Re: Tracing computers via AOL?

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 11/27/03


Date: Thu, 27 Nov 2003 16:09:52 -0000


"Leythos" <void@nowhere.com> wrote in message
news:MPG.1a2fcec970f83a3c989e8f@news-server.columbus.rr.com...
> In article <Fjnxb.23907$Wy4.18612@newsread2.news.atl.earthlink.net>,
> dkelloway@commodon.com says...
> > It's early and I haven't had my coffee yet, but I though this would be
> > an interesting subject I'd like to discuss.
> >
> > The other day I read about a theft of a laptop from Wells Fargo that
> > contained sensitive information. This morning I read a follow-up that
> > stated the individual involved was arrested after investigators were
> > able to locate the computer after the individual signed onto AOL. Now
> > here's the paragraph that caused me to stop and think. How?
> >
> > "Investigators traced the computer to Krastof when he logged onto his
> > own America Online account at home through one of the stolen computers,
> > White said. That enabled authorities to connect the computer's Internet
> > Protocol address, a number that identifies a computer on the Internet,
> > to Krastof's home address through his AOL account, White said."
> >
> > Hmmm? Is there something missing from that paragraph? Yes. We know IP
> > addresses are unique and yes we know ISP records will allocation, etc.
> > But how did investigators know to look for this specific computer
> > amongst the tens of millions that sign onto AOL every day? And even
> > then what was so identifiable about this specific computer once it
> > established an connection to AOL? The only methods that come to mind
> > (note: still drinking first cup) of identifying the computer amongst any
> > other would be if:
> >
> > A. There was some sort of 'phone home' utility installed, or
> >
> > B. The individual tried to sign on with the user account of the owner of
> > the laptop, thus identifying himself to AOL.
> >
> > Any other ideas?
>
> The MAC address of the network card is unique - if he connected to the
> IPS they would know the MAC address.

My guess would be the "phone home" approach - get a notification, read the
IP, hit WHOIS, then get onto the ISP.

Either specific software (my guess, and something about which Wells Fargo
would be understandably twitchy about providing details) or something
"silly" like an auto-running IM client.

MAC addresses are not preserved across intelligent devices, e.g. routers.

-- 
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!