Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Courts Government News

Laptop Thief Caught via AOL Login 524

Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."
This discussion has been archived. No new comments can be posted.

Laptop Thief Caught via AOL Login

Comments Filter:
  • by Anonymous Coward on Friday November 28, 2003 @07:11AM (#7581351)
    Mac address perhaps ?
    • by kjba ( 679108 )
      Couldn't it just be the case that the internet browser's homepage was still set to an address on Wells Fargo's intranet? The wrong http request would be easy to find.
    • Mac address perhaps ?

      For those of you who don't know, mac addresses are only valid on the same network segment, which means that the router would drop them, and so it can't be that (unless the login program sends that info). More likely it si something like the intel cpu id, etc.
    • by Epistax ( 544591 ) <epistax AT gmail DOT com> on Friday November 28, 2003 @10:38AM (#7582201) Journal
      On a windows box you can change the MAC address by creating a network bridge and adding your network connection to it. On a linux box you probably just have to edit a file called something like
      MAC Address DO NOT CHANGE.conf
      And then they put it as read only hoping no one learns how to use chmod.
      • by frehe ( 6916 ) on Friday November 28, 2003 @11:06AM (#7582325)
        Read ifconfig(8) to see how you can do it under Linux. Google for "sea.c" to see how you can do it under OpenBSD.
      • I'm reading this thread for the Windows/AOL info, since I use Linux and need more clues about Windows.

        That said, the 2.6.x Linux kernels have the ability to mangle and spoof MAC addys, in addition to NAT/MASQ and building firewalls based on MAC. This is in addition to all the iptables godness.

        My firewall uses iptables *and* echoes the desired behavior into kernel-space by setting the desired values in /proc with a script at bootup. For ex:

        ## Disable accepting IP source routing

        for f in /proc/sys/net/i

    • Cookies (Score:3, Troll)

      by Radical Rad ( 138892 )
      I'd bet AOL and its "partners" use cookies to track users and target ads. If the former owners give the FBI their account info such as an AOL account name then they should be able to pick up the cookie trail and follow the ip address to the phone line.
  • PC call home (Score:2, Insightful)

    by leerpm ( 570963 )
    More than likely, the computers had some sort of software built into them to 'phone in' and notify a central location of its IP address. Then they just traced the IP address to his AOL account. Not very fancy detective work, just standard stuff.
    • Re:PC call home (Score:5, Informative)

      by mental_telepathy ( 564156 ) on Friday November 28, 2003 @07:27AM (#7581411)
      Actually, I would say that is less than likely. I haven't heard of any company that installs software like that by default, even on laptops. And it would be much easier for AOL to check for a MAC address Wells Fargo provided.
      • Re:PC call home (Score:5, Interesting)

        by Zocalo ( 252965 ) on Friday November 28, 2003 @07:58AM (#7581535) Homepage
        I kind of get the impression, that with this being a laptop and all, it would have been using a modem to connect. Last I heard a modem does not actually have a static MAC address in firmware like a network card. Since this is Slashdot, we might as well blame Microsoft for this confusion since they gernerate a MAC with the vendor ID of 44:45:53 to "internal adapters" such as modems.
      • "You've got jail" (Score:5, Insightful)

        by trance9 ( 10504 ) on Friday November 28, 2003 @08:56AM (#7581716) Homepage Journal
        I bet the machine had some email software on it (Outlook?) that checked for new mail once an internet connection was available. The mail server logs would show the IP address.
        • Re:"You've got jail" (Score:5, Informative)

          by Anonymous Coward on Friday November 28, 2003 @11:53AM (#7582589)
          I work for WF but do not mean to represent my employer here. Your answer pretty close to right on. Our network logs ALL accesses, but of course denies access to our intranet from the internet at large. Ergo, any request in the access log (like when OutLook tries to connect to our mailserver, for example)that originate outside the intranet are automatically red-flagged. Requests to certain ports within our network are a more serious red-flag as it indicates someone is starting internal application from outside the intranet. IPs are logged, tracert to AOL, have FBI get AOL's access log to match temporary IP/date/time to originating login... not exactly rocket science, folks... There are other applications that as a matter of operation 'call home', so really the moral of the story is that it is a dumb idea to steal computers from work unless you really know how the computer is configured.
      • Re:PC call home (Score:3, Informative)

        by PunchMonkey ( 261983 )
        Computrace [computrace.com]

        I know an office that uses this software... it's not bad, it stays quite hidden in the OS (Windows only of course). Login with your ID and you get a list of all your laptops and the last IP they were detected as being logged in from.
      • Re:PC call home (Score:5, Informative)

        by mess31173 ( 462954 ) on Friday November 28, 2003 @10:23AM (#7582141) Homepage
        I work at Wells Fargo and there is a pile of 8 laptops on my desk and the images I apply to them don't have any "call home" software. FYI.

    • Re:PC call home (Score:5, Informative)

      by miu ( 626917 ) on Friday November 28, 2003 @07:28AM (#7581415) Homepage Journal
      Nope, the slashdot blurb about him using his own aol account is wrong.

      According to another source [timesheraldonline.com] "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address''.

      It's the 4th item down on the page, under "Suspected thief arrested".

      • No offense, but the /. blurb is not nesecerily wrong. Two quotes about what happend, use your better judgement and pick one.


        In short, the point of the story is, yet another stupid criminal gets caught.

        • Re:PC call home (Score:5, Insightful)

          by miu ( 626917 ) on Friday November 28, 2003 @08:00AM (#7581540) Homepage Journal
          I should state exactly why I felt the Herald version is more credible.

          The Yahoo statement:

          Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said.

          and the Herald statement:

          "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address,'' White said.

          I felt that the direct quote of Chief White was more credible, and less likely to be subject to an error of interpretation on the part of the reporter.

          • Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said.

            Apparently, someone thinks that the IP address is constant. That's probably why the reporter misparaphrased (is that a word?) Sgt. White.

            Whoever wrote the story

      • Re:PC call home (Score:3, Interesting)

        by haunebu ( 16326 ) *
        Why is a Wells Fargo laptop accessing AOL's network? Most corporations (and especially financial institutions I'd venture) require users to access corporate Intranets through a VPN and in turn access the Internet through their proxies. There's no way in hell that laptop should be connecting to the public Internet using an AOL account.
        • Re:PC call home (Score:5, Insightful)

          by miu ( 626917 ) on Friday November 28, 2003 @07:56AM (#7581527) Homepage Journal
          One continuing problem that IT has is locking down computers. It is very common for employees to install their own software and dial connections on laptops.

          I agree with you that a laptop with the sort of sensitive data that this one contained should never be connected directly to a public network - but such is the state of data security these days.

  • Good vs Bad (Score:3, Interesting)

    by Anonymous Coward on Friday November 28, 2003 @07:12AM (#7581354)
    There may be some good in the fact that they are able to trace someone like this...but the ramifications make me shudder.

    That and make me glad I am in Canada..

    • Re:Good vs Bad (Score:5, Informative)

      by leerpm ( 570963 ) on Friday November 28, 2003 @07:16AM (#7581379)
      It not's very difficult. Once you have the IP address, you just do a query at ARIN. That will tell you which ISP the address belongs to, so you phone the ISP and ask them for the information about which subscriber had that IP address at the time you are concerned about. Almost All ISPs maintain this sort of information for auditing/logging purposes.
  • hardware id (Score:2, Insightful)

    by neodymium ( 411811 )
    I guess the AOL software might "accidentially" transmit the ethernet hardware (MAC) id of the machine...
  • by Space cowboy ( 13680 ) on Friday November 28, 2003 @07:13AM (#7581363) Journal
    I guess if AOL take a note of the hardware ethernet address (not surprising, because DSL lines aren't supposed to be shared, right :-) then just doing a query for the address on AOL's db would be enough to get a (very) shortlist...

