Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Google Search Convicts Hacker

Posted by Zonk on Fri Dec 22, 2006 02:01 PM
from the scroooooood dept.
Businesses Google Government The Courts The Internet News
An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Google Search Convicts Hacker 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • AOL (Score:5, Funny)

    by celardore (844933) * <celardore@gmail.com> on Friday December 22 2006, @02:08PM (#17340786) Homepage
    Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive. (Microsoft, on the other hand, told us that it has never received such queries for MSN Search, and AOL says it could not provide the information if asked.)

    No, they'll just give it all away anyway.

  • Well... (Score:5, Insightful)

    by Quixote (154172) * on Friday December 22 2006, @02:12PM (#17340862) Homepage Journal
    when Yahoo does something like this [csmonitor.com], they are teh Evil!!!!11!!one!

    But when Google does it, it can only be for the common good, right? A malicious Hax0r gets put away??

    • Re:Well... (Score:5, Funny)

      by spun (1352) <loverevolutionary@noSPAM.yahoo.com> on Friday December 22 2006, @02:32PM (#17341186) Journal
      Yes! You get it. Now you are one of us. (chanting) One of us! One of us!

    • Re: (Score:2, Informative)

      by A682 (1032020)
      The difference is that yes, in this case, a malicious "hax0r" does get put away... but in Yahoo!'s case, they did the same to a journalist who desires freedom in an oppressive communist state. They're two different things.

      Even so, I don't think Google was the source of the search terms- they have adamantly stood their ground against such practices in the past. I just don't see them taking a 180 and just giving the FBI search terms like that.

  • From their privacy policy: (Score:5, Informative)

    by GPLDAN (732269) on Friday December 22 2006, @02:12PM (#17340876)
    Let's look at Google's privacy policy, shall we?

    Information sharing

    Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:
    * We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
    * We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
    * We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.


    That's a pretty broad policy. *ANY* applicable law, regulation, legal process or enforeable governmental request. That leaves the door pretty wide open for the Chinese government to start asking for the query strings of their citizens to me.

    I think the answer is clear, if you need to see webpages and want NO trace of you - you have to compromise a machine, surf via a proxy you set up in it, and then timebomb the drive to wipe itself after you are done. And even then you may get caught, if there are firewall logs.

    Let's look at a leading company [proxify.com]that does web proxy policy:

    DISCLOSURE
    All use of our site is confidential. We disclose user information only as provided for herein and when we believe that the law requires it, or when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with Proxify's rights or property.

    In the event of an assignment, sale, joint venture, or other transfer or disposition of some or all of the assets of Proxify, you agree that we can accordingly assign, sell, license or transfer any information that our users have provided to us. Please note, however, that the purchasing party cannot use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy without your prior consent.


    That pretty much says: hey, we have your web surfing logs and we'll give em up if we have to. We don't want to, and we'll destroy logs after 30 days (it says that elsewhere in the policy) but dammit, if they bend us over and lube us up - we're gonna damn well hand it over rather than taking one for the team, so to speak.

    • We disclose user information only as provided for herein and when we believe that the law requires it, or when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with Proxify's rights or property.

      But we don't want google disclosing our information based on what they believe. That's up to law enforcement. If law enforcement believes a crime has been committed let them get a warrant and subpoena google for the information.
      • I seem to recall that there is a legal obligation to report certain classes of suspicious activity if they become aware of it -- notably, child pornography. They may not be obligated to actively search for it, but if they spot indications that a user is involved in that while analyzing their logs...

    • If someone is charged in one country for what is done with servers located in another country, it stands to reason they're liable for what they did in the origin country. International treaties specify information sharing between various security and police forces, so any company has to comply with such requests. If a country signs up to an international treaty, then the people and businesses in that country have to abide as best they can.

      Think about it -- sysadmins and servers are scattered around the

    • That leaves the door pretty wide open for the Chinese government to start asking for the query strings of their citizens to me.


      Why are you even bringing the Chinese government into this? Replace "Chinese" with "American" and it still means the same thing.
  • I wonder: Is there a way to conceal IP addresses and MAC addresses? What about slashdot? Are we being monitored? You see, I have posted what has been regarded as "flambait" a number of times.
    • ... And what's one more? ;p

      But seriously. No way to hide IP addresses from the server. Unless you want to terminate your connection. Then you can hide all day. And get nowhere fast.

      This guy who got caught.. well, in short, he sucked. Good hackers don't get caught.

