Laptop Thief Caught via AOL Login 524
Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
Mac address perhaps ? (Score:3, Funny)
Re:Mac address perhaps ? (Score:2, Interesting)
Re:Mac address perhaps ? (Score:3, Informative)
For those of you who don't know, mac addresses are only valid on the same network segment, which means that the router would drop them, and so it can't be that (unless the login program sends that info). More likely it si something like the intel cpu id, etc.
Re:Mac address perhaps ? (Score:4, Funny)
MAC Address DO NOT CHANGE.conf
And then they put it as read only hoping no one learns how to use chmod.
Re:Mac address perhaps ? (Score:4, Informative)
Re:Mac address perhaps ? (Score:3, Informative)
That said, the 2.6.x Linux kernels have the ability to mangle and spoof MAC addys, in addition to NAT/MASQ and building firewalls based on MAC. This is in addition to all the iptables godness.
My firewall uses iptables *and* echoes the desired behavior into kernel-space by setting the desired values in /proc with a script at bootup. For ex:
## Disable accepting IP source routing
for f in /proc/sys/net/i
Cookies (Score:3, Troll)
Re:Mac address perhaps ? (Score:3, Informative)
Does the Pentium III processor broadcast its serial number when it is enabled and a user is connected to the Internet?
- No. The processor serial number is passive. Thus, it does not transmit or broadcast itself. If a person chooses to enable the feature, then, when visiting a website that can utilize processor serial numbers, the website needs to send software to the PC to read the processor serial number.
Re:Mac address perhaps ? (Score:3, Informative)
Only the Pentium(R) III Xeon(TM), Mobile Pentium(R) III and Pentium III processors support the processor serial number feature introduced by the Pentium(R) III processor. No other Intel(R) processor supports the processor serial number feature.
NO, he used owners AOL account. (Score:4, Informative)
Re:Mac address perhaps ? (Score:3, Insightful)
They cared because the computer involved had enough information to carry out identity theft on many, many folks, they were probably investigating this as a potential large-scale identity theft case, not just a computer theft.
They say the number of folks involved was "a small percentage ... of Wells Fargo's 22 million customers." One percent would be 220,000 people. I don't know if it was even one percent, but I do know someone (not myself) who got a letter f
PC call home (Score:2, Insightful)
Re:PC call home (Score:5, Informative)
Re:PC call home (Score:5, Interesting)
Re:PC call home (Score:3, Interesting)
Naw, phone numbers only set up the connection, they don't exist once the connection is established. Modems are only capable of a point-to-point connection so the MAC is meaningless.
I assume Microsoft assigns a bogus MAC just because it is easier (== less bug prone) than dealing with special cases in their protocol stacks.
I've always been a bit curious about how they generate the bogus MAC though. Can it be an identifier?
IMHO, if the thief didn't wipe the HDD on the notebook, then they were probably
"You've got jail" (Score:5, Insightful)
Re:"You've got jail" (Score:5, Informative)
Re:"You've got jail" (Score:3, Funny)
Re:PC call home (Score:3, Informative)
I know an office that uses this software... it's not bad, it stays quite hidden in the OS (Windows only of course). Login with your ID and you get a list of all your laptops and the last IP they were detected as being logged in from.
Re:PC call home (Score:5, Informative)
Re:PC call home (Score:5, Informative)
According to another source [timesheraldonline.com] "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address''.
It's the 4th item down on the page, under "Suspected thief arrested".
Re:PC call home (Score:3)
In short, the point of the story is, yet another stupid criminal gets caught.
Re:PC call home (Score:5, Insightful)
The Yahoo statement:
and the Herald statement:
I felt that the direct quote of Chief White was more credible, and less likely to be subject to an error of interpretation on the part of the reporter.
more reason to discount the Yahoo/Reuters version (Score:3, Insightful)
Apparently, someone thinks that the IP address is constant. That's probably why the reporter misparaphrased (is that a word?) Sgt. White.
Whoever wrote the story
Re:PC call home (Score:3, Interesting)
Re:PC call home (Score:5, Insightful)
I agree with you that a laptop with the sort of sensitive data that this one contained should never be connected directly to a public network - but such is the state of data security these days.
