Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Down a Cell Phone Thief

Posted by Zonk on from the not-a-good-move dept.

Zone-MR writes "Last Saturday, MoDaCo (the world's largest smartphone community) held a get-together for their forum members. Unfortunately the positive community spirit was soured by an individual who decided to steal one of the charity raffle prizes - a C550 mobile phone. Check out the story of how we tracked the thief down, got the phone back, and secured the thief's place in the interweb's hall-of-shame."

12 of 254 comments (clear)

  1. text of the article by Anonymous Coward · · Score: 4, Informative

    http://zone-mr.net/?act=entry&id=36

    Last Saturday, MoDaCo (the world's largest smartphone community) held a get-together for their forum members. Unfortunately the positive community spirit was soured by an individual who decided to steal one of the charity raffle prizes - a C550 mobile phone.

    On Monday, Paul O'Brien (MoDaCo founder) contacted me with information on the stolen phone's IMEI number. I operate the SPV-Developers community which offers the free online SPV-Services unlock tool for this type of phone. It seemed likely that the thief would attempt to remove the SIMLock using this service in order to switch the phone to a non-UK network - bypassing the UK's IMEI blacklist which renders stolen phones useless.

    Initially it seemed like there was little I could do to help. The SPV-Services server was not programmed to log the IMEI numbers of it's users. It seemed like a dead end, until I remembered something. When a user unlocks their phone, our server keeps a backup of the phone's first flash block (kept for a few days, in case the changes need to be reversed). This block contains 64kB of RSA-encrypted data such as the phone's SIMLock state, Carrier ID, and other concealed information - it seemed likely the IMEI would be buried within it. Shortly my suspicion was confirmed - after decrypting the block, the IMEI can be found inside (albeit scrambled with a simple transposition).

    I started writing a short script - which would check each backup in turn to see if it originated from the stolen phone. After 30 minutes of writing, testing, and running the script - we had a match! The stolen phone had been unlocked. The creation timestamp on the backup file gave us an exact time - August 21, 2005, 10:18:32 PM.

    The next step was cross-referencing this information with our web server logs. When a user uses our software to unlock their phone the software uploads the encrypted block to our server, which sends back a list of modifications which need to be made in order to remove the SIMLock. As we knew the exact time when this happened, we could find the corresponding web server entry :

            2005-08-21 22:18:32 POST /services/simlock_2.php - 82.163.137.156

    Bingo! I passed this IP address back to Paul who cross-referenced it with Modaco's database. From this, he was able to identify the guilty member. A quick lookup confirmed that the IP was used by the account "Cocky" - a member which had attended the get-together. The event registrations contained the name of our theif, and his mobile number. The next day, Cocky (AKA Krassen P.) received a short phone call:

            Paul: Hi, this is Paul from MoDaCo.
            Cocky: Er, Hi.
            Paul: You have something of mine, and I want it back.

    Not surprisingly, Paul could hear the faint sound of the guy crapping himself at the other end of the line. The phone was returned, via special delivery, the following day. Moral of the story - even if you're enough of a cunt to steal from a charity raffle, don't be fucktarded enough to steal a phone from a community of phone experts.

    1. Re:text of the article by Necrobruiser · · Score: 5, Informative

      I assume you are referring to the use of the word "cunt"?

      From http://en.wikipedia.org/wiki/Cunt : "In British usage it is mainly directed at men, and is considered an insulting swear word."

      I feel sorry for all of the people in your life, you probably have some of them fooled into thinking that you're not a judgmental ass.

      --
      "I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
    2. Re:text of the article by shirai · · Score: 5, Informative

      Another slightly more detailed account of the same event:

      Detailed Account

      Mono, Orange and Microsoft arrived early, and set out all of the stuff for the event... including the raffle prizes. The prizes were, foolishly it seems, laid out in the corner... footballs, kites, goodies and an SPV C550!

      We are not entirely sure at which point the phone was stolen... but a number of people witnessed what appeared to be the C550 being wrapped in a cardigan and placed in a bag along with a couple of other items including an Orange football, and a kite that was apparently discarded.

      At some point, probably prior to the raffle, the thief or his companion probably left the building, and took the C550 somewhere for safe keeping.

      As those present at the event will know, when the theft was discovered, Monolithix (who should be commended for staying calm!) offered the thief every opportunity to return the phone with no comeback, pointing out the phone would be useless anyway as it would be blocked on all UK networks... but nobody came forward. Having spoken to 'cocky', he said he was afraid to come forward.

      At this point, there was not a lot more we could do... we liaised with the staff at the Microsoft building, and determined that although there was no CCTV in the room, there was CCTV in the foyer.

      On the following Monday, I contacted Orange to ask for the IMEI of the stolen phone so that we could conduct investigations, which Orange duly provided. I also investigated whether we could determine whether the stolen phone had been used with an Orange SIM (99% necessary if the thief unlocks the phone), and Orange confirmed that they could do this, albeit with a 1 week delay. This provided us with one possible avenue... although for Data Protection reasons, pursuing this route would have required the action to be taken with the Police.

      I considered it very likely that the thief would have tried to unlock the phone... so armed with the IMEI of the stolen phone... I contacted the key players in the C550 unlock scene, Florin from IMEI-check and zone-mr from SPV-Developers.

