Now how they do that ?
Major Variola (ret)
mv at cdc.gov
Sat Nov 29 11:22:50 PST 2003
At 11:12 AM 11/28/03 -0600, Neil Johnson wrote:
>Investigators traced the computer to Krastof when he logged onto his
own
>America Online account at home through one of the stolen computers,
White
>said. That enabled authorities to connect the computer's Internet
Protocol
>address, a number that identifies a computer on the Internet, to
Krastof's
>home address through his AOL account, White said.
>
>My guess that there was some sort of application (maybe an internally
based IM
>client) that "phoned home" when the thief started up the computer.
Conventionally, only the NIC's MAC is supposed to be unique. Nowadays
there are other IDs including disk-drive serial numbers, motherboard
SNs, OS SN's, etc. None of these are supposed to be sent upstream,
and the NIC MAC ends at the first router. And of course doens't exist
if
Krastof used a modem. So yeah, a "phone home" app sounds likely ---even
an *unintentional* one, like one that automatically checks a "home
server" for
updates, corporate news, etc. Then you merely snag the IP, find it
comes from
AOL (rather than your internal network) who looks up who occupied that
address
at that time. Krastof probably used his meatspace info, subpeona,
no-knock, game over.
More information about the cypherpunks-legacy
mailing list