      Besides, I would say calling him a hacker does a disservice to the name. He was much closer to a script kiddie IMHO.

      TLF
      • I suppose that you could install a leapfrog program on another machine and route your traffic through their machine, thus disguising your IP.

        Though when they see the leapfrog pointing back to your machine, the gig's pretty much up...

        • Re:Is there a way... (Score:5, Insightful)

          by The Living Fractal (162153) <execyte&execyte,com> on Friday December 22 2006, @02:46PM (#17341406) Homepage
          There are numerous ways to make yourself anonymous, however, they are for another discussion. Which is why I just suffice to say this guy is a piss-poor hacker.

          He didn't even try. He was just a disgruntled IT worker. Instead of using a machine gun to mow people down he wanted to use a transmitter to mow packets down. In this day and age people take that very seriously. So he's going to jail for 15 months. End of story.

          TLF

          • Re: (Score:2, Interesting)

            by markwalling (863035)
            after reading rfc 2549, i belive that anyone could spoof their ip or mac address very easily. trusted networks do not shit on your car

      • Re: (Score:3, Informative)

        by troll -1 (956834)
        But seriously. No way to hide IP addresses from the server.

        Just use an anonymous proxy like tor. [eff.org]

    • Re: (Score:2, Informative)

      by drpimp (900837)
      Yeah it's called spoofing. MACs are easy, as this was one of the things the guy in the article was doing. I myself did the same thing back in college for WiFi in certain buildings. I simple packet sniffing can yield some great things. IP spoofing is likely to be done, but good luck on getting a response from your target, at least with out some other tricky means.
  • Yet another reason to create a web user, copy in your bookmarks, do your online reading and can that user!

  • Another story of not being smart(tm) (Score:3, Informative)

    by junglee_iitk (651040) on Friday December 22 2006, @02:15PM (#17340904)
    I am no hacker and I do use google for many searches that I would not like to be a public information. Let us come clean, how many of us have not searched for a mp3 we liked a lot, or p0rn, or how to bypass company firewall?

    The first thing he should have done is to delete Cache, browse anonymously, and FOR GOD'S SAKE, not be logged into google (which is integrated everywhere), or delete search history, or delete all cookies!

    I know because I have suffered from this kind of stupidity, and in the end, I was unable to blame anyone.

    • Actually... (Score:3, Insightful)

      by Anonymous Coward
      Actually, the first thing he should have done was to stop using his former employer's wireless network by appropriating its other customers MAC addresses to gain illegal access. The second thing he should have done was to not launch DOS attacks against said customers' websites. That automatically raised damages to above $5000 which led to the FBI getting involved. Once that happened, he was screwed.
  • > That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie.

    ...or by simply getting a judge to approve the running of a query against a database consisting of all traffic to/from the routers that constitute the edges of Google's network, without confirming or denying the existence of such a database.

  • Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'

    Or your Google Account search history if you remained logged in after you use GMail (or any of their other services).

  • MAC Address Filtering... (Score:5, Insightful)

    by e4g4 (533831) on Friday December 22 2006, @02:26PM (#17341100)
    ...is not a bloody security feature. This is why people who actually want to secure a wireless network use some combination of Radius and VPNs...
    • This is why people who actually want to secure a wireless network use some combination of Radius and VPNs...

      That's also one way to maintain an open network for casual surfers without compromising your home/business network. Put the wireless net on the Internet side of a firewall. Only VPN users get to cross the firewall and play on the company Intranet.

      -b.

  • How to not get caught (Score:5, Informative)

    by troll -1 (956834) on Friday December 22 2006, @02:27PM (#17341104)
    The Linksys router Schuster used at his home and its MAC address proved that he was accessing the CWWIS wireless network.

    Sounds like the MAC address was tied to his name somewhere and this was the evidence the FBI used to obtain the warrant. After that, everything was revealed by the contents of his computer.

    If you purchase a network card online with a credit card it's possible that the FBI can trace the MAC address of that card back to you, providing the seller keeps records. If you're a linux user you can change your MAC address with,

    ifconfig ethX hw ether xx:xx:xx:xx:xx:xx

    As long as you don't pass traceable information (like logging onto a traceable email account) and you use an anonymous proxy like tor [eff.org] as extra protection, it's pretty difficult to trace you. It's possible, of course, to locate you physically by triangulating your radio signals but this requires a bit more effort.

