though, take a moment to "accidentally" delete his porn and such while you are going about this. That's just basic courtesy.
This is IMO one of the silliest questions I've read on /. in some time now. Seeking help on /. for stuff like this is disturbing.
But here is a well meant sound advice: If you don't know how to pull this off then don't even bother trying. Simply because in the process of "cracking" you might accidently destroy very precious data which another real computer expert would be able to retrieve. And should the family sometimes find out about a situation like that then you've really done some serious damage.
For the record; you don't need to "crack" his root password on that linux box. Just boot using a rescue cd (knoppix, ubuntu, whatever) and you'll have full access. But seriously: leave this to someone who knows what he's doing.
As far as the ethical situation, I think it's fine for you to go ahead and do this. Once someone is dead, their worldly possessions are handed over to their family. And since you have the family's blessing, you have nothing to worry about. This is one of the few situations where it's entirely ethical to access someone's private data.
As for whether Google, etc. will help you... well, you can try. I would be pretty surprised though. They often don't help much with normal user requests, so this sort of stuff will be way outside the usual problems they deal with. University may be different though.
...but...
The belongings of the deceased become part of the estate. The estate, with a lack of a will, can go either to the 'state' or to the next of kin (depending where you live). The 'state' usually takes its taxes and give the rest to the next of kin. This means that the laptop and accounts now belong to the family (barring the EULA on myspace and google which, correct me if I'm wrong, state that the ownership resides with them). This means that you are cracking a laptop for an OWNER that no longer has a password (forgotten it, so to speak). There is no ethical issue here.
Gregor
mail or fax a copy of the death certificate along with the police report to whomever he had an account with. Explain the situation and I'm sure they will release the account to his parents.
They're using their grammar skills there.
Boot Linux with init=/bin/sh, remount the root partition to readwrite, edit /etc/shadow to change the root password to be blank, remount / to readonly, reboot.
If you login as him (similar method to blank his password), you might find that firefox (or konqueror if he used that) is remembering his passwords and logins.
This reads as if it were an attempt by a person working a maters's thesis to determine if a pro-linux, pro-privacy crowd would stick with their principles or instead defer to the humanity of helping a family get over a tagedy. Facinating...
Cogito Ergo Sum
I don't have a good answer to your dilemma. However, it made me think. What is the best way to implement a Dead Man's Switch on personal data (laptop, online accounts etc). I for sure have some stuff that I wouldn't want anyone to see - even if I was dead (I was young and needed the money).
BTW - Am I the only one having problems with the new Reply box? The nifty ajax based "preview post" always hangs and I'm forced to use the old one.
First off: I am a lawyer, but not admitted to the bar anywhere in the US, so things might be different there. Generally, his heirs / estate should be able to get that kind of information. It probably involves notarized letters, perhaps even a court order, but it certainly can be done.
As to his local linux box, unless he used encryption, that's fair game also. I see no moral problems with either.
"A good friend of mine had her younger brother apparently commit suicide last week."
That's kinda crazy. My sister had me do lots of things I didn't want to do when I was growing up, but she never proposed suicide.
...this kind of stuff happens all the time (maybe not the suicide aspect of it). People die and their spouse has no idea how to access their financial records, etc. I've been called upon to dig that stuff out, too. I have no problem with it.
I mean, after all, they're dead.
"I might have made a tactical error in not going to a physician for 20 years." -- Warren Zevon
If you do contact Google, MSN, etc., don't do it through electronic means. Don't even do it over the phone. Do it in writing. Yes, actual letters on paper sent via (registered) snail mail. Include copies of the death certificate, obituaries, etc. Don't use your name and address - you are nobody as far as legal standing is concerned. Channel all the communications through one of the parents - have them sign the letters, use their name and address.
A good friend of mine had her younger brother apparently commit suicide last week.
... but that sounds like a lot of words to describe a hit job. The political correctness is awesome though!
I do not see any ethical problems her. However if you start breaking into his online accounts, you may very well be faced with a whole lot of legal problems. As for the laptop, go for it. Privacy dies with the person IMHO. Same thing as when you read a dead relatives diary or something.
I disagree... A simple court order would open up any account they want. Why people go to these companies and ask "permission" is beyond me... That is why our legal system is there, and it is quite good at getting what it wants...
Wether or not he had a will there will be someone who gains ownership of his possessions. In that case the laptop belongs to them... not to the deceased.
As for hotmail et. al. you should probably hire a lawyer to pen a letter to the companies in question describing the situation. The transfer of ownership shouldn't be too difficult.
In the military, there's the tradition of cleaning up a dead guy's locker before sending it home to his next of kin. Remove all skin mags, letters from local girlfriends if he has a wife back home, that sort of thing. Get rid of anything that might make them think less of the dead, they're already broken up about it as is. I'm sure the last thing this kid's family would want to find out about is his furry porn collection.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
GMail Help Center: Accessing a deceased person's mail
There is no evidence yet that the person didn't desire to make some things private and their wish should be respected even after death.
You are making a mistake that because someone is dead (and hence obviously can't care) implies that they didn't care when they were alive.
In absence of legal will it is hard to tell what the desire of the person was, but if someone wrote in their will that they want for example their laptop destroyed after their death, it would obviously make it un-ethical to ignore that wish and poke through their laptop.
As the island of our knowledge grows, so does the shore of our ignorance.
Someone should have been made the "executor" of the estate or what not, when I had to do something very similar with my Uncle that passed away - for those that had the keys that were needed, a simple explanation of the situation *AND* the executor waiting in the wings to write a letter/etc.. is all it took. The most I had to go was one time actually having to get a letter - most places took my word on it, including a FRY's electronics store that switched the warranty and everything to my name on an expensive laptop that was purchased earlier.
Essentially - someone should have been made legal guardian, if you will, of everything after the fact. This person is who holds the keys to everything - from I understand, IANAL, this person person more or less gets the power of attorney for everything. Probably defaults to parents or something if no one was specifically stated in a will or what not.
Its not legal to meddle with evidence.
imagine if this was not a laptop but a written diary instead, would you feel different? obviously it may contain personal thoughts and ideas and reading it may change your perception of the deceased however it may also tell you why they did what they did. as mentioned elsewhere in this thread cracking the laptop will be trivial with a live-CD. as for the ethics, if it were me I would do it. especially because they did not die of natural causes. as for the online accounts a death certificate and some legal footwork might get you their account, personally I would just hope they had some cookies for those sites and could log you on automatically (or even a password document).
I don't believe you. If this is actually a questionable case, the Police certainly know people who can do this, and they have legal advice. If you are on the level, you're going to need more than a lawyer.
Don't trust anyone under thirty.
The problem is, with free email services, there's no real proof that any given account belongs to a certain person. There are some interesting social engineering implications here...I'm envisioning calling up the Gmail people and claiming to be attempting to retrieve the account of someone who recently died ("I have the death certificate and everything!") when said account really belongs to someone else...
I'd be wary. You might find something that helps friends and family cope, but you could also find things which could cause a lot more hardships for them. People keeps things secret for reasons, and, without some type of "Data Will", they may want those things to remain secret forever. It no longer matters to the person who died, but there are dozens of things a person could keep secret that would cause grief to those around them. Is there anything on your computers that you wouldn't want your family to discover?
First off, sorry about the loss. Even if the person isn't close to you personally, seeing how it affects the family is bad enough.
/etc/shadow file.
My advice would be to start with the laptop. Boot it off a rescue cd or USB stick and grab all the personal account (including root) md5 hashes out of the
Then run those hashes through a rainbow crack to try and get some clear text representations of the hashes. Info on Rainbow Tables, here, here, and here.
Boot the laptop to a prompt and try all the clear text representations for the accounts and see if any of them work. If they do, then great, you have the passwords.
The passwords themselves are worthless on the laptop (you've already demonstrated you can snoop it without them, as you had to to obtain the hashes). Their value is in the fact that they _may_ have used the same passwords for their email, online accounts, etc.
HTH
I have only the briefest knowledge of the field in my own country, never mind yours, however (presuming you're in country whose law is derived from the English common law system, e.g. the USA) it's likely all property of this man, his laptop and letters particularly, are now intestate. Likely some local authority will have assigned an administrator for the estate. If the young man was still a minor, these probably will be his parents.
If you have their permission, or the permission of the person to whom the administrators have assigned the property (ie the new owners), you can do what you like. The dead have little privacy (indeed, no privacy at all in many places).
To determine what you can do about online accounts, you should talk to a solicitor (i.e. a lawyer in the USA), preferably one who specialises in these things.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
A "simple" court order => Not free
--Sam
Just from the submitters headline it seems he acknowledges that it was suicide.
If it's possible it was a suspicious death/accident, then the Police should do an investigation for you.
Would snooping around on your laptop or rifling through your e-mail accounts allow someone to "understand" you? Are you confident that it would portray the facet of your personality that you wanted others to see?
Obviously, this is a sad situation. I lost a sibling to suicide and the bottom line is that I don't think that any satisfactory answers can be had in a situation like this.
Whether or not the privacy of the deceased should be respected might be an ethical dilemma. But I think that if we are realistic about our own selves and what we choose to share with friends, family or no-one at all, we have to admit that breaking into this mans files would almost certainly be a violation of his wishes, and likely raise more questions than it answers.
Absent some purely administrative function like settling his accounts, I would not go this route.
Gmail has a process for this, as do all other freemail services. Gmail's is Here Googling for the others policies will yield results for the others as well.
Keep on knockin'
https://robbiecrash.me
Recently, I have seen quite a few "news" that were actually Ask Slashdot questions posted as news. Why is this not on Ask Slashdot?
thomasdamgaard.dk.
Like he has been sleeping with your girlfriend in the past?
I was in the unfortunate position of recovering some passwords a few years ago -- the circumstances were different as natural causes were clear -- but the concept of the next of kin inheriting the accounts was very clear to me.
