Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Post-Suicide Account Cracking?

kdawson posted more than 6 years ago | from the question-of-ethics dept.

Privacy 812

An anonymous reader writes "A good friend of mine had her younger brother apparently commit suicide last week. He was a young, promising CS major who was close to being accepted into a very prestigious school. He was very into Linux as well as PHP/MySQL coding. He left absolutely nothing behind for the family as far as a death note or explanation, and there is some possibility that this was all somehow a tragic accident. The family is in a situation where proof of accidental death would change how this was viewed in terms of paying for parts of the funeral. More importantly, some members of the family are hoping to find something, anything, that might explain why this all went down. Since I'm the most computer-skilled person the family knows, they have asked me if I could help them try to find some information. My possible approaches are: his Linux laptop, his university, Gmail And Hotmail email accounts, and a second MySpace profile that apparently has been tagged as private. How ethical would it be to, say, try to crack his root password in a situation like this? I wouldn't attempt to crack a man's account for his wife because she thinks he is cheating on her, as his life is his own business. In death, would you have the same respect for a person's private thoughts? Secondly, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts? I have links to obituaries and such to prove that he is indeed gone. Would it be a matter of not giving it to me (maybe only to the family), or is this something that they would not do at all? Any opinions on if I should do this and if so, how I should go about it?"

cancel ×

812 comments

Sorry! There are no comments related to the filter you selected.

I have said it before (5, Insightful)

hansraj (458504) | more than 6 years ago | (#23249198)

dead people don't really care, one way or another.

Re:I have said it before (2, Insightful)

Bondolon (1000444) | more than 6 years ago | (#23249304)

Indeed, ethics is generally about social relations between people. One could make a case (maybe) that it's immoral to do this, but the only question of ethics I can see here is that of assisting a grieving family.

Re:I have said it before (1)

aliquis (678370) | more than 6 years ago | (#23249362)

Exactly, to late to do or say something to him, to late for him to care about what happens with anything.

Personally I would be all ok if someone read all my notes, my e-mail, and whatever. Somehow I would actually be glad if someone took the time to look thru it.

And if I would go encrypted disk I'd probably store my password so it could be found somewhere.

But his computer is one thing, various services another. To get into his personal files may not be so hard and are probably possible to do, to get into various services probably not. I really hope they don't honor such requests actually.

Re:I have said it before (2)

ckaminski (82854) | more than 6 years ago | (#23249420)

If you have a death certificate and are next of kin and can reasonably prove the account belongs to who you say it does, they probably do not have a choice. A subpoena could probably compel them to provide you with access.

But that's a lot of "ifs".

Re:I have said it before (1)

PlatyPaul (690601) | more than 6 years ago | (#23249436)

True, but you may choose to honor the person's wishes as you previously honored their corporeal being. Your legacy is still you.

Re:I have said it before (0)

Anonymous Coward | more than 6 years ago | (#23249452)

Gmail, Hotmail, MySpace (0)

Anonymous Coward | more than 6 years ago | (#23249200)

His laptop is one thing, but I seriously doubt that Hotmail, Gmail, MySpace, or even his university are going to open access to his accounts for anything but a police investigation.

Re:Gmail, Hotmail, MySpace (1)

ta bu shi da yu (687699) | more than 6 years ago | (#23249258)

I would have thought the executor of his estate would have access to this sort of information.

Re:Gmail, Hotmail, MySpace (3, Informative)

tgatliff (311583) | more than 6 years ago | (#23249334)

I disagree... A simple court order would open up any account they want. Why people go to these companies and ask "permission" is beyond me... That is why our legal system is there, and it is quite good at getting what it wants...

Simple. (0)

Spovednik (1247806) | more than 6 years ago | (#23249202)

You. Don't.

Don't forget ... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23249204)

... to pay your $699 tea-bagging fee you cock-smoking licensers [twofo.co.uk] .

file a petition with a judge (4, Insightful)

thrillseeker (518224) | more than 6 years ago | (#23249206)

a court order will streamline all this for you

Re:file a petition with a judge (0)

Anonymous Coward | more than 6 years ago | (#23249442)

Focus on getting his email password first. The other passwords will likely be the same, unless he was particularly careful. If not, you can at least log into his other sites, select "forgot my password" and get a reset message sent to his mail account (assuming he used a real email address etc...).

Death certificate (1)

Mag7 (69118) | more than 6 years ago | (#23249208)

This is really sad to hear.

A death certificate from the next of kin opens many doors.

They're not likely to help you since you're not a relative and certainly if all you do is point them to a link to an obituary.

Re:Death certificate (4, Insightful)

smooth wombat (796938) | more than 6 years ago | (#23249276)

You beat me to the punch. Having worked in the financial sector for a time, a death certificate should do the trick.

The catch will be is if the person signed up for accounts but didn't use his real name, address, etc. Then you may have a problem. Otherwise, submitting the certificate (more than likely official copies) should suffice to prove to the various places that the person is truly dead and you are doing a port mortem of his accounts.