Re:PC call home (Score:2, Informative)
So one doesn't have to know MAC
Re:PC call home (Score:5, Informative)
Machines which dial in don't use ARP. ARP only applies to Ethernet
. Nontheless, I can easily see a machine with sensitive information wanting to report it's IP address to a central location whenever it connects. Cookies in the web browser might also help identify a stolen machine.
Using the default account and password stored on a machine seems stupid at first, until you consider that the guy had ID theft equipment... I don't use AOL, but I wouldn't be to surprised if you could fetch some ID-associated info by logging into the account of a stolen computer. In this case, the computer was of special interest, so the guy was picked up.
I wouldn't be surprised if more people could be caught by this same method, it's just that police aren't interested enough in following such tracks for 'normal' owners.
Re:PC call home (Score:4, Informative)
Modems don't have MAC addresses.
And, btw, tracing MAC addresses across the Internet is not "almost impossible" but "by definition impossible". Traffic on any internet (but especially The Internet) crosses routers (that's what the "inter" part refers to). Routers kill OSI Level 2 identifiers, like hardware addresses.
Re:PC call home (Score:5, Informative)
Re:PC call home (Score:3, Interesting)
It operates much like spyware, and hides itself in the same way. This could be what happened here, and after the x number of days the system starts logging which IP address and time the computer logged in at and flags the information for further investigati
Re:PC call home (Score:5, Informative)
Its called good administration. AOL is a large ISP if you didn't know. They have a lot of members and non-members trying to send Spam threw them, hack other computers threw them, and hack and Spam their own systems. So when someone puts out a complaint that so and so spam them threw AOL or was being tracked threw AOL and you show them proof then they can check the logs to see when they logged in and if they actually did that, at least coinciding with the login times and the times the incident occurred. I am pretty sure that they are also recording your telephone number that you used to call in as well. This is not a part of some Evil scheme or government plot. It is a way that a company the size of AOL uses to protect its butt. Because if they don't track this information and enforce it, (And yes some times they may need to call the police and some times the police asked them for some information) then they will be getting lawsuits left and right saying your servers attacked my computer, and AOL is not even showing good faith to remedy the situation. System Administration is sometimes public administration as well, especially when the public uses your systems.
sed -e s/threw/through/g your_post (Score:3, Funny)
Re:sed -e s/threw/through/g your_post (Score:3, Informative)
If he never took the time to do highschool, is he even going to bother looking up why you advised him to change the word?
Grandparent:
Threw is the past tense (means you already did it) of throw, as in PReD threw a brick at the parent.
Through means to pass between the inner restrictions of something, as in go through a tunnel.
No, that's OK, don't mod me up +5 informative, I don't need the Karma, but all donations are
Re:PC call home (Score:3, Insightful)
Didn't you just contradict yourself? You're claiming it's not part of a government plot, and next minute you're saying the government forced them to carry out their actions?
Laws are enacted by the government to force the citizenry to conform... so when you have to do something to obey the law, you have been forced to carry out that acti
Re:PC call home (Score:5, Informative)
no warrant needed (Score:5, Interesting)
Re:no warrant needed (Score:3, Informative)
I used to work as 3rd-level tech support at an American ISP, and I'd guess at AOL it is probably policy to divulge ANI phone numbers upon request when an account is reported compromised, as long as the caller can recite their credit card number or some other form of verbal ID. I bet AOL helps owners and cops find at least dozens of stolen laptops each year this way.
Re:no warrant needed (Score:4, Interesting)
Re:PC call home (Score:3, Informative)
Let's do a lookup.. hey.. it seems to be an AOL modem-pool". Company goes to police, policy goes to judge, police show credible evidence that a crime was committed, judge gives warrant, AOL gives info (login account or the phonenumber that was dialed in from) on who was logged in at that time on that modem in that modempool. Police goes to address, takes laptop, returns it to Fred, jails crook. Fred: "1337!".
Thanks to the DMCA, they can probably skip 3 or 4 of those steps and just demand the info directl
Re:PC call home (Score:5, Informative)
Re:PC call home (Score:3, Informative)
now if i wasnt so goddamn lazy i might actually install one of those..
