Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Laptop Thief Caught via AOL Login

michael posted more than 10 years ago | from the you've-got-jail dept.

The Courts 524

Mundocani writes "Yahoo (Reuters) is reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

Sorry! There are no comments related to the filter you selected.

in related news (-1)

Adolf Hitroll (562418) | more than 10 years ago | (#7581348)

a moron got motherfucked in the ass...
MOD STORY DOWN !!!

Mac address perhaps ? (3, Funny)

Anonymous Coward | more than 10 years ago | (#7581351)

Mac address perhaps ?

Re:Mac address perhaps ? (1, Informative)

Anonymous Coward | more than 10 years ago | (#7581365)

Maybe that intel CPU serial number.

Re:Mac address perhaps ? (2, Interesting)

kjba (679108) | more than 10 years ago | (#7581367)

Couldn't it just be the case that the internet browser's homepage was still set to an address on Wells Fargo's intranet? The wrong http request would be easy to find.

PC call home (2, Insightful)

leerpm (570963) | more than 10 years ago | (#7581352)

More than likely, the computers had some sort of software built into them to 'phone in' and notify a central location of its IP address. Then they just traced the IP address to his AOL account. Not very fancy detective work, just standard stuff.

Re:PC call home (-1, Flamebait)

jkrise (535370) | more than 10 years ago | (#7581383)

This post is +5 insightful???? Holy cr*p - IP address isn't fixed to the laptop - mac address is. Though why AOL should be tracking mac addresses to user logins is beyond me.

Sensible stealers could just dump the network card and put a new one - or use a proxy over DSL.

Re:PC call home (2, Informative)

weicco (645927) | more than 10 years ago | (#7581417)

You are missing the point. If laptop had phone home - software, it could easily inform it's IP address to "home" when it detects that internet connection is available. After IP address has been received, one can easily trace what ISP computer is using. ISPs usually knows ARP address of computers (network interfaces actually) that are connected to their gateways because DHCP-servers are caching them. I don't have details about this but I'm pretty sure about that DHCP stuff.

So one doesn't have to know MAC address, just IP address and that's enough. And on the other hand tracing MAC address in internet is almost impossible so you need that IP address.

Re:PC call home (1)

THI (523239) | more than 10 years ago | (#7581418)

Read the parent again, slowly. See where it says "software"?

(-1, Didn't Read Comment) (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#7581422)

This guy's a dumbass who can't read. Please mod down, thx.

Re:PC call home (1)

snake_dad (311844) | more than 10 years ago | (#7581423)

The app would typically send some kind of unique ID to a server, which can then be used to find the machine's current ip adress. Then a quick look through the ISP's logs, and maybe a call to a telco, and voila, we have the address (if no anonymizing proxies or whatever are used). I think you owe leerpm an apology, and deserve a couple of "-1 flamebaits".

Re:PC call home (1)

jkrise (535370) | more than 10 years ago | (#7581438)

Sincec the current ip address is ALWAYS going to be at variance with the original IP (assuming it was attached to a Corporate network - PHB) what's the big point in phoning home the IP?

If some kind of unique ID is getting transmitted, why at all log the IP? The IP would be useful to trace current location, not to pinpoint the current location of a stolen laptop.

Re:PC call home (1)

SkArcher (676201) | more than 10 years ago | (#7581507)

An IP has to be assigned, and one assumes the ISP either keep logs of dynamically assigned IPs or statically assign IP's to Cable lines (I know my last cable had a static IP). Therefore knowing the IP has at least some chance of determining the theifs location, or at least narrowing the search.

Re:PC call home (1)

boomer_rehfield (579777) | more than 10 years ago | (#7581427)

1.laptop calls home 2.software sends the ip home 3.FBI are waiting and call AOL 4.AOL looks up logon of person that logged on with such and such ip... 5.Queue music from Cops You mac address is useless in this scenario as it can be changed and unless you're on the same subnet on as the thief.......

Re:PC call home (4, Informative)

Zocalo (252965) | more than 10 years ago | (#7581428)

Actually, the kind of security software implied by the original poster does work on IPs since you can't track a MAC address back across the Internet. When you log in, the laptop transmits its current IP address back to the servers of the "phone home" application vendor along with an ID. If that ID is flagged as belonging to a stolen system, then that IP is used to identify the ISP, who will then be informed of the situation and will hopefully be able to identify which user was using that IP at the time. Tie that user back to a person and contact details through billing records and you can proceed to make an arrest.

Re:PC call home (0, Troll)

jkrise (535370) | more than 10 years ago | (#7581458)

Exactly! So, the incriminating info is not the IP address, it's the unnique id. The parent post said IP address, and I corrected the error.

IP is reqd. after identifying, ,to pinpoint current location - the mods must be crazy!!

Re:PC call home (0)

Anonymous Coward | more than 10 years ago | (#7581488)

The parent did not say any such thing, it said that the IP address would be used to track the location - stop trying to backpedal and take it like a man.

