Post-Suicide Account Cracking? 812
An anonymous reader writes "A good friend of mine had her younger brother apparently commit suicide last week. He was a young, promising CS major who was close to being accepted into a very prestigious school. He was very into Linux as well as PHP/MySQL coding. He left absolutely nothing behind for the family as far as a death note or explanation, and there is some possibility that this was all somehow a tragic accident. The family is in a situation where proof of accidental death would change how this was viewed in terms of paying for parts of the funeral. More importantly, some members of the family are hoping to find something, anything, that might explain why this all went down. Since I'm the most computer-skilled person the family knows, they have asked me if I could help them try to find some information. My possible approaches are: his Linux laptop, his university, Gmail And Hotmail email accounts, and a second MySpace profile that apparently has been tagged as private. How ethical would it be to, say, try to crack his root password in a situation like this? I wouldn't attempt to crack a man's account for his wife because she thinks he is cheating on her, as his life is his own business. In death, would you have the same respect for a person's private thoughts? Secondly, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts? I have links to obituaries and such to prove that he is indeed gone. Would it be a matter of not giving it to me (maybe only to the family), or is this something that they would not do at all? Any opinions on if I should do this and if so, how I should go about it?"
Cracking root password not necessary (Score:5, Informative)
Don't bother (Score:5, Informative)
Take 5 seconds to boot into single-user mode, or mount the disk elsewhere sans password.
Re:Cracking root password not necessary (Score:5, Informative)
Getting rid of passwords (Score:2, Informative)
Re:Providers providing passwords posthumously (Score:5, Informative)
Slashdot [slashdot.org]
Another [slashdot.org] Slashdot.
The Conclusion [detnews.com] to the story.
Re:Gmail, Hotmail, MySpace (Score:4, Informative)
sanitize his history and records (Score:5, Informative)
is police investigation active? (Score:2, Informative)
Potential can of worms. (Score:3, Informative)
Obviously, this is a sad situation. I lost a sibling to suicide and the bottom line is that I don't think that any satisfactory answers can be had in a situation like this.
Whether or not the privacy of the deceased should be respected might be an ethical dilemma. But I think that if we are realistic about our own selves and what we choose to share with friends, family or no-one at all, we have to admit that breaking into this mans files would almost certainly be a violation of his wishes, and likely raise more questions than it answers.
Absent some purely administrative function like settling his accounts, I would not go this route.
Re:If you don't know; don't even try! (Score:3, Informative)
Re:what you'll need (Score:2, Informative)
The primary example here is credit card debt. The debt may reach the estate, but not the beneficiaries. I.E. I die with $10k in assets and $20k in debt. I leave a will saying everything goes to my son Jimmy. Jimmy will get nothing as the estate is consumed by the debt. But the $10k in remaining unsatisfied debt is not passed on, it is written down as a loss by the credit card company.
Every provider is going to be different depending on use policies, jurisdiction, and security certifications desired by the party, however ultimately you can compell compliance through the method above. It doesn't hurt to ask, but expect to be turned down unless you have a death cirtificate and proof you are a parent (it seems from the article this was either a minor / major with no issue (wife/kids/etc).Gmail and all others have a process (Score:4, Informative)
What Google requires for this: (Score:5, Informative)
2. The Gmail address of the individual who passed away.
3a. The full header from an email message that you have received at your verifiable email address, from the Gmail account in question. (To obtain the header from a message in Gmail, open the message, click 'More options,' then click 'Show original.' Copy everything from 'Delivered- To:' through the 'References:' line. To obtain headers from other webmail or email providers, please refer to http://www.spamcop.com/help_with_headers/ [spamcop.com])
3b. The entire contents of the message.
4. A copy of the death certificate of the deceased.
5. A copy of the document that gives you Power of Attorney over the Gmail account.
6. If you are the parent of the individual, please send us a copy of the Birth Certificate if the Gmail account owner was under the age of 18. In this case, Power of Attorney is not required.
