Post-Suicide Account Cracking?

An anonymous reader writes "A good friend of mine had her younger brother apparently commit suicide last week. He was a young, promising CS major who was close to being accepted into a very prestigious school. He was very into Linux as well as PHP/MySQL coding. He left absolutely nothing behind for the family as far as a death note or explanation, and there is some possibility that this was all somehow a tragic accident. The family is in a situation where proof of accidental death would change how this was viewed in terms of paying for parts of the funeral. More importantly, some members of the family are hoping to find something, anything, that might explain why this all went down. Since I'm the most computer-skilled person the family knows, they have asked me if I could help them try to find some information. My possible approaches are: his Linux laptop, his university, Gmail And Hotmail email accounts, and a second MySpace profile that apparently has been tagged as private. How ethical would it be to, say, try to crack his root password in a situation like this? I wouldn't attempt to crack a man's account for his wife because she thinks he is cheating on her, as his life is his own business. In death, would you have the same respect for a person's private thoughts? Secondly, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts? I have links to obituaries and such to prove that he is indeed gone. Would it be a matter of not giving it to me (maybe only to the family), or is this something that they would not do at all? Any opinions on if I should do this and if so, how I should go about it?"

Cracking root password not necessary

[pipatron]

If you have physical access to his laptop, you can just boot with any linux live cd and mount the partitions without any access control. This will not work if he is using encryption, but unfortunately, few people do.

Don't bother

[bconway]

How ethical would it be to, say, try to crack his root password in a situation like this?

Take 5 seconds to boot into single-user mode, or mount the disk elsewhere sans password.

Re:Cracking root password not necessary

[usermilk]

Also, once you have access to his laptop files it is highly likely that he is already logged in to his social networking sites, gmail, hotmail, etc. If you're lucky he might have even saved the password.

Getting rid of passwords

[ScepticOne]

Boot Linux with init=/bin/sh, remount the root partition to readwrite, edit /etc/shadow to change the root password to be blank, remount / to readonly, reboot. If you login as him (similar method to blank his password), you might find that firefox (or konqueror if he used that) is remembering his passwords and logins.

Re:Providers providing passwords posthumously

[ArcherB]

Google is your friend! Here are some links to the story:

Slashdot [slashdot.org]

Another [slashdot.org] Slashdot.

The Conclusion [detnews.com] to the story.

Re:Gmail, Hotmail, MySpace

[tgatliff]

I disagree... A simple court order would open up any account they want. Why people go to these companies and ask "permission" is beyond me... That is why our legal system is there, and it is quite good at getting what it wants...

sanitize his history and records

[jollyreaper]

In the military, there's the tradition of cleaning up a dead guy's locker before sending it home to his next of kin. Remove all skin mags, letters from local girlfriends if he has a wife back home, that sort of thing. Get rid of anything that might make them think less of the dead, they're already broken up about it as is. I'm sure the last thing this kid's family would want to find out about is his furry porn collection.

is police investigation active?

[Anonymous Coward]

Its not legal to meddle with evidence.

Potential can of worms.

[PeanutButterBreath]

Would snooping around on your laptop or rifling through your e-mail accounts allow someone to "understand" you? Are you confident that it would portray the facet of your personality that you wanted others to see?

Obviously, this is a sad situation. I lost a sibling to suicide and the bottom line is that I don't think that any satisfactory answers can be had in a situation like this.

Whether or not the privacy of the deceased should be respected might be an ethical dilemma. But I think that if we are realistic about our own selves and what we choose to share with friends, family or no-one at all, we have to admit that breaking into this mans files would almost certainly be a violation of his wishes, and likely raise more questions than it answers.

Absent some purely administrative function like settling his accounts, I would not go this route.

Re:If you don't know; don't even try!

[diskis]

Simply image the disk, and toy around with the copy. If you fail, make a new copy. That's how you learn data recovery.

Re:what you'll need

[ICLKennyG]

Not true, many debts and assets do not survive death. I agree in principal that there is little ethical delima in trying to open his digital life for closure of his survivors, but just thought I would indicate that many assets, debts, and obligations terminate the instant of death.

The primary example here is credit card debt. The debt may reach the estate, but not the beneficiaries. I.E. I die with $10k in assets and $20k in debt. I leave a will saying everything goes to my son Jimmy. Jimmy will get nothing as the estate is consumed by the debt. But the $10k in remaining unsatisfied debt is not passed on, it is written down as a loss by the credit card company.

