Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Google Businesses Government The Courts The Internet News

Google Search Convicts Hacker 116

Posted by Zonk from the scroooooood dept.
An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'
This discussion has been archived. No new comments can be posted.

Google Search Convicts Hacker More

Google Search Convicts Hacker

Comments Filter:

  • From their privacy policy: (Score:5, Informative)

    by GPLDAN ( 732269 ) on Friday December 22, 2006 @03:12PM (#17340876)
    Let's look at Google's privacy policy, shall we?

    Information sharing

    Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:
    * We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
    * We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
    * We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.


    That's a pretty broad policy. *ANY* applicable law, regulation, legal process or enforeable governmental request. That leaves the door pretty wide open for the Chinese government to start asking for the query strings of their citizens to me.

    I think the answer is clear, if you need to see webpages and want NO trace of you - you have to compromise a machine, surf via a proxy you set up in it, and then timebomb the drive to wipe itself after you are done. And even then you may get caught, if there are firewall logs.

    Let's look at a leading company [proxify.com]that does web proxy policy:

    DISCLOSURE
    All use of our site is confidential. We disclose user information only as provided for herein and when we believe that the law requires it, or when disclosure is necessary to identify, contact or bring legal action against someone who may be causing injury to others or interfering with Proxify's rights or property.

    In the event of an assignment, sale, joint venture, or other transfer or disposition of some or all of the assets of Proxify, you agree that we can accordingly assign, sell, license or transfer any information that our users have provided to us. Please note, however, that the purchasing party cannot use the personal information you have submitted to us under this Privacy Policy in a manner that is materially inconsistent with this Privacy Policy without your prior consent.


    That pretty much says: hey, we have your web surfing logs and we'll give em up if we have to. We don't want to, and we'll destroy logs after 30 days (it says that elsewhere in the policy) but dammit, if they bend us over and lube us up - we're gonna damn well hand it over rather than taking one for the team, so to speak.

  • Another story of not being smart(tm) (Score:3, Informative)

    by junglee_iitk ( 651040 ) on Friday December 22, 2006 @03:15PM (#17340904)
    I am no hacker and I do use google for many searches that I would not like to be a public information. Let us come clean, how many of us have not searched for a mp3 we liked a lot, or p0rn, or how to bypass company firewall?

    The first thing he should have done is to delete Cache, browse anonymously, and FOR GOD'S SAKE, not be logged into google (which is integrated everywhere), or delete search history, or delete all cookies!

    I know because I have suffered from this kind of stupidity, and in the end, I was unable to blame anyone.

  • How to not get caught (Score:5, Informative)

    by troll -1 ( 956834 ) on Friday December 22, 2006 @03:27PM (#17341104)
    The Linksys router Schuster used at his home and its MAC address proved that he was accessing the CWWIS wireless network.

    Sounds like the MAC address was tied to his name somewhere and this was the evidence the FBI used to obtain the warrant. After that, everything was revealed by the contents of his computer.

    If you purchase a network card online with a credit card it's possible that the FBI can trace the MAC address of that card back to you, providing the seller keeps records. If you're a linux user you can change your MAC address with,

    ifconfig ethX hw ether xx:xx:xx:xx:xx:xx

    As long as you don't pass traceable information (like logging onto a traceable email account) and you use an anonymous proxy like tor [eff.org] as extra protection, it's pretty difficult to trace you. It's possible, of course, to locate you physically by triangulating your radio signals but this requires a bit more effort.

    The above is provided for educational purposes only. I do not advocate breaking the law.

  • Re:Is there a way... (Score:2, Informative)

    by drpimp ( 900837 ) on Friday December 22, 2006 @03:31PM (#17341174) Journal
    Yeah it's called spoofing. MACs are easy, as this was one of the things the guy in the article was doing. I myself did the same thing back in college for WiFi in certain buildings. I simple packet sniffing can yield some great things. IP spoofing is likely to be done, but good luck on getting a response from your target, at least with out some other tricky means.

  • Re:Is there a way... (Score:3, Informative)

    by troll -1 ( 956834 ) on Friday December 22, 2006 @04:04PM (#17341686)
    But seriously. No way to hide IP addresses from the server.

    Just use an anonymous proxy like tor. [eff.org]

  • Re:Well... (Score:2, Informative)

    by A682 ( 1032020 ) on Friday December 22, 2006 @04:10PM (#17341776)
    The difference is that yes, in this case, a malicious "hax0r" does get put away... but in Yahoo!'s case, they did the same to a journalist who desires freedom in an oppressive communist state. They're two different things.

    Even so, I don't think Google was the source of the search terms- they have adamantly stood their ground against such practices in the past. I just don't see them taking a 180 and just giving the FBI search terms like that.

  • Re:Forget about the Google... (Score:2, Informative)

    by Anonymous Coward on Friday December 22, 2006 @04:43PM (#17342184)
    He wasn't just looking to score some free wifi, he was actively interfering with his former employer's business operations by DOS'ing customer websites, and knocking customers offline. To me, the sentence is appropriate. In fact, he's lucky to get what he got compared to some of the draconian sentences handed to other hackers in other criminal cases for doing far less than what he did.

Slashdot Top Deals

What is research but a blind date with knowledge? -- Will Harvey

Close