Best Way To Get Back a Stolen Computer?

davidphogan74 writes "I have some stolen computers checking in with a server we have (software pre-loaded), and I have full access to the systems. What's the best way to deal with this situation? The local police (to the theft) have been contacted several times and seem to be clueless. I personally have no financial interest in these computers, I just don't like atom-thieves. What's the best way to handle knowing the IPs, email addresses, MySpace sites, the Google login, etc. when working with law enforcement? The officer I spoke with (who genuinely seemed to care) didn't know an IP address from a mailing address, so I called others. Nobody cared. Anyone have any ideas?"

Seems to be common these days

[puusism]

See what this guy did with his irrigation controller:

http://mobile.slashdot.org/article.pl?sid=08/07/04/1228208

Re:You need to use the police to get the ISP's inf

[spyrochaete]

That's a sound idea. It might be a good bit of preventive maintenance to use a dynamic DNS client like No-IP to map the computer's current IP, whatever it may be, to a unique domain name. If your PC goes missing just ping the domain and if it's plugged in you're that much closer to finding it.

On a tangent, some cops DO know the difference

[distantbody]

In fact, recently a crooked Australian cop by the name of Mark Standen working as "NSW Crime Commission investigator" was spied on by way of hacking his computer and recording the webcam output. What was ironic was that the guys job as said investigator meant that he was that he knew (almost) every surveillances tactic in the book! It was a case of a (police anti-corruption) watcher being watched by an inner circle of the same watchers...

Setup a fake myspace page.....

I'll tell you what worked for me when my laptop was stolen in grad school with my thesis on it and my laptop "phoned home" with screen shots of the desktop and the ip addresses it was connecting from.

Setup a fake myspace page with pictures of a cute girl. Friend the dumbass thief, flirt awhile, and then get them to come out on a "date". When you finally meet up with them, bring a few of your own friends with any weapon you deem necessary. Once you meet them and they figure out what is going on, tell them how you found them and let them know if you don't get your property back you will do damage with whatever weapon you chose to bring.

In my case the guy who stole my laptop passed out when he was confronted (very pathetic) and we had to wait for him to wake up. When he woke back up he was still so confused and frightened by how we tracked him down that he gave me twice what the laptop was worth just so we wouldn't call the cops on him because it would ruin his chances at becoming a doctor (apparently he was a med student).

Some people don't like vigilante justice but from what I've seen in the past from my own experience and the experience of my friends and acquaintances, the cops aren't very good at recovering stolen property and I'm not rolling in enough money to be robbed and just shrug it off.

Posted anonymous for the obvious reasons.

forget police

[Tom]

Unless you are extremely lucky (which you aren't, since you tried), you will not get police who cares or knows - one of either, but both is highly unlikely. Not to put them down - most officers with the know-how simply have more important things to deal with than some theft.

If your machines are brand-machines, and registered to your name or company, my suggestion would be to remotely disable them to the point where they need to be brought in for repairs, clue in the manufacturer, and they just might return them to the owner they have on record, i.e. you.

And even if not, you probably made sure the thieves can't use them any longer, which according to your words you'd also judge as a victory.

Make sure it's something a non-geek can't solve, like with a re-install. Setting a BIOS or EFI password and then pointing the boot device to a non-existant one could work great.

Re:Obvious Solution

[Crudely_Indecent]

You then run the risk of alerting the thieves that the systems are remotely accessible. This might prompt them to re-format and re-install which loses you the ability of remote access.

If it was me, I'd be installing keystroke loggers and seeing what kinds of information I can capture. Credit cards, phone numbers, email addresses, etc. can give you the ability to inflict deeper wounds than than the cd tray can cause.

Now, I'm not suggesting that you commit credit card fraud with captured numbers, but you could submit those credit card numbers to a newsgroup on the net read by people that would be more than happy to commit the fraud for you.