The family should be the ones contacting these places as they are next of kin.

I know it's asking for trouble, but this is why all your accounts including username and password should be written down and stored in a separate location. Regardless if it's suicide or getting run over by a wildebeast, someone, somewhere, will need to be able to get into your accounts to clear things up.

Re:Death certificate (1)

Narpak (961733) | more than 6 years ago | (#23249390)

Personally nothing would make me happier if I could arrange for some sort of death switch. So the moment I was utterly and permanently dead all my hard drives would fry and all my email accounts would be deleted. For me, personally, I really can't see any need for my family or friends to snoop around in my private files and notes. Not to mention that I don't want anyone to gain access to my rather indecent amount of freakazoid p0rn.

Re:Death certificate (1)

smooth wombat (796938) | more than 6 years ago | (#23249466)

You could always entrust that process to someone who you believe would carry out your wishes.

Then again, that doesn't take care of your online accounts. They would need to take care of those as well. Which goes back to what I previously said: write down your information so someone can get to your stuff. In your case, the person would log onto your accounts, delete the information then close the accounts.

Re:Death certificate (2, Insightful)

JustinOpinion (1246824) | more than 6 years ago | (#23249440)

My condolences to the family.

I would say that a death certificate is a necessary, but by no means sufficient, piece of evidence.

There was recently a death in my extended family. I have seen how, even with a death certificate and all official documents (police reports, etc.), it still took literally years to finalize routine things (closing accounts, transferring assets, dealing with insurance, etc.). So it turns out its quite long and complicated to even just do the "normal" things (that must be done when any person dies, and for which no one was really contesting anything... just following the protocol). So I can only imagine how difficult it will be in situations where things are unclear.

For instance, if you show a death certificate to an email provider, what does that prove? It shows that someone died, but doesn't actually prove that it was the owner of the account that died. (Did he sign up with his real name, or fake details?) I can imagine an email provider requesting certain conditions (like waiting a year to make sure there is no activity on the account, and requiring some proof of connection between the person and the account).

All this to say: prepare for a long and drawn-out ordeal. Finalizing a person's affairs is not a quick matter. (On the other hand, you might end up being lucky, and finding a "passwords.txt" file on his computer somewhere.)

Leave the poor kid alone... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23249210)

I mean you guys have obviously already pissed him off enough to off himself...

Re:Leave the poor kid alone... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23249344)

I lol'd.

Do it. (4, Insightful)

sm62704 (957197) | more than 6 years ago | (#23249214)

Your friend is gone; he no longer owns anything. His worldly possessions, including his accounts and passwords, belong to those he left behind. They have asked you to open the locked box, open it.

There is no ethical delimma. You are being asked to open something by that something's owner. NOT cracking passwords would be wrong.

It's not that simple (2, Insightful)

mario_grgic (515333) | more than 6 years ago | (#23249356)

There is no evidence yet that the person didn't desire to make some things private and their wish should be respected even after death.

You are making a mistake that because someone is dead (and hence obviously can't care) implies that they didn't care when they were alive.

In absence of legal will it is hard to tell what the desire of the person was, but if someone wrote in their will that they want for example their laptop destroyed after their death, it would obviously make it un-ethical to ignore that wish and poke through their laptop.

Re:Do it. (1)

Machtyn (759119) | more than 6 years ago | (#23249374)

It is similar to if the person left a locked box behind, or an even better analogy, a bank deposit box. The next of kin would show up at the bank with the appropriate documents showing the deceased is dead and they are the next of kin and the bank would oblige to open the box.

Re:Do it. (1)

sapone (152094) | more than 6 years ago | (#23249432)

But this is not about his worldly possessions, it's about his intellectual "possessions", letters he wrote and other products of the mind. Many people wish that noone will gain access to such intimate information, even after their death.

When my great-aunt had died, my grandfather came over to us with a box containing letters. My parents have a stove with fire and all. My grandfather burned the letters, to fulfill a promise he gave my great-aunt.

Re:Do it. (2, Insightful)

mpe (36238) | more than 6 years ago | (#23249448)

Your friend is gone; he no longer owns anything. His worldly possessions, including his accounts and passwords, belong to those he left behind. They have asked you to open the locked box, open it.

They probably actually belong to his "estate". If he made a will then it will explicitally list who the executors of his will are. Executors of a will have something similar to "power of attorney" when it comes to distributing a person's estate. Even if someone died "intestate" their estate still exists, where things can get complex is that the act of getting married can perform the equivalent of writing a will, where the terms an conditions depend in exactly where and when the marriage took place.
Even if you are an executor (or working for an executor) AFAIK you can't investigate a death. But if your intent is to locate part of their estate then it's ok if you happen to stumble upon information relating to how someone died, though it might be a good idea to share any such information with the police and/or corronor.

Re:Do it. (1)

Narpak (961733) | more than 6 years ago | (#23249468)

I disagree. Personally I consider the wished of the decease to be paramount. Yes I do know that when you are dead it's supposed to not matter. But I really believe that when it comes to my accounts (wherever they are) is not something my family have any right to open; even if I die accidentally without any warning.

