Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Search Convicts Hacker

Zonk posted more than 7 years ago | from the scroooooood dept.

Google 116

An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'

cancel ×

116 comments

YRO? (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17340722)

How does this have anything to do with my rights online?

Re:YRO? (0)

Anonymous Coward | more than 7 years ago | (#17340804)

Perhaps it has something to do with the possibility that Google could cough up *your* search terms should you become the target of interest from law enforcement or the Gest^W Homeland Security department?

Re:YRO? (4, Insightful)

electrosoccertux (874415) | more than 7 years ago | (#17340820)

How does this have anything to do with my rights online?
Because now you have a lot fewer of those rights.

Re:YRO? (3, Insightful)

Anomalous Cowbird (539168) | more than 7 years ago | (#17341426)

Because now you have a lot fewer of those rights.

In what way? To claim that a "right" has been violated here seems tantamount to making an assertion such as "Of course I may leave footprints, but no one has a right to follow them."

Why should an electronic trail have legal protections that a physical trail does not?

Re:YRO? (2, Insightful)

hackstraw (262471) | more than 7 years ago | (#17343054)

Why should an electronic trail have legal protections that a physical trail does not?

Physical trails in the public are not protected. Physical trails in private are.

Its OK for me to watch you in public talking to person X. In theory, one needs a warrant and probable cause of a specific crime to listen to person talking with person X on the telephone.

Re:YRO? (3, Insightful)

Macthorpe (960048) | more than 7 years ago | (#17343494)

That's not comparable.

In this instance it would be like talking to person X on company Y's premises. Company Y certainly has a right to know what is going on in their building and if it's illegal have every right to call the police about it.

That's my view, anyway.

Re:YRO? (1)

beckerist (985855) | more than 7 years ago | (#17343558)

Your metaphor is rendered invalid when the receiving end of your conversation is a corporate entity residing on a public domain. Google has every right to surrender any information it may have. Whether it's ethical to do so remains another, entirely different question. Don't be evil!!!

Re:YRO? (4, Insightful)

JasonKChapman (842766) | more than 7 years ago | (#17341708)

How does this have anything to do with my rights online?
Because now you have a lot fewer of those rights.

Yeah, what with being forced to use Google and all.

I mean, seriously, which right was violated here? The right to use a search engine without records? The right to use someone's wireless network without records?

Re: Wake up and smell the coffee!!! (Re:YRO?) (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17340972)

Because Google can say ANYTHING it wants about you and people/police/FBI/government/corporations/your_emp loyer/etc will believe them without an OPEN REVIEW of how they obtain, generate, and store that information.

Is the information faulty? Did someone munge with the data? Were Google's databases corrupt? Was the data recreated or generated from other data? Has Google's spy software been through open source review? How well was Google's software tested?

It continually astounds me how intellectually lazy Americans have become! It continually astounds me how the American people are willing to look the other way when it comes to their liberty and civil rights being encroached on!

THINK FOR ONCE PEOPLE!

Re: Wake up and smell the coffee!!! (Re:YRO?) (3, Interesting)

heinousjay (683506) | more than 7 years ago | (#17341096)

So it's not clear that Google had anything to do with this, and aside from the search terms, other evidence also pointed to his crimes. I'm pretty sure you've overreacted.

I'm not too surprised, though. A story like this (and realistically, the entire YRO section) is pretty much intended to rile the tin-foil hat crowd. Good thing for me that I'm entertained by it.

Re: Wake up and smell the coffee!!! (Re:YRO?) (2, Insightful)

necro2607 (771790) | more than 7 years ago | (#17341398)

Yeah, it's a bit sensationalistic to claim he was "convicted" simply due to his google search terms - those were merely one part of the evidence given in court.

Re: Wake up and smell the coffee!!! (Re:YRO?) (3, Interesting)

bberens (965711) | more than 7 years ago | (#17342044)

That's like looking at a key eye witness who saw you stab Nicole Brown Simpson and saying "How do I know you weren't on LSD and just imagining me there?" Seriously, independent third party witnesses are key to the judicial process. Get over yourself. Google openly makes money on the fact that they keep track of your browsing habits in order to make their advertising revenue more beneficial to their paying customers. Google could plaster those records for everyone on the planet to see them and your rights still haven't been violated. If you don't like what Google or any other company does, don't use them. With Google it's especially easy to avoid. Being a techy, you could take it a step farther and route google.com to /dev/null.

Re: Wake up and smell the coffee!!! (Re:YRO?) (0)

Anonymous Coward | more than 7 years ago | (#17342712)

The sanity, expertise, and/or reliability of witnesses is often questioned in court. Numerous times people have been sentenced to prison or even put to death on faulty evidence or testimony. This is one of the primary reasons some want to do away with the death penalty.

IF Google is a key factor in the case, THEN there is prudent reason to question the reliability of their data.

While it may be fun to joke about the tin foil crowd I think this is an honest concern.

Re: Wake up and smell the coffee!!! (Re:YRO?) (2, Interesting)

jc42 (318812) | more than 7 years ago | (#17344882)

That's like looking at a key eye witness who saw you stab Nicole Brown Simpson and saying "How do I know you weren't on LSD and just imagining me there?"

Funny, yes. But I have a story that's not too far off from that sort of thing. About 10 years ago I was working on a project at a big corporation whose name isn't relevant here. I had a row of machines with different OSs for doing portability testing. Someone sent me email pointing to a bit of humor on some web site, and by chance I happened to read it on the NT box. It was cute, I sent back a message saying that I'd laughed, and went about the day's work.

