Stolen Laptop Calls In! - Will Police Act?

broswell asks: "We rent computer equipment and occasionally our equipment gets stolen. I wrote a little VBS script that calls our webserver every hour (script below) and installed it on our laptops. Sure enough, some laptops went missing. One of the stolen laptops is now calling in from a Verizon Internet account which appears to be in a neighboring town. The Baltimore City Police grudgingly filled out a police report 'so we could collect insurance' but don't seem willing to subpoena Verizon, find the address of the end user, recover tha laptop and prosecute the thief. They seem clueless. The Maryland State police has a computer crimes unit. The have a clue, but they claim they don't have jurisdiction. It is not about the money (our customer signed for the computers and will pay for the stolen items), we just want justice." With all of the necessary information in hand of the proper authorities, how likely is it that the stolen laptop will be recovered?

For those interested, here is the script the laptop used to report itself back to its owners:

Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec("ipconfig /all")
strIpConfig = objScriptExec.StdOut.ReadAll
myvar = "send=" + strIpConfig

do until 0=1
on error resume next
a=HTTPPost("http://www.yourtrackinghost.com/cgi-bin/locator.pl",myvar)
WScript.Sleep 3600000

LOOP

Function HTTPPost(sUrl, sRequest)
set oHTTP = CreateObject("Microsoft.XMLHTTP")
oHTTP.open "POST", sUrl,false
oHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oHTTP.setRequestHeader "Content-Length", Len(sRequest)
oHTTP.send sRequest

HTTPPost = oHTTP.responseText
End Function

Media

[MeanMF]

If the police won't do anything, call the local press.

Re:Media

[Mr.+Byaninch]

I agree. Police aren't very receptive to ordinary citizens solving crimes and then asking the cops to finish the job. I had a friend who had a check stolen from a USPS blue mailbox. The thieves 'washed' the check and rewrote it for enough to cover a bunch of Gateway computers. Gateway had some problem (that I don't recall) with something that was on back order and called the phone number on the order, which (dumb criminals) was the same as on the check. My friend already had found out a check had been hijacked when other stuff started bouncing. So she got the shipping info - address, tracking # and date - and then took it to the cops. All they had to do was go to the address and arrest whoever accepted the package. Guess if they did. NOT. All they did was 'take a crime report'.

Cops are probably offended when citizens bring them solved crimes. They're a strange bunch. Anyone who knows one will confirm that. Unless that someone is dating or married to one, in which case that someone is also a strange one. :)

So I agree. Go the police first, and when they won't 'solve' the crime, tell the media. A local news channel's 'Consumer Watchdog' or whatever they're called in your town is the best bet. It's not really news for the normal broadcast, but it's juicy stuff for those 'we help our viewers' segments.

Re:Media

[Bios_Hakr]

And make sure to tell them something realy important was on there. Like the names and addresses of the people who attended last year's Police Ball.

Or maybe Baltimore police don't have balls?

In all seriousness, file a "John Doe" civil suit in the ISPs district. As part of the action, ask for discovery on a specific IP address. Since you are filing against John Doe, Verizon will most likely consent. Once you have the name and address of the theif, drop the John Doe case and go back to the police with the guy's name, address, phone number, photos of his house and dog. At this point, either the police press charges, or you lodge an official complaint against the cops.

Look at the following article about how the RIAA uses IP addresses to find people. You should be using similar tactics. Do some sleuthing once you have the address. Make sure you aren't going after some poor bastard with an open WAP while the real theif lives right next door.

Going to the press is a bad idea. The theif is very likely to see the story and will move to dispose of the property.

Re:Media

[ryanr]

Yeah, I'm sure no one will mind if Verizon gives out customer info without a subpoena. A phone company would only do that kind of thing under rare circumstances.

Re:Media

Good idea, but wrong order. Give Verizon a chance to be the good guy. Call their publicity department first. If they make excuses, then call local media.

Why do I get the feeling that you think "being the good guy" equates to giving out their customers' private data without a court order? It really isn't their job to substantiate the cover story or judge their customers. We have courts for that.

