Slashdot Mirror
Retrieving a Stolen Laptop By IP Address Alone?
CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"
That IP could be behind a router at a School or Library with thousands of computers behind it.
There is no way to determine who is leasing that IP without forcing ip block owner to cough up records. That will probably take a court order, and they won't tell you, (fearing you will show up gun in hand).
If you get a court order they will tell the local authorities in the jurisdiction where the IP resides. That could be any one of 20 different police departments if it is in an urban area.
But if you can track it to a specific area, (traceroute is your friend), you might get a cop from an small not too busy department to go out and check the address.
I say MIGHT.
Busy departments will laugh you off and tell you to file an insurance claim.
Sig Battery depleted. Reverting to safe mode.
See if you can file a civil replevin action against John Doe to recover the laptop. That will give you the ability to issue subpoenas to trace the IP address. Once you have the identity of the thief, report the information to both the campus police (for the theft) and to the local police (for possession of stolen property). Good luck!
Laws affecting technology will always be bad until enough techies become lawyers.
Make sure you call Dell and report it and give them the case number, they can flag it in their system as stolen and if anyone calls in on that system's tag...they'll obtain as much info as they can and act like nothings wrong.
I'm a cybercrimes detective and computer forensics examiner in a Sheriff's Department and do this all the time. It simply requires a subpoena to the ISP that the IP address returns to. If the campus police and city police won't do it, try your county or state police agencies (both which also have jurisdiction). In my state, all police officers have power anywhere in the state and I could "technically" investigate and/or charge anyone with a crime anywhere in the state. We just don't typically do this because it's stepping on each other's toes. As a county officer though, I frequently investigate crimes involving cases inside city or town limits if that agency doesn't have the capability. If the IP address ends up being from another state, we just contact the local police there to ask for their assistance.
Keep asking and ask to talk to a supervisor if they are not helping as much as you would like. While there is no obligation from a police agency to necessarily do everything they can on a property crime, most department heads will do what they can to keep the public happy.
Like others have said though, you may simply get a return to a campus, business, or open wireless network.
Good luck.
OK, I'm going to post the IP since it's been requested. According to Gmail, it was last accessed 3 hours ago from this IP. The IP address has been the same EVERY time it's been accessed, starting June 28, 2010. It traces to Cincinnati Bell's Fuse Network (a home internet service). I can't get anywhere with Cincinnati Bell's customer service. "Customer privacy rules," they say.
Here's the IP: 208.102 (DOT) 223.137
I split it up so auto-filters and bots wouldn't find it.
Thank you everyone and anyone who may be on the inside of 'Ma Bell who can help me track this thief down. I apologize if this is a TOS violation for Slashdot, but I am really at wit's end and have PROOF that this is the IP that's violating my account. I need your help.
208.102.223.137 resolves to
"MW-ESR1-208-102-223-137.fuse.net"
Administrative Contact, Technical Contact:
Hostmaster, Fuse hostmaster@fuse.net
Fuse Internet Access
Cincinnati Bell Telephone
209 W. Seventh St., 121-550
Cincinnati, OH 45202
US
800-387-3638 fax: 999 999 9999
Contact them.
-Bill
Maybe I'm paranoid. Or maybe I just really want to reign hell down on whom ever steals my laptop.
First, most thieves are dumb, they're not going to wipe it. They're going to sell it as fast as possible to get cash.
All of this is free and open source and should work on Mac and Linux, not sure how to create services in Windows.
1) Prey Project. An OSS theft recovery tool. Uses google geo location, web camera if it comes installed.
2) AutoSSH. I have an autossh run as a service that creates a link between my home router and my laptop. ssh -R 2222:127.0.0.1:22 home.example.com. So no matter where I leave my laptop, if it can get out to the internet, I can ssh into it from my home router.
3) OpenVPN. AutoSSH * 10. No matter where my laptop is, it IS no my home network. Leave it at a friend's house.
4) Keylogger. . I have a launchd (cron) set up to sftp me the log every day and then restart the log.
So now I know: 1) Where my laptop is and possibly have a photo of who is using it. 2 & 3) Can access my laptop and play fun tricks 4) Know exactly what said person is up to and when they login to gmail, facebook, etc. I have their passwords.
Sadly my laptop hasn't been stolen yet.
Well...I know they should be able to easily figure out who it is. I have fuse myself, and they use a static lease on their IP addresses which should make it all that much easier for them. lol. According to http://geotool.flagfox.net/ that IP seems to be in New Richmond, OH. Give the LEOs there a call and see what they can do.
Icebike gives the answer that matters. You send a copy of the original police report to the police WHERE THE IP IS LOCATED, and ask them to pick up your computer. The cops in your state cannot do anything, but the cops in the state where the computer is located certainly can. IF they are tech savvy enough to understand your evidence, and to subpoena the ISP for the address.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
There are multiple jurisdictions involved, any of which could choose to pursue the case if they wanted to. They include:
The best revenge is that which you can obtain for yourself. Find out what ISP has the IP address. Contact the local police where that ISP is and ask that they contact the ISP to get the subscriber data for that IP. If that doesn't work, you can sue John Doe from your own jurisdiction and force the ISP to provide the information you seek. The police may be more willing to take up the case if you do the legwork.
Another option too is to contact the prosecuting attorney who handles the university polices cases. They might be able to pressure the police to take action, considering the ease with which the criminal can be identified.