    Simon.
  • by dark_day ( 581199 ) on Friday November 28, 2003 @07:14AM (#7581368)
    "You've got jail!"
  • by jkrise ( 535370 ) on Friday November 28, 2003 @07:15AM (#7581371) Journal
    1. When you steal computers, don't steal laptops.
    2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
    3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
    4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!
  • CPUID is your friend (Score:3, Interesting)

    by isa-kuruption ( 317695 ) <kuruption AT kuruption DOT net> on Friday November 28, 2003 @07:15AM (#7581372) Homepage
    Once in a while, yes, it is your friend.

    But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...
  • Get over it (Score:3, Insightful)

    by marko123 ( 131635 ) on Friday November 28, 2003 @07:15AM (#7581374) Homepage
    The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.

    This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.

    No-one loses here. What's the story?
  • ...or maybe... (Score:4, Insightful)

    by cnelzie ( 451984 ) on Friday November 28, 2003 @07:15AM (#7581375) Homepage
    Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...

    Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?

    Anyone care to give that answer that?
  • You know... (Score:5, Insightful)

    by mental_telepathy ( 564156 ) on Friday November 28, 2003 @07:17AM (#7581381)
    I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
    Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
    And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted
    • Re:You know... (Score:5, Insightful)

      by jkleid ( 127829 ) on Friday November 28, 2003 @07:46AM (#7581483) Homepage
      "I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested."

      Authorities now have a sizable fraction of the technology possessed by big brother in the book 1984. Whether or not to fear that power is a matter of trust.
      _______
    • by Anonymous Coward
      It's simple. Everybody wants thieves to be locked up, but nobody wants to live in a police state. This means that we applaud whenever the authorities apprehend a baddie, but we boo whenever they give themselves even more powers and so bring the darker possibilities one step closer. There is nobody to guard the guardians, so we defend ourselves as best we can, by trying to postpone the day when their control might become total.

      The two things are directly related, inasmuch as in a police state there would
    • Re:You know... (Score:5, Interesting)

      by Alsee ( 515537 ) on Friday November 28, 2003 @10:52AM (#7582266) Homepage
      why is it that when the police do something smart with computers...
      And when they can't solve a computer crime case...


      Because the issue is how they do it. News items appear slam the police for success and ridicule them for failure simply becuase news items are not a representitve sampling of reality! The police have a hundreds of successes every day, but who cares to write about them or read them? It only becomes a news item when the police have a success AND they did something wrong or controvercial in the process. The same goes for their failures - it only becomes newsworthy when someone really screwed up.

      As for this particular story it is all about how the police caught the guy. It appears that Slashdot botched the story in this case. Another news site reports that the guy did NOT log into his own AOL account, he logged into an AOL account belonging to the owner of the machine. If that's the case then there really isn't any story here. If some moron steals my wallet and then shows up at bank trying to use my safety deposit key then there's no problem grabbing him and throwing him in prision.

      I was going to continue with an example of police methods that would not have been acceptable, but lets skip arguing over specifics. Suffice it to say that there *are* a wide variety of unacceptable methods. If you don't agree with that then you are a far greater threat to this country than any terrorist with a bomb.

      -
  • tin foil hat... (Score:2, Interesting)

    by mirko ( 198274 )
    If the guy tell the fbi his laptop got stolen, he may laos have given them some info about a recent internet connection which would have allowed them to find his mac address which was then looked for in some isps' logs until they found out who did it.
    I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
    we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.
    • Re:tin foil hat... (Score:3, Insightful)

      by arth1 ( 260657 )

      If the guy tell the fbi his laptop got stolen, he may laos have given them some info about a recent internet connection which would have allowed them to find his mac address which was then looked for in some isps' logs until they found out who did it.

      While this is possible, I find it unlikely.
      Why? Because the feds would not put down investigative resources on a simple theft, especially from a private person.
      I find it more likely that the original owner pleaded with AOL into checking whether the account

  • by acomj ( 20611 ) on Friday November 28, 2003 @07:20AM (#7581395) Homepage
    When you install AOL it knows your "Master account" name. From there you can pick one of the other account names or use the "Guest" login feature.

    My guess is that when the theif loged in they use the guest feature.

    AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine
  • by tintruder ( 578375 ) on Friday November 28, 2003 @07:20AM (#7581396)
    Nobody ever talks about the MAC Address being a unique serial number for a PC. But if a company uses a management tool like OpenView, Tivoli, Spectrum etc., the MAC is certainly one of the parameters collected and recorded as part of the inventory.

    So if this guy installed his own software or OS on a stolen box and then got caught, that leaves precious few other options.

    Processor Unique ID?

    WindowsXP Phone Home?

    Keystorke Logger?

    In any case, it certainly appears that some "known" piece of identifying data was present and easily flagged.

    I for one would like to know more about the exact method used, because if there is indeed some kind of government back-door that has the potential to circumvent encryption or anonymity, we ought to find out.

    Maybe the FBI's "Magic Lantern" is a 2-piece system with 1/2 on the network, and the other half in the OS or the Silicon?

    Maybe all the bank employees are being spied upon without their knowledge?

    Maybe Patriot Act rears its head in the authorization of certain methods and practices?

  • Wait a minute... (Score:4, Insightful)

    by cnelzie ( 451984 ) on Friday November 28, 2003 @07:24AM (#7581406) Homepage
    How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

    I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...

    I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...
    • Re:Wait a minute... (Score:5, Interesting)

      by leenoble_uk ( 698539 ) on Friday November 28, 2003 @07:36AM (#7581452) Journal
      Running Jaguar I set up a fake account with no password on purpose. If my laptop was stolen I WANTED the thief to use it to get online. My real accounts were hidden from the login screen and my home folder was invisible. I had a penny-per-minute dialup ISP set up to make it easy for the thief to get connected. Using DNS update software I would be able to see the IP address at Dyndns.org if it was ever used.
      If the thief was to find the computer locked down from the start then they'd be far more likely to wipe and restore making this a lot more difficult.
      Unfortunately, now running Panther and making user account invisible makes the fast user switching a buggy nightmare. So in spite of the extra security features like FileVault I think it less likely I would ever see it again if it were stolen. I liked my security through obscurity.
    • by rduke15 ( 721841 ) <(rduke15) (at) (gmail.com)> on Friday November 28, 2003 @07:53AM (#7581520)
      Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

      You must be kidding, but I'm not sure.

      It takes only a few minutes to change the administrator password on a Windows box with a Linux boot floppy.

      Done it a couple of times (on Windows 2000), for users who didn't know the admin password.
    • Re:Wait a minute... (Score:4, Informative)

      by Bobman1235 ( 191138 ) on Friday November 28, 2003 @09:22AM (#7581844) Homepage
      How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

      Unfortunately Windows2000 and WindowsXP have an option that most people un-select which says "users must enter a name and password to access this system". It pretty much defies the use of HAVING a name and password when the computer automatically boots through it. The worst part is this is the default configuration. So most users never really even SEE that Windows has a password.

      And AOL lets you SAVE the password on your computer, which is equally foolish.
  • by Mr_Silver ( 213637 ) on Friday November 28, 2003 @07:43AM (#7581475)
    From SFGate [sfgate.com]:
    Investigators knew where to look for the gear not because of unusually intrepid sleuthing but because Krastof allegedly used the computer to log on to an AOL account belonging to the system's owner, Peter Gascoyne.
    Please remove your tin foil hats, the idiot logged onto the AOL account of the person he stole the laptop from. The police and AOL merely traced it back to his house.
    • by trystanu ( 691619 ) on Friday November 28, 2003 @07:53AM (#7581522) Homepage
      ... and even then AOL didn't help *that* much:

      White said investigators had asked AOL as a routine precaution to watch for any log-ons in Gascoyne's name. He said the world's biggest online service had reported a hit earlier this month but then dragged its feet in providing information about the phone line used in the connection.
  • by claq ( 727871 ) on Friday November 28, 2003 @07:43AM (#7581476)
    I found this version [sfgate.com] posted on www.securityfocus.com. It says the thief used the laptop owner's dial-up AOL account, which the FBI had asked AOL to monitor.
  • Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.

    i bet it wasn't that complicated.

    fbiAgentd00d99: Yo man, what's up?
    LaptopThief2310: Not much, i just ripped off some computers! HA HA WOOT!
    fbiAgentd00d99: SWEET!
    LaptopThief2310: Yeah I rockxxorz. Now I'm takin' a pic of me, an all the computers i stoled w/ a sony cybershot i "found".
    fbiAgentd00d99: You pwn3! Send me that pic! I'm gonna put it on my website!