Re:PC call home (Score:5, Funny)
Subject: ME TOO
From: Krastof (Krastof@AOL.com)
Reply-To: Krastof@AOL.com
Newsgroups: comp.laptops.stolen
Date: Wed, 26 Nov 2003 09:18:22 -0500
Good vs Bad (Score:3, Interesting)
That and make me glad I am in Canada..
Re:Good vs Bad (Score:5, Informative)
Re:Good vs Bad (Score:4, Insightful)
The only problem with that is that this guy was trying to pull off sensitive information from the box. But yes, if he had more than a couple of functioning grey cells he certainly wouldn't have hooked it up to any kind of public network until he had pulled off any useful information, done a thorough drive wipe (not just a format) and installed a new OS.
Of course, the FBI probably likes the less technically inclined computer lifter....
Re:Good vs Bad (Score:3, Insightful)
Not every crook can be The Napster, Left-Ear or Handsome Rob. Hell, most of 'em aren't, that's why they're crooks. :)
-sam
Re:Good vs Bad (Score:5, Informative)
Here's an excerpt from another article on this matter:
This is TOTALLY un-scary. The Wells-Fargo guy apparently has his password cached on the machine. This guy just clicks "login" and logs in AS THE GUY WHOS COMPUTER WAS STOLEN. At this point it's a trivial bit of work to go catch the guy.
hardware id (Score:2, Insightful)
hardware ethernet addresses (Score:3, Insightful)
Simon.
last thing the thief heard... (Score:4, Funny)
This joke is a repeat post... (Score:3)
Moral of the story... (Score:5, Funny)
2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
CPUID is your friend (Score:3, Interesting)
But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...
Get over it (Score:3, Insightful)
This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.
No-one loses here. What's the story?
...or maybe... (Score:4, Insightful)
Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?
Anyone care to give that answer that?
Not spyware. The story is much simpler than that (Score:5, Informative)
There is no need for any "Phone Home" software or anything sending the CPUID to AOL. The story is much simpler than that and rather low-tech:
Nothing exceptional here. The FBI does not need any strange hooks into AOL. They only need stupid thieves. Case closed.
Moral of the story... (Score:3, Insightful)
Re:Not spyware. The story is much simpler than tha (Score:5, Informative)
Seems Reuters screwed up on the facts.
You know... (Score:5, Insightful)
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted
Re:You know... (Score:5, Insightful)
Authorities now have a sizable fraction of the technology possessed by big brother in the book 1984. Whether or not to fear that power is a matter of trust.
_______
Because there is nobody to guard the guardians (Score:3, Interesting)
The two things are directly related, inasmuch as in a police state there would
Re:You know... (Score:5, Interesting)
And when they can't solve a computer crime case...
Because the issue is how they do it. News items appear slam the police for success and ridicule them for failure simply becuase news items are not a representitve sampling of reality! The police have a hundreds of successes every day, but who cares to write about them or read them? It only becomes a news item when the police have a success AND they did something wrong or controvercial in the process. The same goes for their failures - it only becomes newsworthy when someone really screwed up.
As for this particular story it is all about how the police caught the guy. It appears that Slashdot botched the story in this case. Another news site reports that the guy did NOT log into his own AOL account, he logged into an AOL account belonging to the owner of the machine. If that's the case then there really isn't any story here. If some moron steals my wallet and then shows up at bank trying to use my safety deposit key then there's no problem grabbing him and throwing him in prision.
I was going to continue with an example of police methods that would not have been acceptable, but lets skip arguing over specifics. Suffice it to say that there *are* a wide variety of unacceptable methods. If you don't agree with that then you are a far greater threat to this country than any terrorist with a bomb.
-
tin foil hat... (Score:2, Interesting)
I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.
Re:tin foil hat... (Score:3, Insightful)
While this is possible, I find it unlikely.
Why? Because the feds would not put down investigative resources on a simple theft, especially from a private person.
I find it more likely that the original owner pleaded with AOL into checking whether the account
AOL Id is in the install (Score:3, Insightful)
My guess is that when the theif loged in they use the guest feature.
AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine
MAC Address? Proc Serial? Magic Lantern? (Score:3, Redundant)
So if this guy installed his own software or OS on a stolen box and then got caught, that leaves precious few other options.
Processor Unique ID?
WindowsXP Phone Home?
Keystorke Logger?