Lastly, but certainly not leastly, post the IP address to 4chan. They have more than enough unscrupulous individuals that could find the person for you. If nothing else, they will at least DDOS the IP for you.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
The purchase of stolen merchandise is being an accessory to the crime itself, unless you can provably argue that there was no criminal intent in the purchase of that item. That would still require you to get a paper trail (as the owner of a 2nd hand computer that is stolen property) to document just who you got that computer from and to demonstrate in a provable fashion that you had no idea that the merchandise was stolen.
Buying from a pawn shop is such a proof, but then again the pawn brokers routinely register the serial numbers of everything they buy and require photo identification associated with that purchase. Those pawn brokers who don't can and often do end up in jail.
If you are buying something from another person, you had better trust their reputation enough to know if you are purchasing something stolen or not. If you have knowledge of a past criminal history with a friend, buy something from them that you aren't sure they got legally, you would simply be screwed if you just happen to be in possession of that stolen property.
Regardless, even if you can prove that you were acting on good faith to buy the stolen merchandise, it can still be confiscated from you and your only recourse to get your money back (if you paid money for it) is to sue the person who sold it to you as a breech of contract. Presuming that you have ratted them out, a friend sitting in jail is not likely to have much money to give to you in that situation either.
OK, That IP address resolves to New Richmond outside CIncinatti. http://geotool.flagfox.net/
Call the New RIchmond Police: 102 Willow Street New Richmond, OH 45157-1354 (513) 553-2001
You're welcome
I still cannot find the droids I am looking for...
http://www.gorissen.info/Pierre/maps/googleMapLocation.php?lat=39.0972&lon=-84.1225&setLatLon=Set
there you go, it's on Bauer rd near the intersection with 276 in Batavia Ohio. Assuming the infosniper geolocater is working.
Some drink at the fountain of knowledge. Others just gargle.
Have you tried calling your insurance company and telling this to them?
First, file a claim. You have renter's insurance, right?
Assuming you haven't...
Do an nslookup on the IP address to find out what you can glean about which ISP/node the user is at. You might be able to do some sort of geographical IP lookup, I know mine narrows it down to about three houses.
Call the local police in -that- area and tell them that you've identified your stolen property, conference a police detective in with the ISP and see if the ISP folks fold and give an address/account that's actionable. There's still no warrant, so the officer will likely stop by and 'ask politely' (especially if you offer to ride-along). Failing that (meaning that the thief knows their rights), you'll have to ask the officer to get a warrant, which he will bitch and moan about, and it likely won't happen.
By this time, that insurance deductible is looking mighty reasonable, and you should get a policy.
If you're dead-serious about justice and you know the address/account... Take the person to small claims. You won't need a lawyer if you have everything written down and articulated, and have friendly municipal workers in your area. I'm not entirely sure, but I think that those judges have an easier path (a fellow judges' number) to get a warrant issued, and then you're back to the cops.
Now... In the future... Keep a better eye on your stuff, get an insurance policy, and -always- stash enough money to pay the deductible somewhere where you won't spend it. I guarantee the $12/month and $250 in your 'unlinked' savings account would be more than worth this kind of effort. Plus, acting like a fat-cat and having a new laptop paid for is much more rewarding than rarely-served justice.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails
Except for the 4chan part. The IP they DDoS might not be assigned to the thief when they get it. (also illegal blah blah)
To add to the IP address part:
When you find the ISP, call them. Wait on the phone, get transfered to people. Always be nice and polite and say stuff like "I understand you are really busy.." and "I know this is an unusual request but..." and patiently wait, acknowledging their apologies and asking advice like "what can you do for me?" and "is there anyone else I can talk to?"
Doing this will get you far.
Now, tell the person who you finally get on the phone with the IP address and the TIME it was accessed. If the IPs were of the same ISP then ask if each one used the same MAC address at the time it was accessed. Then ask "Can you give me the information on that account or do I have to do something else?" You might get someone who does, you might get transferred to someone who can give it to you or you might be told that it might have to be done with more formal measures.
Then get the address of where the company receives subpoenas, get the person's name who you talked to. Ask them who to ask for next time if you have any more questions. Thank them for their time and their help and then call the cops with the information you got.
This works. I have done it before (but not with a stolen laptop). Sometimes the information you get is astounding. Sometimes they blow you off (Verizon will do both but they have big call centers so try many times)
Good luck.
I totally agree with you. I had a similar rant typed in about expensive yachts and skyscrapers, but I've posted such here before and it doesn't generally go anywhere productive.
With regards to the third party insurance issue I thank you for correcting me. I was writing on the assumption of an American audience and it's not too surprising I got it wrong.
In my country of residence we can't be sued into bankruptcy, due to a government department that pays for injuries arising from accidents. We are still liable for actual damages, but million dollar lawsuits for pain and suffering don't happen. As a result my yearly premium on a V6 sedan is 127 dollars.
PS - My father is in fact an actuary. Your expected return on most policies is 50 - 70 cents on the dollar.
Insanity: voting in the same two parties over and over again and expecting different results
I have talked to ISP's before about legal issues (specifically, a hacking incident). I said "hey, there's a hacking incident coming from one of your IP addresses, and I need all the information that you have on the person."
Their questions: "Are the police involved?" and "Are you a network administrator?"
Since I answered the questions right ("No" and "Yes"), they gave me all the information. Had the police been involved, their instructions were to only provide information with a warrant.
The moral of the story is to ask for the information first, prior to getting the police involved. Mod me up, so the guy sees this critical piece of information!
That person was tracked down to his location - he lives in New Richmond and uses ISP Fuse Internet Access.
Please contact Rick Wagner by email at wagner@fuse.net or hostmaster@fuse.net , or phone at +1-513-397-6598 or +1-800-387-3638.
I talked to Dick and he said he will be happy to assist you.