When I came in the next morning, the NT machine was sitting there displaying a whole lot of pornographic images. "Well, that's interesting ..." They had come from another machine in the same domain as the funny page. I erased them, checked occasionally, and they didn't reappear.

But the next morning, they were there on the screen again. So I really investigated. I found the "deleted" email, fetched the funny page again, and examined its source. It had some truly bizarre javascript that I didn't quite understand, but I did find the routine that fired off a download just after midnight. I called a few coworkers over and showed them the original page, the code, and the results. Nobody could quite explain the code, other than that it did something just after midnight. We found that when we disabled JS, the porn downloads stopped.

We tried it on a number of other machines. It only worked on MS Windows boxes, not on Solaris or linux or FreeBSD or any of the others. We had lots of Windows boxes, each with a different release installed, so after a while, we had lots of machines that were all downloading porn every night just after midnight.

We did discuss the implications if the higher-ups got wind of this. We had this scenario of them trying to figure out how we were sneaking in every night at midnight without the security guys seeing us, downloading a lot of porn, and then sneaking out without being seen. We were sure that the porn downloads were going into our permanent records.

Actually, we thought it was funny, as did our bosses. And these were all "crash and burn" test machines, so eventually we wiped each one clean, reinstalled the OS, and the porn went away.

But the legal system doesn't have our sense of humor. It's easy to imagine, in the light of TFA, that we could have been charged with a repeated pattern of downloading porn on company machines. In some companies, this could have easily got us fired. Luckily for us, our bosses just considered us crazy software developers.

I did learn enough that, some time later, I wrote up a little demo of how to make an innocent-looking web page download files that the user never sees, but which leaves incriminating downloads in the browser cache and the firewall logs, which could convict them as happened to this guy. I use the demo to convince people that I'm not being paranoid when the first thing I do with a new browser is to turn off java, JS and any other "scripting" tool. We're reaching the stage where you can be convicted for what you computer does behind your back. Stories like this are good for explaining why everyone really needs to learn enough about how their software works that you can block things like this that can plant evidence on your machine.

Of course, you really can't know about every automated thing that might be hidden in that box. And I should probably add this news story to my demo's docs, as an extra motivator.

Re: Wake up and smell the coffee!!! (Re:YRO?) (1)

sacrilicious (316896) | more than 7 years ago | (#17345698)

That's like looking at a key eye witness who saw you stab Nicole Brown Simpson and saying "How do I know you weren't on LSD and just imagining me there?" Seriously, independent third party witnesses are key to the judicial process. Get over yourself.

In a (sane) legal proceeding, there are resources allocated to evaluating the likelihood of scenarios proposed by either side. If one side posits that one of the witnesses may be unreliable because of being on LSD, the assertion isn't just tossed out... it's evaluated. There will be people who can come forward and testify as to the witness's habits, character, circumstances, all of which will usually lead to a reasonable assessment of the credibility of the "might he have been on LSD" question.

If google turns over search terms, this gets one FUCK of a lot harder. If someone wants to contest the search terms, what exactly are they going to say? "Um, I want google to prove the impossibility of someone mucking with the records in question. And I'd like google to prove the integrity of the code involved in collecting and storing this data"... even though doing so is in all likelihood impossible even for someone with a triple PhD in computer science, and to even try is something that google will fight tooth and nail since it would involve revealing both code and business logic.

Re: Wake up and smell the coffee!!! (Re:YRO?) (1)

glwtta (532858) | more than 7 years ago | (#17345308)

It continually astounds me how the American people are willing to look the other way when it comes to their liberty and civil rights being encroached on!

Dude, the American people just looked the other way when the US government allowed itself to torture prisoners, and compromised just about every tenet of a fair trial. And you want us to care about web cookies and browser logs and shit?

Re: Wake up and smell the coffee!!! (Re:YRO?) (1)

sacrilicious (316896) | more than 7 years ago | (#17345646)

Is the information faulty? Did someone munge with the data? Were Google's databases corrupt? Was the data recreated or generated from other data? Has Google's spy software been through open source review? How well was Google's software tested?

Agreed all! I'll add one: Might someone at google have an agenda? I.e., might the data be deliberately falsified?

AOL (5, Funny)

celardore (844933) | more than 7 years ago | (#17340786)

Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive. (Microsoft, on the other hand, told us that it has never received such queries for MSN Search, and AOL says it could not provide the information if asked.)

No, they'll just give it all away anyway.

Re:AOL (1)

DDLKermit007 (911046) | more than 7 years ago | (#17345720)

The thing is that I highly doubt that they got the search results from Google. My money is on that he had auto-complete turned on. No non-tech head has the sense to turn this off. I've found credit card numbers in some of my friend's auto-complete histories. Hit the down arrow key at the Google page when your on the search box, and you can get a fairly long list of previously searched items. This kind of stuff doesn't require any kind of court order with Google.

Well... (4, Insightful)

Quixote (154172) | more than 7 years ago | (#17340862)

when Yahoo does something like this [csmonitor.com] , they are teh Evil!!!!11!!one!

But when Google does it, it can only be for the common good, right? A malicious Hax0r gets put away??

Re:Well... (4, Funny)

spun (1352) | more than 7 years ago | (#17341186)

Yes! You get it. Now you are one of us. (chanting) One of us! One of us!

Re:Well... (2, Informative)

A682 (1032020) | more than 7 years ago | (#17341776)

The difference is that yes, in this case, a malicious "hax0r" does get put away... but in Yahoo!'s case, they did the same to a journalist who desires freedom in an oppressive communist state. They're two different things.

Even so, I don't think Google was the source of the search terms- they have adamantly stood their ground against such practices in the past. I just don't see them taking a 180 and just giving the FBI search terms like that.