First, boot the Linux box in single user mode, or off a USB key or CD. If you have the resources, back up the hard drive before you do anything. Second, change the password of the user account to something you know and can share with the family. Third, open Firefox, and if Password Exporter isn't installed, install it. Fourth, hope that the deceased used Firefox and had it remember every password.
Having gone through this, I would worry that places like Google and Myspace would simply close the account if they found out someone was dead (and had proof like a death certificate) and not a court order to keep it open. Often they say the account and all associated IP is theirs anyway, so there's nothing to "inherit", although that's not a line of thinking I agree with. Some firms are very opposed to allowing their [property|products] cross generational lines like that. Credit cards are the most understandable example.
My brother committed suicide.
If this is anything like what happened in our case, the family is probably grasping at straws right now. It's not just a financial question -- it's a deeply emotional question. The result of a devastated family looking for some small glimpse of hope; trying to find some way to keep sane.
Many people associate suicide with weakness and a state of permanent depression. Just 'giving up' on life. Families don't want to believe this about their loved ones, and will struggle to find some other way to frame their death.
So -- cracking his accounts is not just about finances. It's very possibly about hope, whether false or not.
The problem is the grief is the same no matter what the reason. The guy is still dead, and the family will still have to go through the grieving process.
I ended up examining the contents of my brother's computer three years after he died. Even then it was difficult to see (for me and my parents), and I did come across stuff I didn't particularly want to know about. I decided not to tell my parents about the stash of photos downloaded off p2p, but I did share the essays and documents he had worked on in his last days.
Legally I believe you have every right if you have the parents permission, but in doing this you have a certain emotional responsibility as well. That's where it gets fuzzy. Do I share everything I find? Do I know what I'm getting myself into? Is evidence of suicide just going to hurt the family more?
It's been four years for me. I've since learned that suicide occurs in cases where one's problems outweigh the facilities to deal with them. That sort of realization along with lots of counseling have helped me. I wish all the best to your friends.
1. Your full name and contact information, including a verifiable email address.
2. The Gmail address of the individual who passed away.
3a. The full header from an email message that you have received at your verifiable email address, from the Gmail account in question. (To obtain the header from a message in Gmail, open the message, click 'More options,' then click 'Show original.' Copy everything from 'Delivered- To:' through the 'References:' line. To obtain headers from other webmail or email providers, please refer to http://www.spamcop.com/help_with_headers/)
3b. The entire contents of the message.
4. A copy of the death certificate of the deceased.
5. A copy of the document that gives you Power of Attorney over the Gmail account.
6. If you are the parent of the individual, please send us a copy of the Birth Certificate if the Gmail account owner was under the age of 18. In this case, Power of Attorney is not required.
The problem will be proving that John Doe is the same as rarbazzle@gmail.com to get the contents.
If you don't want to hack in, get the parents to contact the places they want to access and they may have to send a copy of the death certificate to validate the reasons, but I had to do this for the wife of a friend who passed to get access to files online that were important to the family. Once they received the paperwork the places she needed reset the passwords so she could log in and get what she needed.
This happened to me 2 years ago and in the end I couldn't crack any of his passwords in a reasonable amount of time so I went around and contacted each site i needed access to. He put his going away note on myspace and i found the only way to get any account access (not passwords) was court order. I went for 2 of his emails before using them to recover all the other info
The administer/executor of his estate has the legal right to conduct business in his name for the purpose of settling his affairs. I would present the paperwork from the propate court to all those places you mentioned and procede to settle his affairs as you see fit.
You may discover something that he did indeed mean to keep private. And, if there is an afterlife, he may care. If so, be like an ethical telephone engineer and behave as if you have no knowledge you aren't supposed to have.
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
I don't know anything about the "how", as its thankfully never come up in my life. But asking if you should do it or not, I say yes.
He's dead, unfortunately. Dead people don't care about privacy. His family however is alive, and going through a very difficult time. If something is in those accounts/files that can provide some answers about what happened, it would help them.
That makes it worth at least trying.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
However, this would not hold true for any material the deceased attempted or intended to delete. Deleted files and sectors are a clear example. History and cache are a grey area -- many people do not know they exist, so cannot make an intelligent decision.
You do realise that without a court order, what you're suggesting is illegal?
Family of deceased military members in Iraq and Afghanistan deal with this all the time. Kid gets killed and nobody knows how to get into his Yahoo (or whatever) email. From what I've read, with very very few exceptions, the service providers will say that they are truly very sorry for the loss, but there is nothing they can do to help you get into the account if the deceased did not tell you how to get into it. Unless maybe you can get a court order somehow ordering MSN, etc. to help you get into the accounts, expect no help there. The university might help you, maybe, with proof of death if a family member (not you) asks to get into his accounts there, but expect commercial companies to refuse to help you because of confidentiality policies they have in place. I'd politely suggest that you think about why you felt the need to ask a bunch of strangers, including me, whether it's ethical or not to crack the accounts. My personal feeling is that since the guy is dead, it's OK, but if you are old enough to post here intelligently about the situation, you should have enough of a sense of ethics to decide this kind of thing on your own without having a bunch of strangers tell you whether it's right or wrong.
The good news is, you can!
There would always be the possibility of putting those wishes in one's actual will. That would give a lot more legal "teeth" to those requests, and make it much more likely that they will indeed be carried out. It also allows exact specification of what is to be done in the "killswitch" process ("professionally wipe the hard drive of any computer I own without accessing or allowing access to any of the information on such drives, delete unread all data in the online account X with service provider Y, then close the account...") Especially with online providers, an actual request in a will would make them much more likely to comply.
Putting it in the will also does make it a legally binding request, so that you do not have to rely on the goodwill of someone after your death but have made your wishes clear and binding. That is, after all, the purpose of a will.
To fight the war on terror, stop being afraid.
A friend of mine died last year and, as long as you can provide the proper paperwork, his family got access to his hotmail account. i guess as long as they can tie the death certificate to the person in the e-mails then its not a problem.
I have excellent Karma and I am not afraid to Troll it.
Suicide is ugly. It tears the victim's survivors to pieces. They don't know what to think, what to feel. They want to be angry that the person would do this to them. They want to be sad that the person is gone. They feel guilty because they think there is something they should have done, should have noticed. Most of all, they want it to never have happened.
Ask yourself if you really believe his death was an accident, because anything else you find is only going to hamper the family's pain (not just grief, pain. If you find an explanation it will only breed guilt or anger, they will take even longer to move through those emotions that they would have otherwise.
I was married for two months when my father-in-law commited suicide last December. My wife still cries herself to sleep about once every other week. I understand that they want closure, but they aren't going to find it; and anything they do find will only make acceptance harder.
Seriously. Speak to a lawyer, and then recommend a professional data recovery company to the family. You do not want to get involved with this. Best case, it turns out there's proof it was accidental. I'm not sure how that could be proved, but let's assume it was.
Worst case, you find evidence of... something. Drug use, criminal activity, involvement with a cult, something like that. Whatever it was, it drove him to suicide. Now you're in the position of telling the family that their son/brother was doing something they wouldn't have approved of. Yes, they may be glad to know what really happened, but you'd better believe that things are going to be awkward with the family from now on.
Or, possibly even worse than that... what if it turns out it was something the family did? Even if it wasn't anything illegal or even dishonest... do you want to be in the position of telling the parents that something they did caused their son to kill himself? I wouldn't. I wouldn't want to do that to my worst enemy, let alone people I liked.
Speak to a lawyer to find out the legal issues and what is needed to get information from various hosting services, then suggest that the family contact a good data recovery firm. Have them hire a lawyer to get the data from the hosting services. No matter how much you want to help, restrict it to helping them find professionals to get the data, don't try to do it yourself.
One other matter is, what is the "being-online-while-dead" protocol.
Do you answer incoming messages on IQC when you're reading the old chats, do you send a mass-message to everybody in the list? Same goes for e-mail.
Privacy is terrorism.
Dear anonymous reader,
Your "good" friend may have murdered her brother as well. From what you say, a suicide is unlikely without some strong reason and without death note. If some information related to such crime is to be found on his account, not only you could be involved in murder case, but you may be in life danger yourself knowing some key information about it, just in case your "good" friend wants to clean up all traces.
There you are, staring at me again.
The current title doesn't follows the great /. tradition of nice, misleading, news titles. I suggest "LAMP may have lead to suicide of CS major"
Boot from a Knoppix or Ubuntu live CD /hda1 /dev/hda1 /hda1 /hda1
sudo su
mkdir
mount
cd
explore away...
Gaining access to the laptop account should be fairly easy and straight forward. While most of us do have e-mail accounts from major public providers (Gmail, MSN, Yahoo!, Hotmail, etc.), they're all normally registered using an e-mail account from our ISP. With the permission and aid from his parents, you could contact said ISP and have his password changed. This can be done with you portraying to be him (The Wrong Way), or being honest with the ISP and informing them of the situation (The Right Way). The Wrong Way would probably yield better results with less hassle. Once you have access to his personal e-mail account supplied by his ISP, you can most likely gain access to the public accounts by going through the automated password reset feature (The Wrong Way), or you could contact the respective providers, inform them of the situation, and hope for the best (The Right Way). In this case, again, The Wrong Way will most likely yield better results. Gaining access to his university account will probably have to be done The Right Way only.
I don't recommend trying to crack your way in to any of the public accounts. If you're caught, you'd have a hard time explaining it all to the authorities and his family will not be able to help much once the law is involved.
It says very good things about you that you even stopped to ask the question. Many would not, either because they wanted to be a "hero" or because they were overwhelmed by the grief of the survivors. That being said, my bias would be to uncover as much information as could possibly be uncovered, especially seeing as how the circumstances of the deceased's passing are not yet entirely clear. As the attainment of said clarity is paramount for legal, moral, and psychological reasons (IMHO), I would view any action taken toward that goal as entirely appropriate.
