Slashdot Mirror
Man Uses Remote Logon To Help Find Laptop Thief
After his computer was stolen, Jose Caceres used a remote access program to log on every day and watch it being used. The laptop was stolen on Sept. 4, when he left it on top of his car while carrying other things into his home. "It was kind of frustrating because he was mostly using it to watch porn," Caceres said. "I couldn't get any information about him." Last week the thief messed up and registered on a web site with his name and address. Jose alerted the police, who arrested a suspect a few hours later. The moral of the story: never go to a porn site where you have to register.
What else would someone use a stolen laptop for?
Never leave your laptop on top of your car when carrying other things home!
What, did you think this thing was portable?
Talk about getting caught with your dick in your hand...
Cool! Amazing Toys.
I use remote access, but I have to type in the IP address to connect. How could he knew the I address?
I read this story several times but nowhere the software name is mentioned.
I wonder why he didn't just tap into the webcam on his computer while the perpetrator was... oh wait.
you know that laptop is all sticky!
Whatever happened to reformatting?
then by using the "Back to my mac" feature it's possible to log into other Macs that are logged into your ".me" account. http://images.apple.com/mobileme/docs/L358808A_BackMac_UG_070708.pdf
Doesn't this mean that the guy who had his laptop stolen also didn't bother to set a login or boot password? One might argue that he deduced that a boot password or login password might just get his drive wiped by a clever thief. He may have even st up the remote access partly to act as a way to catch thieves and get it back if it was ever lost. He could have even used fairly strong encrpytion to protect most of his data. Of course anyone arguing for the assumption that his sercurity plans were a series of complex plans within plans must have missed the part where he left it on and in his unlocked car.
Was the person whose laptop was stolen jacking it while watching a live webcam feed of the dude who stole his laptop for porn usage?
I don't get it... if my laptop were stolen the thief wouldn't be able to login without my credentials. They'd have to reinstall the OS which would erase any remote connectivity function.
CmdrTaco? Is that you?
Once you start despising the jerks, you become one.
how was he able to monitor activities without interfering in the thief's activities
The moral of the story is "Don't register for porn using your real details"
For those in Australia : looks like his laptop was stolen by TISM. Especially considering the lyrics to this TISM song :
http://www.stlyrics.com/songs/t/tism10923/beencaughtwankin434144.html
Never look back at the carnage.
Yeah, it must have been sooooo frustrating to have to sit there and watch that porn. Poor bastard!
In nearby Oroville, CA, a thief robbed a bank at gunpoint, took off with several thousand dollars in cash, and then returned later in the day - to the same bank - to deposit the cash into his own bank account.
no, I'm not kidding.
(And this text box for idle just teh suxorz)
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I don't get it... if my laptop were stolen the thief wouldn't be able to login without my credentials. They'd have to reinstall the OS which would erase any remote connectivity function.
So in other words, you are admitting that if your laptop gets stolen you are never seeing it again, vs. this guy who got his back and got a thief arrested.
Yours is a better plan why again? If you go to that effort, why not focus instead on encrypting key files instead of locking down a system to which a thief has physical access?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
They did a poor job of airbrushing the apple off the back of that macbook.
I work for the Department of Redundancy Department.
Wait, shouldn't it go like this:
1) get WAN IP of computer being used at thief's house(e.g. 66.245.54.53)
2) do reverse DNS IP lookup, see that it belongs to Earthlink or whatever ISP
3a) if it's a fixed IP then we're done, have the Police ask the ISP to whom they assigned the IP (or get a warrant if we're good monkeys)
3b) if it's a dynamic IP then the ISP has to check their logs to see to whom they gave the IP at the time, but they should have that
4) Police show up at the door as above.
Why do you need to be able to remote login and wait for the thief to type his address? I guess the webcam could be useful because you can get a picture of the guy actually using it (instead of the police showing up and the guy saying "I have an open wifi access point, so the real thief must have logged onto my router, which has no logging enabled, w/o my knowledge with the stolen laptop"). But, seriously, shouldn't the WAN IP be enough?
My favorite quote doesn't fit into 120 characters. Now no one will like me.
Does anyone knows a software to do such a task?
I administer the PC of my father-in-law, who is almost 80 years. From time to time he does a mess with his PC, because he cannot understand why the icons disappear from the screen (unused icons feature and the likes). He thinks that they should be stable like buttons and dials on a good old phone.
Trying to "repair" his desktop he creates a mess. But since he communicates via this PC, via Skype, with his daughter, I have to keep this PC serviceable.
Anyway, he has got the DHCP ADSL modem, his PC is behind this modem.
All I want is to be able to have a look at his screen. It would be good to be able to administer too.
