Slashdot Mirror
Man Uses Remote Logon To Help Find Laptop Thief
After his computer was stolen, Jose Caceres used a remote access program to log on every day and watch it being used. The laptop was stolen on Sept. 4, when he left it on top of his car while carrying other things into his home. "It was kind of frustrating because he was mostly using it to watch porn," Caceres said. "I couldn't get any information about him." Last week the thief messed up and registered on a web site with his name and address. Jose alerted the police, who arrested a suspect a few hours later. The moral of the story: never go to a porn site where you have to register.
What else would someone use a stolen laptop for?
Never leave your laptop on top of your car when carrying other things home!
What, did you think this thing was portable?
Talk about getting caught with your dick in your hand...
Cool! Amazing Toys.
I use remote access, but I have to type in the IP address to connect. How could he knew the I address?
I read this story several times but nowhere the software name is mentioned.
i was wondering which program could he have used to view activities in a way which didnt interfere with thief's activities? any clues
also did he not have a password or was the thief easily able to crack it?
I wonder why he didn't just tap into the webcam on his computer while the perpetrator was... oh wait.
you know that laptop is all sticky!
Whatever happened to reformatting?
then by using the "Back to my mac" feature it's possible to log into other Macs that are logged into your ".me" account. http://images.apple.com/mobileme/docs/L358808A_BackMac_UG_070708.pdf
Doesn't this mean that the guy who had his laptop stolen also didn't bother to set a login or boot password? One might argue that he deduced that a boot password or login password might just get his drive wiped by a clever thief. He may have even st up the remote access partly to act as a way to catch thieves and get it back if it was ever lost. He could have even used fairly strong encrpytion to protect most of his data. Of course anyone arguing for the assumption that his sercurity plans were a series of complex plans within plans must have missed the part where he left it on and in his unlocked car.
Was the person whose laptop was stolen jacking it while watching a live webcam feed of the dude who stole his laptop for porn usage?
I don't get it... if my laptop were stolen the thief wouldn't be able to login without my credentials. They'd have to reinstall the OS which would erase any remote connectivity function.
CmdrTaco? Is that you?
Once you start despising the jerks, you become one.
strangely the porn he was watching was a gay s+m site: prisonlove
how was he able to monitor activities without interfering in the thief's activities
The moral of the story is "Don't register for porn using your real details"
For those in Australia : looks like his laptop was stolen by TISM. Especially considering the lyrics to this TISM song :
http://www.stlyrics.com/songs/t/tism10923/beencaughtwankin434144.html
Never look back at the carnage.
Yeah, it must have been sooooo frustrating to have to sit there and watch that porn. Poor bastard!
It's under Idle, dumbass. "Idle" means "no fucking news today." :-P
In nearby Oroville, CA, a thief robbed a bank at gunpoint, took off with several thousand dollars in cash, and then returned later in the day - to the same bank - to deposit the cash into his own bank account.
no, I'm not kidding.
(And this text box for idle just teh suxorz)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I don't get it... if my laptop were stolen the thief wouldn't be able to login without my credentials. They'd have to reinstall the OS which would erase any remote connectivity function.
So in other words, you are admitting that if your laptop gets stolen you are never seeing it again, vs. this guy who got his back and got a thief arrested.
Yours is a better plan why again? If you go to that effort, why not focus instead on encrypting key files instead of locking down a system to which a thief has physical access?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
They did a poor job of airbrushing the apple off the back of that macbook.
I work for the Department of Redundancy Department.
Wait, shouldn't it go like this:
1) get WAN IP of computer being used at thief's house(e.g. 66.245.54.53)
2) do reverse DNS IP lookup, see that it belongs to Earthlink or whatever ISP
3a) if it's a fixed IP then we're done, have the Police ask the ISP to whom they assigned the IP (or get a warrant if we're good monkeys)
3b) if it's a dynamic IP then the ISP has to check their logs to see to whom they gave the IP at the time, but they should have that
4) Police show up at the door as above.
Why do you need to be able to remote login and wait for the thief to type his address? I guess the webcam could be useful because you can get a picture of the guy actually using it (instead of the police showing up and the guy saying "I have an open wifi access point, so the real thief must have logged onto my router, which has no logging enabled, w/o my knowledge with the stolen laptop"). But, seriously, shouldn't the WAN IP be enough?
My favorite quote doesn't fit into 120 characters. Now no one will like me.
Does anyone knows a software to do such a task?
I administer the PC of my father-in-law, who is almost 80 years. From time to time he does a mess with his PC, because he cannot understand why the icons disappear from the screen (unused icons feature and the likes). He thinks that they should be stable like buttons and dials on a good old phone.
Trying to "repair" his desktop he creates a mess. But since he communicates via this PC, via Skype, with his daughter, I have to keep this PC serviceable.
Anyway, he has got the DHCP ADSL modem, his PC is behind this modem.
All I want is to be able to have a look at his screen. It would be good to be able to administer too.
