Security Basics mailing list archives

Re: Wireless IP leads to arrest.. (UNCLASSIFIED)

From: "Scott Gorlick" <sgorlick () golighthouse net>
Date: Wed, 10 Oct 2007 08:50:35 -0700

I'm sure someone else pointed this out, but how do they know it was a spoofed IP and a spoofed MAC?  I suppose if they 
had tap points @ every hop from src to dest, then they would have proof... This guys lawyer needs to call me!
Saying that they isolated a wireless IP in a network is like saying that they found a guy in a 2 mile radius that may 
have done it.
Scott

Nic Stevens <nic.stevens () gmail com> 10/9/2007 3:40 PM >>>

How would the ISP know the mac address? I can't see my mac address from
my server located elsewhere. Once I leave home my mac address doesn't
follow.

Chinea, Jose L. Jr. (Contractor) wrote:

Classification:  UNCLASSIFIED 
Caveats: NONE

This one is simple!  The media has no idea what it is talking about!  How
many times do we hear on the media terminology that makes no sense at
all!?!?!?!  More than likely they tracked IP to an ISP and then demanded the
ISP to reliquish the MAC address to username being used at that time (every
ISP has a username and password in order to access their resources).   Also,
if there was a 5 year investigation already going on, they may have already
known of the hacker's location and narrowed down any monitoring to a single
subnet on the ISP's network.  

just a theory.... but this is probably what happened and the media didn't
know how to word it


Luis
Computer Systems Analyst II


 
-----Original Message-----
From: cobrajet [mailto:uby500 () yahoo com] 
Sent: Tuesday, October 09, 2007 3:12 PM
To: security-basics () securityfocus com 
Subject: Re: Wireless IP leads to arrest..


Hi Guys, 

I am sorry for the delay in getting you more info on this (I was traveling).
Here's the story as it appears on the web and for the life of me I can't
fathom what damning electronic evidence they used to arrest this guy? ..or
for that matter what the crime was (a criminal opinion?)

"Type of Investigation: Forgery and Identity Theft; Date and Time: 3/25/06
at 1:00 pm; Location: V/Fredonia; Subject(s): xxxxxxxx, of Rock Hill, SC;
Charges: Forgery 3rd, Identity Theft 3rd; Court: C/Dunkirk; Details of the
Incident: A five-month investigation concluded in the arrest of above
subject.  It is alleged that the above subject opened a yahoo email address
with the name of the victim. The subject then sent a politically charged
editorial letter to the Observer in the name of the victim.  This letter was
published.  An investigation into the opened yahoo profile and the sender of
the letter showed internet addresses that came back to the above subject's
addresses in South Carolina and Fredonia.  The subject was issued appearance
tickets for the above charges and will appear in the C/Dunkirk Court at a
later date.  This incident was investigated by the Chautauqua County
Sheriff's Office by Inv. Lawrence S. Klajbor."


How could they arrest someone using an IP address alone without siezing or
analyzing anything? How could they determine (from many states away) who did
what on a wireless PC network without supporting forensics or misc
investiagting evidence? 

I was curious as to your comments/clarity nbecause this looks very odd to
me.






security-35 wrote:

Maybe it was IP + Mac Address of the Wireless NIC?

Where's the full story (link)?


Eric Marden
xentek: enlightened internet solutions http://xentek.net/ 

On Oct 6, 2007, at 11:03 AM, cobrajet wrote:

How can this be possibile?

A man in WNY was arrested and sentenced to a year in jail over an 
email with the sole piece of evidence being an IP address? (- and a 
wirless IP address at that?! -) How can they determine from an IP 
address who in the house or on a network is actually on the computer?

Can anyone explain this to me?8-O
--
View this message in context: http://www.nabble.com/Wireless-IP- 
leads-to-arrest..-tf4580165.html#a13074514
Sent from the Security Basics mailing list archive at Nabble.com.


--
View this message in context:
http://www.nabble.com/Wireless-IP-leads-to-arrest..-tf4580165.html#a13124923 
Sent from the Security Basics mailing list archive at Nabble.com.
Classification:  UNCLASSIFIED 
Caveats: NONE


-- 
Rock is dead! Long live paper and scissors!

Current thread:

Re: Wireless IP leads to arrest.. (UNCLASSIFIED), (continued)
- - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) gjgowey (Oct 10)
  - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Eric Marden (Oct 10)
    - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Matthew Lee Hinman (Oct 10)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Friend, Jason A Mr CTR USA AMC (Oct 10)
    - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Ansgar -59cobalt- Wiechers (Oct 11)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Craig Wright (Oct 11)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Adams (Oct 12)
    - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Yousef Syed (Oct 15)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Craig Wright (Oct 11)
  - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Breno Brand Fernandes (Oct 10)
  - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Scott Gorlick (Oct 10)
- Re: Wireless IP leads to arrest.. Eric Marden (Oct 09)
  - Re: Wireless IP leads to arrest.. gjgowey (Oct 10)
- Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Tremaine Lea (Oct 10)
- Re: Wireless IP leads to arrest.. (UNCLASSIFIED) p1g (Oct 12)
- RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Chinea, Jose L. Jr. (Contractor) (Oct 10)
  - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) Nic Stevens (Oct 11)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) David Gillett (Oct 11)
    - Re: Wireless IP leads to arrest.. (UNCLASSIFIED) jam (Oct 11)
    - RE: Wireless IP leads to arrest.. (UNCLASSIFIED) Craig Wright (Oct 11)