ISP provider makes it impossible to reach the ADSL modem by IP address. But there should be a software which sends me like an e-mail the screeenshots.
I can install and setup this program on his PC. No problem. But does such program exist?
I mean a program for administration without good solid visible IP addresses? We can exchange e-mails, Skype, but why I cannot administer a PC without IP address?
It would be better if this is an open source free software, as I would not pay just to see that it does not work in this situation either.
the moral of the story is to be a better thief. just do a clean reinstall and no problem at all.
Most remote desktop programs have an observe-only mode (alternately, just don't move the mouse or type), and it's not likely that many thieves would realize what's stealing their bandwidth.
He probably didn't have a login password or set his system to auto log-in. It's pretty typical for home users.
How are sites slashdotted when nobody reads TFAs?
Chances are this guy was just a casual thief who got lucky seeing an unattended laptop...
Either that, or he bought the laptop from the real thief.
There are people who regularly steal laptops, and most of them either sell the machine on immediately without using it, or they wipe the machine first and then sell it on with a clean install. Anyone so incompetent as to steal the machine, and then go on to actually use it online without erasing any of the data won't have a very long career of stealing laptops.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Couldn't help myself.
These posts express my own personal views, not those of my employer
Yeah. Thieves who steal laptops want _easy_.
;).
If they didn't mind hard they'd have got a job or started their own companies, or stolen something more challenging and rewarding
So what you do on your laptop is to create an account specially for thieves to use. Call it Honey if you like - with no password, or the password hint = instructions on how to get in.
Then your own account has a password, to keep the thief out, from deleting your encrypted stuff etc.
This way when the thief steals the laptop, they turn it on, click on "Your Account", get password prompt, click on Honey, get in straight - whoopee.
Immediately the stuff is launched to log data about the thief and his surroundings - webcam, microphone set to record, and then the data is uploaded.
The ending of the story is missing.
"After police got hold of the thief and the laptop. Jose Caceres now has his laptop back at home..........with sticky buttons."
Q. Can ComputracePlus be detected?
A. .. snip .. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.
http://www.absolute.com/computraceplus/faqs.asp
3.243F6A8885A308D313
Why else a light-coloured tie on a dark shirt?
I recently had something like this happen to me, except quite a bit worse.. While I was at work in the mid-afternoon, someone pryed open the door to my apartment, breaking out the doorframe out around the deadbolt. They grabbed my laptop bag with lots of goodies inside, and another bag containing a Wii, PSP, Nintendo DS, etc. Police came but did not dust for fingerprints or anything. An investigator was assigned to my case but he said he had 70 other cases to investigate. Three days later, the entire town I live in was flooded with several feet of water from hurricane Ike. My second-flood apartment survived (luckily), but unfortunately the police station did not. My stuff's either flooded or long gone, and no one is going to find it. Basically, I am screwed.
I really wish I had the foresight to install this kind of software on my laptop. Might have helped...
Perhaps he knew what his MAC address in the built in ethernet device was. Granted, this would only work if the crook was not behind a NAT firewall, (which makes him double moronic, but I digress) since then the perp could be tracked using an ARP query search method to see what the IP address of that physical device was, by probing all the local ISP networks. A real pain in the butt to have to do, but it COULD be used to track down an unknown IP address for a KNOWN piece of hardware. This method would fail behind NAT routers however, because the exposed MAC address would be that of the perp's router, which would not be knowable by the person trying to track down the stolen laptop.
In other words:
1. get your laptop stolen by hot chick (or somebody else, according to your tastes).
2. remote logon.
3. wait for them to look at porn and activate camera
4. ???
5. profit!
Tie two birds together: although they have four wings, they cannot fly. (The blind man)
moral of the story. use Firefox extension BugMeNot so you don't have to register. another moral is never use your realname anywhere on the internet! c'mon nobody knows if you're a dog so why give your real name?
Maybe I'm missing something here, but don't people use authentication to access their machines? If anyone stole my laptop they would have to either re-install the OS or spend time hacking into it to get anywhere. I'm not saying that's necessarily that difficult, but I would be extremely surprised if a thief stole my laptop, cracked my password, and then used the machine to surf porn. It would be easier for him just to put a fresh OS on it.
Maybe I should create a guest account just for this purpose....
-= This is a self-referential sig =-
The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.
dban.org How it Works :)
Them ten dollar words sure do make it sound like much more then glorified software over protective parents would use after they install on a governer on little snow flakes 93 civic....
What... where... am i?
On the Oregon Cost born and raised, On the beach is where I spent most of my days
the moral of the story is: 'Don't trust a computer system you didn't setup yourself. '
This kind of thing isn't going to work for long. Smart thieves will learn to wipe the laptop and re-install before connecting it to a network.