Of course I realize people differ on this matter, but at the end of the day the wishes of the deceased should be honored. If I don't want anyone to go through my accounts, that should be honored; and if someone else have no objection to that; then that should be honored.

Cracking root password not necessary (4, Informative)

pipatron (966506) | more than 6 years ago | (#23249216)

If you have physical access to his laptop, you can just boot with any linux live cd and mount the partitions without any access control. This will not work if he is using encryption, but unfortunately, few people do.

Re:Cracking root password not necessary (4, Informative)

usermilk (149572) | more than 6 years ago | (#23249248)

Also, once you have access to his laptop files it is highly likely that he is already logged in to his social networking sites, gmail, hotmail, etc. If you're lucky he might have even saved the password.

Re:Cracking root password not necessary (1)

tgatliff (311583) | more than 6 years ago | (#23249370)

Exactly... I doubt he encrypted the partition, so if you just bring up the OS in single user mode you can pretty much get whatever you want. You can even reset the password if you choose.

Even if he did encrypt his partitions, chances are he put the master key on a USB key somewhere. I suspect in his irrationally condition he was not thinking about proper security protection...

Finally, I probably would try to brute force his root password just to find out what it was. It might help give you insight into his mindset at the time...

Re:Cracking root password not necessary (1)

Daas (620469) | more than 6 years ago | (#23249490)

Single-user mode ? Anyone ?

No need to crack root... (4, Insightful)

Nutria (679911) | more than 6 years ago | (#23249218)

Just boot it with a LiveCD, and it's all yours.

Re:No need to crack root... (2, Insightful)

martijnd (148684) | more than 6 years ago | (#23249416)

Then try to get Firefox to start up with the original profile. You might be able to automatically login to his Gmail/Hotmail etc accounts.

It's illegal (1)

ta bu shi da yu (687699) | more than 6 years ago | (#23249220)

I'd not try to crack online services. His Linux laptop is fair game though. In fact, probably not that hard to crack. Just boot it in runlevel 1, then change the password.

Re:It's illegal (1)

tgatliff (311583) | more than 6 years ago | (#23249394)

I agree... Also, why try to "crack" his online accounts, as a simple court order can give you easy access to these. And I dont think that getting a judge to do this for you would be very difficult unless the guy specifically expressed he didn't want this to happen...

Re:It's illegal (1)

darguskelen (1081705) | more than 6 years ago | (#23249418)

Yes, it's illegal to crack online accounts. However, if you contact the hosting companies, they should have policies for when a member dies and their accounts are needed by others.

Don't bother (4, Informative)

bconway (63464) | more than 6 years ago | (#23249222)

How ethical would it be to, say, try to crack his root password in a situation like this?

Take 5 seconds to boot into single-user mode, or mount the disk elsewhere sans password.

eh? (0)

Anonymous Coward | more than 6 years ago | (#23249224)

A good friend of mine had her younger brother apparently commit suicide last week

You do realise that, in English, this sentence means the brother committed suicide at her behest, right?

yes, but with conditions (1)

whitroth (9367) | more than 6 years ago | (#23249226)

I'd say yes... but with sharp conditions: the *only* thing you look for are his words that might relate to his death. No just wandering around, looking for pr0n, or anything else. Intimate talk with someone... that's a *very* gray area, since loosing someone could have pushed this... or not.

You, personally, should you take this job, should *only* tell *anyone* what you found that was relevant, and nothing else.

Ever.

            mark

Re:yes, but with conditions (4, Funny)

eln (21727) | more than 6 years ago | (#23249294)

If this guy was any kind of good person at all, I'm sure he would have wanted to share his porn collection with the world after he was gone. Sure, maybe you shouldn't tell anyone where it came from if it's got porn featuring midgets, grannies, horses, or especially all three at once, but you should still post it on Slashdot^W^W^W^Wgive it to his close friends.

Re:yes, but with conditions (1)

jafiwam (310805) | more than 6 years ago | (#23249348)

I would think the same code that applies to dealing with a child's computer when you are helping the parent would apply here.

In that situation, I always ask "how much do you want to know?" and let them decide if they want me to reveal the particular flavor of porn or whatever else they were in into.

I've never had a parent say "i want to know", it's always "fix it and let them keep their privacy".

That said, the goal is not just to recover a 1099 form or something, the goal is a peek into what someone was thinking. In that case, data from just about anywhere might be relevant.

The thing is, all parties involved should go into it knowing and agreeing what the case is on that, rather than having the geek go looking, share, and then get bad feelings because that's not what people expected.

That said... once the information is gained, the data should be wiped, not harvested for what might be useful for a geek later.

Providers providing passwords posthumously (1)

ArcherB (796902) | more than 6 years ago | (#23249228)

, If I contacted places like Google, MSN, the university, and MySpace, what are the odds that they would give me access to any of his accounts?
There was a situation similar to this where a soldier died in Iraq or Afghanistan and had emails to his parents on his Yahoo Mail account that were not sent yet. His parents wanted access to those emails but Yahoo refused to give the password up. I'm not sure how that one ended, but I believe that Yahoo gave in once the press got involved. Maybe google will help me out here.