Re:PC call home (2, Interesting)

Ewan (5533) | more than 10 years ago | (#7581439)

A lot of corporate laptops now have "dial-home" software installed, and if you don't login every x (normally about 14) days without getting authorisation in advance, then the company will consider the laptop stolen and lock out any accounts stored on it.

It operates much like spyware, and hides itself in the same way. This could be what happened here, and after the x number of days the system starts logging which IP address and time the computer logged in at and flags the information for further investigation. Once you have an IP address and a timestamp, it's relatively trivial for most ISPs to find out which user was online at that time.

Ewan

Re:PC call home (0)

pdbaby (609052) | more than 10 years ago | (#7581443)

... IP address isn't fixed to the laptop - mac address is... Sensible stealers could just dump the network card and put a new one - or use a proxy over DSL.
The comment you're referring to said "software phoning home": i.e. nothing to do with the MAC address. It's easy for such software to operate- wait until there's a connection to the internet, send the company's Unique Id For Your Computer(tm) to The Man. If the computer's been reported as stolen, they now know the IP and can track that to an ISP and then an account and a user...

Re:PC call home (4, Informative)

jellomizer (103300) | more than 10 years ago | (#7581444)

Though why AOL should be tracking mac addresses to user logins is beyond me.
Its called good administration. AOL is a large ISP if you didn't know. They have a lot of members and non-members trying to send Spam threw them, hack other computers threw them, and hack and Spam their own systems. So when someone puts out a complaint that so and so spam them threw AOL or was being tracked threw AOL and you show them proof then they can check the logs to see when they logged in and if they actually did that, at least coinciding with the login times and the times the incident occurred. I am pretty sure that they are also recording your telephone number that you used to call in as well. This is not a part of some Evil scheme or government plot. It is a way that a company the size of AOL uses to protect its butt. Because if they don't track this information and enforce it, (And yes some times they may need to call the police and some times the police asked them for some information) then they will be getting lawsuits left and right saying your servers attacked my computer, and AOL is not even showing good faith to remedy the situation. System Administration is sometimes public administration as well, especially when the public uses your systems.

Re:PC call home (1)

Fembot (442827) | more than 10 years ago | (#7581499)

Yeah but the only mac address they'd get to see would be for the PPP adapter which im not 100% sure how they get assigned

I guess their custom login software could be sending it though... but thats kinda evil

Re:PC call home (1)

tgt (599351) | more than 10 years ago | (#7581384)

Nah, more likely FBI already knew who they are going to arrest long before they start any sort of tracing. I'd say they had some info from street ears or whatever about some Kristof guy. Then all they had to do is to look up hist AOL nick, see if he's online and as he (unfortunately for him) was, traced his IP.

Re:PC call home (0)

Anonymous Coward | more than 10 years ago | (#7581398)

An IPSec VPN configured in the laptop, very possibly. A lot of big companies use this kind of setup nowadays.

When the laptop starts the IKE protocol, it leaves a trace of where (in IP terms) it is.

Re:PC call home (0)

Anonymous Coward | more than 10 years ago | (#7581430)

Doubt it. VPN uses open RDC (or in rare cases open RC) across the net interface, so the IP layer routing wouldn't have worked.

Re:PC call home (4, Informative)

mental_telepathy (564156) | more than 10 years ago | (#7581411)

Actually, I would say that is less than likely. I haven't heard of any company that installs software like that by default, even on laptops. And it would be much easier for AOL to check for a MAC address Wells Fargo provided.

Re:PC call home (1)

boomer_rehfield (579777) | more than 10 years ago | (#7581451)

It's very easy to change MAC addresses.

Re:PC call home (5, Informative)

miu (626917) | more than 10 years ago | (#7581415)

Nope, the slashdot blurb about him using his own aol account is wrong.

According to another source [timesheraldonline.com] "He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address''.

It's the 4th item down on the page, under "Suspected thief arrested".

ATTN: MODERATORS (-1, Offtopic)

hanssprudel (323035) | more than 10 years ago | (#7581432)


Please make this comment visible. There is no story here!

Re:PC call home (2)

jjshoe (410772) | more than 10 years ago | (#7581489)

No offense, but the /. blurb is not nesecerily wrong. Two quotes about what happend, use your better judgement and pick one.


In short, the point of the story is, yet another stupid criminal gets caught.

Re:PC call home (2, Interesting)

haunebu (16326) | more than 10 years ago | (#7581505)

Why is a Wells Fargo laptop accessing AOL's network? Most corporations (and especially financial institutions I'd venture) require users to access corporate Intranets through a VPN and in turn access the Internet through their proxies. There's no way in hell that laptop should be connecting to the public Internet using an AOL account.

