[TriLUG] stollen computer (fwd)

Celestian kuk at email.unc.edu
Wed Oct 3 14:47:07 EDT 2001


I contacted AOL in Raston, VA per Jon's advice (they own the IP addresses
that my computer has been getting).  They gave me an email address to use
(opssec at aol.com) and I sent the email below.  I x'ed out the sensitive
info.

I also contacted the FBI office in Raleigh and talked to a
receptionist.  She asked a lot of "how do you know" questions, but didn't
laugh.  An "agent" should be calling me back.  She said he/she would at
least let me know who I need to get on the case.

  Eric


"I have been thinking about it and as I recall the TV that was stollen was
a 36" sony vega, not a 27" philips magnavox....  It must have been the 
stress of having my door kicked down that made me forget, sorry about that
officer."  -  kuk 2001




---------- Forwarded message ----------
Date: Wed, 3 Oct 2001 14:36:04 -0400 (EDT)
From: Celestian <kuk at email.unc.edu>
To: opssec at aol.com
Subject: stollen computer

To whom it may concern,

  A few weeks ago my appartment was broken into and one of the things
stollen was my computer.  I had it configured for dynamic dns with
www.dyndns.org.  Each time it connects to the internet it checks its IP
address with the one in the database at www.dyndns.org and changes it as
needed.

  Yesterday, the records were updated and I was able to connect to the
ftp, web, and vnc servers that I had been running on my personal
computer.  I recorded the time stamp and IP address and did some
digging.  I did a trace route and found that my computer is located in the
Reston, VA area and that AOL is the owner of that block of IPs.  I have 2
sets of IP/Time data from when they logged on and I am sure to have more
before this is resolved.

  I have contacted my local police department and the FBI (since the
computer is in another state) and am writting so that any information the
authorities may need will be preserved.

  Here is the IP and time info:

HOST NAME        Date and Time                         IP
----------------------------------------------------------------------
xxx.xxxxxxxx.xx  Tue Oct 2 07:37:59 2001 EDT (-0400)   xxx.xxx.xxx.xxx
xxx.xxxxxxxx.xx  Tue Oct 2 23:02:15 2001 EDT (-0400)   xxx.xxx.xxx.xxx
----------------------------------------------------------------------

I will be watching my dns service to see when they log on again so if you
need more information, please let me know.  I can be reached at
ekuker at mckimcreed.com the quickest since that is my work email.

  Thanks a million,
  Eric Kuker





More information about the TriLUG mailing list