Re:Providers providing passwords posthumously (4, Informative)

ArcherB (796902) | more than 6 years ago | (#23249322)

Google is your friend! Here are some links to the story:

Slashdot [slashdot.org]

Another [slashdot.org] Slashdot.

The Conclusion [detnews.com] to the story.

what you'll need (1)

corbettw (214229) | more than 6 years ago | (#23249230)

I've experienced something similar, and all I can say is that your privacy dies with you. Anything and everything you ever wrote, thought, or believed is now the property of your heirs (along with your other assets and debts). So good hunting, hopefully you'll find something that'll convince the insurance types this wasn't done on purpose (at least not by him). But make sure the family understands they may not like what they find out.

As for getting access to his accounts, links to obituaries are useless, you'll need an actual death certificate, and possibly either a will or a ruling from a probate court stating that a certain person is to be given access to his stuff. That's how it works with banks, I imagine it's the same with email providers and such.

Re:what you'll need (1)

djones101 (1021277) | more than 6 years ago | (#23249456)

I've experienced something similar, and all I can say is that your privacy dies with you. Anything and everything you ever wrote, thought, or believed is now the property of your heirs (along with your other assets and debts).
That is true if no will was prepared in advance. Wills do grant the power to transfer your assets, debts, and other such physical items to someone other than your heirs (look at all the trust funds setup after someone dies for starving children and the like). Also, should a will exist, it will still need to pass through probate, at which time someone (both creditors and heirs) can dispute the contents of the will and carve up the remains of the estate to their heart's content.

I've often wondered about this myself (1)

AbRASiON (589899) | more than 6 years ago | (#23249232)

What if I were to die in an accident or by my own hand or someone else?
So many of us have our thoughts, feelings and memories digitally tied up in text, chat logs, emails etc.

Is it ethical for someone else to have it? Yes it was meant to be private but that person is now gone, you could lose valuble memories for the rest of the family if pictures are not found.

Example, I'm 30 and obviously a dork / geek (look where I'm posting) - the number of analogue photos of me after the age of 10 are slim at best, the quantity of digital photos of me that family and friends (which family know well!) have is pretty slim too.
To be honest, in death I don't think I care who finds what in my stuff, I'm gone - it should be there for someone to take.

Also on topic: how did this used to work previously? Lock boxes at the post office or bank, pin codes for bank accounts, car keys, safes, things like that?

I honestly think it's a little sad that if I were to die, no one will flip through a nice book of pictures or read handwritten letters to or from me, they'll just have a DVD or two with some files on it, it doesn't seem the same.

Re:I've often wondered about this myself (1)

djones101 (1021277) | more than 6 years ago | (#23249516)

As was mentioned above, a death certificate opens a wide swath of doors when someone passes away. Case in point is my grandfather, who just passed away last year. My mother was granted power of attorney before he passed away, but she also had official copies of his death certificate she would take with her to close out bank accounts, settle the credit accounts, etc. The problem is that it's a very long and laborious process (I'm still receiving mail for him, since I now live in his house, along with mail for his wife who passed away 5 years ago), and is something you only usually undertake (no pun intended) with official institutions, close friends, and family. Things such as high school reunion committees and Publisher's Clearing House tend to find their way into the trash can, since they're not worth wasting the postage on.

Go for it. (1)

Rob T Firefly (844560) | more than 6 years ago | (#23249234)

As I see things, continuing to keep his secrets would not help anyone, while revealing them has a chance of helping those he left behind. I say, go for it.

One document that's left for my family should something happen to me contains all my logins and passwords, as well as contact info for my most computer-able friends who will know what to do with it all. Your unfortunate situation would not have occurred had that person done something similar.

Huh? (0)

Anonymous Coward | more than 6 years ago | (#23249236)

The only thing in that list in which the root password would be useful is the laptop, which you can just boot in in single user or even init=/bin/sh. Or remove the hard drive and access the data on another machine.

His next of kin should be able to get his stuff from university easily enough - the same with gmail/hotmail/myspace though I would expect it to take them forever...

Authorities (1)

Mushdot (943219) | more than 6 years ago | (#23249238)

If the family don't think it was a suicide, surely the authorities would be brought in to investigate further, or have they already closed the case as a suicide?

As for accessing his online accounts, again probably only the police would be able (if at all) to access that information.

Careful where you tread (1)

realsilly (186931) | more than 6 years ago | (#23249242)

I understand you need to know, but you'd be stepping into a tough area to worm your way through.

If the person was under 18, I think the parents would have better opportunity of getting access to these accounts with legal help. Probate courts might help also.

I'm sure there would be some sort of precident for this situation.

If you employ the help of hacks and get caught, even as justified your reasons are the reprecussions could be really ugly.

Good Luck.