    There we have it folks, probable cause, as well as an IP address.
  • by Dynamoo ( 527749 ) on Friday November 28, 2003 @07:52AM (#7581514) Homepage
    It *might* be something like Computrace Plus [computrace.com] which sits on a laptop and silently transmits audit information back over whatever IP network it connects to. They've got some case studies that show how the product actually works.

    Basically, it's legitimate spyware. I've personally never used the product, although we are about to evaluate it.

  • by brunes69 ( 86786 ) <slashdot@nOSpam.keirstead.org> on Friday November 28, 2003 @08:05AM (#7581549)
    If this is anything like 95% of the windows laptops I know of, it was littered with bonsai buddy and RealPlayer and Windows Update and tons of other calling home crap. And more than likely, this bozo didn't format the PC or anything else. All the FBI would have to do is find out whats on the PC, and contact these companies for that software's unique IDs.

  • Similar Experience (Score:5, Interesting)

    by Lieutenant_Dan ( 583843 ) on Friday November 28, 2003 @08:14AM (#7581568) Homepage Journal
    I had one of my notebooks stolen at the LA airport. I had one in my suitcase (there's only so many I can carry) because of a conference. One of the baggage handlers must have helped himself to my notebook.

    The funny thing is that the notebook was my personal, and because I did travel a lot at the time, I had an AOL account for convenience. Out of a whim, I called AOL and asked them for a log of my sign-ins. Lo and behold, turns out whoever stole my notebook was using my AOL account to surf! I pleaded with the tech person to at least give me the IP address so I can track the thief down. He sympathized with my problem and passed me to one of the network engineers who was very keen on helping me. I got the IP address and the phone number that he used to dial-in. He said that the Telecom department could give me the number that was used to dial in to AOL but I would have to get law involved as certain FCC regulations prevented him from sharing that info.

    So I collected all the info and sent the report to the security officer at the Airport, a copy to the LA sherrif's dept and another one to my insurance company (who I had hoped would be keen to solve the problem). After a few calls, I got nothing. Turns out that theft like that happens a lot at the LAX and the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.

    The good thing is, my home insurance covered the theft, so I got a better model for basically the amount I paid for my notebook a year prior (minus deductible).

    This was pre-2001 btw ...
    • by qtp ( 461286 ) on Friday November 28, 2003 @08:30AM (#7581622) Journal
      If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

      The absolute gall that you demonstrated by being a lowly private citizen cannot be tollerated and our law enforcement agencies cannot and will not encourage such anti-social behavior.

      • by Skyshadow ( 508 ) on Friday November 28, 2003 @12:07PM (#7582650) Homepage
        If you had demonstrated the common decency to be a large financial institution, as Wells Fargo so considerately did, then the police would have been more than happy to help you.

        In fairness, this laptop represented a pretty serious amount of crime potential.

        The laptop was stolen from a Wells Fargo contractor, and if contained a whole mess of Really Important customer data (social security numbers and what have you) that would have enabled any halfway competent identity thief to get all they needed to start opening credit lines.

        The real issue here (which nobody's talking about) is how can Wells Fargo get away with this? Seriously, they left a mess of Real Important confidential customer data unencrypted on a highly mobile computer. Talk about negligence! This'd the the same as if they had customers dropping their night deposits into a large suitcase they left outside the front door of the bank (except in that situation all you stand to lose is one deposit).

        Is it so much to ask that institutions who have our Really Import Data take some basic steps to protect it? This whole thing could have been rendered moot with something as simple and easy as an encrypted filesystem.

        But nobody, nobody is talking about it. So they'll continue putting customer data on laptops, HMOs will keel putting patient records on tablet PCs or shipping it overseas for testing or whatever... I wonder what it'll take to change it...

