Who is Pierre Poutine?

John Ivison published an interesting piece in the National Post last week that breezed by what would have been technobabble to some,

Mr. Meier set out to follow the digital trail himself. Pierre Jones had covered his tracks sufficiently that a “burner” phone, PayPal account and the Gmail address he’d been using offered no clues. Mr. Meier spent hours piecing together a “session log,” breaking down when Pierre Jones used the RackNine system and what he did while on it. “We put it together one Lego block at a time. It pierces the veil to indicate who is using the system,” he said.

Mr. Meier said he had his “Eureka” moment at 3 a.m. one morning, and by 5 a.m. had written a 22 page report for Elections Canada. “He [Pierre Jones] screwed up. Just for a fraction of a second but it was enough for me to find him,” he said.

Let’s get right to the point.

A “cookie” in web browsing terms is a string of characters that is stored in a file on your computer that your computer relays back to a website when you’re browsing. For example, when you login to a website, the reason why you can go from one page to another is because of this file stored on the user’s computer. A secure site (e.g. gmail) asks the computer if it has any of that site’s cookies on its hard-drive. If so, what does the cookie say? If the cookie has the same encoded string common to what the site is expecting, the user can proceed to the next page, and the next without having to login for each new page.

Session are a bit different but are similar in tracking utility. From About.com,

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn’t be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

So, Meier reconstructed the session log, and had a Eureka moment. This means that there was likely a common session linking two users. This likely means that one ‘client’ of Racknine’s logged out of Racknine’s web interface. Likely holding a session token on the same computer, another ‘client’ (Poutine) was logged in. Oops.

To see an example of this, logout of Facebook and look at the url. Logging in with new credentials can store the session key under the newly logged in user as well.

We can deduce that Pierre Poutine very possibly used the same computer as another legitimate user account on Racknine. Alternatively, a web url with a session key (e.g. racknine.com/menu.php?id=4due2sjdh29c809encgg) could have been shared from one user on one computer to another computer.