Dead people aren't here to care (1)

Digana (1018720) | more than 6 years ago | (#23249244)

He's dead. Gone. For all human purposes, ceased to exist.

If you decide to not crack his accounts out of some sort of respect, then what you would be respecting would be your memory of him, not the man himself. He's not here anymore to care if you disrespect him or not.

That being said, if you want access to his online haunts, my guess is that you would need something more substantial than links to obituaries. You would probably have to have some documents that demonstrate you're next of kin and a death certificate, depending how bureaucratic the companies that managed his information are (my guess is very bureaucratic).

In order to rule out possible foul play (no suicide note?), I would say that you're morally obligated to do as much as you can to discover the circumstances of his death, or collaborate with the police to do it. If you find some brooding posts in MySpace, then you have good evidence that it probably was suicide. If not, get more suspicious.

Re:Dead people aren't here to care (1)

Jafafa Hots (580169) | more than 6 years ago | (#23249310)

Stop it. You're being logical.

Re:Dead people aren't here to care (1)

Digana (1018720) | more than 6 years ago | (#23249462)

If this is supposed to be funny, then my sarcastometer is malfunctioning today.

Otherwise, huh?

If you saw your friend again (4, Insightful)

Unlikely_Hero (900172) | more than 6 years ago | (#23249252)

If you saw your friend again, would you be able to explain why you did it? Would he agree with your reasoning or would he feel you had violated his sovereignty? You can still respect him in death, what would he say?

Not a moral issue. (1)

jcr (53032) | more than 6 years ago | (#23249256)

The deceased no longer owns anything, his heirs do. If his heirs want your help, there's no moral issue at all in doing so.

-jcr

Re:Not a moral issue. (1)

maxume (22995) | more than 6 years ago | (#23249382)

Sure there is a moral issue. If someone pays you to murder someone, you are still responsible for your actions. This is no different.

The fact that the property now belongs to the heirs probably sets aside any legal issues, but being legal doesn't make something moral.

Two possibilities (4, Insightful)

GlobalEcho (26240) | more than 6 years ago | (#23249260)

Well, if it was suicide, and there was anything he didn't want people seeing, then he had his chance to delete it. If it was not suicide then I think you have to tread more carefully, but in the end the dead have no right to privacy (or reason to care).

For FSM's sake, though, take a moment to "accidentally" delete his porn and such while you are going about this. That's just basic courtesy.

If you don't know; don't even try! (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23249262)

This is IMO one of the silliest questions I've read on /. in some time now. Seeking help on /. for stuff like this is disturbing.

But here is a well meant sound advice: If you don't know how to pull this off then don't even bother trying. Simply because in the process of "cracking" you might accidently destroy very precious data which another real computer expert would be able to retrieve. And should the family sometimes find out about a situation like that then you've really done some serious damage.

For the record; you don't need to "crack" his root password on that linux box. Just boot using a rescue cd (knoppix, ubuntu, whatever) and you'll have full access. But seriously: leave this to someone who knows what he's doing.

Worth a try (1)

Mutant321 (1112151) | more than 6 years ago | (#23249264)

As far as the ethical situation, I think it's fine for you to go ahead and do this. Once someone is dead, their worldly possessions are handed over to their family. And since you have the family's blessing, you have nothing to worry about. This is one of the few situations where it's entirely ethical to access someone's private data.

As for whether Google, etc. will help you... well, you can try. I would be pretty surprised though. They often don't help much with normal user requests, so this sort of stuff will be way outside the usual problems they deal with. University may be different though.

Re:Worth a try (1)

maxume (22995) | more than 6 years ago | (#23249470)

What if you don't agree that they family should have access to the data?

It's ethical in a professional sense, but I'm not sure it is entirely ethical(i.e., the point can probably be debated).

IANAL... (4, Insightful)

gbrandt (113294) | more than 6 years ago | (#23249266)

...but...

The belongings of the deceased become part of the estate. The estate, with a lack of a will, can go either to the 'state' or to the next of kin (depending where you live). The 'state' usually takes its taxes and give the rest to the next of kin. This means that the laptop and accounts now belong to the family (barring the EULA on myspace and google which, correct me if I'm wrong, state that the ownership resides with them). This means that you are cracking a laptop for an OWNER that no longer has a password (forgotten it, so to speak). There is no ethical issue here.

Gregor

simple (1)

DragonTHC (208439) | more than 6 years ago | (#23249270)

mail or fax a copy of the death certificate along with the police report to whomever he had an account with. Explain the situation and I'm sure they will release the account to his parents.

Getting rid of passwords (2, Informative)

ScepticOne (576266) | more than 6 years ago | (#23249280)

Boot Linux with init=/bin/sh, remount the root partition to readwrite, edit /etc/shadow to change the root password to be blank, remount / to readonly, reboot. If you login as him (similar method to blank his password), you might find that firefox (or konqueror if he used that) is remembering his passwords and logins.

