News

Garber Announces Advisory Committee for Harvard Law School Dean Search

News

First Harvard Prize Book in Kosovo Established by Harvard Alumni

News

Ryan Murdock ’25 Remembered as Dedicated Advocate and Caring Friend

News

Harvard Faculty Appeal Temporary Suspensions From Widener Library

News

Man Who Managed Clients for High-End Cambridge Brothel Network Pleads Guilty

University Uses Device Registration Information to Track Down Stolen Devices

By Xi Yu, Crimson Staff Writer

A multi-step analysis process was used by the University in the search for the stolen electronics from 2010.

The process was outlined in the Harvard University Police Department’s incident reports for the investigation of Stephen Evans—a Securitas supervisor who was arraigned on April 7 for allegedly stealing a laptop and an electronic tablet,

When devices are registered with the Faculty of Arts and Sciences, each unique device is assigned its own Media Access Control (MAC) address.

The MAC address works similarly to a serial number in identifying the specific electronic device.

The first several characters of the MAC address are specific to the manufacturer of the electronic.

In the incident regarding the Kirkland thefts of a MacBook Pro laptop and an iPad tablet, both MAC addresses identified Apple as the product manufacturer.

The last few characters are specific to the network interface devices—in this case, Harvard University’s Network.

The University maintains logs of traffic on its network by MAC address, according to the incident report.

Each Harvard affiliate who wishes to connect to the Harvard network must register his or her Harvard University ID with either FAS or the University Information Systems and associate the ID with the device that is being connected.

The Network maintains the registration information for each unique device in order to require the registration only once per device.

Each Harvard organization that acts as an Internet Service Provider is given a limited number of Internet Protocol addresses to assign to devices logging into Harvard’s Network.

The University maintains a log of both MAC addresses and IP addresses. In the investigation of the electronics stolen from Kirkland House, several different IP addresses were mapped back to the same MAC address—that of the stolen laptop—which meant that the stolen computer logged into the Harvard Network from several locations.

A security specialist with FAS-IT is able to establish alerts for specific MAC addresses and did so with the MAC address associated with the stolen devices.

Later, the analysts were able to conclude that the majority of traffic from the IP address associated with the stolen MAC address were coming from two wireless access points—Wigglesworth E-21B and Wigglesworth D-11B, which are on either side of the Wigglesworth gate.

The Securitas guard station is located between those access points.

—Staff writer Xi Yu can be reached at xyu@college.harvard.edu.

Want to keep up with breaking news? Subscribe to our email newsletter.

Tags
Crime