    • by isorox ( 205688 )
      LAPD is way too busy with serious crime

      Like that in the UK. The Police are too busy catching people doing 80mph on the motorway to bother with the boring stuff like murder and gangland shootings
    • by crashnbur ( 127738 ) on Friday November 28, 2003 @11:14AM (#7582374)
      ...the LAPD is way too busy with serious crime to investigate a crime committed to an out-of-towner.

      It's sad, really... but police officers have essentially been reduced to insurance claims officers when it comes to theft or vandalism. Unless someone is in clear and present danger, the police often can't or won't act because there is just too much crime.

      I read a sociological report about persons who have committed felonies recently, and the results shocked me. The statistics in particular that got my attention:

      Of all the grand theft (generally $500+) that occurs in the US, only 6% of it is even reported.

      Of all the grand theft that is reported, only 1% of the thieves are ever caught.

      Of course, you have to understand that sociology isn't the most exact science in the world, and that these stats most likely include career thieves who only get caught once. I guess you can tell any story you want if you've got the stats to back it up.

      But still, according to these numbers, 99.94% of all thefts of $500 value or more are lost causes for the theft victims, because either the thieves are too good or the police forces are not good (or willing) enough to catch them.

  • by reallocate ( 142797 ) on Friday November 28, 2003 @08:28AM (#7581617)
    Contrary to the Luddite tone of most reaction here, I suspect the only "hooks" the FBI had into AOL was a subpoena. I lived for several years near AOL in Loudoun County, Virginia. Law enforcement officials looking for info from AOL routinely sought subpoenas from judges in that jurisdiction. Sometimes they got them, sometime they didn't.

    Of course, AOL can tell that a customer is dialing in from a computer with legitimate AOL account info and software on it. If a court tells them to, they'll record that info and release it to the people who got the subpoena. This time it was the FBI. Next time, it might be you and your lawyer chasing down someone defaming you online.

    The assumption that the FBI has "hooks" into AOL is simple bush-league cynicism from the wanna-be poseurs. Why would anyone decide that it's wrong for AOL not to help capture this thief?
  • by TygerFish ( 176957 ) on Friday November 28, 2003 @08:30AM (#7581626)
    No matter how the guy was caught, simple or complex, the fact that the story comes up at all opens several interesting cans of worms.

    We give ourselves, our populace and our government, a lot of credit. We walk down the street trusting people we wouldn't let drive our cars to make an intelligent decision on who should enjoy personal control over a powerful army and a large nuclear arsenal.

    We live under a government made up of mostly of obscure appointed functionaries. During the last election, John Ashcroft was a man so despised by the people who best understood his personality and performance, that his first contribution to U.S. history was losing an election to someone the electorate knew to be deceased. Michael Powell first broke the surface as chairman of the FCC by vociferously supporting measures to further consolidate ownership of America's broadcast media.

    We trust faceless strangers to *NOT* use terrorism as an excuse to pass nasty laws that sidestep the principles which define us as a people.

    Now, it is perfectly possible to imagine that the person who stole the laptops was the kind of (darwinian) mastermind who *would* log on to someone else's AOL account, using their stolen computer from their home connection and leaving us to ask, 'Hey, why not just turn yourself in...?'

    Be that as it may, as some pieces here and elsewhere have shown, at all levels, governments are happy to adapt law and technology to purposes that civil libertarians dislike with good reason. This time it was nothing, but one day, it could very well be something that makes us all wish we could go back to telephones and paper.

    The point that started this thread might very well be moot, but unless you are completly satisfied with whom we have in office and whom they have appointed to positions of power most of us are scarcely aware of, you have to wonder what things will be like when things are different.

  • by adzoox ( 615327 ) * on Friday November 28, 2003 @08:46AM (#7581675) Journal
    I have done something similar with yahoo auctions. At auction end I type the seller's name into my IM client. It registers that name under all IM clients.

    I always request a phone number and email address if I pay by Paypal or PayDirect. If they don't give it to me and I can't validate it, I don't send the money.

    I have sent money in the past; rather blindly. I have been able to catch two sellers by just pretending to be girls interested in them, through IM. I got their actual phone numbers and even got one ready to pick me up and meet me for a "date" LOL.