This reads like a sociology experiment.. (2, Interesting)

Tominva1045 (587712) | more than 6 years ago | (#23249282)

This reads as if it were an attempt by a person working a maters's thesis to determine if a pro-linux, pro-privacy crowd would stick with their principles or instead defer to the humanity of helping a family get over a tagedy. Facinating...

Re:This reads like a sociology experiment.. (1)

ScepticOne (576266) | more than 6 years ago | (#23249384)

If someone has made real efforts to make their system secure, they should have: a bios password (even if only on the bios settings), a boot loader password (so you can't tell the boot loader to add things to the kernel command line without a password), and will use a master password on their web browser if it is remembering login information.

Anyone really serious would also have an encrypted hard drive.

Against all this, you need a real professional. Not someone from whom you're likely to get free advice on slashdot.

Re:This reads like a sociology experiment.. (1)

haakondahl (893488) | more than 6 years ago | (#23249492)

To me it reads more like a Nigerian scam. "I am Doctor GuruGuru Samson, former Finance Minister of the Bank of WallaWalla. If you kind people will tell me how to break into Google, Yahoo, Hotmail, and Linux machines, that would be great."

seriously (0)

Anonymous Coward | more than 6 years ago | (#23249284)

My gut reaction would be to check with a lawyer to see if the family can request access to these reasons next of kin. The family could have very good legal grounds to get access to this information.

Good qestion (2, Interesting)

broothal (186066) | more than 6 years ago | (#23249288)

I don't have a good answer to your dilemma. However, it made me think. What is the best way to implement a Dead Man's Switch [wikipedia.org] on personal data (laptop, online accounts etc). I for sure have some stuff that I wouldn't want anyone to see - even if I was dead (I was young and needed the money).

BTW - Am I the only one having problems with the new Reply box? The nifty ajax based "preview post" always hangs and I'm forced to use the old one.

Re:Good qestion (1)

shadowcabbit (466253) | more than 6 years ago | (#23249500)

I wish I had mod points right now-- your question is good. I've been thinking about it as well.

Part of the answer lies in an online storage facility. A power-off computer can't erase data, and if there's anything we've learned, it's that drives can be imaged non-destructively. You then have to make sure that said online storage is a) secure and b) can be controlled with a cron job etc. The obvious solution is a dedicated colocation host, but those trend towards the ridiculous end of the expensive spectrum depending on your reliability needs. You'd better be putting stuff like nuclear secrets or the like into a solution like that versus something slightly more mundane like your porn (no matter how kinky).

The cheapest solution I can think of off the top of my head is to encrypt/TrueCrypt anything seriously sensitive, with a unique password only you know, and just swallow the inconvenience while you're alive.

Legally possible (1)

ingmar (31867) | more than 6 years ago | (#23249290)

First off: I am a lawyer, but not admitted to the bar anywhere in the US, so things might be different there. Generally, his heirs / estate should be able to get that kind of information. It probably involves notarized letters, perhaps even a court order, but it certainly can be done.

As to his local linux box, unless he used encryption, that's fair game also. I see no moral problems with either.

A friend of yours? (1)

wooden pickle (1006975) | more than 6 years ago | (#23249292)

"A good friend of mine had her younger brother apparently commit suicide last week."

That's kinda crazy. My sister had me do lots of things I didn't want to do when I was growing up, but she never proposed suicide.

No (0)

Anonymous Coward | more than 6 years ago | (#23249296)

It would be a huge invasion of privacy, even after his death, to go through all his private electronic information, he might have committed suicide for a reason he doesn't want to share with anyone else. I can't imagine losing a family member in such a way, but whatever they might find won't change the fact that he's gone, possibly even make matters worse.

Be carefull (0)

Anonymous Coward | more than 6 years ago | (#23249306)

Be very careful and prepared for what you might find...and let the family know, too. How will everyone react if you discover this person had a very dark-side and was into animal-sex, or gay-midget-porn? What would his mother think if there son ended up being someone they never really (or would want) to know?

This reminds me of that movie with Robin Williams, where his job was to review the deceased's life images from a special implant. He would cut out material that might bring shame or embarrassment to the family.

If it were me, I would seek the advice from law enforcement and probably talk to an attorney so you can be issued some form of legal trusteeship, or something like that. Imagine if you discover this person killed someone and you were the one responsible for it's discovery. Now the family sues you for trespassing or identity theft, some something like that.

Just cover your ass and hope for the best, but be prepared for the worse.

Do it (1)

RiffRafff (234408) | more than 6 years ago | (#23249308)

...this kind of stuff happens all the time (maybe not the suicide aspect of it). People die and their spouse has no idea how to access their financial records, etc. I've been called upon to dig that stuff out, too. I have no problem with it.

I mean, after all, they're dead.

Go Ask Ashcroft (0)

Anonymous Coward | more than 6 years ago | (#23249312)

The Department of Justice has everything on file...

Passwords (0)

Anonymous Coward | more than 6 years ago | (#23249314)

First I would like to send my respects to you and the family. It is never easy to understand a situation like this.

You will be able to crack the root password on the linux box easily since you are local. However gaining access to the remote sites such as Google, Myspace etc. Will be a little challenging.