    The above is provided for educational purposes only. I do not advocate breaking the law.
    • Indeed, you can change the NIC's MAC address on your OS X machine as well (from here [wikipedia.org]):

      Under Mac OS X, the MAC address can be altered in a fashion similar to the Linux and FreeBSD methods:
      ifconfig en0 lladdr 02:01:02:03:04:05
      or
      ifconfig en0 ether 02:01:02:03:04:05

      If you're really concerned you can also just permanently modify the MAC address [sdadapters.com] by editing data on the NIC's EEPROM. :)

    • Re: (Score:2, Interesting)

      by wikes82 (940042)
      Interesting, Now I can use skype to make 100% anonymous phone call All I gotta do just change my MAC addr then find a good wi-fi spot, then register a new skype account. Only 9 days left for the FREE skype phone call to US.

  • Profiling Internet Users? (Score:3, Interesting)

    by drewzhrodague (606182) <drew@@@zhrodague...net> on Friday December 22 2006, @02:29PM (#17341136) Homepage Journal
    I know that Google analyzes the searches of its users -- for good purposes. I am sure they analyze how their search works, how users use it, and other things about those users. This helps them make a better tool. What I'm worried about is when this information is used to profile users, and identify potential 'terrorists'.
  • This kind of proxy is very common on businesses and among other useful stuff they log the HTTP request made by any client in the network. This is the easiest way, noone else is requiered to get the queries just check your own server logs.
  • instead of searching for: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." he should have first searched for: "how to surf anonymously," "how to delete my browser data," and "how to shower without dropping your soap."

  • Faulty Article Title (Score:5, Insightful)

    by JasonKChapman (842766) on Friday December 22 2006, @03:16PM (#17341830) Homepage

    Kudos on the post's headline being more accurate than TFA's headline.

    The article's headline says: "Google searches nab wireless hacker," but the article actually says:

    Wireless hacker pleads guilty when his Google searches are used as evidence against him.

    That may seem like simple semantics, but it's actually a pretty big difference.

  • Am I alone for thinking that 15 months in prison, three years of probation, and $20k in restitution is just a LITTLE high for MAC spoofing to score some free wifi? Even if it was taken to the level of interfering with the signal, 2.4G is unlicensed. As any aspiring hacker should know, a properly configured [amasci.com] microwave will cause wifi (and 2.4G phones and baby monitors) many problems. Unless he was pulling some seriously bad juju, this is Mitnick-esque "damages".

    • Re: (Score:2, Informative)

      by Anonymous Coward
      He wasn't just looking to score some free wifi, he was actively interfering with his former employer's business operations by DOS'ing customer websites, and knocking customers offline. To me, the sentence is appropriate. In fact, he's lucky to get what he got compared to some of the draconian sentences handed to other hackers in other criminal cases for doing far less than what he did.

  • In this day and age where anybody can wardrive past your place and do God knows what with your Internet connection (provided your WAP isn't secured), how can simple Google query logs prove ANYTHING? For all we know, this guy had an enemy at work who decided to set him up.

    And if he doesn't have a WAP, or it's secured, then it's just as possible that the aforementioned enemy somehow hacked into this guy's computer and sent those queries.

    How likely is this to happen? Maybe not that likely, but in this coun

      • Re:How can this be considered evidence? (Score:4, Insightful)

        by ScrewMaster (602015) on Friday December 22 2006, @06:54PM (#17344268)
        True, but the GP's point is still valid ... conviction based solely upon server log entries (or even the use of such logs to intimidate, such as the RIAA has been doing) should simply be unacceptable to a judge. Such information being a part of the fabric of evidence in a larger case is one thing, but it is simply not reliable enough to be depended upon in such important matters.

        Courts need to become more technically competent, I think. We're too accustomed to the idea that if data comes from a computer it is implicitly trustworthy, and that's a big problem.

  • Hey, I've done that ... (Score:3, Insightful)

    by jc42 (318812) on Friday December 22 2006, @09:02PM (#17345172) Homepage Journal
    Court documents say that Schuster ran a Google search over CWWIS' network using the following search terms: "how to broadcast interference over wifi 2.4 GHZ," "interference over wifi 2.4 Ghz," "wireless networks 2.4 interference," and "make device interfere wireless network." [TFA]

    Hmmm ... A few months ago, I did a number of google searches with very similar terms. I was trying to find out how to diagnose and defend against some wireless interference. Not that I learned all that much. I suspect that you need some rather special equipment to locate the source of interference, but I don't know what that equipment might be.

    Anyway, I wonder if I could be a suspect now because of those searches?

