Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stolen Laptop Calls In! - Will Police Act?

Posted by ryuzaki0 on

broswell asks: "We rent computer equipment and occasionally our equipment gets stolen. I wrote a little VBS script that calls our webserver every hour (script below) and installed it on our laptops. Sure enough, some laptops went missing. One of the stolen laptops is now calling in from a Verizon Internet account which appears to be in a neighboring town. The Baltimore City Police grudgingly filled out a police report 'so we could collect insurance' but don't seem willing to subpoena Verizon, find the address of the end user, recover tha laptop and prosecute the thief. They seem clueless. The Maryland State police has a computer crimes unit. The have a clue, but they claim they don't have jurisdiction. It is not about the money (our customer signed for the computers and will pay for the stolen items), we just want justice." With all of the necessary information in hand of the proper authorities, how likely is it that the stolen laptop will be recovered?

For those interested, here is the script the laptop used to report itself back to its owners:

Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec("ipconfig /all")
strIpConfig = objScriptExec.StdOut.ReadAll
myvar = "send=" + strIpConfig

do until 0=1
on error resume next
a=HTTPPost("http://www.yourtrackinghost.com/cgi-bin/locator.pl",myvar)
WScript.Sleep 3600000

LOOP

Function HTTPPost(sUrl, sRequest)
set oHTTP = CreateObject("Microsoft.XMLHTTP")
oHTTP.open "POST", sUrl,false
oHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oHTTP.setRequestHeader "Content-Length", Len(sRequest)
oHTTP.send sRequest

HTTPPost = oHTTP.responseText
End Function

10 of 303 comments (clear)

  1. RIAA by the+eric+conspiracy · · Score: 5, Funny

    Your best hope is that now that you have the IP you can hack into the laptop and install a BT server with lots of nice pop music and videos. Then report the sharing site to the RIAA and watch them take this sucka down.

    1. Re:RIAA by MBCook · · Score: 5, Insightful

      Receiving stolen property, they are guilty. If they bought a nice laptop for $200 then they had to know it was stolen (especially since it probably had tons of business documents on it, if it's phoning home it hasn't been wiped). I doubt they bought it in good faith. If they DID (say they paid a decent amount that would buy them such a laptop) then they could get out of the charges by pointing out where they got it. I doubt the DA would press charges on them if they pointed out where they got it from and would testify to that fact.

      If they bought it from a pawn shop or used computer shop or something, that shop is liable (I think) and they may still not have claim to the laptop. Both should have questioned the sale of this laptop with all the business stuff still on it (and even more.. selling it like that).

      Still, crooks are, by and large, idiots. I would bet the original thief (or a direct relative/girlfriend/boyfriend) has the thing.

      Either way, you would think the cops would be all over this one. Grand theft (the laptop cost over $1000 new, right?), known location (more or less, but it keeps phoning home), easy catch, and 100:1 odds that this is NOT the first/only crime the guy has committed (probably has a few other hot items near him).

      I agree with one of the other comments. Go to the media. "His laptop was stolen, and he knew where it was... but the police wouldn't do a thing. Why your stuff isn't safe... tonight at 10." Or sue the department (that always gets things moving, just the threat with a nasty-gram should do). Or go talk to the DA. A case like this (likely a slam dunk) you would think they would want to take. They probably don't know about it and could get the police to go do something.

      --
      Comment forecast: Bits of genius surrounded by a sea of mediocrity.
  2. good luck with that by grapeape · · Score: 5, Interesting

    I had a laptop and 2 desktops stolen from my van in the parking lot next to the police station in downtown KC. One of my side windows as well as the windows of 3 other vehicles were broken out. The police department couldnt even be bothered to walk downstairs to file a report and told me I would need to phone it in, I called and the detective said I wasnt likely to get it back but he would get back to me. Later that night after I was home my work aim account logged itself online. I got the IP called the police department with the info, was called back the next day and reprimanded for "interfering in police work". Anyway I stopped interfering, 2 years later and I guess they are still busy doing "police work" because I have never heard back from them. I guess I learned my lesson, dont bother. Now when I have to be downtown I just leave the doors unlocked, its alot cheaper than replacing the windows. I've actually managed to make a game out of it, I no longer have to take old computers to the salvage place, I just load them in the van and take them downtown.

  3. Re:Media by Mr.+Byaninch · · Score: 5, Insightful

    I agree. Police aren't very receptive to ordinary citizens solving crimes and then asking the cops to finish the job. I had a friend who had a check stolen from a USPS blue mailbox. The thieves 'washed' the check and rewrote it for enough to cover a bunch of Gateway computers. Gateway had some problem (that I don't recall) with something that was on back order and called the phone number on the order, which (dumb criminals) was the same as on the check. My friend already had found out a check had been hijacked when other stuff started bouncing. So she got the shipping info - address, tracking # and date - and then took it to the cops. All they had to do was go to the address and arrest whoever accepted the package. Guess if they did. NOT. All they did was 'take a crime report'.