Good vs Bad (3, Interesting)

Anonymous Coward | more than 10 years ago | (#7581354)

There may be some good in the fact that they are able to trace someone like this...but the ramifications make me shudder.

That and make me glad I am in Canada..

Re:Good vs Bad (4, Informative)

leerpm (570963) | more than 10 years ago | (#7581379)

It not's very difficult. Once you have the IP address, you just do a query at ARIN. That will tell you which ISP the address belongs to, so you phone the ISP and ask them for the information about which subscriber had that IP address at the time you are concerned about. Almost All ISPs maintain this sort of information for auditing/logging purposes.

hardware id (2, Insightful)

neodymium (411811) | more than 10 years ago | (#7581357)

I guess the AOL software might "accidentially" transmit the ethernet hardware (MAC) id of the machine...

Re:hardware id (0)

Anonymous Coward | more than 10 years ago | (#7581416)

Is there any way to stop this?

That's not needed (1)

Mr2cents (323101) | more than 10 years ago | (#7581484)

You don't need the hardware information if you already know the owner's account name..

Hmmm (0)

Moderator (189749) | more than 10 years ago | (#7581359)

Maybe the computer systems were set up to call a certain IP address in the event that they were stolen. There's software like this for laptops already. If this is the case, all the FBI had to do was contact AOL to find out who was accessing the site, and from where.

could be that he used... (1)

Toontje (712650) | more than 10 years ago | (#7581360)

a dailup account that already was on the laptop? I dont know AOL but would they really be interrested in what kind of unique hardware coonected to their network?

MAC addresses? (1, Insightful)

davejenkins (99111) | more than 10 years ago | (#7581362)

I would assume MAC addresses of the ethernet jacks/boards/whatever are being transmitted, no?

For a notebook-- this would be built-in, and probably tracable in the inventory. It would be pretty simple for the FBI to wait for a specific MAC address, trace the corresponding IP address, and then narrow it down to a router (now we have the neighborhood/village). It`s simple drive-around from there...

By what right is AOL stealing personal info? (0)

Anonymous Coward | more than 10 years ago | (#7581435)

Anyone prosecuted as a result of this could probably claim that the information was obtained unlawfully from the PC, unless the AOL EULA actually states that certain items of personal information will be collected by their software during login.

Re:MAC addresses? (4, Informative)

Viol8 (599362) | more than 10 years ago | (#7581457)

The MAC address goes no further than the first router , in this case his broadband modem if thats what he's using.
If he's using dialup the MAC address doesn't even come into it.

hardware ethernet addresses (2, Insightful)

Space cowboy (13680) | more than 10 years ago | (#7581363)

I guess if AOL take a note of the hardware ethernet address (not surprising, because DSL lines aren't supposed to be shared, right :-) then just doing a query for the address on AOL's db would be enough to get a (very) shortlist...

Simon.

Ask Slashdot (-1, Troll)

iamatv (727785) | more than 10 years ago | (#7581364)

Ask Slashdot: Television you would hate kids to watch

This is a revision of the earlier poll: Are Americans and Europeans really like we expect?

State your country, and put in order the things you would most hate your child (or other children) to watch on television.

1. Man being shot (acted)
2. Man being shot (real)
3. Somebody saying "God damn it!"
4. Somebody saying "The fucker's fuckin' fucked."
5. Women's breasts
6. People having sex (not weird porno sex, but not hidden behind sheets either)

Current Results
---------------
<A href="http://slashdot.org/comments.pl?sid=85419&ci d=7441302">Australia, 2 1 4 6 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87329&ci d=7580238">Australia, 2 1 6 4 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580570">Australia, 2 6 1 5 4 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87329&ci d=7579646">Canada, 2 4 3 1 6 5 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580721">Canada, 2 1 4 6 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87329&ci d=7579699">New Zealand, 2 1 3 5 6 4 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580643">New Zealand, 2 6 1 4 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580641">Russia 6 5 4 3 2 1 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7581284">UK, 1 2 6 3 4 5 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580501">UK, 2 6 1 4 3 5 </A>
<A href="http://slashdot.org/comments.pl?sid=85419&ci d=7441336">USA, 2 1 6 4 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=85419&ci d=7441314">USA, 6 1 4 2 5 3 </A>
<A href="http://slashdot.org/comments.pl?sid=85419&ci d=7444957">USA, 1 6 2 5 4 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87329&ci d=7579982">USA, 6 5 3 4 1 2 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580391">USA, 2 6 5 4 1 3 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580485">USA, 3 5 6 4 2 1 </A>
<A href="http://slashdot.org/comments.pl?sid=87343&ci d=7580575">USA, 2 4 3 1 6 5 </A>

Re:Ask Slashdot (0)

Anonymous Coward | more than 10 years ago | (#7581448)

US 6 5 3 4 1 2

last thing the thief heard... (4, Funny)

dark_day (581199) | more than 10 years ago | (#7581368)

"You've got jail!"