      Florin confirmed that the phone had not been unlocked with IMEI-check... however zone-mr couldn't confirm immediately, as he only retains an temporary backup of encrypted data from the phone, which he wasn't sure included the IMEI

      A couple of hours later, on Monday evening, zone-mr contacted me to let me know he WAS storing the IMEI... and we had a match! Our thief HAD unlocked his C550... at 10:30pm on Saturday in fact! Even better news... careful analysis of the server logs on the spv-developers unlock server gave us the IP address of our thief!

      The next step was to find out as much information as possible about the thief. We determined their ISP and some other information, and thought about how to proceed. On an off chance that the thief was foolish enough to unlock the phone from the same connection they used to browse MoDaCo... I checked out the MoDaCo logs, and the MoDaCo sessions table.

      Success!

      Our thief was logged on, and the logs were full of the IP address in question... all pointing to one user.... COCKY!

      Cross matching this address with the Event registration list confirmed that cocky HAD attended the event... and not only that... upon further consultation we determined that cocky was the person that witnesses had cast suspicion on.

      The next step was how to decide how to proceed, armed with the evidence that we were sure conclusively led us to our thief. I stayed up late on Monday night and prepared a dossier of evidence, with excerpts from server logs, witness statements etc. to pass to the Police. After a late night... I decided to sleep on it before deciding how to proceed.

      Tuesday came, and I decided that I was going to contact the Police... and spoke to both our contacts at Orange, and a contact at Orange security, about how to proceed. As the morning prog

      --
      Sunny

      Be my Friend

  2. Re:Interweb? by otomo_1001 · · Score: 3, Informative

    Nope. Wikipedia disagrees. But mentions Intarweb as an alternate spelling. http://en.wikipedia.org/wiki/Interweb

  3. Howard forums are MUCH larger than modaco by Anonymous Coward · · Score: 2, Informative



    Howard forums are MUCH larger than modaco, re: smartphones. See for yourself.

    http://smartphone.modaco.com/index.php

    has:

    414 user(s) active in the past 30 minutes
      379 guests, 35 members 0 anonymous members

    while

    http://howardforums.com/

    has:
    Currently Active Users: 3410 (1128 members and 2282 guests)

    This 7+ minute wait between replys is excessive. I'll contact my councilwoman... when she gets back from her vacation.

  4. Re:can you say misogyny? by GreenHell · · Score: 5, Informative

    cunt
          noun (vulgar slang) 1. a woman's genitals. 2. an unpleasant or stupid person.

    You've obviously never heard UKers insult someone before.

    --
    "I won't mod you down - I feel the need to call you a twit explicitly, rather than by implication."
  5. Link to MoDaCo's forum rules about privacy. by Anonymous Coward · · Score: 2, Informative

    http://www.modaco.com/index.php?act=Reg&CODE=00

    "You agree, through your use of this service, that you will not use MoDaCo to post any material which is knowingly false and/or defamatory, inaccurate, abusive, vulgar, hateful, harassing, obscene, profane, sexually oriented, threatening, invasive of a person's privacy , or otherwise violative of any law. "

  6. Re:Good thing this was in the UK... by Dun+Malg · · Score: 2, Informative
    Good thing this was in the UK... seems like decrypting the info to retrieve the IMEI information would violate the DMCA here in the states.

    No, because the encryption is not for the purpose of controlling access to copyrighted material. DMCA is about copyright, not encryption.

    --
    If a job's not worth doing, it's not worth doing right.
  7. Re:The rat speaks by permaculture · · Score: 2, Informative

    Here, Paul posts a fuller account of the story including some details about Orange, and other involved parties.

    http://www.modaco.com/MoDaCo_Summer_Event_2005_C55 0_theft_SOLVED_-t227175.html

    Excerpt:

    Me: Hi, this is Paul from MoDaCo.
    Cocky: Er, Hi.
    Me: You have something of mine, and I want it back.
    Cocky: So what do we do now?
    Me: Do you still have the phone? Have you sold it?
    Cocky: I still have it - minus the box. What are you going to do?
    Me: I'm giving you one chance... send me the phone, via Special Delivery, today, and I will not go to the Police. I'm gonna ban your ass for life and expose you on the forum, but I won't go to the police.
    Cocky: OK

    --
    Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
  8. Re:can you say misogyny? by lililalancia · · Score: 2, Informative

    As a fellow Geordie I can assure you the language is totally in character when dealing with a fu*kwit of this order.. http://www.viz.co.uk/ and use the profanisaurus for some more choice expletives that also apply!

  9. Re:You are missing the real issue. These guys are by Zone-MR · · Score: 4, Informative

    I'll bite this troll.

    We have repeatedly stated that we keep a TEMPORARY backup of the flash block we change - generally as a precaution in case we screw something up and need to restore the phone.

  10. Re:Happened to me by Geekboy(Wizard) · · Score: 2, Informative

    CMDA is the scheme used in the most of the US (sprint, verizon, boost, metropcs, etc). rather than having a sim card, the functionality is built into the phone itself. which means you have to call the phone company to change phones.

    yes, I know it totally bites. but in the states, cingular and t-mobile are gsm.