Heh, steal a computer and destroy your credit rating. All of their friends in the address book get spammed to death, their email accounts are suspended for spam. Capture a phone number, submit it to companies that will try to sell them crap during dinner. You get the idea.

Why annoy, when you can inflict real and lasting damage.

Re:You need to use the police to get the ISP's inf

[SirGeek]

The police are really clueless when it comnes to this as well as cyber crime.

A few years ago a had a debit card number stolen from a site where I purchased a CD. All of a sudden we started seeing odd charges (for body piercing jewelery). Within 24 hours, I had contacted the places where the purchases were made and had the person's name, home address, and home phone number. I did nothing illegal since he had put my name on the orders as the person paying the bill. I managed to get most of the money refunded to my account in a day but the police did NOTHING.

The bank still insisted that I fill out a theft report - which the cops did even they didn't quite understand why. I gave them the information when I filled out the report and they were kinda stumped what to actually do about it.

So this seems to be the norm (not having cops understand what to do with technology).

Re:You need to use the police to get the ISP's inf

[Zeinfeld]

A stolen computer is way low on their priority list.

Police have two criteria in setting their priorities. The first and least important is the priority placed on the crime itself. Theft of goods worth $1000 or more ranks pretty highly, second only to violent crime.

The second criteria is the probability of an arrest. Here speeding and parking tickets rate at the top of the list.

Computer crime is only low on the list because the probability of an arrest is very low. But these circumstances make an arrest very likely and that changes the priority.

Why so many AC's wanting to diss this particular advice? They couldn't be like computer thieves upset about the risk to their careers?

You have remote root? A few ideas :-)

Turn on the microphone. Turn on the webcam. If you already have their myspace, you probably know what they look like and what town they're in, but this will help you locate them in real time if they are out using the machine at a coffee shop or something. If not, then get the info on the wifi nodes around them and you might be able to pinpoint them with the help of WiGLE.net. Hell, read all their gmail. If you can get a phone number google it to see if you can get a home address. Are you in the states? If you get their name, try their voter database. If they're registered, there will be an address. In a lot of cases, all you'll need to get that info is a birthdate or something similar that you could glean from their myspace page or their emails. If they're stealing laptops, the ner-do-wells may be in the criminal database already, so search there while you're at it. Of course, you could always try phishing as a low grade approach. Pop up a window while they are browsing and tell them they've won a prize and need to enter their mailing address to have it mailed to them. Something believable like a gift card to a local restaurant chain. If they don't buy the scam, you've lost nothing. Either way, there's so many phishers out there online these days they'll never suspect anything... You have their email. Impersonate them. Send out an email to their friend asking for a mailing address so you can send that friend a neat gift. When you get it, send the Spanish Inquisition. Nobody expects the Spanish Inquisition... And if they aren't available, send the local law enforcement to ask the questions.

Re:You need to use the police to get the ISP's inf

[hairyfeet]

I have to agree,and I can add my own little story. Someone stole some of my sisters checks when she moved,we figured someone managed to get it off the moving van or broke into her house while she was in the hospital. The thieves even allowed the store owners put THEIR drivers license number on the checks in order to cash them,and the cops didn't do squat. I mean hell,how much more info do they need than the thieves drivers license number? But around here we learned a LONG time ago if you don't say the "d" word(drugs) the cops don't care.

Another true story: I had a neighbor of my sister that was getting beaten pretty bad,she had a restraining order,but when she would call the cops they would take an average of FOUR HOURS to get there. So I told her to tell the cops when she dialed 911 that she believed he had drugs on him. The cops were there in under THREE MINUTES and then proceeded to get VERY nasty with the guy when they tore his truck apart and didn't find any dope. So I guess the moral of the story is unless it is a crime they want to deal with,you can pretty much forget it. Hey,that might work for you! Tell the cops you have remote access to the box and the suspect was talking about drugs! I bet they go out of their way to get him for you! Have fun! And as always this is my 02c,YMMV