Debian (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7581509)

For the record. Debian sucks!! Fire those flame missles baby!!!! Let me have it!!! ROFL

He deserved to get arrested... (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7581369)

He actually used AOL. You would think he did enough damage as it is.

Moral of the story... (5, Funny)

jkrise (535370) | more than 10 years ago | (#7581371)

1. When you steal computers, don't steal laptops.
2. After stealing a dedsktop PC, even if it has the latest Windows OS and Service Pack, format the disk and load RedHat.
3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!
4. Don't use AOl - switch over to MSN - it's much more secure - instead of the FBI, it'll be the BSA that's after you!

Re:Moral of the story... (1)

neodymium (411811) | more than 10 years ago | (#7581397)

well, that all renders down to one point: IF you steal hardware, rip out every component which allows "THEM" to identify you: cpu (p3 serial #), ethernet (MAC), mainboard (bios serial #), disks, ...

that leaves you with an empty case, maybe also a 3.5" floppy drive.

Re:Moral of the story... (1)

marko123 (131635) | more than 10 years ago | (#7581405)

nice try. being the only person still owning a 3.5" floopy drive makes you instantly identifiable. Oh, you mean being the only person who still uses it?

Re:Moral of the story... (1)

mirko (198274) | more than 10 years ago | (#7581441)

3. If you steal a Linux PC, install Windows on it for a year, then switch back - even AOL can't maintain that big a log!

Do you mean there is an AOL client for Linux ?
(this is a question, I expect an informationn, not some lol rotfl or some modding)

Re:Moral of the story... (1)

mr100percent (57156) | more than 10 years ago | (#7581482)

Sort of [google.com]

CPUID is your friend (2, Interesting)

isa-kuruption (317695) | more than 10 years ago | (#7581372)

Once in a while, yes, it is your friend.

But then again, AOL probably has other ways to track computers for marketing and such... to determine what PCs are being used how much to access AOL services, etc...

Customer data security? (0)

Anonymous Coward | more than 10 years ago | (#7581373)

Isn't it totally shocking to see how less companies take care to protect customer's data. Somebody should tell them that there's sonthink called encryption

Get over it (3, Insightful)

marko123 (131635) | more than 10 years ago | (#7581374)

The line between being able to trace crooks and being able to maintain your privacy has always been small. You know what to do if you want privacy, and everyone else should not ever assume they are private just because noone else is in their lounge room.

This is a valuable education, and it will help the regular user understand how unprivate their internet communications are.

No-one loses here. What's the story?

Re:Get over it (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7581466)

> No-one loses here. What's the story?

It's `if you're going to steal a pc, best wipe the hd and re-install before using it on a public network`, I think.

...or maybe... (4, Insightful)

cnelzie (451984) | more than 10 years ago | (#7581375)

Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...

Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?

Anyone care to give that answer that?

Ugh... Grammar not good... (1)

cnelzie (451984) | more than 10 years ago | (#7581392)

...this early in the morning...

That last line should have been...

"Anyone care to give that an answer?"

Which I had thought to change to...

"Anyone care to answer that?"

Re:...or maybe... (1)

i_really_dont_care (687272) | more than 10 years ago | (#7581426)

Well's Fargo is using some cool 'Phone Home' software that was described on Slashdot several times that MOST everyone thought was a good idea...

Why is it a good idea when it will protect your laptop or employer's laptop, but suddenly, the FBI has some nefarious hooks into AOL when they publish that they captured a laptop thief because the thief logged into AOL?


So when I can be sure that it really is the "cool phone home" software then everything's alright.

But who really knows?

You know... (5, Insightful)

mental_telepathy (564156) | more than 10 years ago | (#7581381)

I hate to say that Slashdot readers have obvious biases, but why is it that when the police do something smart with computers, you get:
Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.
And when they can't solve a computer crime case, you get 100 posts about how the police are computer dummys. I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested. It's just nice to see a criminal get busted

Re:You know... (1)

marko123 (131635) | more than 10 years ago | (#7581410)

nice. slashdot is the hot kitchen. You will have -1, Insightful by the end of this, but posts about how people post are not really insightful. not here. I liked your actual point though :)

Re:You know... (0)

Anonymous Coward | more than 10 years ago | (#7581419)

this is not about technology (tracing that guy down is technically not much of a problem) but about the connection between aol and the police.

Re:You know... (0)

Anonymous Coward | more than 10 years ago | (#7581456)

It's because the police are generally evil, or rather, they do the evil bidding of the government. And if you don't think governments are evil, then you've not been paying attention. Unless you think starting wars, stealing land, testing deadly gasses on civilians and members of the armed forces, planning 9-11 style attacks on civilians to justify a politically inspired war against cuba etc etc are ok.

Re:You know... (1)

inerte (452992) | more than 10 years ago | (#7581472)

Because the end does not justify the means.

