Now how they do that ?
Eric Tully
eric at tully.com
Fri Nov 28 16:07:05 PST 2003
Apparently the Yahoo (Reuters) story got it wrong. According to two
other articles I read, he logged into the AOL account that was
configured on the machine that he stole, not his *own* account. No
"phone home" software, no MAC addresses, and no serial numbers in the
CPU were used to find the machine.
Of course, the more important question: If the computer had such
sensitive data on it, why would it ever be granted network access?
http://www.timesheraldonline.com/articles/2003/11/27/news/news05.txt
http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/11/27/MNGUO3BN101.DTL
...
Investigators knew where to look for the gear not because of unusually
intrepid sleuthing but because Krastof allegedly used the computer to
log on to an AOL account belonging to the system's owner, Peter Gascoyne.
This allowed authorities to eventually trace the call back to Krastof's
residence, said the Police Department's White, who acknowledged that
cracking the case was, as much as anything, a matter of pure luck.
Jun at Cryptography Research said most people don't realize that they
announce their presence and leave an electronic trail any time they go
online.
"Using a stolen computer to log onto the Net is like taking a stolen
credit card (and) buying gas for all your friends at a single service
station, " he said. "It's pretty easy to get caught."
White said investigators had asked AOL as a routine precaution to watch
for any log-ons in Gascoyne's name. He said the world's biggest online
service had reported a hit earlier this month but then dragged its feet
in providing information about the phone line used in the connection.
White said telecom giant SBC, in turn, had not been very helpful in
offering information about the location of the residence where the AOL
dial-up originated. SBC and AOL privacy policies both say information
can be shared with law-enforcement officials.
"We ended up taking a while with search warrants," White said. "Part of
the difficulty was the lack of cooperation among various entities."
AOL did not return calls seeking comment. An SBC spokesman said company
officials had fulfilled investigators' requests the same day they were
asked.
Once all the pieces were in place, though, White said, authorities
arrived at Krastof's home around 7 p.m. Tuesday and were let in by his
girlfriend.
...
- Eric Tully
Neil Johnson wrote:
>From:
>
>http://story.news.yahoo.com/news?tmpl=story&cid=581&e=3&u=/nm/20031126/tc_nm/financial_wellsfargo_theft_dc
>
>SAN FRANCISCO (Reuters) - Police have arrested a California man in connection
>to a burglary in which a computer with sensitive information about Wells
>Fargo & Co. (NYSE:WFC - news) customers was stolen, officials said on
>Wednesday.
>
>(snip)
>
>Investigators traced the computer to Krastof when he logged onto his own
>America Online account at home through one of the stolen computers, White
>said. That enabled authorities to connect the computer's Internet Protocol
>address, a number that identifies a computer on the Internet, to Krastof's
>home address through his AOL account, White said.
>
>(snip)
>
>My guess that there was some sort of application (maybe an internally based IM
>client) that "phoned home" when the thief started up the computer.
>
>Or at least I hope ....
More information about the Testlist
mailing list