Laptop Thief Caught via AOL Login 524
Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
Good vs Bad (Score:3, Interesting)
That and make me glad I am in Canada..
Re:Mac address perhaps ? (Score:2, Interesting)
CPUID is your friend (Score:3, Interesting)
But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...
tin foil hat... (Score:2, Interesting)
I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.
ipv6 (Score:1, Interesting)
Re:PC call home (Score:3, Interesting)
It operates much like spyware, and hides itself in the same way. This could be what happened here, and after the x number of days the system starts logging which IP address and time the computer logged in at and flags the information for further investigation. Once you have an IP address and a timestamp, it's relatively trivial for most ISPs to find out which user was online at that time.
Ewan
Re:Wait a minute... (Score:5, Interesting)
If the thief was to find the computer locked down from the start then they'd be far more likely to wipe and restore making this a lot more difficult.
Unfortunately, now running Panther and making user account invisible makes the fast user switching a buggy nightmare. So in spite of the extra security features like FileVault I think it less likely I would ever see it again if it were stolen. I liked my security through obscurity.
Re:PC call home (Score:3, Interesting)
Computrace Plus or similar product? (Score:3, Interesting)
Basically, it's legitimate spyware. I've personally never used the product, although we are about to evaluate it.
Re:Moral of the story... (Score:2, Interesting)
Look at This Tutorial [yolinux.com] to see how to install the PengAOL [sourceforge.net] Linux Dialer.
I have set this up on both SuSE and Mandrake systems from source for a couple of friends who wanted to try Linux, but who didn't want to drop AOL... It can be a bit tricky to get working, but it does work (in the UK at least).
Re:Password protected? (Score:5, Interesting)
You must be kidding, but I'm not sure.
It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy.
Done it a couple of times (on Windows 2000), for users who didn't know the admin password.
Re:PC call home (Score:5, Interesting)
Because there is nobody to guard the guardians (Score:3, Interesting)
The two things are directly related, inasmuch as in a police state there would certainly be much less crime, since freedom cuts both ways. What you see as a conflict is just a reflection of this inter-relationship. We have to do both if we wish to safeguard both our present and our future.
Similar Experience (Score:5, Interesting)
The funny thing is that the notebook was my personal, and because I did travel a lot at the time, I had an AOL account for convenience. Out of a whim, I called AOL and asked them for a log of my sign-ins. Lo and behold, turns out whoever stole my notebook was using my AOL account to surf! I pleaded with the tech person to at least give me the IP address so I can track the thief down. He sympathized with my problem and passed me to one of the network engineers who was very keen on helping me. I got the IP address and the phone number that he used to dial-in. He said that the Telecom department could give me the number that was used to dial in to AOL but I would have to get law involved as certain FCC regulations prevented him from sharing that info.
So I collected all the info and sent the report to the security officer at the Airport, a copy to the LA sherrif's dept and another one to my insurance company (who I had hoped would be keen to solve the problem). After a few calls, I got nothing. Turns out that theft like that happens a lot at the LAX and the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.
The good thing is, my home insurance covered the theft, so I got a better model for basically the amount I paid for my notebook a year prior (minus deductible).
This was pre-2001 btw
Re:Wait a minute... (Score:5, Interesting)
So all you have to do is know the SMTP server for your e-mail address, and a bit of scripting with netcat does the rest. Just make a file with:
helo phone_home@domain.blah
mail from:phone_home@domain.blah
rcpt to:phone_home@domain.blah
data
Subject: subject
contents go here
.
quit
Then you can send it with 'nc smtp.isp.blah 25 file'.
I do this for my phone-home program. It doesn't send mail by default, but it checks a private page on my web site. If it finds the right command on that page, then it will send e-mail. I can also have it execute commands and open up an ssh tunnel so I can ssh in.
Of course, like a dumbass, I don't have an easy way for them to get online unless they have a wireless network. Do you have a suggestion for how to do that without having a password-free admin account? I don't want random people to be able to do nastiness on my machine.
Re:so how did they get his addy? (Score:2, Interesting)
In the federal building I used to work, we even needed to keep the proxy log (with date/time, login-id and visited sites)for 5 years... go imagine.
Several cans of worms.... (Score:3, Interesting)
We give ourselves, our populace and our government, a lot of credit. We walk down the street trusting people we wouldn't let drive our cars to make an intelligent decision on who should enjoy personal control over a powerful army and a large nuclear arsenal.
We live under a government made up of mostly of obscure appointed functionaries. During the last election, John Ashcroft was a man so despised by the people who best understood his personality and performance, that his first contribution to U.S. history was losing an election to someone the electorate knew to be deceased. Michael Powell first broke the surface as chairman of the FCC by vociferously supporting measures to further consolidate ownership of America's broadcast media.