Re:You know... (5, Insightful)

jkleid (127829) | more than 10 years ago | (#7581483)

"I'll be honest, I'm not too worried about my ISP having my MAC address, or even the make and model of my video card if they are interested."

Authorities now have a sizable fraction of the technology possessed by big brother in the book 1984. Whether or not to fear that power is a matter of trust.
_______

tin foil hat... (2, Interesting)

mirko (198274) | more than 10 years ago | (#7581385)

If the guy tell the fbi his laptop got stolen, he may laos have given them some info about a recent internet connection which would have allowed them to find his mac address which was then looked for in some isps' logs until they found out who did it.
I guess it's more optimal for the fbi to do it this way than to just store whichever information thanks to some software backdoors.
we have some reasons to worry about our Freedoms but it is not a reason to imagine we're always being spied on.

You'd think that a thief (1)

xirtam_work (560625) | more than 10 years ago | (#7581387)

would be a little more aware of using big a company for his ISP due to tracability, etc.

Also the first thing I'd do is reprogram the MAC address (and ensure that the BIOS had CPU serial number feature disabled - if possible?).

I'm no thief, but I I were to try something illegal I think I'd plan it out a bit better first.

Did this machine have 'phone home' software installed?

Also, aren't most stolen laptops (and other computers) quickly sold on anyway? the perp is a total idiot for keeping it and using it. If you sell something in an untracable way, say to a guy in a bar for cash, then you're less likely to get caught.

Re:You'd think that a thief (1)

marko123 (131635) | more than 10 years ago | (#7581420)

only dumb* people get caught.

* people who don't do their homework. See many geeks in jail? Is it because they phear the law, because they are not so hardcore, because they are not so stupid, or because they are not teh ghey? Your pick...

Re:You'd think that a thief (0)

Anonymous Coward | more than 10 years ago | (#7581447)

Little from column A, little from column B. None from C or D.

Re:You'd think that a thief (0)

Anonymous Coward | more than 10 years ago | (#7581446)

I told the FBI that I got it from a guy in a bar but they wouldn't believe me!!!!

One more argument for adoption of open standards (1)

ezh (707373) | more than 10 years ago | (#7581394)

I know sometimes obscurity can be useful, but I still believe it is violation of privacy. Which means the thief should be set free since the methods that were used to trace him were unlawful.

AOL Id is in the install (2, Insightful)

acomj (20611) | more than 10 years ago | (#7581395)

When you install AOL it knows your "Master account" name. From there you can pick one of the other account names or use the "Guest" login feature.

My guess is that when the theif loged in they use the guest feature.

AOL probably had the account flagged as "Stolen" so the theif couldn't buy AOLL stuff through the account on the machine

Re:AOL Id is in the install (0)

Anonymous Coward | more than 10 years ago | (#7581421)

Why would he login as a guest on his own account and get it flagged stolen? Did you even read the article?

MAC Address? Proc Serial? Magic Lantern? (2, Redundant)

tintruder (578375) | more than 10 years ago | (#7581396)

Nobody ever talks about the MAC Address being a unique serial number for a PC. But if a company uses a management tool like OpenView, Tivoli, Spectrum etc., the MAC is certainly one of the parameters collected and recorded as part of the inventory.

So if this guy installed his own software or OS on a stolen box and then got caught, that leaves precious few other options.

Processor Unique ID?

WindowsXP Phone Home?

Keystorke Logger?

In any case, it certainly appears that some "known" piece of identifying data was present and easily flagged.

I for one would like to know more about the exact method used, because if there is indeed some kind of government back-door that has the potential to circumvent encryption or anonymity, we ought to find out.

Maybe the FBI's "Magic Lantern" is a 2-piece system with 1/2 on the network, and the other half in the OS or the Silicon?

Maybe all the bank employees are being spied upon without their knowledge?

Maybe Patriot Act rears its head in the authorization of certain methods and practices?

ipv6 (1, Interesting)

eddy_crim (216272) | more than 10 years ago | (#7581400)

If im correct ipv6 stores your 48 bit mac address in the last 64bits (wasteful) so that should make the fbi's job nice and easy

Re:ipv6 (1)

seite-f00f (458255) | more than 10 years ago | (#7581462)

you are _not_ correct
and btw. changing mac addresses is trivial
(if they get transmitted at all -> think NAT)

This is an option for everyone! (0)

Anonymous Coward | more than 10 years ago | (#7581402)

If you have a laptop, or any computer, for that matter, you should register it.

It just takes a few seconds, and being able to get it back in the event of theft is great peace of mind.

I use RegisterForFree [registerforfree.net] . Better safe than sorry.

Re:This is an option for everyone! (0)

Anonymous Coward | more than 10 years ago | (#7581453)

Sounds a lot better than registering with the manufacturer. An OPEN registration process for machines and users of all types. It's about time!

