Can AOL track (via MAC address) what computer is logging on to a particular screenname ?

[scorpioLP]

I work for a law firm and our client believes someone he knows is accusing him of doing something, by logging into her AOL account. I want to prove that she is doing these things herself and I can prove this by tying her MAC address to specific login times to her AOL account.

I talked to AOL and they won't give up anything. They said that only the police could get this information. I don't know if it's true or if was just generic CSR-speak.

Regardless, for now, I would just like to find out if this is even possible. Assuming I get all the authorizations, the police involved, etc., could AOL provide me with a log that has IP and MAC addresses of all PCs that have logged into an AOL account during a certain period of time ??

Thanks for your help everyone.

 

[chsh1ca]

Uhh, is she dial-up? If so, it probably won't work that way. However, if she's on high-speed, then it should still be doable. Keep in mind though, while MAC Addresses are theoretically unique, they aren't practically unique.

If you're working for a law firm, then as part of your investigation, would it not follow that you could subpoena that information from them?

 

[randal]

If there is a router inbetween you and AOL's servers (which there are, guaranteed), then they can't grab your mac ... unless AIM is sending it along with it's authentication request.

randal

 

[scorpioLP]

Probably broadband (Million $$ + = household income)

Randal - that's what I was afraid of. I'm not sure how far the MAC address record goes. If it can't make it past a router, than the whole MAC address angle is out. I'm still working on the IP angle, but if it's not a static IP, which I don't think AOL does, then I can't really pin a particular IP to a certain PC.

I have a couple different IPs from these sites used to charge to a credit card. One of these IPs does belong to AOL. But can I pin that IP to a particular PC, if it's not static, based on the day the IP was used ?? Or could that go to anyone in the same area with an AOL account ?

 

[randal]

It's not too hard to track down that info, honestly. If AOL keeps logs of who logs in/out of whic account with what IP, which I am sure that they do, then they know the who & where of every connection. If the person Dials up to AOL, then AOL will have the dialup records and such ready to go and can tell you with assurity what computer/customer logged in. If they use AIM through a different ISP, then the IP address will be tied to that ISP ... contact the ISP, ask them for dial-up logs for that particular IP address and if they yield that info, you can easily figure out, again with assurity, what computer/customer was online with that screename.

I work at an ISP that's well-sized and we get this sort of request for information from the police once a month or so; we don't give up any info without a subpoena (user privacy rights and such). If we do give whoever the dialup logs they usually match up the connect times to the illicit activity, and 2 days later somebody calls up and cancels the account. It's very quick and extremely accurate -- unaltered logs don't lie.

randal

 

[scorpioLP]

thanks randal, your input is helping alot.

But just to give everyone a better picture of the situation :

The case is a husband and wife divorce / custody case. They have a joint credit card. From March 2002 - December 2002 (possibly even more recent) there have been charges to this card which have been tied to porn sites. The wife accuses the husband of using her AOL account to login and then making these charges. I am trying to show that the wife is doing this herself and was planning to accuse her husband of this in order to smear him. I am also, ultimately, trying to clear him of doing this.

So, either the wife is doing this herself, or the card was stolen.

I am talking about 50 or so charges in a span of nine months, varying from 9.95 - 49.95 on each charge.

All these charges appear as different internet merchant services accounts. i.e. netflladm.com, jetcharge.com, ormedia.com, ibillcs.com.

From ormedia.com i was able to get a printout of details of a couple charges made to their credit card. This printout shows the IP used to access the porn site and the day on which the user joined this site. I also get a username and password for the porn site. i.e. on 3/24/02 the IP used was 172.145.252.87, using NS Lookup, this resolves to AC91FC57.ipt.aol.com . I'm assuming that just an AOL IP pool, which doesn't exactly help. AOL should be able to confirm whether or not it was her account that was used to access AOL on this date using that IP. But can they also tie this to a particular computer ??