Re:I have said it before (Score:5, Informative)
IANAL, but in many states life insurance still pays off on suicide as long as the policy has been in effect for a specific length of time (2 years in my state) and the death didn't involve a crime (OD on cocaine being a classic example).
Re:Gmail, Hotmail, MySpace (Score:5, Informative)
More Crime... (Score:3, Informative)
Your "good" friend may have murdered her brother as well. From what you say, a suicide is unlikely without some strong reason and without death note. If some information related to such crime is to be found on his account, not only you could be involved in murder case, but you may be in life danger yourself knowing some key information about it, just in case your "good" friend wants to clean up all traces.
Don't contact GMail, Yahoo, etc. (Score:4, Informative)
Once you can boot into his user account, run the mail client(s) he has setup. They likely have the passwords stored. Voila, no need to contact the service providers.
Ethical? Well, you'll want to check with his heirs, first, but assuming there is no resistance on that front, go for it. It's called archeology when we do it to the Pharaohs.
Thoughts... (Score:3, Informative)
You wouldn't need to crack his root pass, you could just mount his drive in another machine and read his data from it, or change the password, assuming he hasn't encrypted the drive.
You might be able to get into some of his accounts using information pulled from his laptop, and once you have one of his email accounts you might be able to get into other things using reset password links etc..
Also, since you're working for his family, if he's used typically lame "security questions" like mothers maiden name and first pet etc, you should be able to get that information trivially.
Getting access to user accounts (Score:2, Informative)
Possible account access from laptop (Score:5, Informative)
Re:I have said it before (Score:5, Informative)
Re:sanitize his history and records (Score:3, Informative)
Now the J. Edgar Hoover thing is just a rumor and those are hard or impossible to stop or curtail (like the rumors that Lincoln was gay [straightdope.com] but in the case of stuff you can stop, I think you should. If the person that is the subject of this article is a furry (hypothetically, there's nothing about the story to suggest it, we're just throwing "what if?"s out there) it's one thing if everyone in town knows he's a furry, but it's another thing entirely if no one (outside of people who knew him by his Internet handle) knew it. Might as well keep that a secret, especially since, like the poster said, it would just be rubbing salt in the wounds.
Yes, it would be wonderful if everyone could just accept what other people do but it would in all likelihood just upset the family more. It's like when you go to your grandfather's funeral and they go on and on about the good things he did, like build a treehouse for the local kids or how he taught Sunday School. They don't mention how most people thought he was an overbearing asshole and that he referred to anyone non-white by their corresponding racial slur. In their immediate death, you just focus on the positive aspects of their life.
Re:Gmail, Hotmail, MySpace (Score:5, Informative)
Re:sanitize his history and records (Score:3, Informative)
Go read "Speaker for the Dead", by OSC.
The truth of who someone was is important, and every scrap of that truth matters and will help you better understand them.
Re:Don't contact GMail, Yahoo, etc. (Score:3, Informative)
Re:I have said it before (Score:4, Informative)
My question is, why would a young unmarried person have a life insurance policy at all?
Re:I have said it before (Score:1, Informative)
Have you got a source for this? Wikipedia and Google are turning up nothing for me...
Re:Cracking root password not necessary (Score:5, Informative)
Don't do it (Score:1, Informative)
Suicide has to be proven by some means otherwise it will be ruled an accidental death. If there was no note, message or legal conversation indicating suicide it will likely be ruled an accidental death. That's not to say it won't be a fight to get life insurance to help defer funeral costs; we are six months into it and still dealing with them.
Do it. (Score:1, Informative)
There's a GRUB/LILO trick to get root access. I don't remember the full details but it involves editing the bootup line and changing the init script to =/bin/bash and remounting the hard drive.
If this guy was anything like me, you'll probably find some kind of message fairly quickly. The point of making the note hard to get at would be to prove that someone gave enough of a damn to get at the file.