View Full Version : Tracing a stolen computer!

11-28-2003, 02:48 PM
Wells Fargo had some computers stolen. One of the computers was used on a personal AOL account and was traced to the user. The question was how they did it.

California Police Arrest Man in Bank PC Theft (http://story.news.yahoo.com/news?tmpl=story&cid=581&e=3&u=/nm/20031126/tc_nm/financial_wellsfargo_theft_dc)

The question is what was used. Did Wells Fargo install one of these "call home" software packages, or was there something that gave the clue?

11-28-2003, 04:54 PM
The computer had a static IP address. One benefit of not using DHCP!

Pretty idiotic to not change that... oh wait, the guys was a thief, that explains it!

11-28-2003, 06:08 PM
I don't get it? Why would AOL recognize a static IP on a client machine? Doesn't AOL, like most "ISPs (assuming you consider AOL to be an ISP) assign IPs when logging in?

11-28-2003, 06:15 PM
Yeah, they probably do. But the client computer has to be configured for dynamic IP addresses. If you connected to AOL with a computer configured with a static IP address, AOL would start to see packets originating on their network with a source address outside their assigned address space(s), which should send up some flags in their network control centers.

11-28-2003, 06:16 PM
The computer most likely had a hidden "call home" program on the hard drive. When the computer connected to the Internet, the security software called home, they got the I.P. address and traced it to the user.

11-28-2003, 07:11 PM
Most networks wouldn't have allowed the computer to connect to the Internet and would have been blocked at the router as an invalid IP address.

I still fee that it is the "call home" program and then traced the dynamic AOL address to a location. If dial-up then the phone number.

11-28-2003, 07:17 PM
Sure, it would have been blocked at the router. I never said the packet would have made it out to the world. It is the router that detected and blocked that packet that should have reported the invalid source address to the mothership.

11-28-2003, 09:42 PM
Static IP it's not. A static IP that was set in another companys network wont even connect to AOL, it might have flaged at the ISP's router but they get many hits a day and dont follow it up unless they spam the router. They were assigned an IP via there ISP. A product such as www.computrace.com (http://www.computrace.com) connected via IP network and sent secrect pings to the computrace command centre. Companies that use such software have realtime reporting at there own office to catch the person or Computrace will chase them down for a fee. They trace them by the new IP assigned by the ISP or the dialup number if they connected via modem. Most smart big corp companies use this type of software.

Fun stuff,

11-28-2003, 10:02 PM
</font><blockquote><font class="small">In reply to:</font><hr />
The computer most likely had a hidden "call home" program

[/ QUOTE ]
This is what makes sense to me. I am not an IP expert, by a long shot, but wanted to challenge what I think has been incorrectly reported. No too much a stretch for the popular press.

Maybe they asked Dave Chalk to be their technical consultant. (Wow I haven't taken a swipe a Dave for a while. I guess I have latent issues! /forums/images/graemlins/smirk.gif )

11-28-2003, 11:13 PM
I don't doubt that it was something like Computrace. I was mearly pointing out how it could also have been traced by a static IP address.

As for not connecting to AOL, I don't know what AOL's access technology is, but if you plug a machine with a static IP into a network, and that machine starts sending packets, those packets are going to be sent. They will be on the wire. They won't get routed anywhere, but they will be on the local network.