In any case, it certainly appears that some "known" piece of identifying data was present and easily flagged.
I for one would like to know more about the exact method used, because if there is indeed some kind of government back-door that has the potential to circumvent encryption or anonymity, we ought to find out.
Maybe the FBI's "Magic Lantern" is a 2-piece system with 1/2 on the network, and the other half in the OS or the Silicon?
Maybe all the bank employees are being spied upon without their knowledge?
Maybe Patriot Act rears its head in the authorization of certain methods and practices?
How about this? (Score:5, Informative)
No magic.
Wait a minute... (Score:4, Insightful)
I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...
I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...
Re:Wait a minute... (Score:5, Interesting)
If the thief was to find the computer locked down from the start then they'd be far more likely to wipe and restore making this a lot more difficult.
Unfortunately, now running Panther and making user account invisible makes the fast user switching a buggy nightmare. So in spite of the extra security features like FileVault I think it less likely I would ever see it again if it were stolen. I liked my security through obscurity.
Re:Wait a minute... (Score:5, Interesting)
So all you have to do is know the SMTP server for your e-mail address, and a bit of scripting with netcat does the rest. Just make a file with:
helo phone_home@domain.blah
mail from:phone_home@domain.blah
rcpt to:phone_home@domain.blah
data
Subject: subject
contents go here
.
quit
Then you can send it with 'nc smtp.isp.blah 25 file'.
I do this for my phone-home program. It doesn't send mail by default, but it checks a private page on my web site. If it finds the right command on that page, then it will send e-mail. I can also have it execute commands and open up an ssh tunnel so I can ssh in.
Of course, like a dumbass, I don't have an easy way for them to get online unless they have a wireless network. Do you have a suggestion for how to do that without having a password-free admin account? I don't want random people to be able to do nastiness on my machine.
Re:Password protected? (Score:5, Interesting)
You must be kidding, but I'm not sure.
It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy.
Done it a couple of times (on Windows 2000), for users who didn't know the admin password.
Resetting/deleting WinXP admin pass takes seconds (Score:5, Informative)
Phillip.
Re:Password protected? (Score:4, Informative)
If you lose the CMOS/Bios password you usually have to RMA the laptop back for a new bios (unless you can find it and solder or replace it yourself). Thus requiring receipt or tracking of serial numbers of which any big company can cross reference against service contracts.
Re:Wait a minute... (Score:4, Informative)
Unfortunately Windows2000 and WindowsXP have an option that most people un-select which says "users must enter a name and password to access this system". It pretty much defies the use of HAVING a name and password when the computer automatically boots through it. The worst part is this is the default configuration. So most users never really even SEE that Windows has a password.
And AOL lets you SAVE the password on your computer, which is equally foolish.
There is no story here (Score:5, Insightful)
Re:There is no story here (Score:5, Informative)
A more detailed version of the article (Score:3, Informative)
I bet they tracked him down by IM (Score:5, Funny)
i bet it wasn't that complicated.
fbiAgentd00d99: Yo man, what's up?
LaptopThief2310: Not much, i just ripped off some computers! HA HA WOOT!
fbiAgentd00d99: SWEET!
LaptopThief2310: Yeah I rockxxorz. Now I'm takin' a pic of me, an all the computers i stoled w/ a sony cybershot i "found".
fbiAgentd00d99: You pwn3! Send me that pic! I'm gonna put it on my website!
There we have it folks, probable cause, as well as an IP address.
Computrace Plus or similar product? (Score:3, Interesting)
Basically, it's legitimate spyware. I've personally never used the product, although we are about to evaluate it.
Take off your tinfoil hat (Score:4, Funny)
Similar Experience (Score:5, Interesting)
The funny thing is that the notebook was my personal, and because I did travel a lot at the time, I had an AOL account for convenience. Out of a whim, I called AOL and asked them for a log of my sign-ins. Lo and behold, turns out whoever stole my notebook was using my AOL account to surf! I pleaded with the tech person to at least give me the IP address so I can track the thief down. He sympathized with my problem and passed me to one of the network engineers who was very keen on helping me. I got the IP address and the phone number that he used to dial-in. He said that the Telecom department could give me the number that was used to dial in to AOL but I would have to get law involved as certain FCC regulations prevented him from sharing that info.