Wrong Guy (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7581403)

Not that this guy isn't a scumbag, but WF customers should be asking themselves how this breach of security could take place. Information like this should NOT reside on an unprotected laptop. Someone at WF is VERY dumb.

Wait a minute... (4, Insightful)

cnelzie (451984) | more than 10 years ago | (#7581406)

How was this thief even able to use this stolen laptop? Were they not running a password protected operating system, at least Windows 2000 or Windows XP?

I know that if ANY of the laptops and roughly ALL of our desktop PC's would be useless to any thieves unless they format each and every machine, since there isn't a single account that doesn't have a password that isn't controlled by our Domain Controller...

I am not so happy about Wells Fargo's apparent disinterest in keeping things secure...

Re:Wait a minute... (5, Interesting)

leenoble_uk (698539) | more than 10 years ago | (#7581452)

Running Jaguar I set up a fake account with no password on purpose. If my laptop was stolen I WANTED the thief to use it to get online. My real accounts were hidden from the login screen and my home folder was invisible. I had a penny-per-minute dialup ISP set up to make it easy for the thief to get connected. Using DNS update software I would be able to see the IP address at Dyndns.org if it was ever used.
If the thief was to find the computer locked down from the start then they'd be far more likely to wipe and restore making this a lot more difficult.
Unfortunately, now running Panther and making user account invisible makes the fast user switching a buggy nightmare. So in spite of the extra security features like FileVault I think it less likely I would ever see it again if it were stolen. I liked my security through obscurity.

Re:Wait a minute... (1)

caluml (551744) | more than 10 years ago | (#7581474)

Why not everytime the nachine boots, it sends out an email - that way you can get the whole SMTP path in the headers.

a work-around for this? (1)

JackRabbitSlims (662511) | more than 10 years ago | (#7581500)

Answering cnelzie I'd say that you just have to format the HD and install the OS to have a new fresh machine. But this broght me some though: 1) a fresh new install would also inform AOL the computer's MAC address? 2) does AOL maintain a database of USER_ID - MAC addresses? if so.. what for? 3)I don't believe the idea the WF keeps the MAC address of every computer the sell.. If doing so.. what for?

Elmetarny, my dear Watson. (0)

Anonymous Coward | more than 10 years ago | (#7581407)

Using a GUID or UUID you can track specific computers/users. A little more reliable than a MAC address as far as AOL's software goes (since the guy could have just changed modem/network PCMCIA cards or something). Not to say spoofing isn't a possibility, but the fucker used AOL. How likely is it he knows what the word "spoof" means?

cached Google description of GUID [216.239.41.104]

Dial-up/Broadband bound to windows login? (1)

trystanu (691619) | more than 10 years ago | (#7581413)

It just be something as silly as the dial-up/broadband connection being bound to a windows login through a domain server. As soon as thief logged into AOL they get a Username and Password prompt for the Walls Fargo domain. For all we know, he could've paniced and accidentally hit OK.

An invalid password for a user whose laptop was nicked from a whacky AOL IP address sure sounds suspicious to me.

so how did they get his addy? (1)

mOoZik (698544) | more than 10 years ago | (#7581424)

I know they can trace the IP to a general area, but how were they able to find his street and address(even assuming they had the MAC)? Just curious, that's all.

Re:so how did they get his addy? (4, Informative)

Zocalo (252965) | more than 10 years ago | (#7581498)

Logs, logs, and yet more logs. The process works like this (although not in this case, since apparently Yahoo is wrong and Krastoff actually used the original owners account):

  1. Use WHOIS to find out which ISP owns the IP address
  2. Get the ISP to look at their logs to determine which dial-up session was assigned that IP at the time.
  3. Look at the logs for the access platform to identify the caller's line ID. This is usually the same as the telephone number, but not necessarily, and is *always* known to the remote system, even if you withhold you phone number because it's used in call setup.
  4. Take that number to the Telco that owns it and look at *their* logs to give you the physical location of the phone that made the connection (or owner of the mobile).
  5. Arrest the perp.
While that glosses over the paperwork, and assumes that the ISP maintain sufficiently details logs of calls and authentication, which many small ones don't, that's pretty much it.

Re:so how did they get his addy? (1)

Detritus (11846) | more than 10 years ago | (#7581501)

If he used dial-up, AOL can get his phone number from Caller-ID or the telephone company's logs. With the phone number, its easy to get the name and address of the subscriber.

On broadband, the ISP can look at their logs to see what physical port was associated with the user's IP address.

America's Dumbest Criminals (1)

DNS-and-BIND (461968) | more than 10 years ago | (#7581429)

An identity thief...and he uses AOL?

He logs in to his AOL account, in his real name, from a stolen laptop?

Man, I would have just removed the hard drive, imaged it, and put the image up on Kazaa or Limewire or what have you. But then again, B&E at a bank was never exactly my style.

what the hell? (0)

Anonymous Coward | more than 10 years ago | (#7581431)

what IT idiot at Wells Fargo let users run AOL from within the corporate firewall?

stupid if you ask me.

