A multi-step analysis process was used by the University in the search for the stolen electronics from 2010.
The process was outlined in the Harvard University Police Department’s incident reports for the investigation of Stephen Evans—a Securitas supervisor who was arraigned on April 7 for allegedly stealing a laptop and an electronic tablet,
When devices are registered with the Faculty of Arts and Sciences, each unique device is assigned its own Media Access Control (MAC) address.
The MAC address works similarly to a serial number in identifying the specific electronic device.
The first several characters of the MAC address are specific to the manufacturer of the electronic.
In the incident regarding the Kirkland thefts of a MacBook Pro laptop and an iPad tablet, both MAC addresses identified Apple as the product manufacturer.
The last few characters are specific to the network interface devices—in this case, Harvard University’s Network.
The University maintains logs of traffic on its network by MAC address, according to the incident report.
Each Harvard affiliate who wishes to connect to the Harvard network must register his or her Harvard University ID with either FAS or the University Information Systems and associate the ID with the device that is being connected.
The Network maintains the registration information for each unique device in order to require the registration only once per device.
Each Harvard organization that acts as an Internet Service Provider is given a limited number of Internet Protocol addresses to assign to devices logging into Harvard’s Network.
The University maintains a log of both MAC addresses and IP addresses. In the investigation of the electronics stolen from Kirkland House, several different IP addresses were mapped back to the same MAC address—that of the stolen laptop—which meant that the stolen computer logged into the Harvard Network from several locations.
A security specialist with FAS-IT is able to establish alerts for specific MAC addresses and did so with the MAC address associated with the stolen devices.
Later, the analysts were able to conclude that the majority of traffic from the IP address associated with the stolen MAC address were coming from two wireless access points—Wigglesworth E-21B and Wigglesworth D-11B, which are on either side of the Wigglesworth gate.
The Securitas guard station is located between those access points.
—Staff writer Xi Yu can be reached at email@example.com.
Athletes Kicked Across River After MAC Closure
Madness at the MACOver the past 20 minutes, you’ve felt a slow increase of anxiety. The sinking feeling of being completely overwhelmed is
Harvard Quidditch on Camera
FAS IT Warns Against Newest Mac Download
Hands Off Our GymsAgainst this backdrop of fostering healthy lifestyles at Harvard, it is disconcerting that the administration may be closing certain House gyms due to their allegedly high maintenance costs.
Former CEO of Freddie Mac Seeks Balanced Discourse