Re:Well... (1)

jlarocco (851450) | more than 7 years ago | (#17343724)

The difference is that yes, in this case, a malicious "hax0r" does get put away... but in Yahoo!'s case, they did the same to a journalist who desires freedom in an oppressive communist state. They're two different things.

What's the difference? In both cases somebody was breaking a law in their country. And in both cases the search engines gave relevant information to the governments of those countries. They seem almost exactly the same to me.

Re:Well... (1)

Dirtside (91468) | more than 7 years ago | (#17344314)

They seem almost exactly the same to me.

Murder and self-defense are exactly the same if you describe them both only as "using a firearm to cause a person to die". The context is important; and to some of us, suppressing free speech is not equivalent to punishing someone for breaking into a former employer's network in order to damage it.

Re:Well... (1)

bky1701 (979071) | more than 7 years ago | (#17345284)

"The context is important; and to some of us, suppressing free speech is not equivalent to punishing someone for breaking into a former employer's network in order to damage it."

The Chinese would say the same thing; they were just punishing someone for spreading lies and propaganda in an attempt to destabilize the government. Not that they are right, just remember, everyone has excuses.

Re:Well... (1)

jlarocco (851450) | more than 7 years ago | (#17345304)

Murder and self-defense are exactly the same if you describe them both only as "using a firearm to cause a person to die". The context is important; and to some of us, suppressing free speech is not equivalent to punishing someone for breaking into a former employer's network in order to damage it.

If you're going to do business in a country, you're obligated to follow their laws, whether you like them or not. If Google or Yahoo wants to make a statement about a country's policies, breaking the law isn't the most effective way to do it.

Re:Well... (1)

mgt (138275) | more than 7 years ago | (#17342980)

mmmm.. "don't be evil"

Re:Well... (2, Insightful)

TheSeer2 (949925) | more than 7 years ago | (#17343064)

It's called a subpoena.

Re:Well... (1)

Jahz (831343) | more than 7 years ago | (#17343878)

when Yahoo does something like this, they are teh Evil!!!!11!!one!
But when Google does it, it can only be for the common good, right? A malicious Hax0r gets put away??
No. You make it sound like all /.ers blindly believe anything Google does is correct. Google knows how to play this crowd, and there is nothing wrong with that. You're the real problem here because of how you trivialize the issues to make it seem like a popularity contest. Some people here might think that way, but most probably do not...

The difference between these two events is pretty basic. In Google's case:
a subpoena to Google from the police
This is a legal requirement that Google has no choice other than to comply with. (or to not log queries and degrade service severly). Now in Yahoo!'s case, from the article you linked:

Yahoo Holdings Ltd. in Hong Kong worked with mainland Chinese police to find Shi, according to court documents. So far, Yahoo has refused to offer details beyond this statement released Thursday: "Yahoo must ensure that its local country sites must operate within the [local] laws, regulations, and customs."
Can you see the differences? Do you see why Yahoo HK was evil, but Google was not? Hong Kong is a seperate government than mainland China. Yahoo in Hong Kong had no legal requirement to cooperate with mainland Chinese police (first evil deed). Then, Yahoo stated that they will comply with local "customs".
 
So, the bottom line is that subpoenas and customs are very different things. Google will release customer data in compliance with court orders. Yahoo will release customer data in compliance with local customs. Please don't pretend these are the same thing.

Re:Well... (1)

bky1701 (979071) | more than 7 years ago | (#17345306)

"Can you see the differences? Do you see why Yahoo HK was evil, but Google was not? Hong Kong is a seperate government than mainland China."

Umm, no.

http://en.wikipedia.org/wiki/Hong_Kong [wikipedia.org]
"The Hong Kong Special Administrative Region of the People's Republic of China (Traditional Chinese: [pronunciation]) is one of the two special administrative regions (SARs) of the People's Republic of China (PRC), the other being Macau, and one of the richest cities in the world."

From their privacy policy: (4, Informative)

GPLDAN (732269) | more than 7 years ago | (#17340876)

Let's look at Google's privacy policy, shall we?

Information sharing

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:
* We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
* We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
* We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.


That's a pretty broad policy. *ANY* applicable law, regulation, legal process or enforeable governmental request. That leaves the door pretty wide open for the Chinese government to start asking for the query strings of their citizens to me.

I think the answer is clear, if you need to see webpages and want NO trace of you - you have to compromise a machine, surf via a proxy you set up in it, and then timebomb the drive to wipe itself after you are done. And even then you may get caught, if there are firewall logs.

Let's look at a leading company [proxify.com] that does web proxy policy:

DISCLOSURE
All use of our site is confidential. We disclose user information only as provided for herein and when we believe that the law requires it, or when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with Proxify's rights or property.

In the event of an assignment, sale, joint venture, or other transfer or disposition of some or all of the assets of Proxify, you agree that we can accordingly assign, sell, license or transfer any information that our users have provided to us. Please note, however, that the purchasing party cannot use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy without your prior consent.


That pretty much says: hey, we have your web surfing logs and we'll give em up if we have to. We don't want to, and we'll destroy logs after 30 days (it says that elsewhere in the policy) but dammit, if they bend us over and lube us up - we're gonna damn well hand it over rather than taking one for the team, so to speak.

Two ways (0)

Anonymous Coward | more than 7 years ago | (#17341408)

JAP [tu-dresden.de] - I use this at work. It's usually pretty fast and works well. The app is a single .jar so no installation is required.

Tor [vidalia-project.net] - I use this often, too, but it's much slower

Re:From their privacy policy: (1)

troll -1 (956834) | more than 7 years ago | (#17341552)

We disclose user information only as provided for herein and when we believe that the law requires it, or when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with Proxify's rights or property.