Read the article (0)

Anonymous Coward | more than 10 years ago | (#7581437)

"Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

Same old stuff, user account, billing address, name on the acount, shit you dumb fucks! Did you not read the article? Phone home stuff? Hardly, simply stupid user error from a thief. Hardware identification??? Get real. Sure it can be done, and MAC address might a part, yet you can spoof a MAC address. Come on you technoweenies. Read , Research, and stop posting drivel.

What about the information? (1)

xirtam_work (560625) | more than 10 years ago | (#7581454)

Customer information should not have been kept on the HDD of the laptop, ever!

If a company is stupid enough to store customer information as sensitive as this on an easily removable (i.e. stealable) machine it should be heavily encrypted.

Maybe if they used Apple Powerbooks and OS X they could use the 'File Vault' feature. As well as this similar features as available for Windows and Linux. What do you think?

corepirate nazi execrable foiled by gnu millennium (0)

Anonymous Coward | more than 10 years ago | (#7581459)

that's right. this stuff is unbreakable, & wwworks on several (more than 3) dimensions. it's a real nightmare for those involved in unprecedented evile.

creators want compensation for planet use/damage? (Score:mynuts won)
by Anonymous Coward on Friday November 28, @06:57AM (#7581317)

not really? they just want US to stop wrecking it/killing innocents.

they're not just kidding about that.

the daze of the felonous ?pr? ?firm? scriptdead payper liesense georgewellian fuddite corepirate nazi softwar gangster stock markup execrable FraUDsters, is WANing into coolapps/the abyss, at the speed of right/light.

consult with/trust in yOUR creators.... almost all of us will be seeing the light.

Spyware (0)

Anonymous Coward | more than 10 years ago | (#7581460)

Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login.

This is just the stuff you can see, in
Program Files\Aol 8.0\SysInfo.ini

God knows what's being transmitted behind the scenes. And no, I would not have been using this evil poison code if I had had any choice :(

Sensitive info deleted. And some that probably wasn't sensitive is obfuscated, but hey, I'm paranoid...


[SYSTEMGOTO]
TotalDiskDrives=TotalDiskDrives=7
DiskDrive0=DiskDrive0=Floppy Drive A:
DiskDrive1=DiskDrive1=HardDiskDrive C: FreeSpace: 2345 MB , TotalSpace: xxxxx MB
DiskDrive2=DiskDrive2=HardDiskDrive D: FreeSpace: 189 MB , TotalSpace: xxxxx MB
DiskDrive3=DiskDrive3=HardDiskDrive E: FreeSpace: 8325 MB , TotalSpace: xxxxx MB
DiskDrive4=DiskDrive4=CD-ROM Drive F:
DiskDrive5=DiskDrive5=CD-ROM Drive G:
DiskDrive6=DiskDrive6=CD-ROM Drive R:
AppPath=AppPath=C:\Program Files\AOL 8.0
AppVersion=AppVersion=AOL xx.xxxx.xxx gb (a)
Processor=Processor=x86 Family 6 Model 8 Stepping 3
PageFileUsage=PageFileUsage= 98% free
Memory=Memory=448 MB total ( 48% load)
OS=OS=Windows xxxx
Video=Video=800 x 600 , True Color (32 bit)
Browser=Browser=Microsoft IE Build 6.0.xxxx.xxxx
Multimedia=Multimedia=CD-ROM , Sound
AppSerialNum=AppSerialNum=
[STATUS]
NumSessions=NumSessions=1, 2, 1
NumAbnExits=NumAbnExits=100.0%, 0.0%, 0.0%
InstallDate=InstallDate=xx/xx/xx
OrigVersion=OrigVersion=xxxx.xxxa
SessionSpeed=SessionSpeed=32000 bps
[ERRORLOG]
Error1=Error1=23:22:22 7/20/03 Address Book Sync Checker Timeout
Error2=Error2=22:22:22 7/20/03 ABSyncError:233
Error3=Error3=22:12:33 7/20/03 You have not completely filled out this form.
Error4=Error4=21:47:24 7/20/03 The modem has reported that there is no dial tone.
Error5=Error5=18:56:28 7/20/03 Attempt 1) [Modem: xxxxxxx-SM PCI Modem on COM3] The modem has reported that there is no dial tone.
[CACHE]
CURCACHE=CURCACHE=0 KB
MAXCACHE=MAXCACHE=1024 KB
[NETWORK]
CPUMake=CPUMake=Intel Celeron
CPUSpeed=CPUSpeed=xxxx
USB=USB=Detected
NIC=NIC=Not Detected
Adapter1=Adapter1=Name: WAN (PPP/SLIP) Interface, IPAddress: xxx.xxx.xxx.xxx, SubnetMask: 255.255.255.255, DefaultGateway: xxx.xxx.xxx.xxx
Adapter2=Adapter2=Name: Realtek RTLxxxx(AS)-based Ethernet Adapter (Generic), IPAddress: xxx.xxx.xxx.xxx, SubnetMask: xxx.xxx.xxx.xxx, DefaultGateway: xxx.xxx.xxx.xxx
Plugin1=Plugin1=Name:Viewpoint, Version:xx,xx,xx,xx
Plugin2=Plugin2=Name:Direct Draw, Version:xx.xx.xxxx.xxx
Plugin3=Plugin5=Name:Shockwave Flash, Version:xx,xx,xxx,xx
[CONNECTIVITY SUMMARY]
Device1=Device1=TCP/IP: LAN or ISP (Internet Service Provider)
Device2=Device2=Modem: xxxxxxx-SM PCI Modem on COM3, Default Device, ModemSetupString: Axxxxxxxxxxxxxxxxx,x;xx4xM, PPPSetupString: , AlwaysReconnect:
TotalLocations=TotalLocations=1
Location1=Location1=TotalConnections: 3, Name: Home, Tries: 5,Current Location
Connection1 at Location1=Connection1 at Location1=Name: xxxx xxx xxxx (1) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0
Connection2 at Location1=Connection2 at Location1=Name: xxxx xxx xxxx (2) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0
Connection3 at Location1=Connection3 at Location1=Name: xxxx xxx xxxx (3) xx Customers - Freephone (V90), Tries: 1, Device: Modem: xxxxxxx-SM PCI Modem on COM3, Number: xxxx xxx xxxx, Network: AOLnet, ClientPPPReady: 1, NumberPPPReady: 1, Speed: 115200, Touchtone: 1, OutsideLine: , CallWaiting: 0, AlwaysReconnect: 0

