Best Way To Get Back a Stolen Computer?

davidphogan74 writes "I have some stolen computers checking in with a server we have (software pre-loaded), and I have full access to the systems. What's the best way to deal with this situation? The local police (to the theft) have been contacted several times and seem to be clueless. I personally have no financial interest in these computers, I just don't like atom-thieves. What's the best way to handle knowing the IPs, email addresses, MySpace sites, the Google login, etc. when working with law enforcement? The officer I spoke with (who genuinely seemed to care) didn't know an IP address from a mailing address, so I called others. Nobody cared. Anyone have any ideas?"

You need to use the police to get the ISP's info

The ISP can tell you who is at an IP address, and from that, you can find your computers.

Across State lines?

[nurb432]

Then call the FBI, they do have some experience in this sort of thing.

Re:Across State lines?

[dhasenan]

The FBI won't intervene for less than $5000 worth of stolen goods, generally.

Work for the NSA and get a computer with top secret (but not especially sensitive) data on it. When that gets stolen, you'll have a black ops team using the thieves' home as a training facility for an evening. That happened to my friend, once. (He had an NSA-style briefcase with builtin microphone, cell phone, radio transmitter, and GPS unit that was stolen. He himself did not steal such an item.)

Re:You need to use the police to get the ISP's inf

confidential data such as that can only be obtained with a court order ... unless you're sneaky and can somehow convince tech support or a CSR to give you the information.

Log information, find out who they are.

[urbanriot]

If you have full access t to the system, start logging EVERYTHING. I'm sure eventually you'll find someone going to a myspace, facebook or checking email.

Write down the IP address, find the ISP and call them and ask them to log that you called with the date and time, and the IP address. I wouldn't expect you to tell you who it is, but have them log the user at that time so you can reference it later.

Computer Crimes division?

[djc6]

My brother's desktop computer was stolen in NYC. He started showing up on Instant Messenger, and some young kids were using the computer and accepted a video chat request! From there I had their IP address. The detective handling the case had no idea what I was talking about, but it turns out NYC (and maybe your municipality) has a computer crimes squad. My brother contacted them directly with the IP address I retrieved, and they were able to recover the computer pretty quickly! So try and find if there is a department that handles electronic fraud, computer crimes, that sort of thing.

I actually do work for a PD.

[UncHellMatt]

And we handle this regularly. The department local to where the thefts occurred should have been notified in the first place and a police report filed. If you've done that, there will be an officer associated with that report. Get in touch with him/her directly with the information you have. If you can't, find out who the detectives are for that PD and get in touch with them. If you can gather any and all information you've got regarding IP addresses, etc., put it all together before getting in touch.

Unfortunately, if they're not remotely tech savvy and/or simply afraid of technology, it may take some prodding. Most state police agencies have teams specifically tasked with this sort of thing, so it may be that you have to contact your state's police for help.

When you bring any documentation, also make sure you have estimated costs of all the hardware. That will sometimes help get people's attention, being able to say it's X number of dollars. Not saying it's right, but much of the time you run into departments who won't pay much attention to "petty" thefts, but will take notice of $2000 or more. There have been a number of /. stories regarding people in your situation tracking down stolen computers. You might try searching for those or Google articles and blogs about the steps folks have taken when facing lackluster police response.

Re:I actually do work for a PD.

[dgatwood]

All the hardware and all the software. Not just the hardware. If they stole a $700 copy of Photoshop (retail), for example, that can push the dollar figure way up.

I would also add that your best bet is to contact the upstream ISP for the IP number and inform them of the situation. Let them know that you need to work with police on it and need to know what city it is in so that you can get a local PD to follow up. They won't give you the address without a warrant or court order, but they should be willing to give you the city. Once you know what city it is in, you can then contact their PD and follow up with their computer crimes division, assuming they have one. If they don't, ask who their most computer-savvy officer is. They're bound to have at least one or two people who help maintain their website on the side as a minimum. Try to work with that officer (or if it's a non-officer staffer, try to work with an officer through them since having somebody who understands tech who the officers already know will put you in a better position as far as getting them to trust you).