When you gain access to the root console try to boot x windows and see what stored passwords are available by simply visiting the sites he was a member of. If you can get into one of the mail boxes you maybe able to gain access to the rest of the accounts by sending yourself a password reset.

You can also try to go through the secret questions menu that most popular sites offer and since you know the family and his habits, filling in the blanks shouldn't be to much of a challenge.

If you would like some more help with this feel free to leave me a forwarding email address in your next post so I may contact you.

Hope this helped.
RMS

Everything in Writing (2, Insightful)

necro81 (917438) | more than 6 years ago | (#23249320)

If you do contact Google, MSN, etc., don't do it through electronic means. Don't even do it over the phone. Do it in writing. Yes, actual letters on paper sent via (registered) snail mail. Include copies of the death certificate, obituaries, etc. Don't use your name and address - you are nobody as far as legal standing is concerned. Channel all the communications through one of the parents - have them sign the letters, use their name and address.

Not to be indelicate... (5, Funny)

syntap (242090) | more than 6 years ago | (#23249330)

A good friend of mine had her younger brother apparently commit suicide last week.

... but that sounds like a lot of words to describe a hit job. The political correctness is awesome though!

FWIW (1)

phagstrom (451510) | more than 6 years ago | (#23249332)

I do not see any ethical problems her. However if you start breaking into his online accounts, you may very well be faced with a whole lot of legal problems. As for the laptop, go for it. Privacy dies with the person IMHO. Same thing as when you read a dead relatives diary or something.

Will? (1)

Binder (2829) | more than 6 years ago | (#23249336)

Wether or not he had a will there will be someone who gains ownership of his possessions. In that case the laptop belongs to them... not to the deceased.

As for hotmail et. al. you should probably hire a lawyer to pen a letter to the companies in question describing the situation. The transfer of ownership shouldn't be too difficult.

sanitize his history and records (5, Informative)

jollyreaper (513215) | more than 6 years ago | (#23249338)

In the military, there's the tradition of cleaning up a dead guy's locker before sending it home to his next of kin. Remove all skin mags, letters from local girlfriends if he has a wife back home, that sort of thing. Get rid of anything that might make them think less of the dead, they're already broken up about it as is. I'm sure the last thing this kid's family would want to find out about is his furry porn collection.

Re:sanitize his history and records (0)

Anonymous Coward | more than 6 years ago | (#23249464)

No no no, if he was a furry then the family deserves to know, so they can burn all his belongings.

Legal perspective? (0)

Anonymous Coward | more than 6 years ago | (#23249352)

You could take the approach of looking at this from a legal perspective. My guess is that his accounts are now the responsibility of whoever inherits him, and they should be able to get (demand even) access to the accounts.

There are various privacy issues involved, which I personally think should be respected, even if he's gone.

Protecting his secrets isn't just about him. The argument of "he's not here; he doesn't care" doesn't work. He might have wished to keep things private, not just for himself, but to protect others from getting hurt etc.

If I was in the middle of this, I'd probably hire a lawyer. Both to deal with legal issues of getting access to accounts, and also because I'd prefer it if the lawyer went through things, rather than someone closer to the passe family member.

That way, you can have your cake and eat it too. You can get access to the information, but you also respect his privacy.

The Executor fo the estate... (1)

penguinbrat (711309) | more than 6 years ago | (#23249364)

Someone should have been made the "executor" of the estate or what not, when I had to do something very similar with my Uncle that passed away - for those that had the keys that were needed, a simple explanation of the situation *AND* the executor waiting in the wings to write a letter/etc.. is all it took. The most I had to go was one time actually having to get a letter - most places took my word on it, including a FRY's electronics store that switched the warranty and everything to my name on an expensive laptop that was purchased earlier.

Essentially - someone should have been made legal guardian, if you will, of everything after the fact. This person is who holds the keys to everything - from I understand, IANAL, this person person more or less gets the power of attorney for everything. Probably defaults to parents or something if no one was specifically stated in a will or what not.

is police investigation active? (2, Informative)

Anonymous Coward | more than 6 years ago | (#23249372)

Its not legal to meddle with evidence.

What if it were a diary.. (1)

SpinningCone (1278698) | more than 6 years ago | (#23249378)

imagine if this was not a laptop but a written diary instead, would you feel different? obviously it may contain personal thoughts and ideas and reading it may change your perception of the deceased however it may also tell you why they did what they did. as mentioned elsewhere in this thread cracking the laptop will be trivial with a live-CD. as for the ethics, if it were me I would do it. especially because they did not die of natural causes. as for the online accounts a death certificate and some legal footwork might get you their account, personally I would just hope they had some cookies for those sites and could log you on automatically (or even a password document).

FrIst st0p (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23249380)

KNOWS FOR SURE W6HAT share. *BSD is Tossers, went out playing so it's Romeo and Juliet

I call BS (1)

haakondahl (893488) | more than 6 years ago | (#23249398)

I don't believe you. If this is actually a questionable case, the Police certainly know people who can do this, and they have legal advice. If you are on the level, you're going to need more than a lawyer.

