Google Search Convicts Hacker 116
An anonymous reader writes "Google search terms have helped convict a wireless hacker. The queries the hacker performed were introduced into evidence at court, where Matthew Schuster was charged with disrupting his former employer's wireless network and imitating other users' MAC addresses to obtain access. From the article: 'Court documents are ambiguous and don't reveal how the FBI discovered his search terms. That could have happened in one of three ways: an analysis of his browser's history and cache; an Alpha employee monitoring the company's wireless connection; or a subpoena to Google from the police for search terms tied to his Internet address or cookie. Google has confirmed that it can provide search terms if given an Internet address or Web cookie, but has steadfastly refused to say how often such requests arrive.'
Re: Wake up and smell the coffee!!! (Re:YRO?) (Score:3, Interesting)
I'm not too surprised, though. A story like this (and realistically, the entire YRO section) is pretty much intended to rile the tin-foil hat crowd. Good thing for me that I'm entertained by it.
Profiling Internet Users? (Score:3, Interesting)
Certain exceptions, if memory serves (Score:3, Interesting)
Re:Is there a way... (Score:2, Interesting)
Re: Wake up and smell the coffee!!! (Re:YRO?) (Score:3, Interesting)
Re:How to not get caught (Score:2, Interesting)
Re: Wake up and smell the coffee!!! (Re:YRO?) (Score:3, Interesting)
Funny, yes. But I have a story that's not too far off from that sort of thing. About 10 years ago I was working on a project at a big corporation whose name isn't relevant here. I had a row of machines with different OSs for doing portability testing. Someone sent me email pointing to a bit of humor on some web site, and by chance I happened to read it on the NT box. It was cute, I sent back a message saying that I'd laughed, and went about the day's work.
When I came in the next morning, the NT machine was sitting there displaying a whole lot of pornographic images. "Well, that's interesting
But the next morning, they were there on the screen again. So I really investigated. I found the "deleted" email, fetched the funny page again, and examined its source. It had some truly bizarre javascript that I didn't quite understand, but I did find the routine that fired off a download just after midnight. I called a few coworkers over and showed them the original page, the code, and the results. Nobody could quite explain the code, other than that it did something just after midnight. We found that when we disabled JS, the porn downloads stopped.
We tried it on a number of other machines. It only worked on MS Windows boxes, not on Solaris or linux or FreeBSD or any of the others. We had lots of Windows boxes, each with a different release installed, so after a while, we had lots of machines that were all downloading porn every night just after midnight.
We did discuss the implications if the higher-ups got wind of this. We had this scenario of them trying to figure out how we were sneaking in every night at midnight without the security guys seeing us, downloading a lot of porn, and then sneaking out without being seen. We were sure that the porn downloads were going into our permanent records.
Actually, we thought it was funny, as did our bosses. And these were all "crash and burn" test machines, so eventually we wiped each one clean, reinstalled the OS, and the porn went away.
But the legal system doesn't have our sense of humor. It's easy to imagine, in the light of TFA, that we could have been charged with a repeated pattern of downloading porn on company machines. In some companies, this could have easily got us fired. Luckily for us, our bosses just considered us crazy software developers.
I did learn enough that, some time later, I wrote up a little demo of how to make an innocent-looking web page download files that the user never sees, but which leaves incriminating downloads in the browser cache and the firewall logs, which could convict them as happened to this guy. I use the demo to convince people that I'm not being paranoid when the first thing I do with a new browser is to turn off java, JS and any other "scripting" tool. We're reaching the stage where you can be convicted for what you computer does behind your back. Stories like this are good for explaining why everyone really needs to learn enough about how their software works that you can block things like this that can plant evidence on your machine.
Of course, you really can't know about every automated thing that might be hidden in that box. And I should probably add this news story to my demo's docs, as an extra motivator.