ISP provider makes it impossible to reach the ADSL modem by IP address. But there should be a software which sends me like an e-mail the screeenshots.
I can install and setup this program on his PC. No problem. But does such program exist?
I mean a program for administration without good solid visible IP addresses? We can exchange e-mails, Skype, but why I cannot administer a PC without IP address?
It would be better if this is an open source free software, as I would not pay just to see that it does not work in this situation either.
the moral of the story is to be a better thief. just do a clean reinstall and no problem at all.
Chances are this guy was just a casual thief who got lucky seeing an unattended laptop...
Either that, or he bought the laptop from the real thief.
There are people who regularly steal laptops, and most of them either sell the machine on immediately without using it, or they wipe the machine first and then sell it on with a clean install. Anyone so incompetent as to steal the machine, and then go on to actually use it online without erasing any of the data won't have a very long career of stealing laptops.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Guy should have used HeatSeek ( http://www.heatseek.com/ ) Btw -- Nice image for the article... same as: http://affiliates.heatseek.com/
Couldn't help myself.
These posts express my own personal views, not those of my employer
Yeah. Thieves who steal laptops want _easy_.
;).
If they didn't mind hard they'd have got a job or started their own companies, or stolen something more challenging and rewarding
So what you do on your laptop is to create an account specially for thieves to use. Call it Honey if you like - with no password, or the password hint = instructions on how to get in.
Then your own account has a password, to keep the thief out, from deleting your encrypted stuff etc.
This way when the thief steals the laptop, they turn it on, click on "Your Account", get password prompt, click on Honey, get in straight - whoopee.
Immediately the stuff is launched to log data about the thief and his surroundings - webcam, microphone set to record, and then the data is uploaded.
The ending of the story is missing.
"After police got hold of the thief and the laptop. Jose Caceres now has his laptop back at home..........with sticky buttons."
Q. Can ComputracePlus be detected?
A. .. snip .. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.
http://www.absolute.com/computraceplus/faqs.asp
3.243F6A8885A308D313
Why else a light-coloured tie on a dark shirt?
What else would someone use a laptop for, period with a squiggly thingy over it?
Are you kidding? Face-recognition software could just be...modified to identify other prominent parts of his anatomy. God help whoever has to make the database, however.
I recently had something like this happen to me, except quite a bit worse.. While I was at work in the mid-afternoon, someone pryed open the door to my apartment, breaking out the doorframe out around the deadbolt. They grabbed my laptop bag with lots of goodies inside, and another bag containing a Wii, PSP, Nintendo DS, etc. Police came but did not dust for fingerprints or anything. An investigator was assigned to my case but he said he had 70 other cases to investigate. Three days later, the entire town I live in was flooded with several feet of water from hurricane Ike. My second-flood apartment survived (luckily), but unfortunately the police station did not. My stuff's either flooded or long gone, and no one is going to find it. Basically, I am screwed.
I really wish I had the foresight to install this kind of software on my laptop. Might have helped...
I'm not sure I'd want it back...
How did he know which IP the thief was using? How could he log on?
In other words:
1. get your laptop stolen by hot chick (or somebody else, according to your tastes).
2. remote logon.
3. wait for them to look at porn and activate camera
4. ???
5. profit!
Tie two birds together: although they have four wings, they cannot fly. (The blind man)
i never really thought about enabling remote desktop just for that purpose. I think i am going to install winamp remote or the no-ip client just so i can log the IP's at least.
its like laptop lojack for free.
they say it is often more relevant then the comment above, all we know is its called the Sig!
moral of the story. use Firefox extension BugMeNot so you don't have to register. another moral is never use your realname anywhere on the internet! c'mon nobody knows if you're a dog so why give your real name?
Maybe I'm missing something here, but don't people use authentication to access their machines? If anyone stole my laptop they would have to either re-install the OS or spend time hacking into it to get anywhere. I'm not saying that's necessarily that difficult, but I would be extremely surprised if a thief stole my laptop, cracked my password, and then used the machine to surf porn. It would be easier for him just to put a fresh OS on it.
Maybe I should create a guest account just for this purpose....
-= This is a self-referential sig =-
The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.
dban.org How it Works :)
Them ten dollar words sure do make it sound like much more then glorified software over protective parents would use after they install on a governer on little snow flakes 93 civic....
What... where... am i?
On the Oregon Cost born and raised, On the beach is where I spent most of my days
the moral of the story is: 'Don't trust a computer system you didn't setup yourself. '
This kind of thing isn't going to work for long. Smart thieves will learn to wipe the laptop and re-install before connecting it to a network.
...and that is all I have to say about that.
http://jessta.id.au
If you'd had the foresight to do anything, surely it would have been making backups and arranging insurance.
I don't see how that's different to the rest of the site.
Well the guy must have had fun watching what the thief was doing
Heck, just make an account called Thief! No one will see it anyway ... unless it's stolen! ... that require logins!. A selection of games ... that send info outbound!