But we don't want google disclosing our information based on what they believe. That's up to law enforcement. If law enforcement believes a crime has been committed let them get a warrant and subpoena google for the information.

Certain exceptions, if memory serves (2, Interesting)

Stonehand (71085) | more than 7 years ago | (#17341706)

I seem to recall that there is a legal obligation to report certain classes of suspicious activity if they become aware of it -- notably, child pornography. They may not be obligated to actively search for it, but if they spot indications that a user is involved in that while analyzing their logs...

Server location isn't a defense (1)

msobkow (48369) | more than 7 years ago | (#17341854)

If someone is charged in one country for what is done with servers located in another country, it stands to reason they're liable for what they did in the origin country. International treaties specify information sharing between various security and police forces, so any company has to comply with such requests. If a country signs up to an international treaty, then the people and businesses in that country have to abide as best they can.

Think about it -- sysadmins and servers are scattered around the globe, but the corporations that manage them have to comply with the law in each country they have offices in. It doesn't matter whether that country has servers located elsewhere -- they're just tools.

Re:From their privacy policy: (1)

gamer4Life (803857) | more than 7 years ago | (#17341886)

That leaves the door pretty wide open for the Chinese government to start asking for the query strings of their citizens to me.


Why are you even bringing the Chinese government into this? Replace "Chinese" with "American" and it still means the same thing.

Supeona (1)

nurb432 (527695) | more than 7 years ago | (#17343320)

None of that matters when they get the letter. They have to fork it over regardless of what agreement you made with them at that point anyway.

I just wonder how long it will take to start general 'fishing expeditions' of search history to show 'possible intent' of comitting a crime and get warrants based on that 'suspicion'. " we see here you did a search for the word crack, come with us". " we dont care that what you have searched for might have been legal when you searched, its not now".

Scary stuff.

Curiosity did kill the cat, and it may kill the rest of us too...

Is there a way... (1)

bogaboga (793279) | more than 7 years ago | (#17340896)

I wonder: Is there a way to conceal IP addresses and MAC addresses? What about slashdot? Are we being monitored? You see, I have posted what has been regarded as "flambait" a number of times.

Re:Is there a way... (1)

The Living Fractal (162153) | more than 7 years ago | (#17340944)

... And what's one more? ;p

But seriously. No way to hide IP addresses from the server. Unless you want to terminate your connection. Then you can hide all day. And get nowhere fast.

This guy who got caught.. well, in short, he sucked. Good hackers don't get caught.

Besides, I would say calling him a hacker does a disservice to the name. He was much closer to a script kiddie IMHO.

TLF

Re:Is there a way... (1)

Mysticalfruit (533341) | more than 7 years ago | (#17341296)

I suppose that you could install a leapfrog program on another machine and route your traffic through their machine, thus disguising your IP.

Though when they see the leapfrog pointing back to your machine, the gig's pretty much up...

Re:Is there a way... (4, Insightful)

The Living Fractal (162153) | more than 7 years ago | (#17341406)

There are numerous ways to make yourself anonymous, however, they are for another discussion. Which is why I just suffice to say this guy is a piss-poor hacker.

He didn't even try. He was just a disgruntled IT worker. Instead of using a machine gun to mow people down he wanted to use a transmitter to mow packets down. In this day and age people take that very seriously. So he's going to jail for 15 months. End of story.

TLF

Re:Is there a way... (2, Interesting)

markwalling (863035) | more than 7 years ago | (#17341848)

after reading rfc 2549, i belive that anyone could spoof their ip or mac address very easily. trusted networks do not shit on your car

Re:Is there a way... (1)

foamrotreturns (977576) | more than 7 years ago | (#17345672)

Definitely a bad hacker. The only way that Google could keep his search terms and link them directly to him as a person would be if he were logged into his Gmail account when he was searching for the help he sought (or if he did them while sitting at his desk at work or home). Had he been smart, he would have done all the research from a public terminal in a library or university where no logon is needed. But we've already established that he wasn't smart. His imprisonment is not an effective disincentive to other hackers because he was just so stupid about it, and no self respecting real hacker would be so careless and they're probably all laughing at his sorry ass now.

Re:Is there a way... (2, Informative)

troll -1 (956834) | more than 7 years ago | (#17341686)

But seriously. No way to hide IP addresses from the server.

Just use an anonymous proxy like tor. [eff.org]

Re:Is there a way... (0)

Anonymous Coward | more than 7 years ago | (#17340964)

You can't be serious...

Mod Parent up "FUNNY"

Re:Is there a way... (2, Informative)

drpimp (900837) | more than 7 years ago | (#17341174)

Yeah it's called spoofing. MACs are easy, as this was one of the things the guy in the article was doing. I myself did the same thing back in college for WiFi in certain buildings. I simple packet sniffing can yield some great things. IP spoofing is likely to be done, but good luck on getting a response from your target, at least with out some other tricky means.

I'm suprised it took this long... (1)

Mysticalfruit (533341) | more than 7 years ago | (#17340902)

Yet another reason to create a web user, copy in your bookmarks, do your online reading and can that user!

Create a user? Lame. (0)

Anonymous Coward | more than 7 years ago | (#17345222)

Use tor and vmware. Tor for network anonymity, vmware for local cleanliness. "Revert to snapshot" is your friend.

Another story of not being smart(tm) (3, Informative)

junglee_iitk (651040) | more than 7 years ago | (#17340904)

I am no hacker and I do use google for many searches that I would not like to be a public information. Let us come clean, how many of us have not searched for a mp3 we liked a lot, or p0rn, or how to bypass company firewall?

The first thing he should have done is to delete Cache, browse anonymously, and FOR GOD'S SAKE, not be logged into google (which is integrated everywhere), or delete search history, or delete all cookies!

I know because I have suffered from this kind of stupidity, and in the end, I was unable to blame anyone.

Actually... (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17341356)

Actually, the first thing he should have done was to stop using his former employer's wireless network by appropriating its other customers MAC addresses to gain illegal access. The second thing he should have done was to not launch DOS attacks against said customers' websites. That automatically raised damages to above $5000 which led to the FBI getting involved. Once that happened, he was screwed.

A Fourth Way (1)

Tackhead (54550) | more than 7 years ago | (#17340922)

> That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie.

...or by simply getting a judge to approve the running of a query against a database consisting of all traffic to/from the routers that constitute the edges of Google's network, without confirming or denying the existence of such a database.

Re:A Fourth Way (1)

rjpear (1033976) | more than 7 years ago | (#17343874)

Wow..That's probably Overkill for this case... More than likely.. the Business suspect the guy is the perp and Either Takes his work machines and has analysis done on the Web Cache/History to see what this guy is looking at while using that PC OR Law Enfocement gets the bad guys computer, which said bad guys thinks will never be looked at, and with a Search Warrant the Computer is analyzed and Google search terms pop up and are introduced as evidence in trial.. Not really a big deal... and happens every day with Child Porn investigations...

Google Account (1)

garcia (6573) | more than 7 years ago | (#17340936)

Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'

Or your Google Account search history if you remained logged in after you use GMail (or any of their other services).

Re:Google Account (1)

MrP-(at work) (839979) | more than 7 years ago | (#17340996)

don't forget google ads

Re:Default GoogleFox (0)

Anonymous Coward | more than 7 years ago | (#17344408)

Or your mistyped urls via search from the address bar.
Or how long your browser was open for (to the nearest half hour), via the lesser/default anti-phishing protection.

Yeah, not exactly your bank account details, but still none of their fucking business.

On my best behavior (1)

Joebert (946227) | more than 7 years ago | (#17340956)

I hope nobody ever finds a reason to check my search records, I already know I can never become a politician.

Re:On my best behavior (0)

Anonymous Coward | more than 7 years ago | (#17341108)

No, but you can be marked as possible terrorist any day without good reason these days.

Re:On my best behavior (2, Insightful)

Joebert (946227) | more than 7 years ago | (#17341994)

I'm not worried about that, everybody is a possible terrorist theese days.

This is why... (0)

Anonymous Coward | more than 7 years ago | (#17341054)

I stopped using google. Here are some alternatives:

Scroogle [scroogle.org] (uses Google)
Clusty [clusty.com]

Re:This is why... (1)

The-Ixian (168184) | more than 7 years ago | (#17341796)

boggle

MAC Address Filtering... (5, Insightful)

e4g4 (533831) | more than 7 years ago | (#17341100)

...is not a bloody security feature. This is why people who actually want to secure a wireless network use some combination of Radius and VPNs...

Re:MAC Address Filtering... (1)

b0s0z0ku (752509) | more than 7 years ago | (#17341744)

This is why people who actually want to secure a wireless network use some combination of Radius and VPNs...

That's also one way to maintain an open network for casual surfers without compromising your home/business network. Put the wireless net on the Internet side of a firewall. Only VPN users get to cross the firewall and play on the company Intranet.

-b.

How to not get caught (5, Informative)

troll -1 (956834) | more than 7 years ago | (#17341104)

The Linksys router Schuster used at his home and its MAC address proved that he was accessing the CWWIS wireless network.

Sounds like the MAC address was tied to his name somewhere and this was the evidence the FBI used to obtain the warrant. After that, everything was revealed by the contents of his computer.

If you purchase a network card online with a credit card it's possible that the FBI can trace the MAC address of that card back to you, providing the seller keeps records. If you're a linux user you can change your MAC address with,

ifconfig ethX hw ether xx:xx:xx:xx:xx:xx

As long as you don't pass traceable information (like logging onto a traceable email account) and you use an anonymous proxy like tor [eff.org] as extra protection, it's pretty difficult to trace you. It's possible, of course, to locate you physically by triangulating your radio signals but this requires a bit more effort.

The above is provided for educational purposes only. I do not advocate breaking the law.

Criminals should never use credit cards! (0)

Anonymous Coward | more than 7 years ago | (#17341334)

Canada's version of 9-11 was the Air India bombing which brought down a plane with 329 people aboard in 1985. The guy who built the bomb bought a radio to build the bomb with and the police caught him because he used his credit card for the transaction. So, the cops have been catching people by tracing credit cards for a long time.

http://www.hinduonnet.com/fline/fl2005/stories/200 30314003510000.htm [hinduonnet.com]

Actually, the best way to not be caught is to not be a criminal and even that is not a 100% guarantee. Some Bulgarian nurses have been convicted of murder in Lybia because their patients got AIDS. It happens here too. Lots of people have been convicted of murder and later exonerated. OK, where's my tin hat ...

Re:How to not get caught (1)

necro2607 (771790) | more than 7 years ago | (#17341366)

Indeed, you can change the NIC's MAC address on your OS X machine as well (from here [wikipedia.org] ):

Under Mac OS X, the MAC address can be altered in a fashion similar to the Linux and FreeBSD methods:
ifconfig en0 lladdr 02:01:02:03:04:05
or
ifconfig en0 ether 02:01:02:03:04:05


If you're really concerned you can also just permanently modify the MAC address [sdadapters.com] by editing data on the NIC's EEPROM. :)

Re:How to not get caught (0)

Anonymous Coward | more than 7 years ago | (#17344034)

Yes, because it's basically BSD. Us *nix users know about this stuff. Windows users of course, have no idea what a MAC address is, and probably don't care.

