Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


A police mystery - Can this happen?

  • Please log in to reply
1 reply to this topic

#1 GoshenBleeping


  • Members
  • 270 posts
  • Gender:Male
  • Local time:11:42 PM

Posted 17 January 2013 - 01:53 PM

The following comes from an article I read in Bloomberg Markets magazine. Supposedly this is true. In any case, I find this intriguing and am interested in thoughts on whether this could really occur.

A wealthy investor in CA had $10 million worth of paintings stolen from his mansion. The FBI figured that the thieves discovered that the paintings were in the house by searching the web using the artist's name. So the FBI "checked the Internet" (the words the article used) to see who had searched using the artist's name. The FBI was able to identify the thieves based on this method and the thieves were arrested.

Seems to me the only way this could happen is:
(1) Search provider (e.g.: Google) maintains database of search terms, IPs & time of search
(2) ISP maintains database of users, IPs, and time of search
(3) FBI matches time of search and IP from item #1 with IP and time from item #2

Comments anyone?

Edited by Orange Blossom, 17 January 2013 - 02:17 PM.
Moved to general chat. ~ OB

BC AdBot (Login to Remove)


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,753 posts
  • Gender:Male
  • Local time:05:42 AM

Posted 18 January 2013 - 06:33 AM

That's one possible scenario. Except that for 2), they don't need to maintain the time of search.
Just a link between IP and customer, and the timestamp the IP was given to the customer and when released.

If the thieves used Google and they were logged in with their Google account, then only 1) is necessary.

Another scenario is that the info was found on a particular website (possibly one owned by the investor) and that the FBI combed through this HTTP server's logs.

Didier Stevens

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019


If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.


Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users