On Sat, 29 Nov 2003, Major Variola (ret) wrote:
Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said.
My guess that there was some sort of application (maybe an internally
At 11:12 AM 11/28/03 -0600, Neil Johnson wrote: based IM
client) that "phoned home" when the thief started up the computer.
Conventionally, only the NIC's MAC is supposed to be unique. Nowadays there are other IDs including disk-drive serial numbers, motherboard SNs, OS SN's, etc. None of these are supposed to be sent upstream, and the NIC MAC ends at the first router. And of course doens't exist if Krastof used a modem. So yeah, a "phone home" app sounds likely ---even
an *unintentional* one, like one that automatically checks a "home server" for updates, corporate news, etc. Then you merely snag the IP, find it comes from AOL (rather than your internal network) who looks up who occupied that address at that time. Krastof probably used his meatspace info, subpeona, no-knock, game over.
The theif was using the accounts he found on the stolen computer, and was traced by CID. -- Yours, J.A. Terranson sysadmin@mfn.org Father, you are a great and mighty God. Help our governments to remember the lessons of our history and to appreciate the purpose of your son Jesus. Teach our representatives not to be so arrogant as to speak in one way, but doing another, for surely this not the way of truth. Help us to understand that your will is not death but life, not the darkness of hatred but the light of friendship in Christ. In the name of Jesus we pray. Amen. Merle Harton, Jr.