Information Security News mailing list archives
Re: Police arrest man in bank PC theft (2 messages)
From: InfoSec News <isn () c4i org>
Date: Tue, 2 Dec 2003 02:51:50 -0600 (CST)
Forwarded from: Steve W. Manzuik <steve () entrenchtech com> Interesting. MAC address perhaps (if it was broadband). What about the CPU S/N did software not surface a while back to allow you to query the value over an IP network? You would think that a bank would have some sort of "phone home" software on their higher risk PCs but I have personally never seen this used in any bank I have worked with. Most people who have the brains to steal a PC do not possess the brains to properly sanitize the box before using it -- that is why they are left stealing things in the first place.. Speaking of which -- anyone want to buy a PC? hehe, joking. ;-) -Steve -=- Forwarded from: Eric Hacker <isn () erichacker com>
Forwarded from: Times Enemy <times () krr org> greetings. It's a rather dull story, but there is one paragraph which is rather interesting, for those paranoid freaks in the crowd. Namely: "Investigators traced the computer to Krastof when he logged onto his America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said." Think about that please, for a moment. The only non-paranoid thoughts i can have is the computer had some sort of software on it which pulled an E.T. call home manuever, or acted as a beacon. Perhaps a vpn application fired up on startup, or maybe the e-mail client auto-started and tried logging in. Other than a few variations of this though, all i can think of is AOL has some sort of method for identifying each software installation. It could be as simple as a cookie, sure, but even that is perhaps ... icky.
I agree that it was very curious on how he was tracked down. It turns out that the reporter was just technologically challenged. A better description is here: http://www.siliconvalley.com/mld/siliconvalley/7362537.htm White of the Concord police said Krastof was arrested after he allegedly logged on to America Online from his home on one of the stolen computers, using the computer owner's AOL account. Authorities issued a search warrant to AOL to find the phone line used to access the account.
Schmuck deserved to get caught.
This would make a good dumb thief story, except that most people would probably not get it. At least now we can turn down the paranoia a little bit. Eric Hacker - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Re: Police arrest man in bank PC theft (2 messages) InfoSec News (Dec 02)