Re: Wireless IP leads to arrest.. (UNCLASSIFIED)

[p1g <killfactory () gmail com>]

Alot of speculation.

Do we know if the authorities had a warrant?

Did the WAP belong to the provider or a home/business?

IF a warrant or simple cooperation of the WAP owner, the possibilities
of how they traced it back, are endless.

Maybe he had to register with a NAC system?(hotel/coffee shop wifi)

Maybe it was a public wifi that was being monitored?(Cisco wireless
lan would have logged alot. MAC to IP fo sho.)

Someting as simple as a netflow sensor might pick up a username? Maybe
this guy had a pop3 client polling every couple of minutes and it was
logged? Maybe that username was attached to a cable subscriber
account?

With an IP address you can trace to the block owner. They block owner
will know where the IP was allocated. IF being monitor or logged, alot
can be determine with some packet/data mining.


We could speculate all day,

On 10/9/07, Chinea, Jose L. Jr. (Contractor) <luis.chinea () us army mil> wrote:
> Classification:  UNCLASSIFIED
> Caveats: NONE
>
> This one is simple!  The media has no idea what it is talking about!  How
> many times do we hear on the media terminology that makes no sense at
> all!?!?!?!  More than likely they tracked IP to an ISP and then demanded the
> ISP to reliquish the MAC address to username being used at that time (every
> ISP has a username and password in order to access their resources).   Also,
> if there was a 5 year investigation already going on, they may have already
> known of the hacker's location and narrowed down any monitoring to a single
> subnet on the ISP's network.
>
> just a theory.... but this is probably what happened and the media didn't
> know how to word it
>
>
> Luis
> Computer Systems Analyst II
>
>
>
> -----Original Message-----
> From: cobrajet [mailto:uby500 () yahoo com]
> Sent: Tuesday, October 09, 2007 3:12 PM
> To: security-basics () securityfocus com
> Subject: Re: Wireless IP leads to arrest..
>
>
> Hi Guys,
>
> I am sorry for the delay in getting you more info on this (I was traveling).
> Here's the story as it appears on the web and for the life of me I can't
> fathom what damning electronic evidence they used to arrest this guy? ..or
> for that matter what the crime was (a criminal opinion?)
>
> "Type of Investigation: Forgery and Identity Theft; Date and Time: 3/25/06
> at 1:00 pm; Location: V/Fredonia; Subject(s): xxxxxxxx, of Rock Hill, SC;
> Charges: Forgery 3rd, Identity Theft 3rd; Court: C/Dunkirk; Details of the
> Incident: A five-month investigation concluded in the arrest of above
> subject.  It is alleged that the above subject opened a yahoo email address
> with the name of the victim. The subject then sent a politically charged
> editorial letter to the Observer in the name of the victim.  This letter was
> published.  An investigation into the opened yahoo profile and the sender of
> the letter showed internet addresses that came back to the above subject's
> addresses in South Carolina and Fredonia.  The subject was issued appearance
> tickets for the above charges and will appear in the C/Dunkirk Court at a
> later date.  This incident was investigated by the Chautauqua County
> Sheriff's Office by Inv. Lawrence S. Klajbor."
>
>
> How could they arrest someone using an IP address alone without siezing or
> analyzing anything? How could they determine (from many states away) who did
> what on a wireless PC network without supporting forensics or misc
> investiagting evidence?
>
> I was curious as to your comments/clarity nbecause this looks very odd to
> me.
>
>
>
>
>
>
> security-35 wrote:
> > Maybe it was IP + Mac Address of the Wireless NIC?
> >
> > Where's the full story (link)?
> >
> >
> > Eric Marden
> > xentek: enlightened internet solutions http://xentek.net/
> >
> > On Oct 6, 2007, at 11:03 AM, cobrajet wrote:
> >
> > > How can this be possibile?
> > >
> > > A man in WNY was arrested and sentenced to a year in jail over an
> > > email with the sole piece of evidence being an IP address? (- and a
> > > wirless IP address at that?! -) How can they determine from an IP
> > > address who in the house or on a network is actually on the computer?
> > >
> > > Can anyone explain this to me?8-O
> > > --
> > > View this message in context: http://www.nabble.com/Wireless-IP-
> > > leads-to-arrest..-tf4580165.html#a13074514
> > > Sent from the Security Basics mailing list archive at Nabble.com.
>
> --
> View this message in context:
> http://www.nabble.com/Wireless-IP-leads-to-arrest..-tf4580165.html#a13124923
> Sent from the Security Basics mailing list archive at Nabble.com.
> Classification:  UNCLASSIFIED
> Caveats: NONE


-- 
-p1g
SnortCP
  ,,__
o"     )~  oink oink
   ' ' ' '

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke