Slashdot Mirror
Tracking A Thief Via The Sircam Virus?
func writes with a rather strange situation: "Hey, my house was robbed, and they stole my computer, vcr, rc heli, and all my beer (!bastards!). But, on the positive side, the thief has been using the computer, and managed to infect himself with the Sircam virus. Now, some of my friends are getting virii sent to them by my stolen computer! Any way to track this guy via email, or even an ip or something stored in the virus code itself? And if I do find him, do I send the cops, or just my 6-foot-4, 260-lb ex-eastern-block buddy Radek?"
Since this virus' spread (cross fingers) seems to be slowing down a bit, this may take fast work. If you can reply with any suggestions for func, please include "Radek" or "Cops" in your subject line. (Just not the FBI.) Perhaps he could send a friendly letter to the thief offering free tech support?
If he's been emailing your friends, why not setup a quick webserver which hosts a .gif or .jpg and send the guy an HTML email back with an img tag referencing to the website you setup. Turn on logging on the website and you'll have his IP address and the access time. From there you can email the upstream/the cops and you should be set.
"Received:" headers in he mail usually contain IP addresses and dates -- when checked against ISP logs they can point to the user, or a phone number if he used a dialup with your account.
Of course, email MUST be copied in the form it was received, not mutilated by Outlook or other kind of garbage. If the recipient is unlucky enough to use Exchange, enable POP or IMAP support and download email from it using fetchmail or pine.
Contrary to the popular belief, there indeed is no God.
Why not bypass the ISP (and the accompanying red-tape) entirely? If the laptop is using a modem to connect to the net, send the thief a binary which would cause the modem to call your home or work number and immediately play a sound clip that you can identify. When you receive a call that plays the sound clip, look on your caller ID and then use a reverse directory to map the phone number to a physical address.
If the laptop is using ethernet to connect... well, that's a bit tougher. I'm not sure how to track it without the assistance of the ISP it in that case.
-----
Free P2P Backup, Windows & Linux
I never thought about this, but it is an interesting idea. Has anyone programmed a hidden bomb that must be disabled every couple times you boot up, by the user. If this disabling action isn't completed after a few boots, it starts sending information to a secure location. Just give them enough leway to hang themselves. (Of course, this assumes they are on the net.)
Although, the first thing I would do if someone handed me a computer is format and reload all the drives...
You need to give him a reason to keep in contact with someone. I suggest you ask a female friend to take nude pictures of herself which she will send on a regular basis to this guy. Eventually, she will meet him in a sleezy hotel room and crush him between her thighs.
Know what I like about atheists? I've yet to meet one that believes God is on their side.
Assuming that the poor guy's startup page is not set to slashdot! If thats the case the thief knows whats going on. ;)
Somewhat related...
A long time ago a friend of mine ran a BBS on his Amiga. He had the startup rigged with a boot-meny containing a fake "Start BBS"-entry as a default, which - if chosen - would encrypt the RDB (Rigid Disk-Block) and reset. Or something to that effect.
Hey, don't look at me, it wasn't my computer, nor my idea.
Belief is the currency of delusion.
If it was good beer, leave the cops out of it. If it was bad beer, sic the law on him.
If it was BUD, have Radek slap some sense into you.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
I assume he disabled your security. And not that you forgot to secure it.
Best Slashdot Co
If you walk in to your local PD and say "I 0wn h1m! j00 cl00less fux0rz list3n 2 m33!", yeah, they'll get snitty.
If you walk in, and behind closed doors (or cubicles :), outline how you solved it, in such a way that the officer you're talking to also has enough of an understanding on how to solve it, you've just taught a cop a new way to solve crime that none of his buddies know, and you've probably just made a friend.
Beat a man over the head with a fish, and he'll slap you across the face with one. Teach a man to fish and you're both fed for life.
IANAL, but ISTR that in these cases, the used computer store (pawnshop) is guilty of "posession of stolen property". As is, for that matter, the innocent sucker who walks in off the street and buys it. As such, you can still get your computer back.
Option 1: (There's only one bad guy, the thief.) The guy who bought the computer will be pissed, he'll be pissed at the computer store. The guy who runs the computer store will be really pissed, and he'll be pissed at the guy who sold it to him. End result -- the thief loses his ability to sell stuff at that store.
Option 2: (There's another bad guy, in that there's a store or pawnshop operating as a "fence", that is, reselling goods they know are stolen). The guy who bought the computer will be pissed. The cops will have evidence to use in their (likely ongoing) case against the fencing operation. End result -- the thief may get away, but the fencing operation goes down.
Either way, by providing evidence to the cops, you increase the odds of getting your stuff back and cleaning up your town.
Very true, the trick is to get someone at your local PD interested in the case. Routine burglaries are, well, routine. Just as the FBI laughs if the losses are less than $BIGNUM, your local cops generally don't give a damn about property theft, because the odds are slim and the cases are boring as hell.
1) So don't call - show up in meatspace at your local police department. (Or if you've filed a police report on the burglary, you probably have an officer's business card. In that case, call and try to set up a 15-minute appointment.)
2) You may want to talk to a detective, rather than the beat cop. Dunno how lucky you'll be at finding one. Might be worth a shot. Go through channels.
3) (Here's the kicker). YOU know how to solve the crime. The cops don't. So YOU explain it to the cop or detective - in detail. Bring printouts. Use highlighters. Emphasize the point that even though you did the legwork, you don't want credit - you want the cop to get credit for solving the "high-tech" case. This means career advancement to the cop/dick, and ought to interest him, even if the dollar value of the case is peanuts.
"My house was broken into and bad guys stole my stuff" - a boring case, like dozens of others, involving all the paperwork with no chance of recovering the goods.
"Here's an open-and-shut case on how to track a thief through cyberspace" - something new, possibly a promotion for finding a new way to solve cases, and a reputation within the department as "the guy who knows how to track criminals through cyberspace, he's even smarter than that moron the Feds send us every few months".
If you're helpful your local cops, they just might be able to help you.
No, that's not the worst case. Worst case is that the virus didn't actually infect the stolen computer, but rather the replacement computer that you're using now...
Say no to software patents.
Nowthat'sacruelandunusualpunishment!
Say no to software patents.
How quickly we forget. Or was I the only one who ran out and filled my computer with cement?
There is no reasonable defense against an idiot with an agenda
:wq
If he's running any old binary sent to him, why not have one of your friends send a gift in reply? All it needs to do is grab the IP and timestamp, then email those details to you. Forward that to the police who can get location data from the ISP.
And if I do find him, do I send the cops, or just my 6-foot-4, 260-lb ex-eastern-block buddy Radek?"
Given what I know from my own Eastern block friends.
If you ever want to see your beer again... send the cops:)
"as plurdled gabbleblotchits on a lurgid bee" - Prostetnic Vogon Jeltz. (One man's humorous is another mans flamebait)
it'd be tempting to send Radek round, but you've got the problem of finding them in the first place. Get in touch with the police, and get your friends to note down the message headers of the emails. Then with a selection of times and IP's the police should be able to contact the ISP, and find out what phone number the theif is dialling from. Of course, this hinges on the chances of you finding a cop with a clue ;)
It MAY be an innocant person that bought a second hand computer. Id go with the cop method, not the Radek method.
Tux Games. Your complete source for native Linux games.
My wife had her computer stolen - and her old ICQ popped up. Someone traced the computer to an IP and an ISP, and we called the cops.
Did they act on this? No way.
The thief was basically handed to the OTTAWA POLICE on a silver platter, but apparently donut eating and beating defenceless women's heads against cars was more important.
I'd say send Radek, that is if the ISP will tell you who it is...
--- Jump!! Fire!! Bullet time!! - Lego version of the Matrix
if your ISP gives you the info, don't bother with the cops, use Radek OR just wait unitl he/she has left the location you compter is residing at and then STEAL IT BACK !! What thief would belive that the Original owner tracked him/her down and did the same thing right back.
besides if you have home owners insurance you could still collect the value of the computer, then use that cash to upgrade to a better system, or use it to put out a contract on the thiefs head. either way.
if you want "No More Hiroshimas" then I say "You First. No More Pearl Harbors."
If it was one of my local ISP's I'd take about 1 case of beer with you as a small incentive.
LFS. Have you built your system today?
Call the BSA
all the major isp's now record your DNR phone # per call. Easy to trace via the ip and date and time. You'll need to get the isp and police involved.
===sam=== free nessus vulnerability scan = www.vulnerabilities.org
Actually I was quite sure that I've seen some company actually doint that. Here is a story on The Register:6 .html
http://www.theregister.co.uk/content/archive/2002
And a link to the company doing it: http://www.ztrace.com/
Nobox: Only simple products.
Get an attorney, and file a "John Doe" lawsuit against the thief...the goal here is to get a lawsuit, so that you can get a subpoena. And who are you subpoena'ing, and for what? The ISP the thief uses, for the logs of the phone number that was connected at that time, and the account information of the owner of that account. Turn that over to the police, and you should be good to go. That information is sufficient (explain it well to them) to get a search warrant and...voila! He's crispy.
Happy hunting!
For your security, this post has been encrypted with ROT-13, twice.
If you could post the Headers of the offending emails, I'll bet most people here could tell you where the thief is in 5 minutes.
D - M - C - A
If god had intended you to be naked, you would have been born that way.
just how will that get your beer back?
How perfectly goddamn delightful it all is, to be sure. - Charles Crumb