Now how they do that ?

[J.A. Terranson]

On Sat, 29 Nov 2003, Major Variola (ret) wrote:

> At 11:12 AM 11/28/03 -0600, Neil Johnson wrote:
> >Investigators traced the computer to Krastof when he logged onto his
> own
> >America Online account at home through one of the stolen computers,
> White
> >said. That enabled authorities to connect the computer's Internet
> Protocol
> >address, a number that identifies a computer on the Internet, to
> Krastof's
> >home address through his AOL account, White said.
> >
> >My guess that there was some sort of application (maybe an internally
> based IM
> >client) that "phoned home" when the thief started up the computer.
> 
> Conventionally, only the NIC's MAC is supposed to be unique.  Nowadays
> there are other IDs including disk-drive serial numbers, motherboard
> SNs, OS SN's, etc.  None of these are supposed to be sent upstream,
> and the NIC MAC ends at the first router.  And of course doens't exist
> if
> Krastof used a modem.  So yeah, a "phone home" app sounds likely ---even
> 
> an *unintentional* one, like one that automatically checks a "home
> server" for
> updates, corporate news, etc.  Then you merely snag the IP, find it
> comes from
> AOL (rather than your internal network) who looks up who occupied that
> address
> at that time.  Krastof probably used his meatspace info, subpeona,
> no-knock, game over.

The theif was using the accounts he found on the stolen computer, and was
traced by CID.


-- 
Yours, 
J.A. Terranson
sysadmin at mfn.org

Father, you are a great and mighty God. Help our governments to remember the
lessons of our history and to appreciate the purpose of your son Jesus. Teach
our representatives not to be so arrogant as to speak in one way, but doing
another, for surely this not the way of truth. Help us to understand that
your will is not death but life, not the darkness of hatred but the light of
friendship in Christ. In the name of Jesus we pray. Amen.

Merle Harton, Jr.