We trust faceless strangers to *NOT* use terrorism as an excuse to pass nasty laws that sidestep the principles which define us as a people.
Now, it is perfectly possible to imagine that the person who stole the laptops was the kind of (darwinian) mastermind who *would* log on to someone else's AOL account, using their stolen computer from their home connection and leaving us to ask, 'Hey, why not just turn yourself in...?'
Be that as it may, as some pieces here and elsewhere have shown, at all levels, governments are happy to adapt law and technology to purposes that civil libertarians dislike with good reason. This time it was nothing, but one day, it could very well be something that makes us all wish we could go back to telephones and paper.
The point that started this thread might very well be moot, but unless you are completly satisfied with whom we have in office and whom they have appointed to positions of power most of us are scarcely aware of, you have to wonder what things will be like when things are different.
Do this with yahoo auctions (Score:4, Interesting)
I always request a phone number and email address if I pay by Paypal or PayDirect. If they don't give it to me and I can't validate it, I don't send the money.
I have sent money in the past; rather blindly. I have been able to catch two sellers by just pretending to be girls interested in them, through IM. I got their actual phone numbers and even got one ready to pick me up and meet me for a "date" LOL.
Of course it was a lot of hassle.
If you can catch a criminal at their own game - that's justice.
I wish eBay wouldn't have eliminated the contact information request without having a transaction with the othert party. Most sellers that cheat me on Yahoo, also have aliases identical on eBay.
A reason to configure dynamic DNS (Score:2, Interesting)
ES
- If I had all the money I spent on cars, I'd spend it all on cars.
Re:Wrong Guy (Score:2, Interesting)
no warrant needed (Score:5, Interesting)
99% clueless techie-wannabees (Score:4, Interesting)
Really.
To the rest: Offering complete goofball theory after complete goofball theory, briefly resting only to scream 'violation of privacy' then going back and suggesting another goofball theory impresses nobody. CPUID/NIC MAC/Windows/Office/[you-name-it] identifers or serial numbers are not immediately accesssible just because you have a PPP sesion going over your modem. If a phone-home feature was installed, then fine, but that's a completely different story.
Another hilarious example was the the default-route theory, which someone suggested as a 'dead giveaway' to the feds. Hello!? Even if the routing table was accessible, routes associated with a NIC wouldn't be *in* the table unless the NIC was active, and the setting would only be visible in the registry, not typically accessible to the world, nor routinely queried by an ISP. And never mind the statistical probability that a corporate NIC is configured for DHCP, thus it wouldn't have a default route to begin with.
I simply can't believe the amount of idiotic pseudo-techies posting and feeling BIG because they could incorrectly apply page 254 of the MSCE prep guide to formulate a crackpot theory.
Bleeeeeeeeeeeechhhh.
Re:PC call home (Score:2, Interesting)
At my company, users simply can't change dialup connections, and they can't install software requiring administrative privileges. They are "Restricted Users" in Windows. To select a dial-up connection, a selfmade software running "suid" (or the equivalent of this on W2K) changes a preconfigured and locked dial-up connection. To install more software than the default, they need to connect to a software distribution server in the corporate network. To install other software, they need to hand out their machine and the cdrom to the IT support. In very rare cases (having a high rank or having robbed on knees for a while), the IT support can enable a "24 hours administator" mode, giving the user local administrator rights for 24 hours.
(It might be possible to copy a special program onto the machines to bypass some of the restrictions, but our users don't know that much about computers. Most can't even tell the difference between a power cable and a (laptop) power supply unit, they name both "power cord".)
way off topic (Score:2, Interesting)
Re:no warrant needed (Score:4, Interesting)
Re:You know... (Score:5, Interesting)
And when they can't solve a computer crime case...
Because the issue is how they do it. News items appear slam the police for success and ridicule them for failure simply becuase news items are not a representitve sampling of reality! The police have a hundreds of successes every day, but who cares to write about them or read them? It only becomes a news item when the police have a success AND they did something wrong or controvercial in the process. The same goes for their failures - it only becomes newsworthy when someone really screwed up.
As for this particular story it is all about how the police caught the guy. It appears that Slashdot botched the story in this case. Another news site reports that the guy did NOT log into his own AOL account, he logged into an AOL account belonging to the owner of the machine. If that's the case then there really isn't any story here. If some moron steals my wallet and then shows up at bank trying to use my safety deposit key then there's no problem grabbing him and throwing him in prision.
I was going to continue with an example of police methods that would not have been acceptable, but lets skip arguing over specifics. Suffice it to say that there *are* a wide variety of unacceptable methods. If you don't agree with that then you are a far greater threat to this country than any terrorist with a bomb.
-
Re:Remember the furor over the Pentium Serial Id? (Score:1, Interesting)
Re:Similar Experience (Score:5, Interesting)
It's sad, really... but police officers have essentially been reduced to insurance claims officers when it comes to theft or vandalism. Unless someone is in clear and present danger, the police often can't or won't act because there is just too much crime.