Invite him in! Set up lots of juicy Pr0n for him
Meanwhile there's a hardware locator built in that's independent of what OS is on there.
Drop by! Chat! Bring your Undercover BlueSuits.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The second easy to access account with dyndns+vnc or cron send email on login idea sounds pretty good.
Making it difficult to use the machine sounds like a bad idea. Why encourage a them to investigate the O.S. ?
A quick google turned up a half dozen similar programs one open source project on sourceforge.
Imagine stretching that concept a bit further with a slightly modified BIOS booting a partition masked and encrypted on disk as bad sectors. Stretch it a bit further and it might be used on voting machines, ATMs, you companies database server.
Your bios determines ALL device parameters prior to booting. Once installed it would likely never be suspected AND be impossible for all but the most skilled to see and repair.
As video cards become defacto CPUs there would be another place to install.
never go to a porn site where you have to register
I take the moral of this story to be never steal someone else's stuff
Ceci n'est pas un sig.
Computrace can be detected & removed. They have some systems where vendors install it into the BIOS and not even flashing will remove it - supposedly. But the older systems or ones that don't have an agreement it is installed on the harddrive. When you install the program it is supposed to remove any traces from the add/remove programs, but I've been getting more laptops where it is still there... nice. (By getting I don't mean stealing, company leases). If you buy the software you get a program that when executed will pull up a log in page, I sure a thief might want this program before putting their ill gotten goods online.
Free alts to Computrace - http://adeona.cs.washington.edu/
http://www.iconico.com/locatePC/
Actually it's more likely that the laptop connected to a third-party server of some sort (or the owner's own monitoring server).
DynDNS would be rather useless if the laptop didn't have a public IP or a NAT tunnel to the private IT.
I wonder if CoreBios could be used to include some sort of TCP-IP enabled remote administration tool into the BIOS itself, so even if the thief completely formats you'd still be kept up to date :)
Removing all sectors and the wiping the MBR. If it can survive a reformat, it hides in the boot sector like those viruses from way back when. No partitions, no MBR, no place for it to hide.
"When information is power, privacy is freedom" - Jah-Wren Ryel
...of pr0n sites where you DON'T have to register!
Any technology distinguishable from magic is insufficiently advanced.
http://failblog.org/2008/10/01/christmas-candle-fail/
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
okay, so if if i wanted to setup my laptop to be able to do what he did, where do i start? on standard windows, remote desktop login only allows one user to be logged on at any time, so i suppose it was win pro or vnc. on linux it would have to be vnc but my guess is, that laptop was running windows. assuming the windows firewall is configured to allow remote desktop access from any external machine, and that the thief is not behind a nat/firewall, how do i find the ip of my stolen laptop on the internet?
...while he was looking at pr0ns? LOL
What if the computer had a GPS, and sent it's coordinates to his server (encrypted) at a specified interval. Then catching the thief would be no problem as long as it's used online.
More advanced would be a GPS which "phoned home" using the mobile network, all in hardware so the thief would have to remove the transmitter before the next "phone home" time.
I'm not insane! My mother had me tested.
Especially if the cellphone is linnked to web account ot monitor usage and upload/download images. I read of case where the victim put some images of unkonw people into MySpace and got the people recognized.
What I want to know is whether the perp has to buy the guy a new laptop, or does the victim need to spend a few hours sanitizing it...
would work ok, until they stumbled upon themself, but then the freak-out from seeing their own image time delayed a few seconds would be worth it. It would be like a scene from one of those bad horror movies.... or space balls.
tm
Support TBI Research: http://www.raisinhope.org
Deport That Beaner
Maybe the "moral" of the story is...and excuse me for being so old-fashioned..."Don't steal laptops."?
For frak's sake.
didn't he call the police in the first place? If he was able to remote connect to his laptop. Investigation would have led to the remote IP address, and therefore his ISP and then the thief.
TOP DSLR Cameras Reviews of the top DSLRs
I always saved my laptops MAC addresses offline.
I don't know about you, but I would prefer not getting my laptop back over some idiot looking through all my private stuff and posting the funny bits to youtube any day.
So do I, see "encryption".
Encrypting only important files sounds nice in theory, but in practice you have the swap file, you have temporary directories and all kinds of other holes where your private files can slip through your encryption scheme.
And the person smart enough to look through a swap file is hampered by your personal login because....
If you want encryption, do it over the whole disk.
You do realize this person has physical access and an eternity right?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I have to agree with the parent .. if computer is useless then it well get wiped and reinstalled (losing your data if you don't have a proper backup) or just destroyed and dumped. If you can switch it on and use it then he can sell it straight away "down the pub".
Right and then I get it back when this poor "innocent" person turns it on at his house.
Still missing where your plan of having my laptop destroyed is in any way superior to this other fellows where I get it back.
"There is more worth loving than we have strength to love." - Brian Jay Stanley