Do a traceroute to the IP number (or if it's behind a wormhole route, do a traceroute from their IP to www.google.com or something) and see if you see any useful domain names in the trace. If so, it doesn't matter who owns the netblock. Go to whoever owns the domain. If, for example, you can track it to a university campus, you're in even better shape, of course, as they are more likely to work with you without the need to get a warrant if you can show that the computer is stolen and that you are in control over a computer on their network. They are also likely to be technically competent as would an ISP, but unlike an ISP, they have user agreements that almost certainly allow them to investigate their users. Then, ask them to help you work with the campus cops to get your laptop back.

Re:Go to a lawyer

[catmistake]

As with any civil case, the police are not going to be a driving force to pursue a theft

FYI Theft is criminal, not civil, how serious depends on the dollar amount. Most thefts under $1000 are misdemeanors, over that is felony theft and these crimes are certainly under the pervue of your local and state police (unless its interstate, in which cases the FBI has jurisdiction).

Re:You need to use the police to get the ISP's inf

[Zeinfeld]

You should certainly be investigating this as an employer. It is very likely the computers were stolen by employees you would like to stop employing before they steal more from you.

What you need to do here is to contact a specialist computer crimes department. This will not be a new situation to them and they will recognize the fact that there is a very high probability of an arrest and recovery of the stolen goods.

The first thing to do would be to find out if the computers were officially reported stolen. If so you need to report the development to the police force where the theft was reported. Otherwise make out a report.

Once a report is made it counts on their local statistics and the police have to take it seriously - we are talking about several thousand dollars here.

There may not be a computer crimes dept on your local force but they should certainly have access to those resources. Find out which force is responsible for investigating kiddie porn - those guys would usually pretty much prefer to be doing anything else for a change, after a short while its like shooting fish in a barrel.

You can certainly help by collecting as much information as possible. For example, log the IP addresses that the machines are using. Then use reverse DNS lookup to find the ISP.

If you still can't get anywhere, contact me at hallam@dotfuturemanifesto.com and I can pass the issue on to folk I know. They may not be able to help you direct but they will know someone who can.

The reason that so much time and effort is poured into investigating kiddie porn rather than bank fraud is not simply the nature of the crime. Its the fact that they have a defined process that delivers highly predictable results. If we could design a process for delivering collars in phishing fraud we would have no difficulty making it a higher police priority.

It seems to me that this is an area where we can easily set up a predictable recovery process that delivers collars.

Re:If you don't care about getting them back...

[Kamineko]

That's not bricking. That's nowhere near bricking.

Re:Escalate the Issue to the FBI

[Jack9]

Many ppl mistakenly assume the FBI deals with computer fraud, electronic credit card theft, etc. It is actually under the Secret Service who have VERY good people working for them. //have had to call them

Re:Go to a lawyer

[nomadic]

FYI Theft is criminal, not civil, how serious depends on the dollar amount. Most thefts under $1000 are misdemeanors, over that is felony theft and these crimes are certainly under the pervue of your local and state police (unless its interstate, in which cases the FBI has jurisdiction).

Many crimes also constitute individual civil torts. If someone comes onto your land and steals your irrigation system, that's larceny or burglary, but it's also conversion, and you can be sued for it. If you know who took it and have supporting evidence you can just a file a lawsuit against the person.

Re:You need to use the police to get the ISP's inf

Good suggestions.

Here's something simple I did for a client before two of their computers got stolen:

I wrote my company name and phone number on their computers(in pencil.) And I assigned them a name, in this case it was something like, "J.C.C.11" and "J.C.C.12." When they got robbed, they thought all was lost. Then they got a call from a nearby police department, asking if they had computers stolen. They asked them to come and pick them up. They called me to go with them to ID anything else that I might recognize as being theirs. If someone steals once, they'll probably steal twice.