Tying the porn site accessed to her username doesn't help, because it only proves that it was her account used, which she is claiming anyway. She is accusing him of using her account. They have been separated for quite some time, so if it was her PC that used this account, then I can safely say that he didn't do this.

Please help me with what I should ask for when talking to AOL. I'm going to try them again, with a different CSR. Last time I said that I was looking for IP Logs for a particular account, is this incorrect ?? should I be asking for something different ??

Randal - also how long are these logs kept for ? Some of these charges are just over a year old.

thanks

 

[mboy]

I would subpeona her PC and have an expert go thru it.

Also, I dont rmemeber porn being illegal and my experience from my parents having a HORRIBLe divorce, the judge wont give a rats ass about it.

If she is accusing him, the burden of proof is on her no?

 

[Fallen Kell]

You should move fairly fast then if the charges are becomming a year old. Most places only keep logs for a few months. AOL might be a little different, but for the most part, I would not expect to have a log retention of more then a year at the most.

 

[ScottMac]

You won't be able to get a MAC, the IP address may not be relevent / provable. What you want to look for is COOKIES.

I don't do (never have and never will) AOL, but the nature of the beast tells me that AOl probably has the proverbial cookie farm on the machine that's been making these connections.

Maybe they should just scratch that credit card and each get their own. That'd remove this kind of scenario.

JM.02

Scott

 

[randal]

I'm assuming that just an AOL IP pool, which doesn't exactly help. AOL should be able to confirm whether or not it was her account that was used to access AOL on this date using that IP. But can they also tie this to a particular computer ??

Randal - also how long are these logs kept for ? Some of these charges are just over a year old.

They can't tie it to a particular *computer*, but they probably can tie it to a *phone number* -- some number had to make the call to get an IP from the AOL Dialup pool and this should be logged. If not by AOL, then at least by the local Telco (that much is guaranteed).

I just looked at our server and our logs currently go back to Feb 20th of 2001, which is when we moved to databasing RADIUS records instead of straight text. However, I am sure that we have connect logs dating back to before Jan 17th 2000 (my hire date), because we were doing tape backups and putting them in storage long before I came on board ... we kept doing that until we database everything ... so to answer your questions, most ISPs will keep connect logs for a loooong time. If they don't have it, then the local telephone company will, 100% guaranteed.

randal

 

[Bleep]

Am I missing something here? you have a client that is in a messy situation with a ex or soon to be ex wife and your firm has not advised him to cancel all credit that they are jointly on? i hope you are doing this Pro Bono because if he paid you guys he got taken for a ride. If the complaint was made to law inforcement your probem is almost over just subpeona her computer hard drive.

Bleep

 

[dmcowen674]

I can tell you from personal experience that when you serve AOL they will provide a detailed log of everything that occured with that account. In my case the paper stack nearly took a full case of paper.

Edit: Everything is logged, cached of everywhere you visit.

 

[scorpioLP]

I have a few more questions....

I haven't used AOL in 7 years, but is it possible for someone to access porn through AOL ??? Or would they have to dial-up and then open an IE window ?? I remember AOL used to use some crappy stripped version of IE within the AOL software. Do they restrict access to anything ??

I'm still trying to find a way to pinpoint these charges to the wife. If I can get the AOL records pulled, hopefully that will at least tell me that our client hasn't accessed her account. I'm hoping the records will show that the AOL account has only been accessed via the phone in the house where she is at.

 

[randal]

AFAIK, AOL still has IE built in. As for whether or not AOL keeps track of websites visited by it's customers, I sincerely doubt it. Maybe on the actual PC that did the surfing there might be a log (*maybe, probably not*). Watching where somebody goes over the connection is an invation of privacy, imo. Here at my ISP, we could very easily log every single AIM conversation, every single website connection, yada yada, but we think that tracking that sort of thing is wrong, plain and simple.

I don't know if AOL agreest to that, but 30 million people surfing a couple hundred million different websites every day ... that's a lot of info to log; I seriously doubt AOL does that.

randal

 

[mobogasm]

Have her computer seized!!!!