Re: Police arrest man in bank PC theft (2 messages)

[InfoSec News <isn () c4i org>]

Forwarded from: Steve W. Manzuik <steve () entrenchtech com>

Interesting.  MAC address perhaps (if it was broadband).  What about
the CPU S/N did software not surface a while back to allow you to
query the value over an IP network?
 
You would think that a bank would have some sort of "phone home"  
software on their higher risk PCs but I have personally never seen
this used in any bank I have worked with.  Most people who have the
brains to steal a PC do not possess the brains to properly sanitize
the box before using it -- that is why they are left stealing things
in the first place..
 
Speaking of which -- anyone want to buy a PC?  hehe, joking.  ;-)
 
-Steve


-=-


Forwarded from: Eric Hacker <isn () erichacker com>

> Forwarded from: Times Enemy <times () krr org>
>
> greetings.
>
> It's a rather dull story, but there is one paragraph which is rather
> interesting, for those paranoid freaks in the crowd.  Namely:
>
> "Investigators traced the computer to Krastof when he logged onto
> his America Online account at home through one of the stolen
> computers, White said. That enabled authorities to connect the
> computer's Internet Protocol address, a number that identifies a
> computer on the Internet, to Krastof's home address through his AOL
> account, White said."
>
> Think about that please, for a moment.  The only non-paranoid
> thoughts i can have is the computer had some sort of software on it
> which pulled an E.T. call home manuever, or acted as a beacon.  
> Perhaps a vpn application fired up on startup, or maybe the e-mail
> client auto-started and tried logging in.  Other than a few
> variations of this though, all i can think of is AOL has some sort
> of method for identifying each software installation.  It could be
> as simple as a cookie, sure, but even that is perhaps ... icky.

I agree that it was very curious on how he was tracked down. It turns
out that the reporter was just technologically challenged. A better
description is here:

http://www.siliconvalley.com/mld/siliconvalley/7362537.htm

White of the Concord police said Krastof was arrested after he
allegedly logged on to America Online from his home on one of the
stolen computers, using the computer owner's AOL account. Authorities
issued a search warrant to AOL to find the phone line used to access
the account.

> Schmuck deserved to get caught.

This would make a good dumb thief story, except that most people would
probably not get it. At least now we can turn down the paranoia a
little bit.

Eric Hacker



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.