Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said.
My guess that there was some sort of application (maybe an internally
At 11:12 AM 11/28/03 -0600, Neil Johnson wrote: based IM
client) that "phoned home" when the thief started up the computer.
Conventionally, only the NIC's MAC is supposed to be unique. Nowadays there are other IDs including disk-drive serial numbers, motherboard SNs, OS SN's, etc. None of these are supposed to be sent upstream, and the NIC MAC ends at the first router. And of course doens't exist if Krastof used a modem. So yeah, a "phone home" app sounds likely ---even an *unintentional* one, like one that automatically checks a "home server" for updates, corporate news, etc. Then you merely snag the IP, find it comes from AOL (rather than your internal network) who looks up who occupied that address at that time. Krastof probably used his meatspace info, subpeona, no-knock, game over.