Slashdot Mirror

← Back to Stories (view on slashdot.org)

Retrieving a Stolen Laptop By IP Address Alone?

Posted by kdawson on from the schooling-the-law dept.

CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"

12 of 765 comments (clear)

  1. Post the IP address by MichaelSmith · · Score: 4, Interesting

    Then maybe somebody here will have something close enough for you to be able to identify the ISP.

    --
    http://michaelsmith.id.au
    1. Re:Post the IP address by JackieBrown · · Score: 4, Interesting

      Go ahead and email your credit card info to that email. Once they use the card - assuming they are stupid which thieves usually are - you will have the address to where they send stuff too. Also, now they have committed credit card fraud (not sure if using someone's credit card - therefore pretending to be that person - also counts as identity theft.)

  2. Civil action by KiahZero · · Score: 4, Interesting

    Not legal advice, but you might consider that there is not only a criminal case against the thief, but also a civil case. If you want it back badly enough, you may be able to get a local lawyer to initiate a civil action against the John Doe and subpoena the university to get the identity of the person in possession of the laptop (you could also do this yourself, but it could be very easy for a non-lawyer to make a fatal mistake when going up against the general counsel of a university to enforce the subpoena, assuming they don't just give in, so I don't really think I'd recommend it). That not only identifies who it is so that you could potentially get it returned through the civil court system, it also may increase the likelihood of the police doing something.

    --
    I'm a lawyer, but not yours. I wouldn't represent someone who thinks taking legal advice from Slashdot is a good idea.
  3. Re:If you do most of the work... by CorporalKlinger · · Score: 5, Interesting

    I got the IP tracked down to Fuse Network on Cincinnati Bell's home internet service. I'm not going to post the IP address here since that probably violates the TOS of Slashdot or something. I will try calling Cincinnati's police tomorrow, but with the size of the city - and the fact the crime took place in Indiana - i doubt I'll get anywhere.

  4. Threaten them by psalm33 · · Score: 4, Interesting

    You have an IP, you have a vague location, and you have an e-mail address that the perp is likely reading. If you can't get law enforcement to do anything about it, and all else fails, they don't have to know that. Send an e-mail telling them that the laptop they are using is stolen property, you have the IP address, which can be used to track their exact location, then give them the location info that you have been able to track. Tell them that you are giving them one chance to respond personally and arrange for return of the stolen property before you contact the authorities to have them arrested. Remind them of the severe criminal penalties for such a theft, and you can even throw in some digital crime mumbo-jumbo (which may or may not actually be prosecutable), to trump up the charges to felony.

    The ability to communicate with the possible thief (or eventual owner) is a powerful thing, so if you can't find any other route, don't waste that chance. If it's already been resold, then the new owner may be more than willing to negotiate a return. I had my laptop stolen early last year, and after endlessly calling pawn shops, scouring Craigslist and Ebay for months, we finally gave up. I was perfectly willing to take matters in to my own hands if I saw it turn up on ebay or craigslist, knowing full well that the local Police as much as admitted there was little they could do about it.

  5. My laptop security by Jack9 · · Score: 4, Interesting

    My Mac Powerbook takes a picture every time it wakes up or is rebooted, then stores the picture. If there is a network connection, (any stored) pics are emailed to me along with a text containing the IP and timestamp, then the pics are deleted from the Mac. While it's likely that someone may disable this feature, it's unlikely that it will be before it gives me what I need to find them. In other news, anyone want to buy a couple thousand candid pictures of me (and some other people) opening my laptop?

    --

    Often wrong but never in doubt.
    I am Jack9.
    Everyone knows me.
    1. Re:My laptop security by Anonymous Coward · · Score: 3, Interesting

      just curious, how did you set this up?

  6. Re:"Kind of deserved it"??! by Anonymous Coward · · Score: 3, Interesting

    It isn't really a strawman. You were blaming the victim. He's pointing out other common examples of victim-blaming.