Every provider is going to be different depending on use policies, jurisdiction, and security certifications desired by the party, however ultimately you can compell compliance through the method above. It doesn't hurt to ask, but expect to be turned down unless you have a death cirtificate and proof you are a parent (it seems from the article this was either a minor / major with no issue (wife/kids/etc).

Gmail and all others have a process

[RobbieCrash]

Gmail has a process for this, as do all other freemail services. Gmail's is Here [google.com] Googling for the others policies will yield results for the others as well.

What Google requires for this:

[whoda]

1. Your full name and contact information, including a verifiable email address.
2. The Gmail address of the individual who passed away.
3a. The full header from an email message that you have received at your verifiable email address, from the Gmail account in question. (To obtain the header from a message in Gmail, open the message, click 'More options,' then click 'Show original.' Copy everything from 'Delivered- To:' through the 'References:' line. To obtain headers from other webmail or email providers, please refer to http://www.spamcop.com/help_with_headers/ [spamcop.com])
3b. The entire contents of the message.
4. A copy of the death certificate of the deceased.
5. A copy of the document that gives you Power of Attorney over the Gmail account.
6. If you are the parent of the individual, please send us a copy of the Birth Certificate if the Gmail account owner was under the age of 18. In this case, Power of Attorney is not required.

Re:I have said it before

[bryanp]

From the question it seems like it's related to a life insurance policy that doesn't pay on suicide, which is the norm

IANAL, but in many states life insurance still pays off on suicide as long as the policy has been in effect for a specific length of time (2 years in my state) and the death didn't involve a crime (OD on cocaine being a classic example).

Re:Gmail, Hotmail, MySpace

[ThirdPrize]

A friend of mine died last year and, as long as you can provide the proper paperwork, his family got access to his hotmail account. i guess as long as they can tie the death certificate to the person in the e-mails then its not a problem.

More Crime...

[Maljin Jolt]

Dear anonymous reader,

Your "good" friend may have murdered her brother as well. From what you say, a suicide is unlikely without some strong reason and without death note. If some information related to such crime is to be found on his account, not only you could be involved in murder case, but you may be in life danger yourself knowing some key information about it, just in case your "good" friend wants to clean up all traces.

Don't contact GMail, Yahoo, etc.

[rjamestaylor]

You'll just invite delay and trouble by contacting service providers. Instead, change his laptop's root password (it's easy: at grub edit the default stanza and set init=/bin/bash and then boot; once in, use "passwd" to change the root passwd; next use "passwd username" to change his user's password; using the rescue environment is slightly more complicated). This assumes he is not using an encrypted FS, which is likely.

Once you can boot into his user account, run the mail client(s) he has setup. They likely have the passwords stored. Voila, no need to contact the service providers.

Ethical? Well, you'll want to check with his heirs, first, but assuming there is no resistance on that front, go for it. It's called archeology when we do it to the Pharaohs.

Thoughts...

[Bert64]

I doubt that gmail/hotmail/myspace etc will give you anything, tho if the death is suspicious the police could contact them.

You wouldn't need to crack his root pass, you could just mount his drive in another machine and read his data from it, or change the password, assuming he hasn't encrypted the drive.

You might be able to get into some of his accounts using information pulled from his laptop, and once you have one of his email accounts you might be able to get into other things using reset password links etc..

Also, since you're working for his family, if he's used typically lame "security questions" like mothers maiden name and first pet etc, you should be able to get that information trivially.

Getting access to user accounts

[dwmurray57]

Last year, one of my roomates died of an accidental medical overdose and since I didnt know any of her distant family I had to go thru the process of getting information from other sources. I had to get this in order to work with the Funeral costs and details. I needed to get access to her contacts and Emails from HOTMAIL and had no clue to her password. I contacted the Hotmail support and explained my situation. They asked me to provide a copy of her death ceritficate (as I was the one that handled the police / hospital / coroner aspect) I was deemed her legal representation. After supplying the document and proof of identication for myself, I was given a copy of her information and emails. It's not as complicated as it sounds, but whoever will ask a provider for the information also needs to be the person on the legal documentation otherwise the provider (most probably) refuse to supply the information. Hope this helps, Doug!