I read a sociological report about persons who have committed felonies recently, and the results shocked me. The statistics in particular that got my attention:
Of all the grand theft (generally $500+) that occurs in the US, only 6% of it is even reported.
Of all the grand theft that is reported, only 1% of the thieves are ever caught.
Of course, you have to understand that sociology isn't the most exact science in the world, and that these stats most likely include career thieves who only get caught once. I guess you can tell any story you want if you've got the stats to back it up.
But still, according to these numbers, 99.94% of all thefts of $500 value or more are lost causes for the theft victims, because either the thieves are too good or the police forces are not good (or willing) enough to catch them.
Stolen mac call home (Score:2, Interesting)
Not a scary Big Brother scenario (Score:2, Interesting)
Probably, Wells Fargo reported to AOL that computers with those accounts on them had been stolen--perhaps simply to keep them from buying anything on company money or anything. When AOL noticed the login, they notified the FBI, who used normal techniques to get the account information.
This is not a scary Big Brother scenario; rather, it's a great model for how corporations and government can and should cooperate to fight crime. Does anyone here really think that AOL acted improperly by giving them the address of a computer and identity thief?
Re:PC call home (Score:3, Interesting)
Naw, phone numbers only set up the connection, they don't exist once the connection is established. Modems are only capable of a point-to-point connection so the MAC is meaningless.
I assume Microsoft assigns a bogus MAC just because it is easier (== less bug prone) than dealing with special cases in their protocol stacks.
I've always been a bit curious about how they generate the bogus MAC though. Can it be an identifier?
IMHO, if the thief didn't wipe the HDD on the notebook, then they were probably nailed by a cookie as soon as they fired up their browser.
The cookie would give an IP, an IP would give a rack of modems, a rack of modems would give the caller's phone #, and pow.
Or... the cookie would give an IP, the IP would give a provider, the provider and IP would give an account, the account would give a physical address and pow.
BTW, one ISP I was with would create a dynamically generated reverse-lookup DNS entry which contained my MAC address. Pretty clever since my MAC and IP, thus provider and account would be splottered all over ISP logs everywhere. It's not so much a privacy invasion, since the IP and the date/time would give the same info.
No news here (Score:3, Interesting)
The dial-up equipment at ISPs keep a log on hand of the numbers you've connected from. The investigators get a warrant for this information, you email it to them, case closed.
Speaking of stupid computer theives... (Score:3, Interesting)
The security guys where I work are fond of this story. We had someone steal a couple of college owned computers, and aparently resold one of them to a student halfway across the country. The computer had Norton Antivirus Corporate Edition configured to run as "managed" -ie it gets it's definitions of our servers instead of symantec's. Our network guys got suspicious when they noticed trafic on one of our NAV servers coming from several states away - turned out that the computer theif never changed the antivirus settings before selling it and it was trying to get virus definitions from us.
Re:Not that I steal laptops but.... (Score:3, Interesting)
The laptop checks via the internet to see if its id (serial# ?) is on the stolen list. If it is it self-destructs.
Some friends who used to work for a major silicon valley firm said this was done at their place of employment.
CALM DOWN!!!! (Score:3, Interesting)
The Freedom of Information Act (Score:3, Interesting)
What I am willing to bet that it really is though, without reading, is that the serial number of the computer led to the serial number of the nic, whether it be modem or ethernet, and then the mac address could probably be identified. Just my guess.
I'd be more interested in thoughts on the FoI Act thing though.
Re:no warrant needed (Score:1, Interesting)
yes, it is Fred's account. but it's not Fred's telephone number.
this may seem like a silly distinction to make, but there are some circumstances where it is essential - e.g. ex-wife or ex-husband still sharing an account (stupid, but it happens) and not wanting their ex-spouse to know where they live or what their phone number is. more likely is ex-husband ringing ISP and just asking for the list of phone numbers used by his ex-wife's account.....or just anyone ringing the ISP and claiming to be a customer and asking for the list of phone numbers.
There's no way for the ISP to know the circumstances or the truth in any such request, so they should as a matter of policy if not law refuse to provide any such details without a court order or search warrant. at the most, they should refer the caller to the relevant police/law-enforcement authority.
> No law prevents AOL from telling Fred what
> number his account has logged
> in from.
depends what country you're in.
In Australia, at least, it is the CALLER's privacy that needs to be protected, regardless of who they are claiming to be when they call - this applies whether the phone call is voice or data.
In Australia, the Telecommunications Act has stiff penalties (including gaol time) for breaching privacy - the only safe answer for an ISP to give a customer when they ask for a list of phone numbers used to dial in to their account is "please contact the police, that information can only be given in response to a court order or search warrant".
personally, i think that's a Good Thing.