According to Reuters, a 38 year old Home Depot worker was arrested for stealing laptops from Wells Fargo. From the article:
"Police recovered the equipment at Krastof's home, along with equipment used for scanning identity cards and checks, he said. 'He is a low-level ID theft kind of guy,' White said of Krastof. Krastof told police that he did not know that sensitive data was on the computer, according to [policeman] White.
Wells Fargo will be able to keep the $100,000 reward it had offered in the case, since the arrest was made from regular police work and not a tip, White said.
Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers, White said. That enabled authorities to connect the computer's Internet Protocol address, a number that identifies a computer on the Internet, to Krastof's home address through his AOL account, White said."
The article glosses over an important point: how was the stolen computer identified? Wells Fargo may have deployed one of the "Lojack for laptops" solution discussed recently by SC Magazine that send a beacon announcing their presence. Also, why would Krastof say "he did not know that sensitive data was on the computer" when he's an identity thief?
Update: This Slashdot thread alerted me to a second story whose AOL usage description is different:
"A break in the case came in recent days when Krastof plugged one of the computers into a wall socket and turned it on. 'He logged onto an (America Online) account that was registered on that computer and we traced it back to his phone number and address,'' White said."
Ah ha. The original article said "Krastof... logged onto his own America Online account." Obviously if he logged in using the AOL account native to the laptop, AOL could watch for those logins and report them to law enforcement. Case closed. I gave the "analyst" too much credit for thinking "phone home" software might have been used.