So I collected all the info and sent the report to the security officer at the Airport, a copy to the LA sherrif's dept and another one to my insurance company (who I had hoped would be keen to solve the problem). After a few calls, I got nothing. Turns out that theft like that happens a lot at the LAX and the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.
The good thing is, my home insurance covered the theft, so I got a better model for basically the amount I paid for my notebook a year prior (minus deductible).
This was pre-2001 btw
Re:Similar Experience (Score:5, Insightful)
The absolute gall that you demonstrated by being a lowly private citizen cannot be tollerated and our law enforcement agencies cannot and will not encourage such anti-social behavior.
Re:Similar Experience (Score:5, Insightful)
In fairness, this laptop represented a pretty serious amount of crime potential.
The laptop was stolen from a Wells Fargo contractor, and if contained a whole mess of Really Important customer data (social security numbers and what have you) that would have enabled any halfway competent identity thief to get all they needed to start opening credit lines.
The real issue here (which nobody's talking about) is how can Wells Fargo get away with this? Seriously, they left a mess of Real Important confidential customer data unencrypted on a highly mobile computer. Talk about negligence! This'd the the same as if they had customers dropping their night deposits into a large suitcase they left outside the front door of the bank (except in that situation all you stand to lose is one deposit).
Is it so much to ask that institutions who have our Really Import Data take some basic steps to protect it? This whole thing could have been rendered moot with something as simple and easy as an encrypted filesystem.
But nobody, nobody is talking about it. So they'll continue putting customer data on laptops, HMOs will keel putting patient records on tablet PCs or shipping it overseas for testing or whatever... I wonder what it'll take to change it...
Re:Similar Experience (Score:3, Informative)
Like that in the UK. The Police are too busy catching people doing 80mph on the motorway to bother with the boring stuff like murder and gangland shootings
Re:Similar Experience (Score:5, Interesting)
It's sad, really... but police officers have essentially been reduced to insurance claims officers when it comes to theft or vandalism. Unless someone is in clear and present danger, the police often can't or won't act because there is just too much crime.
I read a sociological report about persons who have committed felonies recently, and the results shocked me. The statistics in particular that got my attention:
Of all the grand theft (generally $500+) that occurs in the US, only 6% of it is even reported.
Of all the grand theft that is reported, only 1% of the thieves are ever caught.
Of course, you have to understand that sociology isn't the most exact science in the world, and that these stats most likely include career thieves who only get caught once. I guess you can tell any story you want if you've got the stats to back it up.
But still, according to these numbers, 99.94% of all thefts of $500 value or more are lost causes for the theft victims, because either the thieves are too good or the police forces are not good (or willing) enough to catch them.
AOL Likely Got a Subpoena; No Need For Paranoia (Score:4, Insightful)
Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.
The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?
Several cans of worms.... (Score:3, Interesting)
We give ourselves, our populace and our government, a lot of credit. We walk down the street trusting people we wouldn't let drive our cars to make an intelligent decision on who should enjoy personal control over a powerful army and a large nuclear arsenal.
We live under a government made up of mostly of obscure appointed functionaries. During the last election, John Ashcroft was a man so despised by the people who best understood his personality and performance, that his first contribution to U.S. history was losing an election to someone the electorate knew to be deceased. Michael Powell first broke the surface as chairman of the FCC by vociferously supporting measures to further consolidate ownership of America's broadcast media.
We trust faceless strangers to *NOT* use terrorism as an excuse to pass nasty laws that sidestep the principles which define us as a people.
Now, it is perfectly possible to imagine that the person who stole the laptops was the kind of (darwinian) mastermind who *would* log on to someone else's AOL account, using their stolen computer from their home connection and leaving us to ask, 'Hey, why not just turn yourself in...?'
Be that as it may, as some pieces here and elsewhere have shown, at all levels, governments are happy to adapt law and technology to purposes that civil libertarians dislike with good reason. This time it was nothing, but one day, it could very well be something that makes us all wish we could go back to telephones and paper.
The point that started this thread might very well be moot, but unless you are completly satisfied with whom we have in office and whom they have appointed to positions of power most of us are scarcely aware of, you have to wonder what things will be like when things are different.