Unless... (0)

Anonymous Coward | more than 6 years ago | (#23249408)

You said that the recently deceased was a CS major. If he was into cryptology, then he probably added encryption to his computer I.E. Truecrypt. If that's the case you will have a very VERY small chance of obtaining any information off of that computer.

Gmail, Yahoo, etc shouldn't tell you (1)

adam613 (449819) | more than 6 years ago | (#23249414)

The problem is, with free email services, there's no real proof that any given account belongs to a certain person. There are some interesting social engineering implications here...I'm envisioning calling up the Gmail people and claiming to be attempting to retrieve the account of someone who recently died ("I have the death certificate and everything!") when said account really belongs to someone else...

Careful what you find (1)

HairOfTheBambit (1281718) | more than 6 years ago | (#23249422)

I'd be wary. You might find something that helps friends and family cope, but you could also find things which could cause a lot more hardships for them. People keeps things secret for reasons, and, without some type of "Data Will", they may want those things to remain secret forever. It no longer matters to the person who died, but there are dozens of things a person could keep secret that would cause grief to those around them. Is there anything on your computers that you wouldn't want your family to discover?

Don't forget his porn folder... (0, Offtopic)

rpp3po (641313) | more than 6 years ago | (#23249426)

and make copies for his family members. After all it is possible that unsatisfied sexual desires were partial reasons for his death. The family has a right to know. Also dig up his MMOG chat logs were he used to be a great hero instead of this promising CS major No. 374229. Even mentioning funeral costs is hypocrisy. You WONT have any additional proofs for an accident if you find NOTHING indicating a suicide on his computer. It more seems like a desperate try of affecting to be reasonable while preparing to rip apart his always intended private parts.

Ask a lawyer (0)

Anonymous Coward | more than 6 years ago | (#23249430)

Yes, really.

You're not going to get any advice any here that will be worthwhile, comments of course, but no proper legal advice.

If you're in Britain a Solicitor should be able to tell you.

Next of kin (1)

maclizard (1029814) | more than 6 years ago | (#23249476)

If I were you die today, then my wife(whom is my next of kin) would take on all my legal responsibilities. Therefore, as far as ethics are concerned the next of kin, or parents in this case, have the legal right to the information they are seeking. As far as contacting Google, MSN, etc... Good luck, its hard to prove something like ownership of a virtual location, plus some sites claim ownership of content hosted on their service.

Rainbow Tables (1)

JumboMessiah (316083) | more than 6 years ago | (#23249486)

First off, sorry about the loss. Even if the person isn't close to you personally, seeing how it affects the family is bad enough.

My advice would be to start with the laptop. Boot it off a rescue cd or USB stick and grab all the personal account (including root) md5 hashes out of the /etc/shadow file.

Then run those hashes through a rainbow crack to try and get some clear text representations of the hashes. Info on Rainbow Tables, here [wikipedia.org] , here [lwn.net] , and here [ethicalhacker.net] .

Boot the laptop to a prompt and try all the clear text representations for the accounts and see if any of them work. If they do, then great, you have the passwords.

The passwords themselves are worthless on the laptop (you've already demonstrated you can snoop it without them, as you had to to obtain the hashes). Their value is in the fact that they _may_ have used the same passwords for their email, online accounts, etc.

HTH

Find out who owns the property / talk to a lawyer (1)

Paul Jakma (2677) | more than 6 years ago | (#23249496)

I have only the briefest knowledge of the field in my own country, never mind yours, however (presuming you're in country whose law is derived from the English common law system, e.g. the USA) it's likely all property of this man, his laptop and letters particularly, are now intestate [wikipedia.org] . Likely some local authority will have assigned an administrator [wikipedia.org] for the estate. If the young man was still a minor, these probably will be his parents.

If you have their permission, or the permission of the person to whom the administrators have assigned the property (ie the new owners), you can do what you like. The dead have little privacy (indeed, no privacy at all in many places).

To determine what you can do about online accounts, you should talk to a solicitor (i.e. a lawyer in the USA), preferably one who specialises in these things.

If it's ethical to do it just 'cos they're dead... (0)

Anonymous Coward | more than 6 years ago | (#23249504)

...then expect more clearings for executive action just before someone uses "they're dead anyway" as an excuse.

Anyway, the submitter had something to do with the death and is posting in this very public place to plant evidence of good intent. Let's hope the prosecution - and it will come to that, if I have anything to do about it - read this comment and find out what I'm talking about.

What would you want if positions were reversed? (1)

Neotrantor (597070) | more than 6 years ago | (#23249508)

If you died and nobody understood why, wouldn't you want someone to find out why? the last records of his life are probably on there, something his family should have access to.

but you don't need to crack anything, if you mount it from windows with the ext2/3 drivers or another linux machine you can use either use your own root account to chmod 777 * -rf on it (to look at it with you're regular user), or windows will just give you unabridged access without changing any permissions
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>