Re:How to not get caught (2, Interesting)

wikes82 (940042) | more than 7 years ago | (#17342412)

Interesting, Now I can use skype to make 100% anonymous phone call All I gotta do just change my MAC addr then find a good wi-fi spot, then register a new skype account. Only 9 days left for the FREE skype phone call to US.

Re:How to not get caught (1)

Swimport (1034164) | more than 7 years ago | (#17342842)

The above is provided for educational purposes only. I do not advocate breaking the law.

I do.

Re:How to not get caught (0)

Anonymous Coward | more than 7 years ago | (#17342946)

You don't need to worry about the MAC address of your NIC. That does not go out over the wire to web servers. The MAC they are talking about the MAC of the router. That is what the outside world see's not the MACs of your internal NICs.

Re:How to not get caught (1)

max born (739948) | more than 7 years ago | (#17343690)

This is for when you hack your neighbor's linksys router and you don't wanna get caught.

Re:How to not get caught (1)

totally bogus dude (1040246) | more than 7 years ago | (#17344102)

You don't need to worry about the MAC address of your NIC. That does not go out over the wire to web servers. The MAC they are talking about the MAC of the router. That is what the outside world see's not the MACs of your internal NICs.

None of your MAC addresses go over the wire to web servers, unless the web servers are on the same physical network as you.

Re:How to not get caught (1)

sacrilicious (316896) | more than 7 years ago | (#17345606)

None of your MAC addresses go over the wire to web servers, unless the web servers are on the same physical network as you.

Two scenarios to keep in mind:

  • (1) You're surfing on a wireless hotspot that isn't yours, e.g. you're at starbux, or using a neighbor's router. You download something that The Man gets interested in. The Man then requests access to the (starbux's or neighbor's) router, and gleans your mac address from it.
  • (2) You're surfing on the wireless router in your own home. You think you're safe, since you could always reset (or destroy) the router if trouble started coming. But... your ISP has a backdoor in their cable/dsl modem that allows them direct access to your wireless router... and, your router happens to have a known exploitable bug in it that allows remote access. Or you just haven't secured it to begin with.

Re:How to not get caught (0)

Anonymous Coward | more than 7 years ago | (#17343216)

A secondary link from the article indicates the device had cached the last 4 mac addresses that had been used. They all matched devices used by other clients.

Clarifications w.r.t. How to not get caught (1)

mitigator (820468) | more than 7 years ago | (#17343642)

Your post leads to confusion .. not that it has anything wrong in it, but it has the potential to confuse:

__1__
His MAC address, when he connected to the local gateway, was logged.

You suggest using tor for protection; tor wouldn't have helped this person. Tor obfuscates IPs.

__2__
Another poster writes that he's sure the FBI would use a MAC address database to track the person down.

This would prove *extremely* difficult, and generally not plausible.
There is a "database"[1], but it's a pretty granular database, with the equivalent of old-school "Class A" (256^3) blocks of addressing[2], going to the manufacturer-on-record of that NIC.

It's also important to know, folks, that just because you change your MAC address, it doesn't mean you're "secure". Infact, if you do it on any of many wired networks, port-security will kick in and you'll be administratively (automagically) shutdown.

There's very very little anonymity, if any, left on the Internet these days.

And call it what it is -- just because there's a wireless signal, and it happens to reach into your home, doesnt mean you can use it. It's still "theft of services," and tack on some aggravated Theft By Deception, Exceeding Authorized Access, Circumventing a device connected to a Critical Infrastructure, one could even make a stretch argument to identity theft.

I'm all for finding new and fun ways to get around systems.. but break down and buy a router already, eh? :-)

[1] IEEE OUI
[2] 00->ff ^ 3

Profiling Internet Users? (2, Interesting)

drewzhrodague (606182) | more than 7 years ago | (#17341136)

I know that Google analyzes the searches of its users -- for good purposes. I am sure they analyze how their search works, how users use it, and other things about those users. This helps them make a better tool. What I'm worried about is when this information is used to profile users, and identify potential 'terrorists'.

Hackers (0, Flamebait)

necro2607 (771790) | more than 7 years ago | (#17341252)

"In October 2003, police armed with a search warrant showed up and seized his computer (PDF)."

Ouch, this brings back memories of Hackers [imdb.com] . As cheesy as it was, that movie hit close to home because I had gotten in trouble so many times in the past all through my earlier years in school, being banned from a total of four or so different school computer labs (three different schools) by the age of 13... One of the better stories: I was snooping around on the computer's hard drive using Netscape by browsing "file:///", which was apparently "hacking". Curiosity killed the cat, I guess.

Anyway, with all that past experience in mind, based on how amateur this guy seems to be (searching on how to execute his attack *on the target's network*) I can easily imagine how freaked out he was when police showed up at his place and took all his computer hardware.

Of course, I don't really feel bad considering how bad a job he did of covering his tracks and maintaining anonymity and so on.

Re:Hackers (0)

Anonymous Coward | more than 7 years ago | (#17341862)

hahah I got in trouble on some ol windows 3.11 machines when I used Notepad.exe to open up autoexec.bat and remove the last line win.exe so I could use the command line.

The number of things they did to try and prevent access to a computer in school and it still boggles the mind how so many people are still illiterate.

I also find it funny my secret word is teaches.