If you can get access to his laptop - and from what I've seen in this thread, that should be easy, then in Firefox - which, being a Linux user, I'd guess he was probably using - there's a way to get all of someone's saved passwords very quickly and easily. You just go to Tools -> Options -> Security -> Show Passwords -> Show Passwords, and there they all are, in plain-text. To be honest, I've always wondered about this option. Seems like a big security risk, on shared computers. Anyway, hope it's helpful for you.
You'll just invite delay and trouble by contacting service providers. Instead, change his laptop's root password (it's easy: at grub edit the default stanza and set init=/bin/bash and then boot; once in, use "passwd" to change the root passwd; next use "passwd username" to change his user's password; using the rescue environment is slightly more complicated). This assumes he is not using an encrypted FS, which is likely.
Once you can boot into his user account, run the mail client(s) he has setup. They likely have the passwords stored. Voila, no need to contact the service providers.
Ethical? Well, you'll want to check with his heirs, first, but assuming there is no resistance on that front, go for it. It's called archeology when we do it to the Pharaohs.
-- @rjamestaylor on Ello
He may not even need help from them. Resetting the passwords on his laptop should be trivial (unless he was paranoid and encrypted everything), after that there's a decent chance his passwords are still cached in Firefox (just hope he didn't encrypt the password store--fortunately most people don't), you might be able to use that to log in and check his stuff.
I read the internet for the articles.
If the police/coroner have already ruled the death a suicide, you are unlikely to find anything on the laptop or in one of his emails that would help overturn the ruling. If it's still under investigation, the family should talk to a lawyer about whether it's OK to do this, and what their responsibilities are, based on what could be found.
The unfortunate truth about suicides is that it's rarely one thing that pushes someone to commit the act. It's an act of depression and desperation that was brewing for a long time.
If you do decide to help, you need to realize that this could be very difficult for you, and depending on what you find, could severely strain your relationship with this family. Is this something you are prepared for?
Your ethics in this case extend to the living, not the dead. "First, do no harm..." might be a good motto here. You are going to be mucking about in some content that might not be what anyone is expecting, but there is a story there and the living want it told-- at least to them.
So long as you are discreet and have the consent of the family, do what you need to do to bring them closure.
I've lost a child. I can assure you that it is important to the family that the tragedy not be a pointless one. A tragedy happened, and at the very least they want to know that they handled it well, that perhaps they are wiser for it, SOMETHING. It's called closure, and it doesn't ease the loss but it does help with the frustration.
My old college roommate also committed suicide last year, and I found myself in a similar situation, as the most computer-literate of his friends and family. I didn't think twice about helping his wife and family get into his accounts, his private server, and his email. There was a lot of stuff in there, such as work for his consulting clients, family photos, etc that were important for them to have, and it was good for everyone.
Yes, getting a court order, death certificate, etc can help - but as far as getting into a computer that you've been given by the family (or a privately hosted machine), you should go ahead so long as you have the family's blessing.
his wife and family asked me to get into his Yahoo account and ICQ account. There was a secret answer that either resets the password or reveals the password. This was in 1999 so maybe security has changed. The user sets the secret answer. His was the original middle name of his mother. His family gave me a copy of his birth certificate and I got the answer off of it and got into his account on Yahoo and gave the password to his wife and reset his ICQ password and gave it to his wife as well. We couldn't find anything that triggered the suicide. But on his computer the police found in his web cache that he visited web sites about suicide and got an idea from one of them to use a shotgun on himself. He bought the shotgun, and left a credit card receipt in the box, according to his wife who told me what the police found.
He was a brilliant C++ programmer and I had forwarded emails to him about jobs, and found that a year's worth of job possibilities and recruiter email hadn't been opened up and looked at by him. He just moved it to a different folder. Had he responded to any of them, his chances of finding another job would have been better.
I'd explain more but it is too painful to talk about. There were alcohol and drug related abuses as well in his life. He drank a whole bottle of vodka before killing himself. He ignored phone calls and emails for months, and I couldn't contact him.
Oh yeah if he uses Firefox, there is a reveal passwords option in the tools/options/security/show passwords box. You might be able to see what passwords he used, unless he wiped them out and also cleared his password history.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I don't understand how you could prove that it truly was an accident.
If it was suicide, you may be able to find some evidence of this, if he left a note, plans, etc behind in his accounts.
If it truly was an accident, you'd find no such thing. However, it would also be possible for this to be a suicide, and he simply didn't commit any of his plans to electronic media.
I doubt that gmail/hotmail/myspace etc will give you anything, tho if the death is suspicious the police could contact them.
You wouldn't need to crack his root pass, you could just mount his drive in another machine and read his data from it, or change the password, assuming he hasn't encrypted the drive.
You might be able to get into some of his accounts using information pulled from his laptop, and once you have one of his email accounts you might be able to get into other things using reset password links etc..
Also, since you're working for his family, if he's used typically lame "security questions" like mothers maiden name and first pet etc, you should be able to get that information trivially.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Never underestimate the usefullness of an drive image, and therefore the ability to put the machine back exactly as it was.
I have determined that my sig is indeterminate.
Ethically, I don't think it's much of a problem. There has never been much issues with relatives breaking the locks of a dead guys house, locker, or safe deposit box. I see no reason a gmail account should be more secret than private letters in a drawer.
As for the ethical aspect...
I would suggest his computer, the data on it and his online accounts etc, now belong to his family along with the rest of his belongings, in the absence of any will saying differently, so if the family want you to look at it that's their right.
It's no different to someone who maintains a paper diary, it falls to their family after death who may or may not read it at their discretion.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Last year, one of my roomates died of an accidental medical overdose and since I didnt know any of her distant family I had to go thru the process of getting information from other sources. I had to get this in order to work with the Funeral costs and details. I needed to get access to her contacts and Emails from HOTMAIL and had no clue to her password. I contacted the Hotmail support and explained my situation. They asked me to provide a copy of her death ceritficate (as I was the one that handled the police / hospital / coroner aspect) I was deemed her legal representation. After supplying the document and proof of identication for myself, I was given a copy of her information and emails. It's not as complicated as it sounds, but whoever will ask a provider for the information also needs to be the person on the legal documentation otherwise the provider (most probably) refuse to supply the information. Hope this helps, Doug!
Please never get married - at least not until you understand why "his life is his own business" is so terribly wrong.
Do you have ESP?
As the parent said, booting the system from a live CD will let you in. If this person used Firefox's password manager (and assuming he didn't set a master password), you can reset his account's password from the live CD, then log into the laptop as him, and use Firefox to connect to hotmail, gmail, etc... You could even use Firefox's "Show Passwords" to recover the passwords, if needed.
I think the real question is do you really want to know? does the family really want to know? Having this question answered could cause more harm than not knowing and allowing the family to come to their own reasons as to why. if he has attacked his family at all in any letters or posts there is no way for them to be able to fix what he may have felt they did wrong. personally I would let it be.
I got depressed a bit after every graduation. I evaluated myself on my academic prowess and graduation was the end of a stage. Fortunately there was soemthing new around the corner. I wonder if other nerds experienced this?
A cousin of mine that I was very close with committed suicide in January. It was absolutely heart wrenching. I had no clue she was in that much trouble (she had tried a year prior, but all indications from what I knew was that she was doing much better). I still wrestle to this day with the guilt of not being more involved. Which is why I helped in the situation below...at least I could say I did something.
My uncle (her father) called me 2 or 3 days after she died and in a very rough phone call asked for my help (me being the computer guy in the family). He had literally just found out she had a myspace account, which had contained several recent blog posts regarding her struggles finding a job and some of her issues she had been dealing with. Nothing about her suicidal thoughts were written though.
He had also heard she had wrote on her myspace blog really nice things about him and he wanted to read it with his own eyes. He also wanted to post a comment on her page, as in the days immediately after her death it became quite a memorial for all of us who knew her.
The issue was she didn't allow comments without that person being a friend on her myspace account
He had figured out how to create an account, so I had to break him the news that without my cousin's password, he wouldn't be approved to post on her myspace. Luckly, we figured out her password thanks to help from her partner and was able to get into my cousin's account to approve him.
For me, the ethical thing to do was to allow her loving father to send one more message to her, to read about the love she had for him, and perhaps find some answers as to why she did what she did.
Luckily it didn't have to get to the point of slaving the hard drive and hoping she saved the passwords in IE or Firefox. She had apparently shared some of her passwords with her partner. However, I was fully prepared to go all the way to requesting help from MySpace itself it that was what it took.
She would have wanted it that way, I know it.
I'd suggest something similar. Ask the probate judge to release the computers to a designated consultant, maybe a family friend, who has the technical chops to bypass the passwords (which, as others mention here, is not that big a job) and whose judgment they trust to preserve the decedent's privacy while he digs out anything that might help them.
rj
The easiest way to obtain passwords from websites, email providers and services in this case (and many other cases;) would be to hijack the Firefox and Thunderbird profiles, or equivalent, if the subject used something else for browsing/email. That way you not only get the stored passwords (most of the people store their passwords in these apps without a master password), but you also hijack their active sessions and cookies. Even if he didn't store his passwords, he probably didn't bother to clear all cookies before committing suicide. That being said, I think it's pretty ethically correct to do the family's will and give them the access they want to their son's information. Still I'm not sure how much his family will benefit from this information and if they're not better off without digging through his personal stuff now.
The ethics are the guy has passed, all his personal property now belongs to his next of kin. If they have given you their permission then you have the ethical go ahead to proceed. I think you should in all likely hood prepare the family members before hand and inform them that in all likely hood you may find nothing more to give them closure.
As for his gmail, and myspace accounts you would have a better time hacking them than getting permission from either to access the account, this may include the family. You would have the burden of proof to prove that user is deceased, and even then with a million or so users would they really care about that 1 account, since you aren't law enforcement or anything.
