Now how they do that ?

Fri Nov 28 16:07:05 PST 2003

Apparently the Yahoo (Reuters) story got it wrong. According to two 
other articles I read, he logged into the AOL account that was 
configured on the machine that he stole, not his *own* account. No 
"phone home" software, no MAC addresses, and no serial numbers in the 
CPU were used to find the machine.

Of course, the more important question: If the computer had such 
sensitive data on it, why would it ever be granted network access?

http://www.timesheraldonline.com/articles/2003/11/27/news/news05.txt
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/11/27/MNGUO3BN101.DTL

...
Investigators knew where to look for the gear not because of unusually 
intrepid sleuthing but because Krastof allegedly used the computer to 
log on to an AOL account belonging to the system's owner, Peter Gascoyne.

This allowed authorities to eventually trace the call back to Krastof's 
residence, said the Police Department's White, who acknowledged that 
cracking the case was, as much as anything, a matter of pure luck.

Jun at Cryptography Research said most people don't realize that they 
announce their presence and leave an electronic trail any time they go 
online.

"Using a stolen computer to log onto the Net is like taking a stolen 
credit card (and) buying gas for all your friends at a single service 
station, " he said. "It's pretty easy to get caught."

White said investigators had asked AOL as a routine precaution to watch 
for any log-ons in Gascoyne's name. He said the world's biggest online 
service had reported a hit earlier this month but then dragged its feet 
in providing information about the phone line used in the connection.

White said telecom giant SBC, in turn, had not been very helpful in 
offering information about the location of the residence where the AOL 
dial-up originated. SBC and AOL privacy policies both say information 
can be shared with law-enforcement officials.

"We ended up taking a while with search warrants," White said. "Part of 
the difficulty was the lack of cooperation among various entities."

AOL did not return calls seeking comment. An SBC spokesman said company 
officials had fulfilled investigators' requests the same day they were 
asked.

Once all the pieces were in place, though, White said, authorities 
arrived at Krastof's home around 7 p.m. Tuesday and were let in by his 
girlfriend.
...

- Eric Tully

Neil Johnson wrote:

>From:
>
>http://story.news.yahoo.com/news?tmpl=story&cid=581&e=3&u=/nm/20031126/tc_nm/financial_wellsfargo_theft_dc
>
>SAN FRANCISCO (Reuters) - Police have arrested a California man in connection 
>to a burglary in which a computer with sensitive information about Wells 
>Fargo & Co. (NYSE:WFC - news) customers was stolen, officials said on 
>Wednesday. 
>
>(snip)
>
>Investigators traced the computer to Krastof when he logged onto his own 
>America Online account at home through one of the stolen computers, White 
>said. That enabled authorities to connect the computer's Internet Protocol 
>address, a number that identifies a computer on the Internet, to Krastof's 
>home address through his AOL account, White said. 
>
>(snip)
>
>My guess that there was some sort of application (maybe an internally based IM 
>client) that "phoned home" when the thief started up the computer.
>
>Or at least I hope ....