    Of course it was a lot of hassle.

    If you can catch a criminal at their own game - that's justice.

    I wish eBay wouldn't have eliminated the contact information request without having a transaction with the othert party. Most sellers that cheat me on Yahoo, also have aliases identical on eBay.
  • by Anonymous Coward on Friday November 28, 2003 @09:18AM (#7581827)
    First, hat's off to all who don't know and say so, or simply state it. It's OK if you don't know your NIC's vendor ID/prefix by heart, or if you can't dissect the IP header without a reference.
    Really.

    To the rest: Offering complete goofball theory after complete goofball theory, briefly resting only to scream 'violation of privacy' then going back and suggesting another goofball theory impresses nobody. CPUID/NIC MAC/Windows/Office/[you-name-it] identifers or serial numbers are not immediately accesssible just because you have a PPP sesion going over your modem. If a phone-home feature was installed, then fine, but that's a completely different story.

    Another hilarious example was the the default-route theory, which someone suggested as a 'dead giveaway' to the feds. Hello!? Even if the routing table was accessible, routes associated with a NIC wouldn't be *in* the table unless the NIC was active, and the setting would only be visible in the registry, not typically accessible to the world, nor routinely queried by an ISP. And never mind the statistical probability that a corporate NIC is configured for DHCP, thus it wouldn't have a default route to begin with.

    I simply can't believe the amount of idiotic pseudo-techies posting and feeling BIG because they could incorrectly apply page 254 of the MSCE prep guide to formulate a crackpot theory.

    Bleeeeeeeeeeeechhhh.

  • No news here (Score:3, Interesting)

    by Awptimus Prime ( 695459 ) on Friday November 28, 2003 @01:16PM (#7583120)
    Back when I worked in the abuse department for a leading ISP, this was a daily thing. Why's it news? Beats me..

    The dial-up equipment at ISPs keep a log on hand of the numbers you've connected from. The investigators get a warrant for this information, you email it to them, case closed.
  • by MadAnthony02 ( 626886 ) on Friday November 28, 2003 @01:23PM (#7583153)

    The security guys where I work are fond of this story. We had someone steal a couple of college owned computers, and aparently resold one of them to a student halfway across the country. The computer had Norton Antivirus Corporate Edition configured to run as "managed" -ie it gets it's definitions of our servers instead of symantec's. Our network guys got suspicious when they noticed trafic on one of our NAV servers coming from several states away - turned out that the computer theif never changed the antivirus settings before selling it and it was trying to get virus definitions from us.

  • CALM DOWN!!!! (Score:3, Interesting)

    by clickster ( 669168 ) on Friday November 28, 2003 @02:14PM (#7583407)
    http://www.crime-research.org/news/2003/11/Mess270 2.html Check the above article. They say he logged into AN account registered on that computer. It could have been that he logged onto the Wells Fargo guy's account (with password saved). After all, he is a data thief, and not a very smart one apparently. If the FBI had AOL watching that guy's account, then they could have simply traced the IP Address. No big deal...if that's the case. It would help if the articles would be little more specific.
  • by NeoMoose ( 626691 ) <neomoose@@@despammed...com> on Friday November 28, 2003 @02:29PM (#7583485) Homepage Journal
    Is the FBI refusing to divulge how they found out that he was on one of the stolen computers? Because if so that is a direct violation of the Freedom of Information Act. I sure as hell want to know if my computer transmits some form of identification information when I log in to my ISP.

    What I am willing to bet that it really is though, without reading, is that the serial number of the computer led to the serial number of the nic, whether it be modem or ethernet, and then the mac address could probably be identified. Just my guess.

    I'd be more interested in thoughts on the FoI Act thing though.
  • The lesson here (Score:3, Insightful)

    by Lord Kano ( 13027 ) on Friday November 28, 2003 @10:47PM (#7585624) Homepage Journal
    If you're going to rip off hardware from a large, powerful, incluential company like WF, make sure that you wipe the HD, toss the PCMCIA NICs and start from scratch.

    LK

Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Working...