My condolences on your loss.
I am Bennett Haselton! I am Bennett Haselton!
/. is notoriously full of atheists. You might get a bias sampling of answers. I'm not an atheist, so maybe I can balance it out.
Many people use myspace as a kind of diary, and I think it is clearly immoral to read someone living's diary without their permission. As for a dead person, we read Anne Frank's all the time; you have to make the call as to whether they might want have wanted you to. Since you are sharing it to help those who he loved and who loved him, it would be difficult to believe he wouldn't.
My daughter was murdered by her ex-boyfriend two years ago. I had recently given her a laptop in preparation for college and after the police were finished inspecting it for clues it was returned to me.
Fortunately she had stayed logged in to her myspace account and I was able to use the "reveal asterisks" hack to reveal her password. That password led to other accounts & email accounts which then led to more passwords.
Eventually I could access everything - to include the killer's accounts. It was very helpful for me to be able to know that my daughter was exactly who I thought she was and at the same time gain insight into the punk that murdered her.
If there is the opportunity to give your friend some closure then I don't feel that a moral dilemma exists. The dead are just that... dead. The ones that are grieving and in pain are the living. If you can do something that may assuage their grief I feel you should.
Just be aware that what might be revealed has the potential to cause more pain - but that's really your friend's decision.
Good luck, and my condolences to your friend.
JAGga.me ----> Producing video games addressing emotional health and wellness issues affecting teens.
Since the stated purpose is to determine whether or not this was a suicide or an accident, and since the cause of death is not described, and since the payment arrangements are not described, let me start with some assumptions.
1. Death was by traumatic injury.
2. Payment from some third party (generally an insurance company) would depend on whether or not the cause of death was suicide.
There is a rebuttable presumption in many states that death by traumatic injury is accidental, which shifts the burden of proof to the third party. If, in the course of litigating the claim against the third party, the third pleads/brings facts sufficient to overcome the presumption, you should get a subpoena that will open all the accounts for you. I'd avoid cracking the laptop myself if you're going to take this route: you want someone who appears unbiased to be looking through the files. Any destructive change may be considered destruction of evidence, and such would be construed as strongly as possible against the destroyer of that evidence.
IANAL. YMMV. Law may vary in your state.
Personally, I would want people to see everything of my life they wanted to, raw. If you are troubled, you are probably struggling to get people to understand you, and you would probably really appreciate people trying.
Valid point... :)
Dead people have no privacy rights.
Don't piss off The Angry Economist
--- Just say no to negativity.
Once you have access to the web browser then most likely you can get dozen of passwords used to logging into websites which are probably all the same or there's just about 3-5 of them.
A good friend of mine died of a heart attack recently.
:-(
I contacted an online directory that was listing him and asked that they took down his profile because he had died. "Sure", they replied, "just give us his password and the answer to his secret question"...
Anything you find in his computer will likely be inadmissible if you have to take a company to court. My advice would be to hire a lawyer before you even touch his computer. If they feel it's appropriate, they can hire a licensed expert to search through that information. With the nature of digital information, anything you find on his system could just as easily have been forged by you as found by you.
The other thing to consider, is what evidence could you find? If he did in fact commit suicide, you may find a suicide note, that he visited suicide related websites, or some kind of correspondence with someone regarding suicide. He also might have covered his tracks.
If this turned out to be an accident, what evidence could you possibly find on his computer? You may find a calendar indicating he had plans for later in the week, but it's my understanding that when men commit suicide it's often a compulsion, and not something they planned out very far ahead of time.
If the family simply wants to know, you can find quite a bit of information on someone's computer. If this is to try and claim money in a court of law, the search needs to be done by a professional, but I have my doubts that a professional could prove anything other than suicide.
Dont take this things in your hands. If you have to ask Slashdot to determine wether to break into the accounts or not, then you are not the right person to do the job. You obviously have no experience in forensics (not computers) or investigations. And obviously it's neither your profession nor have you been involved with suicide cases regularly. There is no way you can handle this, get the right conclusion, stay within the correct legal procedures and not get hurt emotionally at the same time.
Ask yourself: let's say you break into one of the accounts, the bring the evidence to court/the insurance etc. i can tell you, if you did it, it's most likely not to be used as evidence any more. Let's say you find it out. Are you trained in handling relatives? Let's say you find it out but don't want to tell it to the relatives? Do you know how to handle that? What about you? are you emotionally firm enough to really search for something like this?
I actually had to do this for a family one time. The local police department didn't want anything to do with it -- the young man was in the armed forces and died in his residence due to a drug overdose. His parents knew he had been going through a divorce and wanted closure to make sure it wasn't because of his ex wife. As it turned out, he had been dabbling a lot in illegal drugs (as I found out through discovering lot of emails he had between some friends of his). It had apparently been going on for a while and they were satisfied knowing it wasn't his ex wife that had driven him to do a one-time overdose.
Yes God forbid we try to solve problem on our own first without seeking the nanny state.
Now, these entities might have policies that basically say, "get a court order so we can cover our ass." If you are sure this is the case, then by all means forgo asking the entity and go directly for the court order. However, don't go wasting the courts time and everyone's tax dollars unnecessarily.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
Asking permission => Free
A "simple" court order => Not free
Amen.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
"We owe respect to the living. To the dead we owe only truth." Voltaire
The way I see it, if this guy really didn't want people going through his computers after he had died, he would have wiped his MySpace profiles and overwrote the drives on all his computers with zeros in order to wipe out all data. He would also have done everything he could to get rid of anything he might have left behind on Google, MSN, etc.
I write sci-fi for metalheads
Use a boot cd, or add a '1' to command line arguments.
If one has physical access to a machine, it makes little to prevent access at boot time, as you can boot from a rescue CD, or remove the hard drive and read it yourself.
As for the google and hotmail accounts, email the admin there.
No hacking required.
... he'd better start worrying because it means his friend is a resurrected zombie! Run!
Seriously , if someone is dead they're dead. Gone. No more. And don't give that "soul gone to heaven" nonsense. If their left no will then any attempt at second guessing their wishes is a waste of time and effort.
Eh? gmail has a policy page for this exact situation..
This is a pretty standard industry policy. Death certificate and proof that you are nearest relative or executor.
http://www.howtoweb.com/cgi-bin/insider.pl?zone=361051
Yahoo requires an order from the probate court, but that looks to be the most restrictive.
http://mail.google.com/support/bin/answer.py?answer=14300
He's dead. He has no rights.
I fail to see where the dilemma is. Is he going to get mad at you? Is he going to sue you? Is he going to press charges.
If the estate says yes, which it appears to be doing, then there is no problem.
This whole thing seems foolish.
I find being offended by me offensive.
If he has an estate (assets to pass to others), the attorney handling it can issue a subpoena to the service providers. (Getting them to comply may be another thing, but it's worth a shot).
Sent from my iPhone
A safety deposit box isn't a bad idea for keeping your important records. In my safety deposit box, I keep the title to my house*, the title to my car, my will**, extra checks, passport, birth certificate, etc...
Having a password list in there, in a sealed envelope for your executor isn't a bad idea. They're going to need a death cert and key to get in there anyways.
*Yes, I'm unusual, I own my own house in the free and clear.
**I have extra copies with my executor and in my house, in my records box.
I don't read AC A human right
When doing this you have to be ready for what you might find and how to handle it. It's likely that there's some stuff that his family would rather not know existed, like porn. There may also be evidence of some illegal activity, which may implicate people besides himself. How might you handle that? As far as actually doing the job, don't start with his accounts on sites. Start with his laptop and school accounts. You can ask the school for assistance and even if they have a policy against it if you ask they should make a backup and let a court decide if his parents get the data. If he's a minor this should probably be a sure thing. On his laptop, make a backup of the harddrive image. Then always work with a copy. It's likely that if you can run a web browser with his config files it might remember his passwords for the sites you are interested in, which would save you a lot of work. If he's uber security minded you're in for some hard work. With the sites he has accounts on you can try figuring out who else might have some sort of access already. If you found one MySpace friend on the private account you might persuade them to let you look at it through their account. Or maybe just give a summary of some stuff on it that they think might be of interest if they feel like some of it is secrets that should die with him. As far as trying to crack passwords for accounts, I have no suggestions. Try to work around having to do this.
I don't know if anyone mentioned this first because of all the ajax hoopla we have in /. these days but for the love of god:
*** Make a backup of everything before starting ***
No matter what, these are the last things his family will have of him, and even if its painful to the level of not caring right now, they will want it in the future.
On a personal note. If I were to die, even more so if I were to kill myself, my passwords and permanent digital signature left behind for all time I consider to be a treasure hunt or challenge to those who are left with the ability to hack a password. And just to add to the trail. Some of my passwords have characters like "âOE" (homeplates) somewhere in the range of extended characters and behond in them. Good luck brute forcing those ones hackers. I will be laughing from beyond at anyone who tries to brute force any of my passwords... Laughing! Of course in 500 years brute force & other methods will probably have advanced guess them in milliseconds.
As much as I hate to say it, some of this will require an attorney. To get access to his Gmail, MySpace, etc. you will need to have his estate contact the operators of those services and explain the situation and make it part of an investigation. They may be understanding and cooperate, they may not in which case you'll need to get a court order.
His PC, on the other hand, I would make an image of the HDD (ghost, acronis, etc.) and make a working copy to try to crack - if he was as good as he sounds, he may have experimented with countermeasures, and you wouldn't want one of those triggering a reformatting.
Define up front who you're doing this for. Get written permission from his estate/family to break into his PC. Get written requirements on what you're to look for (which could include "everything") and find out what their limits are for disclosure. Example: if he was from an ultraconservative family and you found emails indicating that he was gay, would they want to know or not?
The business you're stepping into is a dark one. This isn't a "cool" or some type of novelty. Trust me, dealing with secrets loses a lot of its appeal when the realization of the responsibility sets in. Be professional, be discrete and be honest.