    Cops are probably offended when citizens bring them solved crimes. They're a strange bunch. Anyone who knows one will confirm that. Unless that someone is dating or married to one, in which case that someone is also a strange one. :)

    So I agree. Go the police first, and when they won't 'solve' the crime, tell the media. A local news channel's 'Consumer Watchdog' or whatever they're called in your town is the best bet. It's not really news for the normal broadcast, but it's juicy stuff for those 'we help our viewers' segments.

    --
    Sig not available, please try again later. If the problem persists, then the submitter is an idiot.
  4. Re:Media by Anonymous Coward · · Score: 5, Insightful
    Good idea, but wrong order. Give Verizon a chance to be the good guy. Call their publicity department first. If they make excuses, then call local media.

    Why do I get the feeling that you think "being the good guy" equates to giving out their customers' private data without a court order? It really isn't their job to substantiate the cover story or judge their customers. We have courts for that.

    Going through the police is the right way. If they're not doing their job, then publicise that fact. If the shop wants an alternative then they should talk to a lawyer about the possibility of suing the John Doe for something (trespass to property?) and getting a court to order Verizon to provide details that way.

  5. This could be fun by RealityMogul · · Score: 5, Interesting

    First off, nice job with the script. Now, take it a few steps further. Let that script connect as it is, but let the server return a status indicator as to whether or not the machine is stolen. If it is - let the script modify IE, Opera, and Firefox configuration settings to use a proxy installed on a server you own. Preferably a proxy that can be set to log EVERYTHING. Just wait for them to log into something with clear text username/password, like most e-mail accounts from major providers use. Shouldn't be much of a leap to get enough info on him/her to pinpoint their street address.

  6. Re:Media by Anonymous Coward · · Score: 5, Interesting

    I work for a major PD as a Specialist Reserve Officer. My thing is breaking into computers to obtain evidence when the casual attempts fail. After a couple of conversations with a deputy city attorney , it appears that it is extremely difficult to obtain a filing, much less a conviction, unless the suspect is caught in an illegal act and seen doing so by the eyes of several officers. The greatest cases I've seen were never even filed. I've worked with the feds on some cases and we've been extremely careful not to pollute the original hard drives, but our cases don't even get filed because there's an element of doubt in someone's mind, somewhere along the line. We've handed felony cases to the DA that could be called Silver Platter, but they were not filed because they have higher priorities. Their focus is on violent crime, at least where I do this stuff. If you're just an average Joe like me, I think the police don't give a high enough priority on your loss to give you a second thought. I'm sorry for those in your shoes, but I tend to agree with their priorities.

  7. Re:Good luck by kfg · · Score: 5, Funny

    I know it was the Bahamas but isn't that technically part of the US?

    Yeah, but only in the same sense that Cuba and Panama are technically part of the US. Something about being independant nations makes them pissy about our law enforcement mucking around inside their borders for some reason.

    Hell, Cuba and Panama have been know to shoot at mainland cops. What's with that?

    KFG

  8. Re:Media by bluprint · · Score: 5, Insightful

    Follow the money. There isn't any money in solving such crimes. They are too busy generating profits via traffic and parking tickets and such. Why bother with an actual crime that will use resources when they can target basically good people for cash?

    --
    A modern day witchhunt.
  9. ThatScript v2.0 by entendre+entendre · · Score: 5, Interesting
    Phoning home is one thing, but even better would be to phone home and then download any little executable that it finds there. These could do a variety of things:
    • Upload any non-trivial IP from the laptop to the server, since that's probably the last chance you have to keep it.
    • Taunt your local police. ("Hi, I'm sending this email from a stolen computer and i just wanted you to know that you're never going to catch me because you're all a bunch of fat lazy slobs. Crime does pay, bitches!")
    • Taunt the theives' local police. ("Wanna buy a laptop? I got three more just like this one, ready to go, super cheap.")
    • Install a key logger, get his credentials. Post things all over the internet with the theif's ID (e.g. his next MySpace diary entry will be "so my friends and I stole some computer gear last week...")
    • Append random obscenities into every email that exits the computer ("P.S. I fucked your mom too.")
    • Random pseudo-malware "attacks" on police station web servers - nothing that would bring the server down, but enough to take the IT department's attention. It is possible that their heads are so far up there asses that nothing can reach their brains, but I think there's a fair chance that their IT depeartment can still get through to them.
    • To be continued...
    Surely there is more to add to that list. Remember - you have plausible deniability. Your computer was stolen by an egomaniac hacker who loves to taunt police and do unspeakable things to sheep.

    However I do recommend against the P2P thing suggested earlier. That might just move your computer from the theif to an evidence locker while the RIAA does their paperwork. That sounds counterproductive.