    I have noticed in the past that if you ask questions about security, you're usually treated as if you were a potential security risk, not as someone trying to improve your own security.

    • Re:YRO? (Score:5, Insightful)

      by electrosoccertux (874415) <electrosoccertux.gmail@com> on Friday December 22 2006, @02:09PM (#17340820)

      How does this have anything to do with my rights online?
      Because now you have a lot fewer of those rights.

      • Because now you have a lot fewer of those rights.

        In what way? To claim that a "right" has been violated here seems tantamount to making an assertion such as "Of course I may leave footprints, but no one has a right to follow them."

        Why should an electronic trail have legal protections that a physical trail does not?

        • Re: (Score:3, Insightful)

          by hackstraw (262471) *
          Why should an electronic trail have legal protections that a physical trail does not?

          Physical trails in the public are not protected. Physical trails in private are.

          Its OK for me to watch you in public talking to person X. In theory, one needs a warrant and probable cause of a specific crime to listen to person talking with person X on the telephone.

          • Re:YRO? (Score:4, Insightful)

            by Macthorpe (960048) on Friday December 22 2006, @05:33PM (#17343494) Journal
            That's not comparable.

            In this instance it would be like talking to person X on company Y's premises. Company Y certainly has a right to know what is going on in their building and if it's illegal have every right to call the police about it.

            That's my view, anyway.

      • Re:YRO? (Score:5, Insightful)

        by JasonKChapman (842766) on Friday December 22 2006, @03:06PM (#17341708) Homepage
        How does this have anything to do with my rights online?
        Because now you have a lot fewer of those rights.

        Yeah, what with being forced to use Google and all.

        I mean, seriously, which right was violated here? The right to use a search engine without records? The right to use someone's wireless network without records?

    • Re: Wake up and smell the coffee!!! (Re:YRO?) (Score:3, Insightful)

      by Anonymous Coward
      Because Google can say ANYTHING it wants about you and people/police/FBI/government/corporations/your_em p loyer/etc will believe them without an OPEN REVIEW of how they obtain, generate, and store that information.

      Is the information faulty? Did someone munge with the data? Were Google's databases corrupt? Was the data recreated or generated from other data? Has Google's spy software been through open source review? How well was Google's software tested?

      It continually astounds me how intellectually lazy

      • Re: (Score:3, Interesting)

        by heinousjay (683506)
        So it's not clear that Google had anything to do with this, and aside from the search terms, other evidence also pointed to his crimes. I'm pretty sure you've overreacted.

        I'm not too surprised, though. A story like this (and realistically, the entire YRO section) is pretty much intended to rile the tin-foil hat crowd. Good thing for me that I'm entertained by it.

        • Re: (Score:3, Insightful)

          by necro2607 (771790)
          Yeah, it's a bit sensationalistic to claim he was "convicted" simply due to his google search terms - those were merely one part of the evidence given in court.

      • Re: (Score:3, Interesting)

        by bberens (965711)
        That's like looking at a key eye witness who saw you stab Nicole Brown Simpson and saying "How do I know you weren't on LSD and just imagining me there?" Seriously, independent third party witnesses are key to the judicial process. Get over yourself. Google openly makes money on the fact that they keep track of your browsing habits in order to make their advertising revenue more beneficial to their paying customers. Google could plaster those records for everyone on the planet to see them and your right

        • Re: (Score:3, Interesting)

          by jc42 (318812)
          That's like looking at a key eye witness who saw you stab Nicole Brown Simpson and saying "How do I know you weren't on LSD and just imagining me there?"

          Funny, yes. But I have a story that's not too far off from that sort of thing. About 10 years ago I was working on a project at a big corporation whose name isn't relevant here. I had a row of machines with different OSs for doing portability testing. Someone sent me email pointing to a bit of humor on some web site, and by chance I happened to read it on

    • One of the better stories: I was snooping around on the computer's hard drive using Netscape by browsing "file:///", which was apparently "hacking". Curiosity killed the cat, I guess.

      Wow, your sysadmin was a real jerk. I actually got caught pirating using the school network (lesson learned: pirating to just anyone is asking for trouble), which got me banned until they found out they needed geeks to operate PageMaker for the yearbook. hahaha :) The librarians just sighed every time I used the computer -- the latest attempts to keep the hackers out inevitably failed.

      mandelbr0t

      • Yeah, it was actually on a library computer I was on, too, so I was banned from the library's computers... until a couple years later when I was suddenly recruited to help keep the library network running in the school... heh!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.