Do this with yahoo auctions (Score:4, Interesting)
I always request a phone number and email address if I pay by Paypal or PayDirect. If they don't give it to me and I can't validate it, I don't send the money.
I have sent money in the past; rather blindly. I have been able to catch two sellers by just pretending to be girls interested in them, through IM. I got their actual phone numbers and even got one ready to pick me up and meet me for a "date" LOL.
Of course it was a lot of hassle.
If you can catch a criminal at their own game - that's justice.
I wish eBay wouldn't have eliminated the contact information request without having a transaction with the othert party. Most sellers that cheat me on Yahoo, also have aliases identical on eBay.
99% clueless techie-wannabees (Score:4, Interesting)
Really.
To the rest: Offering complete goofball theory after complete goofball theory, briefly resting only to scream 'violation of privacy' then going back and suggesting another goofball theory impresses nobody. CPUID/NIC MAC/Windows/Office/[you-name-it] identifers or serial numbers are not immediately accesssible just because you have a PPP sesion going over your modem. If a phone-home feature was installed, then fine, but that's a completely different story.
Another hilarious example was the the default-route theory, which someone suggested as a 'dead giveaway' to the feds. Hello!? Even if the routing table was accessible, routes associated with a NIC wouldn't be *in* the table unless the NIC was active, and the setting would only be visible in the registry, not typically accessible to the world, nor routinely queried by an ISP. And never mind the statistical probability that a corporate NIC is configured for DHCP, thus it wouldn't have a default route to begin with.
I simply can't believe the amount of idiotic pseudo-techies posting and feeling BIG because they could incorrectly apply page 254 of the MSCE prep guide to formulate a crackpot theory.
Bleeeeeeeeeeeechhhh.
No news here (Score:3, Interesting)
The dial-up equipment at ISPs keep a log on hand of the numbers you've connected from. The investigators get a warrant for this information, you email it to them, case closed.
Speaking of stupid computer theives... (Score:3, Interesting)
The security guys where I work are fond of this story. We had someone steal a couple of college owned computers, and aparently resold one of them to a student halfway across the country. The computer had Norton Antivirus Corporate Edition configured to run as "managed" -ie it gets it's definitions of our servers instead of symantec's. Our network guys got suspicious when they noticed trafic on one of our NAV servers coming from several states away - turned out that the computer theif never changed the antivirus settings before selling it and it was trying to get virus definitions from us.
CALM DOWN!!!! (Score:3, Interesting)
The Freedom of Information Act (Score:3, Interesting)
What I am willing to bet that it really is though, without reading, is that the serial number of the computer led to the serial number of the nic, whether it be modem or ethernet, and then the mac address could probably be identified. Just my guess.
I'd be more interested in thoughts on the FoI Act thing though.
The lesson here (Score:3, Insightful)
LK
Re:You'd think that a thief (Score:2)
* people who don't do their homework. See many geeks in jail? Is it because they phear the law, because they are not so hardcore, because they are not so stupid, or because they are not teh ghey? Your pick...
Re:MAC addresses? (Score:5, Informative)
If he's using dialup the MAC address doesn't even come into it.
Re:MAC addresses? (Score:5, Informative)
I work at a phone company in a country without secret services and sophisticated hooks into any ISP and we would be able to pull that out in a matter of minutes.
Re:so how did they get his addy? (Score:5, Informative)
- Use WHOIS to find out which ISP owns the IP address
- Get the ISP to look at their logs to determine which dial-up session was assigned that IP at the time.
- Look at the logs for the access platform to identify the caller's line ID. This is usually the same as the telephone number, but not necessarily, and is *always* known to the remote system, even if you withhold you phone number because it's used in call setup.
- Take that number to the Telco that owns it and look at *their* logs to give you the physical location of the phone that made the connection (or owner of the mobile).
- Arrest the perp.
While that glosses over the paperwork, and assumes that the ISP maintain sufficiently details logs of calls and authentication, which many small ones don't, that's pretty much it.Re:Not that I steal laptops but.... (Score:3, Interesting)
The laptop checks via the internet to see if its id (serial# ?) is on the stolen list. If it is it self-destructs.
Some friends who used to work for a major silicon valley firm said this was done at their place of employment.