Oh, and another thing - just a personal note - I wouldn't take payment for these services.
I hope this helps.
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
Why in the world would you go to the trouble of brute-forcing the passwords when you can simply pop an ubuntu CD in the drive, mount the filesystem and bypass the passwords entirely?
It's something that's got me slightly puzzled, to be honest, but you can chroot into someone's root user account just by popping in any live cd. Short of having your root / home folders in a cryptoloop, any physical access to your machine can reveal all your files to someone stubborn (and smart) enough to want them.
As far as ethics, what's the difference between looking through a deceased's computer files versus looking through all of his stuff in his college dorm room, finding the key for that safe-box he had? Just pop in the CD, hook an external drive, and backup all the files to it so the family can sort through it.
---- I am certain of only one thing : I know nothing else.
I think the ethics of this situation are debatable, and they're actually being debated in a few threads. Mostly, though, I see people here saying "the legal owner of the property said you should do it, so it's okay." If you said or thought that, I think you need to take a hard look at your mind and figure out why it is that you think that legality is the same as, or more important than, being ethical. These answers actually help me to put into perspective the way laws are presented in corporate environments, where they are typically called ethics but are anything but.
"I zero-index my hamsters" - Willtor (147206)
Yeah, what is all this subpoena talk already? Take his computer, boot from a disk or alt drive, make sure his partitions are in the right places, chroot to his system, passwd to set the root and user passwords, then log in as him and see what you can get to. Probably should make copies of things like the history file first, so you can see as much as was there without the browser expiring records when you run it.
After that, you think about asking gmail and such. You ask now and they may close the account before you access it. Remember those accounts are not ours in a propert sense. They exist at the pleasure of the provider and their generaly incredibly loose terms of service (we can do anything and you automatically agree by continuing use).
If he has ANY Windows computer, you should run Cain and Able on it to see if he stored any passwords, even by accident on that machine. Or on any family member's computers.
.conf files, and see if there's plain text passwords in any of those. Any password has a likelihood of being used for multiple accounts.
:-)
MSN log files, IRC log files, all that shit is gold.
Ignore anyone here who suggests what you're doing is wrong. You're helping a friend out in a difficult time, bust out the l33t skills and crack this shit.
Look for random scraps of paper around the desk, there might be passwords written on that. Especially if it's a worn looking piece of paper.
Look in
Go through his browser's cache, history and cookies.
Watch the movie Hackers, and go into his Garbage folder.
Run an undelete application that looks for files that he may have deleted, but only the reference data got removed.
Get password files off that computer, and get them onto your computer, and run a brute force cracking app against it when you get desperate.
Then try variants of the passwords that you do know. So if the password is "elephant", try "Elephant", "ElephanT", "3l3ph4nt", "3l3ph4nT" in other cases.
If you can get into his email, you can probably get the passwords for accounts like MySpace by doing the "I Forgot my Password" option...
Good luck, may the force be with, live long and prosper, in Soviet Russia computers hack you, a naked petrified hot gritted Portman welcomes the overlords, hack the planet!!
Take an image of the harddrive, before making any changes. There's just so many ways to lose information (browser cache etc) when you're trying to do something like this.
Derek K. Miller on digital executors "Derek blogs about all aspects of his life, from his hometown of Burnaby B.C., to his kids, to his cancer. At the beginning of 2007, he was diagnosed with cancer and he's currently fighting stage 4 metastatic colorectal cancer. One of the things that Derek has been thinking about his digital legacy, and what should happen to our web presence when we die. Do we need to appoint a digital executor to oversee our online belongings? Someone who would know all of your passwords and keep up the payments for your domain name, for example, so your site would live on even after you have gone?"
Dead think? Has anyone gone, AND returned AND provide irrefutable, non-faith-based PROOF. Some deaths are violent, some peaceful. Death is a transition of SOME sort, and we don't know WHERE the soul/spirit/mind will go. Some believe untimely or painful or wrongful deaths cause the sould to be "hungry", evil, or grounded to Earth. So, depending on the cause of this person, he may or may NOT want people rifling through his computer.
For legal, and mamby-pamby-assed humans-on-Earth reasons, it's either said, "Don't disrespect the dead", don't speak ill of the dead, or dig DEEP for whatever information can be found.
NOT ONE OF US alive knows what the dead/departed/physically-separated think, know, or are located. NONE of us. But, human laws on privacy will generally prevail based on the locality.
In some countries, suicide is (no disrespect intended) a grave insult, and the surviving family members are faced with the bill for dealing with processing the body, recording any facts, and so forth. So, the family may get more than they bargained for. Who knows what family secrets or privacy revelations may occur if information is leaked?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
...in one column he talked about what he wanted to happen when he died -screw the $$, the house, the cars, he couldn't care less about those: JUST WIPE HIS LAPTOP PLEASE before it's given to any next-of-kin.
-Styopa
Disclosure: I have nothing to do with them apart from being a very satisfied customer.
My brother died the day after this past Christmas. While organizing his things, I had to shut down his internet account, his XM radio account, etc. It's a hard thing to do emotionally, but from a customer service perspective there was very little resistance from the service providers for this.
What I would recommend is to protect their dignity, whatever you decide. If you find pornography, delete it. If you find sensitive documents beyond a possible suicide note, use your better judgement or let the family decide. But regarding your question about accessing their accounts, I feel it's okay to do so provided you're doing it for the family and not to be invasive.
Darryl L. Pierce "What do you care what people think, Mr. Feynman?"
A quick way to grab all of his saved passwords:
.mozilla/ directory .mozilla directory to .mozilla.bak/ or something .mozilla dir into your homedir
1. mount whatever device his homedir is on
2. copy off his
3. back up your own
4. copy his
5. open firefox
6. edit > prefrences > security > saved passwords > show passwords
That should give you a good enough head start to look into whatever websites he frequently visited. Also might be good to dump his entire homedir just to poke around for notes or papers he may have written recently. Using cp -p will preserve timestamp information.
Also, to get access to his university accounts, if the password isn't in his list of saved web passwords, it should probably be in whatever email client he was using.
Also, as a side note. Fuck ethics and morality. Any confusion or uncertainty over something like that has the potential of causing even worse long term damage to family members. Good luck.
If you do this to somebody dead 50,000 years, it's called paleontology.
If you do this to somebody dead two thousand years, it's called archaeology.
If you do this to somebody dead a hundred years, it's called historical research from primary sources. (Letters to and from dead folks are found and auctioned, or donated to museums or estate, all the time.)
Vintage computer games and RPG books available. Email me if you're interested.
"We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
The executor or administrator of his estate has the right to gain access to his accounts. A court order from the probate court may be required to convince the service providers to cooperate.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
If it were me, i wouldnt mind. I would actually have left a bunch of carefully crafted trails, so you can deduce why everything happened. Unless I died by accident. Then you would have to do with my "If you are reading this and you are not me, then I assume you have cracked up my e-mail password" e-mail. Quite fun to write.
While there have been multiple instances in the past of providers such as AOL and MSN refusing to give passwords to next of kin under the auspices that the account was licensed to the deceased, and the license does not survive death; you can always bring up that the deceased was a minor, therefore the account is legally licensed to the parents, not to the minor, so the parents, being the licensee, should be able to get the passwords reset.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
totally unethical If the person had wanted you to have the data they would have given it to you. Most email providers have clauses in their user agreement that the accounts are non-transferrable upon death, as they should. This is to protect privacy. Of course if you are a soldier killed in war, yahoo will happily ignore its privacy policies. http://yro.slashdot.org/article.pl?sid=05/01/12/1513231&tid=158
I wouldn't try to "crack" the root password exactly. I'd pull the drive out and mount it externally in a USB chassis to another system running Linux, and access the contents of that drive from there.
This will work as long as he didn't use whole-disk encryption...which is unlikely.
If he kept his EMail archives locally in Evolution, Thunderbird or similar, getting to it will be fairly simple.
You'll get this done faster if you have a Linux geek help you out. Try his school's Linux club, or a comp sci professor.
As to data held in something like GMail or other online accounts, you might need to have somebody declared executor of his estate and then apply for access in writing to the data from the providers...suing if necessary I guess.
Lots of options here.
first try to crack the passwords on his machine. If you can get any passwords in plain text write them down. He may have reused them. If you can get into his profile, its possible he set his cookies to auto login to his websites.
Next try to get into his email. Call the provider and ask about your situation and find out what the rules are with out ever telling the operator your name or the account name. If the info they give you will not help you, hang up and call back pretending to be the deceased. They dont know he is dead yet.
Get the birth cert, social security number, phone numbers and addresses (current and past), birthdate, drivers lic, mothers maiden name. Try calling from his home phone, or be near that phone when you make your call. Just pretend to be an average user that cant get into your email. Reset the password.
Once you have the email account under your control you can just request a password reset from most of the other services.
Basicly steal his identity, if they cant prove you are not him its hard for them to not let you in. Just play dumb. Dont say you forgot your password, tell them that your email is broken because your account won't work.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
With a death certificate and whoever was designated as the executor of the estate, they should be able to contact any of the services(hotmail, gmail, etc), and get the passwords reset. Probably not a typical hotmail request, so it might take a while, but I would imagine this would work. It really will depend on your states laws though.
His parents can work with each site to obtain a password. Most will do so with a death certificate and proof that you're the parents, like a birth certificate and a drivers license.
-- botsex is {grep;touch;strip;unzip;head;mount}
I am not a lawyer but my advice to you is to very methodically contact any companies involved.
You should identify yourself in any communications as "Joe Blow acting at the request of the executor of the estate of John Doe." Don't expect an e-mail to customer service to gain you access to accounts. Ask what you need to do. Most likely they'll want you to mail or fax a copy of a death certificate to a specific group within their company.