MAC Authentication

I was able to retrieve a stolen computer using the MAC address once it was activated on another ISP. Book' em Dano

Re:Easy! Make some money.

[grolaw]

Wire fraud. Swift. Enjoy the jail time. Banks do have the power (and, the requisite number of losses) to have a $2k theft with wire fraud/identity theft prosecuted.

Re:You need to go beyond the law.

Sorry to piggyback on you Squiddy. Perhaps some kind soul will mod this relevant comment up.

SO1-06113169-C

If anyone at Sony can match a NIC signature to this please post. Sooner or later the idiots are going to plug it in.

http://news.bbc.co.uk/1/hi/england/london/7489064.stm

Re:Go to a lawyer

[nomadic]

Why anyone would wish to pursue this before or instead of a (free or state funded) criminal prosecution I have no idea.

Because there are different remedies and a different burden of proof. In a state-funded criminal prosecution their main goal is to convict and punish the perpetrator, and they must prove their case beyond a reasonable doubt. You might get your property back, after it's languished in the evidence locker for a year or two. If the property was destroyed or lost, however, the state's not going to reimburse you. In a civil case you can either get the property back or damages, whether or not the property still exists or not, and you only have to prove your case with a preponderance of the evidence.

Anyway it's not an either/or proposition, you are allowed to sue in civil court at the same time the defendant is being prosecuted in criminal court.

My state even created civil actions for the victims of a wide variety of crimes.

Re:You need to use the police to get the ISP's inf

[egburr]

Good luck getting the FBI interested unless large values (well over $10,000) is involved. However, you might have good luck contacting the relevant state's State Bureau of Investigation (the state equivalent of the FBI). They almost definitely would have a cyber-crime department which would have the knowledge to locate the computer with the info you have.

Re:Take a picture

Give 'em to meeee!

Cops get a warrant.

[ukemike]

Uhm, there has been a crime committed you don't need to be sneaky. Arguably the crime was a felony, Grand Theft. Figure out which ISP hosts that IP, goto the cops and tell them to get a warrant to require the ISP to give up their data on the IP. Then have them serve a warrant on that home. Then they go get your PC and throw the thieves in jail.

Re:Go to a lawyer

[nomadic]

People always assume bringing a lawsuit against someone will be beneficial. Again, it costs significant money with zero guarantee of any reimbursment for court costs and lawyers fees, let alone recovering stolen property.

If the property is valuable enough, a lawyer is probably worth the price. If it isn't, you can always just bring suit yourself in small claims court or (depending on how your state court system is set up) county court (which in my state handles cases worth more than small claims court but less than $15,000). Small claims court and county courts don't always use formal evidentiary and procedural rules, and the judges are used to guiding parties through the lawsuit.

Flipping a coin is as good an indicator as anything of whether you'll win in court under any circumstances, no matter how strong you think your case is.

If you have the evidence on your side, and the defendant doesn't really have much of a defense, you're probably going to win. Chance doesn't have too much to do with it.

Re:You have remote root? A few ideas :-)

[packeteer]

Accepting stolen property is only a crime if you know its stolen.

Nope. Possessing stolen property is a crime regardless of if you know it's stolen or not. Sounds ridiculous but its true. The sane part of this whole deal is that you wont be probably wont be prosecuted as long as you cooperate. There is no guarantee of this although its your best chance.

Re:You need to use the police to get the ISP's inf

Or even better, you can set up a cron job to ping a url that you monitor, that is unique and nobody but your computer would be pinging.

That way every time they plug in the network, it'll immediately shout out to you "I'm here and my IP is"

Re:You have remote root? A few ideas :-)

[BillEGoat]

I had to deal with this myself once (tracked down a stolen laptop). The local ordinance is called "receipt of stolen property" and is a crime, but it requires knowledge that that the property is stolen or a preponderance of evidence that the individual should have reasonably known that the property was stolen.

But being in possession of stolen property is enough to give an officer probable cause and you'll probably be charged with something.