Re:Hackers (0, Offtopic)

necro2607 (771790) | more than 7 years ago | (#17342410)

One of the best tricks I ever came up with was building my own HyperCard [wikipedia.org] stack to launch whatever program I wanted, after discovering a pretty big bug in the school's "security" software. Our Mac labs had At Ease [wikipedia.org] , and it would only have just a few "educational" programs etc. available to students. However, I found a really big vulnerability - you could take any program and simply change the creator code with ResEdit [wikipedia.org] to match that of any one of the "allowed" programs, and it would then be allowed to run.

So I'd take some various "tools" from the web (At Ease password cracking type stuff, mostly, and of course a copy of Bolo [lgm.com] to play with friends over the LAN while we snuck in during lunch), change the creator codes to match SimpleText or Math Blaster or whatever, and build a HyperCard stack that would launch the programs for me.

It got to the point where I was making "Bolo disks" (for all my friends) which included a copy of the game, some extra maps and a HyperCard launcher stack. I got a reputation as a bigtime hacker among everyone in the school (and I was 11 years old!), which was both good and bad - tons of awesome extracurricular stuff related to computers, but always seen with an eye of caution...

Re:Hackers (1)

necro2607 (771790) | more than 7 years ago | (#17343028)

Offtopic? Lawl, sorry for discussing things on this discussion forum.

Re:Hackers (0)

Anonymous Coward | more than 7 years ago | (#17344204)

Actually this is a comments section for a news article about Google searches being used to convict a disgruntled employee for breaking into his employers' wireless network. Your comments were off-topic.

Re:Hackers (0)

Anonymous Coward | more than 7 years ago | (#17344554)

Seems pretty on-topic since I'm discussing past computer/network hacking when the article is about someone who got arrested for computer/network hacking... I thought sharing personal experience related and very similar to topics discussed in TFA would be pretty on-topic, but apparently that's not the case? ...

Re:Hackers (1)

mandelbr0t (1015855) | more than 7 years ago | (#17341948)

One of the better stories: I was snooping around on the computer's hard drive using Netscape by browsing "file:///", which was apparently "hacking". Curiosity killed the cat, I guess.

Wow, your sysadmin was a real jerk. I actually got caught pirating using the school network (lesson learned: pirating to just anyone is asking for trouble), which got me banned until they found out they needed geeks to operate PageMaker for the yearbook. hahaha :) The librarians just sighed every time I used the computer -- the latest attempts to keep the hackers out inevitably failed.

mandelbr0t

Re:Hackers (1)

necro2607 (771790) | more than 7 years ago | (#17342278)

Yeah, it was actually on a library computer I was on, too, so I was banned from the library's computers... until a couple years later when I was suddenly recruited to help keep the library network running in the school... heh!

Re:Hackers (0)

Anonymous Coward | more than 7 years ago | (#17342582)

That reminds me of the week I was suspended from school for enabling the school's email system. This was the early nineties before email was popular or well known.

A friend of mine 4 years earlier had watched an admin type in their sysop password, "help," into the system. We had a field day those 4 years with the system. We created our own classrooms in the school's database and various other harmless things.

One day in Pascal class we shelled to DOS (using the menu option from Word) and ran the exe for the mail program. I typed a message, "Someone is using the system who is unauthorized." Then I typed a command "send msg1 to all" and I watched in terror as every student, teacher, and administrators name scrolled up the screen.

Stupid me reacted on gut-instinct and pulled the plug on the computer when the command was really running on the server. Even stupider me had not logged in under the sysop account and had instead used my own account to shell to does.

My stomach was in knots the whole night knowing I was in for it. The guidance counselor confronted me about it the next day with a log of messages in her hand with my name on it. Surprisingly though their system time was off by several hours so I told them I wasn't even near a computer at that time and denied it for a few days.

Finally, the principal who was a former FBI agent confronted me and said, "We've got witnesses, blah blah.. vandalism.. or something" and I fessed up. I told him it was an option on my screen to shell to DOS, to which he responded, "You have the option to jump off the roof, does that mean you're going to take it."

To make a long story short I was suspended for 5 days and my parents had to beg them not to involve the police. I was an idiot, but I never meant any harm. I think their biggest concern was that the sum total of the messages had taken up 1.5mb of drive space and had taken someone hours to manually delete all the files.

Suffice it to say I wasn't allowed near a computer the rest of the year and could only use Apple IIE's to compile my code.

Either way, it's funny to think back to now. I wasn't a hacker then nor am I now. A hacker doesn't get caught and knows enough to cover their tracks. At the worst I was an idiot who knew enough to piss off others who knew nothing at all.

Re:Hackers (0)

Anonymous Coward | more than 7 years ago | (#17342678)

Sorry about the typo up there. I meant DOS instead of does. I got a bit excited while typing as I thought the boss was going to sneak up on me and read my life's history.

One thing I forgot to mention is that I became some sort of small legend afterwards. When the students logged on the next day they each had a new email address and some disovered what email was for the first time. The feature had previously been disabled for all the students.

The next year they had 4 new rules in the handbook on computer usage, and people who had ignored me suddenly thought I was somehow more interesting...

But I was no hacker and the fame didn't get me laid... so what good was it?

Transparent Proxy (2, Insightful)

RockoW (883785) | more than 7 years ago | (#17341346)

This kind of proxy is very common on businesses and among other useful stuff they log the HTTP request made by any client in the network. This is the easiest way, noone else is requiered to get the queries just check your own server logs.

Re:Transparent Proxy (1)

The-Ixian (168184) | more than 7 years ago | (#17342372)

Yeah, I suppose in this case that is probably true. But proxies generally only log the URL visited. So queries sent to a web site would only show up if HTTP GET was used AND your particular proxy gathered additional path information from the URL to put into the log (I know that my Squid proxy does not gather such information, it only logs the base URL path). HTTP POSTs probably would not show up at all unless some other mechanism was enabled/added to the proxy.