Going through the police is the right way. If they're not doing their job, then publicise that fact. If the shop wants an alternative then they should talk to a lawyer about the possibility of suing the John Doe for something (trespass to property?) and getting a court to order Verizon to provide details that way.

Re:Media

[jamesh]

I'd be calling your insurance company next. They have an interest in getting the stolen goods back too, in that then they don't have to make a claim.

The whole situation is pretty silly though. You're basically handing the police a solution on a plate. They won't have to do too much detective work to get a result, and even if it doesn't end in a conviction, at least they's be showing you that 'the system works', and on a slow news day they might even get a _positive_ write up in the local media.

Re:Media

[log0n]

It's most likely Baltimore Police. There was a big expose here about the BCPD forging or failing to take reports, browbeating victims to not press charges... a lot of really heinous stuff. Apparently it was done to try to keep reported crime levels artificillay low to help the mayor get elected to governor. There's been a lot of stink about it in certain news organizations.

(tired - can't spell)

Re:Media

[bluprint]

Follow the money. There isn't any money in solving such crimes. They are too busy generating profits via traffic and parking tickets and such. Why bother with an actual crime that will use resources when they can target basically good people for cash?

Re:Media

[julesh]

As other posters have said, verizon will need a court order before they can hand out this information.

But: there's little to stop you from getting one yourself. File a claim for recovery of property against an unknown party. Put a motion before the judge asking for an order that verizon disclose any and all information they have about that IP address, including an explanation of how you know that the IP address is involved. This is as much information as the RIAA have when they make their claims -- you should be able to do exactly the same thing as they're doing.

Then, once the party is identified, they'll be served with all the relevant documentation. You go to court, claim they have property that belongs to you, and request an order that it is returned, along with compensation for your loss of use of it in the interrim.

If you do your homework, you shouldn't even need a lawyer for a case this simple.

Disclaimer: I know little about US civil procedure. What I describe would be possible in the UK, and I understand based on a little reading that procedure is roughly similar in US courts.

Explained it wrong

[Geoffreyerffoeg]

Think they understood the VBS? Now I know that you didn't directly throw that VB at them, but still.

Explain that your computers connect to the work network and log in, and you noticed that there was a computer trying to "hack in" from another town. Your security people found that the computer was your own computer, one that had been reported stolen.

Spin it in a way they'll understand.

Re:Explained it wrong

[plover]

Hate to disappoint you, but no cop will bother with fingerprints for a simple auto burglary. It's a simple matter of priorities. There are way too many things for the police to do than track down petty criminals.

The biggest reason is that even if they did pull good fingerprints from your window, tracked them to a known criminal, got a warrant, entered his place, and found him along with your stereo in his bedroom, the criminal would get an average sentence of a few days to a few weeks, (most likely suspended,) plus probation and possibly reparations.

But that entire scenario is highly unlikely, from the first assumption to the last. Too many people see smeary fingerprints taken on CSI and assume that every precint has a "Bat Computer" sitting in the back where they can just upload a print and out pops a name and an arrest warrant. And every one of those people expects the same care devoted to catching a car-stereo thief.

There's just nothing in it for the lesser crimes. No real punishments, just a lot of work for absolutely nothing resembling justice. Someone might take pity on you if you didn't have insurance, but even that's highly unlikely unless the value of the stolen merchandise was high.

The cops will definitely take it seriously if there's been a violent crime (again, keep in mind the difference between what you'd consider a serious assault and what they'd consider serious.) And even then, the backlog clogging the BCA labs usually runs over a year before forensic evidence is processed! There are simply too many criminals and too many crimes at this point in history.

Stolen Sidekick Part 2: The Missing Laptop

[SocialEngineer]

Start a blog. Link to it from /. (just post a comment). Get worldwide exposure. Post the IP address and whatever information you can find on the user (without resorting to illegal means). Get people interested in your cause, and get your local paper to publish something. It may piss the police off, but they'll actually do something by then, hopefully.