Possible account access from laptop

[Digital_Quartz]

As the parent said, booting the system from a live CD will let you in. If this person used Firefox's password manager (and assuming he didn't set a master password), you can reset his account's password from the live CD, then log into the laptop as him, and use Firefox to connect to hotmail, gmail, etc... You could even use Firefox's "Show Passwords" to recover the passwords, if needed.

Re:I have said it before

[rtb61]

The subpoenas should not be necessary. If you are the next of kin and heir to the deceased estate, the accounts are now yours, the computer is yours and all information there in is yours. So simply gain permission from the current owners and gain access. However if you are doing it for legal reasons be careful that your actions do not contaminate the evidence. It is most likely best for the family to seek the assistance of the police in further investigating the incident and ensuring any evidence uncovered remains valid.

Re:sanitize his history and records

[Schnapple]

Should everyone think less of JFK if he was a furry porn freak?

Should they? No. Would they? Uhh... yeah. J. Edgar Hoover has been rumored [straightdope.com] to have been a cross-dresser and it basically ruined his image forever. Nevermind that apparently it's not true, people just accept it to be true and that's basically the same thing (especially since people tend to take Wikipedia as gospel these days). It was even featured in one of the Naked Gun movies (people tend to take what's in a movie as the gospel as well).

Now the J. Edgar Hoover thing is just a rumor and those are hard or impossible to stop or curtail (like the rumors that Lincoln was gay [straightdope.com] but in the case of stuff you can stop, I think you should. If the person that is the subject of this article is a furry (hypothetically, there's nothing about the story to suggest it, we're just throwing "what if?"s out there) it's one thing if everyone in town knows he's a furry, but it's another thing entirely if no one (outside of people who knew him by his Internet handle) knew it. Might as well keep that a secret, especially since, like the poster said, it would just be rubbing salt in the wounds.

Yes, it would be wonderful if everyone could just accept what other people do but it would in all likelihood just upset the family more. It's like when you go to your grandfather's funeral and they go on and on about the good things he did, like build a treehouse for the local kids or how he taught Sunday School. They don't mention how most people thought he was an overbearing asshole and that he referred to anyone non-white by their corresponding racial slur. In their immediate death, you just focus on the positive aspects of their life.

Re:Gmail, Hotmail, MySpace

[rijrunner]

http://mail.google.com/support/bin/answer.py?answer=14300

Re:sanitize his history and records

[Bob The Cowboy]

Absolutely.

Go read "Speaker for the Dead", by OSC.

The truth of who someone was is important, and every scrap of that truth matters and will help you better understand them.

Re:Don't contact GMail, Yahoo, etc.

[PhotoGuy]

Just another tip; before overwriting any password, save the old /etc/passwd and /etc/shadow, in case you do want to brute-force the password later. His login password might be the same as the password he uses for email or other accounts that you otherwise couldn't crack easily. (It's easier to brute force a local /etc/shadow than a remote web site.)

Re:I have said it before

[monkeySauce]

Not it isn't. Plenty of life insurance policies cover suicide, but usually not in the first 1-few years the policy is in effect.

My question is, why would a young unmarried person have a life insurance policy at all?

Re:I have said it before

[Anonymous Coward]

Another example, which might be more germane to this situation, is Mark Twain. There are works of his that are still unpublished and are not to be published until 2010, 100 years after his death. Toward the end his writings became quite dark and his family held on to some with this request because they didn't want a slew of dark works to change his reputation.

Have you got a source for this? Wikipedia and Google are turning up nothing for me...

Re:Cracking root password not necessary

[matt me]

Passwords in Firefox and Thunderbird are not encrypted, merely obfuscated. in edit / preferences / security / saved passwords in firefox it will display all passwords saved.

Don't do it

[Anonymous Coward]

IANAL but have dealt with a recent suicide.

Suicide has to be proven by some means otherwise it will be ruled an accidental death. If there was no note, message or legal conversation indicating suicide it will likely be ruled an accidental death. That's not to say it won't be a fight to get life insurance to help defer funeral costs; we are six months into it and still dealing with them.

Do it.

[Anonymous Coward]

I'm way late in replying, but the suicide could have been, at one point in my life, me. I know for a fact that I'd want someone to care enough to dig through my stuff to find out why and what happened.

There's a GRUB/LILO trick to get root access. I don't remember the full details but it involves editing the bootup line and changing the init script to =/bin/bash and remounting the hard drive.

If this guy was anything like me, you'll probably find some kind of message fairly quickly. The point of making the note hard to get at would be to prove that someone gave enough of a damn to get at the file.