Google convicts?! (1)

jrm228 (677242) | more than 7 years ago | (#17341354)

Wow - after reading that headline it's clear that corporations are getting more powerful. This conviction brought to you by Google Court Beta.

Perhaps... (2, Funny)

torrentami (853516) | more than 7 years ago | (#17341536)

instead of searching for: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." he should have first searched for: "how to surf anonymously," "how to delete my browser data," and "how to shower without dropping your soap."

Faulty Article Title (5, Insightful)

JasonKChapman (842766) | more than 7 years ago | (#17341830)

Kudos on the post's headline being more accurate than TFA's headline.

The article's headline says: "Google searches nab wireless hacker," but the article actually says:

Wireless hacker pleads guilty when his Google searches are used as evidence against him.

That may seem like simple semantics, but it's actually a pretty big difference.

Forget about the Google... (1, Insightful)

camusflage (65105) | more than 7 years ago | (#17341966)

Am I alone for thinking that 15 months in prison, three years of probation, and $20k in restitution is just a LITTLE high for MAC spoofing to score some free wifi? Even if it was taken to the level of interfering with the signal, 2.4G is unlicensed. As any aspiring hacker should know, a properly configured [amasci.com] microwave will cause wifi (and 2.4G phones and baby monitors) many problems. Unless he was pulling some seriously bad juju, this is Mitnick-esque "damages".

Re:Forget about the Google... (2, Informative)

Anonymous Coward | more than 7 years ago | (#17342184)

He wasn't just looking to score some free wifi, he was actively interfering with his former employer's business operations by DOS'ing customer websites, and knocking customers offline. To me, the sentence is appropriate. In fact, he's lucky to get what he got compared to some of the draconian sentences handed to other hackers in other criminal cases for doing far less than what he did.

Re:Forget about the Google... (1, Redundant)

Shihar (153932) | more than 7 years ago | (#17344128)

He was doing more then getting free wifi. He launched a DOS against his former companies customers. This guy got exactly what he deserved. The moral of the story? Don't break into your former employer's wireless and start locking DOS attacks or else you get thrown in jail. If anything, I think the guy got off light.

How can this be considered evidence? (1)

pclminion (145572) | more than 7 years ago | (#17342324)

In this day and age where anybody can wardrive past your place and do God knows what with your Internet connection (provided your WAP isn't secured), how can simple Google query logs prove ANYTHING? For all we know, this guy had an enemy at work who decided to set him up.

And if he doesn't have a WAP, or it's secured, then it's just as possible that the aforementioned enemy somehow hacked into this guy's computer and sent those queries.

How likely is this to happen? Maybe not that likely, but in this country at least guilt must be proved BEYOND reasonable doubt. I think the ease with which people can compromise your home net connection definitely provides reasonable doubt. In ALL cases.

Even more, the fact that this guy is clearly not "liked" at work just makes it even more plausible that somebody would want to frame him. What are the chances? Low, probably, but is there reasonable doubt? Definitely.

Re:How can this be considered evidence? (1)

sentencieuse (1041954) | more than 7 years ago | (#17342488)

Well... Except for the fact where 1) he pleaded guilty and 2) there were other evidence.

Re:How can this be considered evidence? (3, Insightful)

ScrewMaster (602015) | more than 7 years ago | (#17344268)

True, but the GP's point is still valid ... conviction based solely upon server log entries (or even the use of such logs to intimidate, such as the RIAA has been doing) should simply be unacceptable to a judge. Such information being a part of the fabric of evidence in a larger case is one thing, but it is simply not reliable enough to be depended upon in such important matters.

Courts need to become more technically competent, I think. We're too accustomed to the idea that if data comes from a computer it is implicitly trustworthy, and that's a big problem.

Re:How can this be considered evidence? (1)

jc42 (318812) | more than 7 years ago | (#17345020)

Well, I have heard this sort of thing being used to explain why you should leave your wireless access point wide open. The argument goes that, if you secure it, evidence in packets coming from it can be used against you. But if you don't secure it, those packets could have come from any passerby.

Wasn't this argued here on /. sometime recently? But I'm not sure I want to be a test case.

Grammar, people, grammar (0)

Anonymous Coward | more than 7 years ago | (#17343988)

When I read the title I thought that google search was the one doing the convicting. I was about to say, "Whoa, google has really grown too large if its search engine has legal jurisdiction."

Perhaps "Google Search used to Convict Hacker" would be more appropriate?

Hey, I've done that ... (2, Insightful)

jc42 (318812) | more than 7 years ago | (#17345172)

Court documents say that Schuster ran a Google search over CWWIS' network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." [TFA]

Hmmm ... A few months ago, I did a number of google searches with very similar terms. I was trying to find out how to diagnose and defend against some wireless interference. Not that I learned all that much. I suspect that you need some rather special equipment to locate the source of interference, but I don't know what that equipment might be.

Anyway, I wonder if I could be a suspect now because of those searches?

I have noticed in the past that if you ask questions about security, you're usually treated as if you were a potential security risk, not as someone trying to improve your own security.

Title of Article is wrong. (0)

Anonymous Coward | more than 7 years ago | (#17345250)

Wow, this slashdot article even has the title wrong. As any hacker [wikipedia.org] will tell you, the scumbag who pulled off this exploit was a cracker [wikipedia.org] . I have seen this error committed countless times by clueless newspapers and magazines, but I'm surprised that Slashdot got this wrong.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...