Re:RIAA

[MBCook]

Receiving stolen property, they are guilty. If they bought a nice laptop for $200 then they had to know it was stolen (especially since it probably had tons of business documents on it, if it's phoning home it hasn't been wiped). I doubt they bought it in good faith. If they DID (say they paid a decent amount that would buy them such a laptop) then they could get out of the charges by pointing out where they got it. I doubt the DA would press charges on them if they pointed out where they got it from and would testify to that fact.

If they bought it from a pawn shop or used computer shop or something, that shop is liable (I think) and they may still not have claim to the laptop. Both should have questioned the sale of this laptop with all the business stuff still on it (and even more.. selling it like that).

Still, crooks are, by and large, idiots. I would bet the original thief (or a direct relative/girlfriend/boyfriend) has the thing.

Either way, you would think the cops would be all over this one. Grand theft (the laptop cost over $1000 new, right?), known location (more or less, but it keeps phoning home), easy catch, and 100:1 odds that this is NOT the first/only crime the guy has committed (probably has a few other hot items near him).

I agree with one of the other comments. Go to the media. "His laptop was stolen, and he knew where it was... but the police wouldn't do a thing. Why your stuff isn't safe... tonight at 10." Or sue the department (that always gets things moving, just the threat with a nasty-gram should do). Or go talk to the DA. A case like this (likely a slam dunk) you would think they would want to take. They probably don't know about it and could get the police to go do something.

FYI

[way2trivial]

grand theft, although it contains the word 'grand' means more substantial theft than 1000, and the value is extremely variable on a per community basis..

http://wordnet.princeton.edu/perl/webwn?o2=&o0=1&o 7=&o5=&o1=1&o6=&o4=&o3=&s=grand%20theft

Call the FBI

[Joe+U]

You could always call the FBI and have them charged for breaking into secured computer systems, being:

1. The laptop
2. The server

Re:Legal sys cost money ... but we already paid!

[Pantero+Blanco]

"So, what this amounts to is some police officer saying ... "they'll get a nice new replacement anyway, why bother tracking the crooks, it's only one laptop"."

One of the first things I learned in primary school was that most people in places of authority don't care about dispensing justice unless the incident directly affects them. They'll always rationalize their way out of having to do anything. If you want anything done, you have to call them out in front of a crowd so it makes them look like an asshole if they try to ignore you.

Re:Tort: Conversion

[grolaw]

Conversion is a start. 18 U.S.C. 2510 et seq., the Electronic Communication Privacy
Act; 18 U.S.C. 1030 et seq., the Computer Fraud and Abuse Act as amended
by the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984,
specifically including 18 U.S.C. 1030(a)(5)(B) would be a far better choice for a causes of action.

You get attorney's fees, compensatory damages and, there is a collateral criminal charge available. Once your attorney has nailed the defendant the U.S Attorney's office will have some oung turk who will come in and pick up a slam dunk for a notch in his/her belt.

Conversion is a common law action and it is a reasonable cause - but Trover would be a better action as it reaches the cognizable personal property (data) as well as the machine.

This is not a difficult cause to pursue. I've done it several times myself. My first was in 1993 and last was 2002. This is neither rocket science nor high-dollar litigation.

Act fast before the thief kills the script.

OH, don't forget to ask for injunctive relief - like a LIFETIME BAN ON INTERNET ACCESS.

It won't take very many lifetime bans before the cost of a stolen laptop gets around....

Re:laughable hypocrisy

[penix1]

Yet you would be the first one screaming if Verizon did just hand over the info to an unverified accuser (BTW; IIRC, Verizon was cleared of the allegation you are thinking of AT&T who is still under the gun). That is the whole point of doing "John Doe" suits by the **AA first. This guy should contact a lawyer to handle this correctly. That is what they get paid for. As for the police, that can be handled by filing a complaint then letting your lawyer handle that situation.

This case aside, jurisdiction is tough to set in computer related crimes because of locations involved. Usually it is the FBI who handles them because they have jurisdiction across state lines.

B.