If they stonewall you, then go to a judge and get a court order. Keep in mind that in this particular case you are investigating whether or not he killed himself. This means that a subpoena would be very appropriate and should be very easy to come by. If you have money but not time, hire a lawyer to do this. If you have time but not money then do a little preliminary research on how to file a subpoena then go to your local courthouse during a down time and chat up the clerks. Most of the time they are nice middle-aged to older ladies. Dress appropriately. That means at least a shirt and tie, maybe a sport coat. If you do not keep facial hair, be clean shaven. If you do keep facial hair, be sure it is cleanly trimmed. They should be able to help you file the documents with the court and have a judge consider them. It is very likely that the judge will issue the subpoena after reviewing your brief.
Remember that at this point the wishes of your dead friend are determined by the executor of his estate which is most likely one or both of his parents. So if they say to do something then what they say is considered to be his wishes.
Either that or they respect their user privacy to at least some extent, if it didn't require a court order, it would be far to easy to fake somebody's death to get their details.
IranAir Flight 655 never forget!
logging into his laptop directly, while extremely convenient, is just asking for evidence distruction!! you could squish SO MUCH -- the real password (should you choose to crack it later and find that it's something like "ihatemylife"), his browsing history, atime on files, etc. you've only got one copy... instead, why not just mirror the hd somewhere first and mess with that? if you've got a Unix-like OS, just (dd if=/dev/[hd] of=~/localfile && losetup /dev/loop0 ~/localfile) as root and then poke around all you want. (you could use Qemu to run the disk-file as a virtual machine.)
Do NOT boot your friend's machine. Make a full binary copy of the disk and then use that as source of forensic information.
The swap area and free blocks may contain old and precious information. I've extracted account information from discarded disks which didn't live in files.
Heck, your friend could have decided to write a suicide note and then deleted it.
His private e-mails / blogs / documents may very well contain a will of some sort, or perhaps a note that contains his preference of burial/cremation/etc.
It is your ethical and legal obligation to make a good faith effort to review his private documents.
I agree with the parent.
I would think that all possessions, physical and intellectual, go to the next of kin. So if they WANT to crack the password encrypted files they should be able.
Of course, if they decide not to in honoring the person's wishes, then so be it.
..........FULL STOP.
My thought when I first read the original poster, was how do you prove "not suicide" ? ... I had not considered the foul play option... If that is a suspected possibility then he should not play Scooby-Do, but give the job over to the cops... If that is not a consideration, then basically he can only "prove" support for suicide with evidence, he can not prove "not suicide" by lack of evidence (he already has that)
waiting for ad.doubleclick.net
"happy successful people don't just off themselves for no reason and without any sort of note or indication that things were not going quite so peachy as believed"
Ok, some corrections here:
1. Happy people, successful or not, probably won't be committing suicide. Am I a happy person? As much as you might think you can deduce, no matter how well you know me, you cannot tell. So, the crux is that obviously, he wasn't happy and just put on a good show to make those around him comfortable.
2. The vast majority of suicides leave no note. Of those who do, a very large percentage of those notes are attack notes meant to hurt those around them. If you've ever read one, the last thing they do is bring closure.
3. If someone genuinely wants to die, they won't give a call for help. More likely, they'll just give it a go.
4. If someone is depressed, they do indeed off themselves for no reason -- that is unless you count, "I have enough energy today to actually do something about it" as a reason.
Suicide isn't like some movie story. It isn't romantic at all -- there is often no cry for help, usually no note, and almost always no closure for the victims (those left behind).
I say go for it wrt cracking his passwords and such. I see no moral issues as your intentions are noble and you were asked by his family. As for myspace et. al. giving you his password, definitely not going to happen. You need to be a Chinese government official to pull that off :)
Someone mod parent up... This is the answer to 90% of his question.
It was more entertaining to assume that it was a suicide.
I write sci-fi for metalheads
With my brother - it was a tragedy for sure, but my advice would be to hire and retain a lawyer. You pretty much need one to sort out all the things he left behind anyhow since some debt collectors would love to have other family members pay off their debts.
I get the feeling that most people here have never faced one of their friends or loved ones committing suicide. Unfortunately, I have experienced the former, and I can't imagine what it must be like for the latter.
Suicide is the worst type of death to have to deal with, as it leaves everybody around the person in limbo. At least with an accidental death or a death by illness there is some comfort, either that the death was not intentional, or that the person went out fighting. But suicide, particularly when there is no note, leaves you none of that.
I can't speak from a legal standpoint - among other things, I don't know what country you're in. But from a moral standpoint, since you have the blessings of the family, opening up those files and passwords is exactly the right thing to do, not only for your friend's family, but for yourself as well.
In a very real way, regardless of how shocking what you might find may be, you can only make things better all round by doing this. It will bring everybody out of freefall.
Robert B. Marks
Author, Demonsbane in Diablo Archive
>> NOT ONE OF US alive knows what the dead/departed/physically-separated think, know, or are located. NONE of us.
Given the total lack of scientific evidence for an afterlife, I do think it's a pretty safe assumption that the dead don't care. To me, that assumption is as safe as my other assumption, that the sun will rise tomorrow. NOT ONE OF US knows for certain that it will - not for certain. But, based on the evidence available, let's just say that the odds look pretty good for sunshine.
As a bit of unsolicited but hopefully constructive criticism, I have to say, capitalizing roughly every third word or so is going to cause some people to perceive you as a raving lunatic. I'm not one of those people, but... you might want to think about going a bit easier on the caps.
So once they tell you to go and pound sand (the OP clearly states he hasn't gotten that far), then you take it to the courts. Honestly, I think it's really ethically inexcusable to lawyer up without even ATTEMPTING to solve things decently and without undue conflict. If they're unreasonable about it, THAT is what the court system is for. If they wouldn't have been unreasonable about it, congratulations, you just abused the court system, wasted MY tax dollars, and made our whole corporate society just *that* much more litigious. Good job.
My dear friend Jim committed suicide two years ago. He was the god father of my son, and a partner in work and fun. He also introduced me to Slashdot, and ushered me through my newbie days.
For some reason this thread just made me want to mention his name, so he is not forgotten.
Be kind, for everyone you meet is fighting a difficult battle. - Plato
I certainly wouldn't want anyone getting unauthorized access to my data after I'm dead. In fact, if I knew I was going to die, I'd delete all my online accounts and destroy all my hard drives, perhaps with the exception of anything that I would like to share or that others would find useful, which would be put on something unrestricted and readable, if it wasn't already publicly available. If he wanted something to be found, he would have left it where someone else could find it. If he deleted Suicide Note Draft.doc, it's because he didn't want anyone to see it.
Maybe I'm weird but I'd roll in my grave if someone pwned my files when I was dead. I don't hide things I want to share, and I don't share things that are private, this is all very straightforward to me. I'm not trying to flame or troll or anything. This is just my opinion, and I welcome any comments on it, because I really don't get the general theme of "go ahead and break into the dead guy's personal files!" in this discussion.
I'm also reading in this discussion that a relative can obtain a dead person's password from most services by submitting the appropriate paperwork. Where can I learn more about this? I will request that this not be possible for my accounts if necessary.
"When information is power, privacy is freedom" - Jah-Wren Ryel
How come people give mod points to IANALs who attempt legal advice?
No! I've never seen Ghost Whisperer.
Yes! When cornered I blame my extensive knowledge of the show on my wife.
So you think you don't need a WILL because you're only 18, or 30?? I had a client who was 29 and in the middle of a divorce when he stroked out. Because the divorce wasn't finalized, his not-yet-ex-wife got his money and life insurance instead of his kid!! See a lawyer and have it done right (and BTW give the lawyer a sealed envelope with all your passwords and instructions for dealing with your data).
Let's be clear - this person is dead. Any investigation of anything is only for the family(or whoever pays) and not for the deceased, so what he may have wanted is quite irrelevant *to you*. This is all about the living, not the dead.
That said, IMHO it's inappropriate for them to ask you to prod around his private affairs just because 'you know computers'. It's not like that's a rare skill nowadays. I think they should be hiring a private investigator for this if it's all that important to them. It puts you in an awkward and potentially dubious position. What if you find a terrible secret? How does this impact your relationship with your friend?
Nope. Consider doing their taxes for them perhaps. Let the professionals do their job.
DT
I've heard of such arrangements, but they didn't involve burying it.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
you're facing a difficult ethical dilemma, so clearly you made the right decision by asking for help from a bunch of anonymous internet forum morons.
In addition to conspiracy theories about how Microsoft and the RIAA conspired to kill your friend's brother, you can expect to recieve such insightful gems on your crisis as, "in soviet Russia, myspace suicides you."
After reading the post and some of the replies I wanted to try and provide some insight on a few things. First of all I should mention that I'm a coroner in British Columbia, Canada, so not everything that applies here will apply in other jurisdictions. However I hope I can still be of some help. In regard to suicide vs. accident, there is typically a presumption against suicide and the coroner or medical examiner should have some substantial evidence if they are going to rule the death a suicide. Having said that, suicide is a lot more common than most people believe. For example, British Columbia has a population of a little over 4 million and we see approximately 500 suicides per year. Contrary to what some people are suggesting there is usualy no suicide note. Also, the person is not always known to be suicidal or even depressed. Sometimes a suicide comes as a complete surprise to family and friends. I would not say that this is the norm but it definitely happens. Evidence of a suicide can take several forms. Ideally there should be a history of some kind to support that the death was a suicide but I have had cases in which the circumstances of the death were such that it was unreasonable to conclude that the death was anything other than a suicide, even though the person had no history of depression, suicidal ideation or behaviour that suggested they might harm themselves. As far as the information on the computer, I have taken information from people's computers and in one case seized a computer to get further info from it. I do not see an ethical issue with this if it will help to determine the manner of death. My only suggestion is that the coroner or medical examiner should perhaps be contacted to see if they are willing to do this. They may not be willing to get involved if they feel that they already have sufficient evidence to classify the death. Also, I do not know if the coroner/ME in your area has the legal authority to do this. Still, if the family strongly believes that the death is an accident and not a suicide they should talk to the coroner/ME about their concerns. When family members have raised such concerns with me I have found that sometimes they have very useful information or insight that can have a significant impact on my investigation. Other times it is clear that they are just not willing or able to accept the truth. As far as legalities, I can tell you that here in BC (and I suspect in most cases) it is the same as most people have stated - the things that belonged to the decedent now belong to the estate. The executor or legal next of kin will likely have the legal authority to give you permission to do what you are talking about. Having said that, I will give the standard IANAL disclaimer along with a reminder that laws can of course vary from one jurisdiction to another. NOTE: sorry about the wall of text. This is my first Slashdot post and I haven't yet figured out how to make it appear in paragraphs the way I wrote it.
