Home page logo

basics logo Security Basics mailing list archives

Re: Wireless IP leads to arrest..
From: gjgowey () tmo blackberry net
Date: Wed, 10 Oct 2007 05:01:28 +0000

I can say that yes to one of your questions: yahoo does add the senders IP address to the email headers.  Even if they 
didn't append it to the headers, they still could keep it in their logs like a lot of MTA programs do.


Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Eric Marden <security () xentek net>

Date: Tue, 9 Oct 2007 20:12:44 
To:security-basics () securityfocus com
Subject: Re: Wireless IP leads to arrest..

That's the conclusion I was arriving at when reading this short
snippet of txt.

But my only question is: Does Yahoo add the IP of the user's
connection to the mail headers of emails sent from the mail.yahoo site?

Plus the type of investigation was: "Forgery and Identity Theft", so
there may be a lot more to this too.

Eric Marden
xentek: enlightened internet solutions

On Oct 9, 2007, at 5:42 PM, Chinea, Jose L. Jr. (Contractor) wrote:

Classification:  UNCLASSIFIED
Caveats: NONE

This one is simple!  The media has no idea what it is talking
about!  How
many times do we hear on the media terminology that makes no sense at
all!?!?!?!  More than likely they tracked IP to an ISP and then
demanded the
ISP to reliquish the MAC address to username being used at that
time (every
ISP has a username and password in order to access their
resources).   Also,
if there was a 5 year investigation already going on, they may have
known of the hacker's location and narrowed down any monitoring to
a single
subnet on the ISP's network.

just a theory.... but this is probably what happened and the media
know how to word it

Computer Systems Analyst II

-----Original Message-----
From: cobrajet [mailto:uby500 () yahoo com]
Sent: Tuesday, October 09, 2007 3:12 PM
To: security-basics () securityfocus com
Subject: Re: Wireless IP leads to arrest..

Hi Guys,

I am sorry for the delay in getting you more info on this (I was
Here's the story as it appears on the web and for the life of me I
fathom what damning electronic evidence they used to arrest this
guy? ..or
for that matter what the crime was (a criminal opinion?)

"Type of Investigation: Forgery and Identity Theft; Date and Time:
at 1:00 pm; Location: V/Fredonia; Subject(s): xxxxxxxx, of Rock
Hill, SC;
Charges: Forgery 3rd, Identity Theft 3rd; Court: C/Dunkirk; Details
of the
Incident: A five-month investigation concluded in the arrest of above
subject.  It is alleged that the above subject opened a yahoo email
with the name of the victim. The subject then sent a politically
editorial letter to the Observer in the name of the victim.  This
letter was
published.  An investigation into the opened yahoo profile and the
sender of
the letter showed internet addresses that came back to the above
addresses in South Carolina and Fredonia.  The subject was issued
tickets for the above charges and will appear in the C/Dunkirk
Court at a
later date.  This incident was investigated by the Chautauqua County
Sheriff's Office by Inv. Lawrence S. Klajbor."

How could they arrest someone using an IP address alone without
siezing or
analyzing anything? How could they determine (from many states
away) who did
what on a wireless PC network without supporting forensics or misc
investiagting evidence?

I was curious as to your comments/clarity nbecause this looks very
odd to

security-35 wrote:

Maybe it was IP + Mac Address of the Wireless NIC?

Where's the full story (link)?

Eric Marden
xentek: enlightened internet solutions http://xentek.net/

On Oct 6, 2007, at 11:03 AM, cobrajet wrote:

How can this be possibile?

A man in WNY was arrested and sentenced to a year in jail over an
email with the sole piece of evidence being an IP address? (- and a
wirless IP address at that?! -) How can they determine from an IP
address who in the house or on a network is actually on the

Can anyone explain this to me?8-O
View this message in context: http://www.nabble.com/Wireless-IP-
Sent from the Security Basics mailing list archive at Nabble.com.

View this message in context:
Sent from the Security Basics mailing list archive at Nabble.com.
Classification:  UNCLASSIFIED
Caveats: NONE

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]