Re:Spyware (1)

Moblaster (521614) | more than 10 years ago | (#7581508)

The "DEFAULT GATEWAY" under one of the ethernet adapters could be unique "enough" to identify this computer out of many others -- especially if AOL is being accessed outside of that subnet. That may be a powerful enough clue by itself, especially if you know what you are looking for.

hooks? that's easy... (1)

penguin7of9 (697383) | more than 10 years ago | (#7581469)

Nothing particularly sinister. The "hooks" they have is probably caller ID on the modems. If he connected via DSL, they have the port he connected from (via the IP or MAC address). AOL is probably completely free to give out that information, with no need for wiretap authorization.

damnit. (1, Funny)

fuckfuck101 (699067) | more than 10 years ago | (#7581471)

That's the last time I steal a computer to login to AIM again.

There is no story here (5, Insightful)

Mr_Silver (213637) | more than 10 years ago | (#7581475)

From SFGate [sfgate.com] :
Investigators knew where to look for the gear not because of unusually intrepid sleuthing but because Krastof allegedly used the computer to log on to an AOL account belonging to the system's owner, Peter Gascoyne.
Please remove your tin foil hats, the idiot logged onto the AOL account of the person he stole the laptop from. The police and AOL merely traced it back to his house.

A more detailed version of the article (3, Informative)

claq (727871) | more than 10 years ago | (#7581476)

I found this version [sfgate.com] posted on www.securityfocus.com. It says the thief used the laptop owner's dial-up AOL account, which the FBI had asked AOL to monitor.

oh please (1)

warren69 (187813) | more than 10 years ago | (#7581480)

" Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

That is a bit of a conspiracy theory. It is just the PC Call Home software such as http://www.absolute.com or any of the others.

My only suggestion for laptop owners is to get the most difficult to remove laptop security software. There is none that is impossible to remove, but stuff that resides in the MBR, etc will make life much more difficult for the thief...

he did not change (1, Informative)

linuxislandsucks (461335) | more than 10 years ago | (#7581491)

his Mac address and machine name.. what an idiot

Used SMBIOS perhaps ? (1, Informative)

Anonymous Coward | more than 10 years ago | (#7581504)

Perhaps they used the SMBIOS Serial number

SMBIOS fields such as make, model, serial number and chassis type are populated on pretty much all tier 1/2 machines these days.

SMBIOS table method extraction is really safe, really fast, non-intrusive and can be performed with basic level user access (doesn't require local administrator) on any Windows box without any resident drivers or services (unlike DMI).

Moving one step futher - The collection of SMBIOS information by a large ISP such as AOL would allow for some pretty sophisticated profiling for future service provision.

From a big brother perspective, SMBIOS will not tell your ISP your name, your credit card details or what you've been doing since your last online session.

For example, they could profile users by processor type, or memory capacity, they could even send out email offers to users who had free memory slots.

Back to the point - It would be relatively easy for ISPs to be given a 'stolen' list to compare detected serial numbers against, customers just need to use decent Asset Management processes so they know what was stolen........
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?