As I said twice already, I made a typo. Obviously those services do NOT ask for next of kin.
For he today that sheds his blood with me shall be my brother.
""Dude, the government exists to help us when we need help"" (said ktappe).
Yeah - many times regardless of whatever we want or need said "help"
(and that's just when they are being "helpful.")
... don't do anything which could alter the drives. This means don't boot up his laptop, etc. Correspondingly, you probably don't want to log in to Myspace, as that might trigger "Oh, he was active ___" things in logs; I'd rely on Myspace (and so forth) to provide the data to you in a way which is forensically sound.
Better yet, hire a computer forensics expert to advise you. (Local lawyers may know some good expert witnesses?)
I'm not a forensic investigator, and I'm not even certain such policy as I mentioned is sufficient to prevent pooch-screwing the evidence (or lack thereof). Make sure you document everything you do, especially since if you've had access to it the insurance will question whether you deleted evidence of his suicidal intent. You, being a friend of the family, might not be sufficiently separated from the INTERESTS of the estate to be considered neutral enough.
Get a lawyer, find out what they feel you need to do to establish that it wasn't suicide, and to protect the evidence from contamination.
As for the ethics of {someone} poking in someone else's machine after death... I think that proving that there was no suicidal intent (and thereby greatly benefiting the survivors) seems like something I'd want people to do.
Strange that the inquest (if there was one?) ruled it a suicide, though.
The university might assist since they'll know he's actually dead. The agencies which have no form of personal relationship with him though won't know this, and should treat all such inquiries as if they are social engineering attacks until lawyers become involved.
There was a deal a few years ago where a soldier who had been killed in Iraq had a Yahoo email account. Yahoo refused to give the family access, and I believe it was found that they didn't have any obligation to do so.
These uninvolved companies don't know anything about their user or the user's wishes. Just because I'm deceased doesn't mean I want my estranged wife having a chance to dig through all my emails (not that I'm either deceased or have an estranged wife). For example, there could be evidence in the email which permits her to challenge the will I'd written, etc.
Slay a dragon... over lunch!
What if you find out something you didn't care to know?
0. You didn't ask for technical help, so I won't offer.
1. The funeral payment help could be a relative that doesn't want to have anything to do with a suicide. That was the case with the one similar event I am familiar with. If there is no insurance that is being denied, or a murderer/negligent party, then legal issues of proof aren't necessary.
2. I would take the advice that several offered to ask the family what they would want to know and what they wouldn't, before you start.
3. Most importantly: Even if you believe that there is no afterlife and that therefor there is no privacy to intrude. Funeral rites are at least partially if not all for the living. We feel better that we will be treated properly if we see others being treated properly.
Maybe I can provide some insight, as a close colleague at work died last year in a tragic outdoor accident.
Basically, what it boiled down to was as follows: The family/next of kin have right to access all of the deceased person's personal files, emails, etc. Company property is exempt of course - for IP reasons. The system administrators should release a copy of the person's email mailboxes, and all other relevant files to the next-of-kin, after examining that no business-relevant data goes out.
They will not and should not release anything to you, you're (iirc) not related.
I am sure there's a procedure in place at Gmail, etc. to deal with such a situation, as this is not the first time something like this happens.
The more important question is: does the family really want the information? That's an ethical and moral question, and only they can answer that for themselves. So, if they ask you to hack the root account, it's OK for you to do so, but keep all you see private to the family and yourself, and don't force any information on family members who don't want to know. Let them decide.
Disclaimer: I'm not in the US, and assume you are - so the legal implementation may vary.
And one day will get into trouble, or will create it for somebody else.
A person I knew was having an affair with a woman without his wife knowing anything about it. After following the respective legal procedure somebody else was named the person responsible to execute the will, pay debts, etc. on behalf of this person when he died.
Very sensibly (IMHO) he decided not to tell the wife about the extramarital life of this individual, all of which was documented to excruciating detail in one of the email accounts of the deceased person.
Thanks to this, the wife kept an unblemished memory of her husband, was not consumed by the bitterness of betrayal and had a positive role model to present to her children.
Just "hacking" (I would say cracking) the accounts would have most likely exposed a lot of innocent people to unnecessary pain (since after all knowing all this would have served no practical purpose).
There are legal procedures in place for a reason. Only somebody monumentally careless can suggest to do things without weighing carefully the possible consequences.
IANAL but write like a drunk one.
... and don't get on the way of complex ramifications of legal, moral and emotional character.
IANAL but write like a drunk one.
I'm evil (not really). Please tell me how to do the same stuff you're telling the parent. I PROMISE, PROMISE I'll only do good things with it. Sincerely, Script Kiddie
I wish I could think of a modification of this that I could turn off (and save my data) if I ever got locked in a mental hospital for more than 7 days, but that didn't require me to tell anyone else about the server's existence. As I see it, I might have to be physically away, unexpectedly, and I'd want the option to risk exposure and save my data. That way, if I silently let it be deleted, I do so knowing that I'm saving my ass, rather than wishing I could stop it. Perhaps something like a modem/telephone based abort option, on the existing in-wall telephone wiring.
There's no way to gain anything from this scenario. Tell them to pay an unbiased, uninterested professional to do it. Imagine they give you the disk(s) and, however unlikely, it breaks while you're copying it. Imagine you find something really unflattering about the person. Imagine you find something that you think is relevant, but you're unsure of whether to tell them about it. There is nothing you could find on that disk that results in a positive outcome. Someone who does data recovery for a living will have the tools and experience to provide the best chances possible of finding what the family wants, _especially_ if they are going to use the findings for legal reasons/money.
OK, *don't* mean to sound *like* Willaim *SHATNER*... I *might* get *used* to your sugg*estion*..
*STILL*, *old friend*... *you've* managed to train just about everyone *else*, but you *KEEP* missing *the* *TARGET*....
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
i *don't* mean to sound like William 'billy' 'bill' 'willy' 'shat', *SHATNER*, and I *might* be able to follow your sug*gestion*...
*But*, old *friend*... *You've* managed to *train* just about everyone else, but you keep *MISSING* the tar*get*...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
I've thought about it before. I've debated the ethical issues with a far more disturbing post-death act: (http://rabidrabbits.baywords.com/2008/04/09/ok-i-get-organ-donors-but/). As a general rule though, providing comfort or, at least, truth to the living should always trump the "rights" of the dead.
Rabid Rabbits Sing of Portugal
Hehe, I was literally LOL at this. Good one!
You will probably need all of this done in a manner acceptable to a court of law or whoever would be paying the funeral fees or both.
Contact an attorney and have them do the paperwork correctly to get access to the websites. If a website fails to yield the data your attorney should be able to get a court order releasing it.
On the linux issue if encryption was not used it's trivial to mount the drive on another linux box and search for relevant data. You may actually have to send this to a business that has the right credentials to be accepted by the court or other party mentioned above. Again bring this up with the attorney.
This is all directed to the executor of his estate as they are the ones who 'become' him in the eyes of the law until all property is dispersed and contracts settled.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
I do not find it ethical and would not do it. If he wanted to tell he would have. On the contrary maybe it sheds some light on possible criminal activity or connection to someone who suggested taking one's life. Hmm... maybe do it ....
Because we like to ride fast motorcycles, drive fast cars, and jump out of planes, which all present a possibility of becoming slightly less than dead.
A LiveCD will not enter the password to the keychain for you... It won't type his PGP passphrase for you. It won't find his TrueCrypt disks for you.
I'm using a term to evoke a specific point. Granted it was intended to mat that point emotionally and not intellectually. However, calling me an extremist was an emotional attack not an intellectual one.
I am not against using the courts to solve problems. I am against using them as a first recourse, unless I am in a situation where that would be sensible. Now, your knowledge of experiences leads you to believe that asking yahoo directly would be a waste of time. However, after all that PR, they might have developed a new policy that would make a court order unnecessary. That being said, I would not fault you for going directly with a court order in this instance since you believe you would have to go that route eventually.
My rule of thumb, give people a chance to do the right thing before you force them to. Corporations are made up of people, and if you misinterperate the 14th amendment correctly, corporations are people.
--- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
yes, since his property is disposed of according to legal protocol (including a possible will), the new owner of his accounts should have access to them. that might be problematic and take a long time, given the reticence I would expect from a company like myspace or google.
otoh, just pop a live CD into the laptop drive and take a look around the hard drive. *then* we'll see how geeky he is: did he encrypt the filesystem?
if he's like me, he'll have a file or directory with all the passwords of his bazillion accounts so that he doesn't have to commit them to memory and/or change everything en masse.
It seems to me the accounts are the deceased's property, and could be subject to the family getting a power of attorney over them. I don't know the precedents, but it sounds like they would exist. Having the power of attorney over the deceased's property should compel any agency to "give up the goods".
I've been in a very similar situation and actually help the police recover information from a friends computer.
I believe that the ethics of this are fairly simple, the dead man is gone. His happiness and desires are no longer important.
The family is still around, their happiness and desires are important. If you can help provide information, by whatever means, that gives them some kind of closure or helps them in any way; do so.