  7. Re:Report it to the Univeristy's judicial board... by pyronordicman · · Score: 5, Interesting

    I have a friend who was in a similar situation a while ago. Luckily, he had sshd running and the thief wasn't behind NAT, so we had ssh access to the machine once we found its IP address. The local police didn't know about IP addresses, so we were unsuccessful in motivating them to subpoena the ISP. However, we were able to remotely install Undercover, which used nearby SSIDs to give an approximate location of the laptop. Based on our work with Kismet and a directional wifi antenna, we were able to localize the thief to a single apartment building. With this information, the thief's name (gleaned from monitoring the thief's visits to myspace), and a multitude of webcam photos of the thief, the police managed to just walk in to the front office, get an apartment number, and retrieve the laptop. Unfortunately, none of this will help if you don't have remote access...

  8. Re:Report it to the Univeristy's judicial board... by irving47 · · Score: 3, Interesting

    I suggest calling the ISP yourself if you haven't already and BEG them to get you to their 2nd or 3rd level support guys that can get to someone that can at LEAST preserve the IP lease information for you. Just in case it takes a while to educate or motivate the cops.

    --
    I had a sucky sig.
  9. Mine was stolen and I got it back, here's how: by Zanth_ · · Score: 4, Interesting

    I actually just went through this exact situation a week ago. Here's my story and how I was able to get the computer back with the cops' help. My country (Canada) works very similar to most US states so hopefully this will help you.

    Our outfit is into tech in a big way. We are all scientists of some sort and up and up on O/S, security and the latest tech gizmos. When my boss wanted to upgrade his systems to dual Macbook Pros, we immediately setup s mirroring system where he could be perpetually synchronized between his office and home with automated backups to the university servers. We had a script I had written to do much of this along with posting an IP address every hour in 24 blocks. We also were using Log Me In so that he could remote control his systems. The server ran on startup and wasn't viewable in the taskbar as my boss hates clutter.

    Anyhow, we had two separate systems that were capable of posting IP addresses when online.

    Three days after the theft we started getting IP writes in the logs.

    The first and major things we both had to do was 1) restrain ourselves from doing absolutely anything to jeopardize the comp from going offline 2) contact the police immediately with the IP information.

    Before we contacted the police again, I had determined where the IP was coming from (a home account from a major ISP). We waited another three days, consistently getting the same IP posting. We then went back to the police. Like the OP, they view a computer theft as insignificant given their work load. They saw a wealthy scientist ($500k/year) who had lost out on a $5000 laptop (Macbook Pro 17" with all the fixins) containing $30k of specialized software (and we had the discs of course to reload) a digital project worth $1.5k and a few other smaller items. Even though this was over $5000 (which is like a felony in Canada), they simply weren't able to provide us with much help. They knew what a computer was and even an IP but after that they were deers in headlights. I requested to speak with someone in their cyber-crimes division and I was told that because of the G8 and G20, I was out of luck there.

    Not unlike research institutes and universities world-wide, this police department fought for funds internally and also internally, departments would "pay" other departments for work. In this case, because it would be a "special favour," during an immensely chaotic time for our police forces because of the heads of states well, they simply said no to all those requests.

    Here is where things got both fun and tricky but I think could work for the OP.

    A consistent IP can easily be traced to the ISP. If the IP is consistent over a select period of time, a motion can be filed before a judge and a warrant issued to get the personal information of the person owning said account. I happen to be a trained lawyer, so the detectives were really open to what I was suggesting, and since I also happen to be a computer scientist who does research into security as well as other things, they viewed me as an expert in the field. The first warrant was sought and granted within two days of us suggesting this avenue. This is your first MAJOR task and one that will be the most fruitful.

    Legally, I was able to log into the stolen computer without comprising any investigation because I was about to be "contracted" by the police department to do what their cyber-crime division wouldn't do but could: gain network access and collect as much data as possible.

    I did this and eventually worked around the router (a joke given the default settings that existed) and then the grey area began where we required another warrant: checking out the other comps on the network. While the search warrant was being issued for this, a SECOND warrant (and really the only other one we needed) was being issued to search the premises the cops received via the ISP. The IP had been consistently posting with the same address over 10 days and staying online for 6-10 hours at a time. I could hav

  10. Re:Report it to the Univeristy's judicial board... by julesh · · Score: 5, Interesting

    Just call the RIAA and tell them that IP downloaded a song. They seem to be able to do all the John Doe stuff through the courts to find out who it was...

    Actually, you can do that stuff yourself. File a claim with the courts for recovery of your possession, send a subpoena to the ISP, get the address, then either serve papers to continue the possession claim or hand the address to the state police.