...and that is all I have to say about that.
http://jessta.id.au
If you'd had the foresight to do anything, surely it would have been making backups and arranging insurance.
Well the guy must have had fun watching what the thief was doing
He had a dyndns or no-ip client running in the background?
Sorry man but I don't see your logic on this you're wrong MAC addresses don't naturally transport over routers (unless they're Layer 2 tunnelled), they only broadcast within the same VLAN or broadcast domain on a switch. That's a simple Layer 2 fundamental. Is there a specific method you're referring to that I'm unaware of?
Heck, just make an account called Thief! No one will see it anyway ... unless it's stolen! ... that require logins!. A selection of games ... that send info outbound!
Invite him in! Set up lots of juicy Pr0n for him
Meanwhile there's a hardware locator built in that's independent of what OS is on there.
Drop by! Chat! Bring your Undercover BlueSuits.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
never go to a porn site where you have to register
I take the moral of this story to be never steal someone else's stuff
Ceci n'est pas un sig.
Actually it's more likely that the laptop connected to a third-party server of some sort (or the owner's own monitoring server).
DynDNS would be rather useless if the laptop didn't have a public IP or a NAT tunnel to the private IT.
I wonder if CoreBios could be used to include some sort of TCP-IP enabled remote administration tool into the BIOS itself, so even if the thief completely formats you'd still be kept up to date :)
No, he just doesn't know what he's talking about.
<xml><I><am><so><damn>Web 2.0</damn></so></am></I></xml>
Removing all sectors and the wiping the MBR. If it can survive a reformat, it hides in the boot sector like those viruses from way back when. No partitions, no MBR, no place for it to hide.
"When information is power, privacy is freedom" - Jah-Wren Ryel
...of pr0n sites where you DON'T have to register!
Any technology distinguishable from magic is insufficiently advanced.
http://failblog.org/2008/10/01/christmas-candle-fail/
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
okay, so if if i wanted to setup my laptop to be able to do what he did, where do i start? on standard windows, remote desktop login only allows one user to be logged on at any time, so i suppose it was win pro or vnc. on linux it would have to be vnc but my guess is, that laptop was running windows. assuming the windows firewall is configured to allow remote desktop access from any external machine, and that the thief is not behind a nat/firewall, how do i find the ip of my stolen laptop on the internet?
...while he was looking at pr0ns? LOL
What if the computer had a GPS, and sent it's coordinates to his server (encrypted) at a specified interval. Then catching the thief would be no problem as long as it's used online.
More advanced would be a GPS which "phoned home" using the mobile network, all in hardware so the thief would have to remove the transmitter before the next "phone home" time.
I'm not insane! My mother had me tested.
Especially if the cellphone is linnked to web account ot monitor usage and upload/download images. I read of case where the victim put some images of unkonw people into MySpace and got the people recognized.
What I want to know is whether the perp has to buy the guy a new laptop, or does the victim need to spend a few hours sanitizing it...
would work ok, until they stumbled upon themself, but then the freak-out from seeing their own image time delayed a few seconds would be worth it. It would be like a scene from one of those bad horror movies.... or space balls.
tm
Support TBI Research: http://www.raisinhope.org
Ever heard of In(verse)ARP? ;)
It is an extension to the ARP protocol, where a known hardware MAC address is used to query for an unknown IP address.
Inverse ARP is used primarily non-broadcast networks Frame Relay to allow things such as multicast to function on what should be effectivly the same Layer 2 segment. It still won't give you a MAC address accross several hops of routers, such as the internet.
didn't he call the police in the first place? If he was able to remote connect to his laptop. Investigation would have led to the remote IP address, and therefore his ISP and then the thief.
TOP DSLR Cameras Reviews of the top DSLRs
I don't know about you, but I would prefer not getting my laptop back over some idiot looking through all my private stuff and posting the funny bits to youtube any day.
So do I, see "encryption".
Encrypting only important files sounds nice in theory, but in practice you have the swap file, you have temporary directories and all kinds of other holes where your private files can slip through your encryption scheme.
And the person smart enough to look through a swap file is hampered by your personal login because....
If you want encryption, do it over the whole disk.
You do realize this person has physical access and an eternity right?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
I have to agree with the parent .. if computer is useless then it well get wiped and reinstalled (losing your data if you don't have a proper backup) or just destroyed and dumped. If you can switch it on and use it then he can sell it straight away "down the pub".
Right and then I get it back when this poor "innocent" person turns it on at his house.
Still missing where your plan of having my laptop destroyed is in any way superior to this other fellows where I get it back.
"There is more worth loving than we have strength to love." - Brian Jay Stanley