I just went through this with a friend whose ex-husband did a "death by hibachi" routine. There were 2 young children involved, no death/burial financial issues to resolve. There was no question about it being a suicide, since it is difficult to rent a cargo van and light a BBQ grill inside it after you seal it up. There were questions about whether there were other accounts or information on his computer.
My agreement with her was that I would look through the system and find everything that I could. One condition: Unless it was absolutely necessary I would not share the info with her. I would not share any personal information such as journaling or email, and only if it was legally beneficial or financially necessary would I tell her. She agreed.
As it ended up, all I found were a lot of word docs ranting and raving in a manner consistent to a bi-polar that had stopped taking his meds and started taking a lot of other crap that was non-prescription. None of the info was going to be of any positive result. Of all the crap, a single picture of he and his son taken a few days prior to his death was all that was turned over.
After doing a shred and reformat, I loaded it with XP Pro, since it had Vista on it. After fighting with the non-XP friendly video (Compaq/NVidia), I gave the system back for the kids to use.
Unless you find anything that is of a certain positive result, nothing is worth recovering. If you don't have the relationship and agreement, don't get involved.
Anything unencrypted is pretty much fair game. Particularly email. Getting root access to a linux box when you have the hardware is fairly trivial, unless the deceased owner was so paranoid as to lock the BIOS, in which case moving the disk drive to another machine is fairly simple. Knoppix is a useful tool for this. Once access to the account is arranged, it maybe possible to gain access to Gmail etc accounts by means of stored passwords in the web browser. This may require some detective work to figure out exactly what browser is being used, but its not rocket science. One should also check accounts listed in .ssh/config as well.
As for ethics - I would hope that someone does this to my machine after I'm gone. In particular looking for unfinished works. However, I suspect that I won't be sufficiently important for anyone to bother! Anything I really, really don't want read, I encrypt with GPG, and don't leave the password for that lying around.
A couple of years ago, a friend of mine, and member of a group I ran, was killed in a car accident. The guy was a promising artist, and only 21 :-(
He was also the holder of our group's domain name and web site, which we needed to rescue. In the end, with help from his dad, the web hoster in question gave us a new password. There was some back and forth, while we provided them with as much info as we had about the domain and so forth. In the end we rescued a couple of his sites as well as ours, which his family was delighted about...
So, I think approaching the organisations in question, and being as open as possible, seems like your best bet.
Good luck.
I am both a geek and an ordained clergy person, and a Religious Studies professor, and I am also a mom and a sister, cousin, niece, etc. Wearing all those hats, I think that someone who can sensitively get into those accounts and figure out if it was or wasn't suicide could help the family in peace of mind, which is way beyond just helping pay for the funeral. But it needs to be someone who will not disclose the info in any hurtful way, someone who is very discreet and also insightful. Just as we love to have the physical hand written love letters and such of our ancestors, his relatives have the same need to have his electronic files, just as they would unquestionably have his files if they were in a file cabinet in an office. That's how I see it, anyway.
First, may I offer my sympathy regarding your friend and her brother. Suicide is a tragic, tragic thing. I know from personal experience that it leaves you with a lot of unanswered questions. I wish all the best to her family.
Regarding gaining access to their websites, etc, hHere is what I suggest:
1) Get access to their email account(s).
This should be fairly easy for "regular" email accounts - if they use Windows to collect mail, their passwords will probably be kept by their email software.
Universities are going to be easier to talk to and more prepared to co-operate than companies (like MySpace, MSN, etc). Try speaking to someone at the University face to face about gaining access to their email account there.
I'm not sure what I'd suggest about MSN/Hotmail email accounts though - they might be more problematic to gain access to.
2) Go to the sites you want access to, such as MySpace for example, and go through their "forgotten password" procedures to have the website's password emailled to the email accounts you have access to.
Once again, I wish you and their family all the best.
"Beware of he who would deny you access to information, for in his heart he dreams himself your master." -Pravin Lal
"He was very into Linux as well as PHP/MySQL coding"
.. lets rewrite the headline to 'PHP/MySQL drove my younger brother to suicide' ..
..
Oh, well
Hey, kdawson, this place used to be about technology
davecb5620@gmail.com
If it would help bring closure to your family, then please don't wait and start cracking right away. The downside is that you might find out about a person *none* of you knew. Tread carefully but diligently.
Logi - I can do anything, but not everything.
IANAL but have dealt with a recent suicide.
Suicide has to be proven by some means otherwise it will be ruled an accidental death. If there was no note, message or legal conversation indicating suicide it will likely be ruled an accidental death. That's not to say it won't be a fight to get life insurance to help defer funeral costs; we are six months into it and still dealing with them.
Majority seem to think it's OK to crack his accounts etc. - I am not sure about it. I do understand that grieving parents need to know... but it's questionable - do they have right to know everything? People seem to think that anything that belonged to deceased is now some kind of property left for next of kin. But emails and stuff like that are not property that can be inherited... I think. It's not just about deceased person - it's also about people he communicated with. It's also about their privacy. If they had secrets they wanted to share with deceased - well it should go to the grave with him. These emails were meant for him - and only for him. No one else has any right to read them. I mean... I don't know about laws but morally... it seems to be wrong to read someone else's emails - no matter that he is no longer with us. You can inherit assets but I don't think it's about personal and private communication.
I'm way late in replying, but the suicide could have been, at one point in my life, me. I know for a fact that I'd want someone to care enough to dig through my stuff to find out why and what happened.
There's a GRUB/LILO trick to get root access. I don't remember the full details but it involves editing the bootup line and changing the init script to =/bin/bash and remounting the hard drive.
If this guy was anything like me, you'll probably find some kind of message fairly quickly. The point of making the note hard to get at would be to prove that someone gave enough of a damn to get at the file.
Legally, the people with the guns dictate what rights the rest of us have (and they take a few extra rights for themselves). But this wasn't a question of what is legal, but a question of what is ethical and respectful. Don't confuse those.
..." is a lot like "Protect the children!" (or "The American People want...", I guess). There are a couple of people I'd trust to speak for me after my death, in that I'd expect them to get a few things wrong but I wouldn't mind too much. Of course, those people are the least likely to claim to be able to speak for me...
No, I don't have much of an opinion on the OP's question. I'm not a very private person, but others are, and I would respect the wishes of the dead if I knew them.
However, I have a huge problem with people speaking for the dead, or others who can't speak for themselves. "He would have wanted
"The biggest problem with communication is the illusion that it has taken place."
I have been faced with this situation myself. My best friend committed suicide just two weeks before he was to emigrate from the UK to Canada. He never gave off any sense that this was something he would do or even consider, and so when it happened and I flew to the UK for his funeral, his family and friends asked me to see what I could find. I managed to access most things, and was unable to find a motive for his actions, though did find ample evidence indicating it had been well-planned and thought out for weeks, if not months. It did bring some closure though, even if the exact reason is still not known. I still have a 2 GB PGP-encrypted archive though that was created that evening... I am still wanting to some day be able to find out what might be in there. While my response is a bit long-winded, I guess my point is that it really depends on the situation. Different factors will influence whether it is the right or wrong decision. You'll have to decide that on your own though. Gut feeling is something I found important to listen to in my situation.
If this relates to a legal matter, the only way you should even touch this person's computer is if you can be certified as an expert witness. Otherwise all you are doing is evidence tampering. As usual, talk to a lawyer.
As far as accessing this person's user accounts, you're in a similar situation to the RIAA, except at least you have the real person's name, not just John Doe. If you make any attempt to access their accounts without express permission of the service providing the account, you are at a minimum in violation of their terms of service. You could also be up for charges of identity theft. Once again, talk to a lawyer.
If you do decide to go ahead with this, make sure you have a neutral witness with you that is capable of confirming the chain of custody of anything you find. Once again, talk to a lawyer.
We are the 198 proof..
Maybe his parents got conned into buying something like the "Gerber Life Grow-up plan"...
We are the 198 proof..
if you have access to the physical hardware, and know which password encryption method was used, and can write to the shadow file, you can generate a new password, and overwrite into the shadow, his root password, all with a recovery/repair cd/ disk image.
I've forgotten a root password once (but it was on a bsd machine) so i just copied over my user account password in the shadow file, then set a new root password. it was easier for me because i knew a password on the system, the point is it's easy to generate a password with the correct crypto, if you have access to the shadow file, which most system recovery discs will easily give you access to.
https://www.gnu.org/philosophy/free-sw.html
If this is becomes a criminal matter, be sure to document every action you take, including deleting anything. not doing so will defiantly contaminate the evidence. I have worked in a computer forensics lab as an intern and if you honestly thing there is any chance of foul play, I would not touch any of it, at least until the investigators have said they won't do anything. Failing that hash, image, and rehash the hard drive. I suggest using SMART Linux of Helix, both of these have been certified to be used in forensic capacity by at least certain agencies. the most important thing is to not contaminate any of the evidence. Image the hard drive to an external device, then do all searching off of that device. Be sure to hash using MD5 or SHA, and be sure to do so before and after touching anything. DOCUMENT EVERYTHING YOU DO, PERIOD. Also take pictures of anything you do the the hardware. I can tell you right now, if it comes down to it, a defense lawyer will tear up any digital evidence presented that could possibly be contaminated. So document everything you do, and do the utmost to protect the integrity of the drive. Don't be an idiot and take any curtsies and delete any porn files, what will the deceased care, he is dead after all. this will just contaminate the evidence, investigators regularly come across this stuff, unless it depicts illegal acts, they don't care, but they will notice deletion of files which is suspicious and is contamination of the evidence. Sorry for anoymous post, first time posting here.
do you realize that you only need to mount the disk (read-only preferable) on another box to read the contents, no need for crack, you can crack all the accounts to search for possible passwords for other services, but the data is easily readable
I'm positive, don't belive me look at my karma