Slashdot Mirror
Retrieving a Stolen Laptop By IP Address Alone?
CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"
University cops do the bidding of the school... they're more into securing physical spaces and crowd control than anything in the tech sphere. But there's some part of the school that handles the misbehaving students, and they're the ones to contact. You've got your $1000 laptop missing, they get to threaten his $30,000-$120,000 investment in education.
This is the threat the RIAA/MPAA loves to use, they don't have the school police raid the computer, they just get the school admins to hammer the kid.
Then maybe somebody here will have something close enough for you to be able to identify the ISP.
http://michaelsmith.id.au
We saw that the police bent over backwards and ransacked a man's home when he possessed a missing iPhone of Apple's. But when a normal person loses an item and has a lead for the police to go on, they aren't interested. Just further proof that the justice system is bought and paid for by corporations, and they exist only to ensure that corporations make money. Sickening.
That IP could be behind a router at a School or Library with thousands of computers behind it.
There is no way to determine who is leasing that IP without forcing ip block owner to cough up records. That will probably take a court order, and they won't tell you, (fearing you will show up gun in hand).
If you get a court order they will tell the local authorities in the jurisdiction where the IP resides. That could be any one of 20 different police departments if it is in an urban area.
But if you can track it to a specific area, (traceroute is your friend), you might get a cop from an small not too busy department to go out and check the address.
I say MIGHT.
Busy departments will laugh you off and tell you to file an insurance claim.
Sig Battery depleted. Reverting to safe mode.
See if you can file a civil replevin action against John Doe to recover the laptop. That will give you the ability to issue subpoenas to trace the IP address. Once you have the identity of the thief, report the information to both the campus police (for the theft) and to the local police (for possession of stolen property). Good luck!
Laws affecting technology will always be bad until enough techies become lawyers.
Obviously they've launched Thunderbird, so they are possibly interested in gleaning whatever information they can in that way. You could try sending a trojan to your account in the hopes that they run it, in order to open some remote access to your machine. Perhaps based on their web browsing history, etc, you can determine more specifically who they are.
Also note that the person may have purchased your laptop unaware that it was stolen.
Better known as 318230.
Post the IP here and the s/n of the laptop. Then sit back and wait. All *you* did was post some info - just cannot be held responsible for the life-altering ass-beating that the person found with the laptop will most certainly receive.
Sometimes you just have to let the system work.
Humor from a Genetically Molested Mind
Simply create a GUI interface using Visual Basic to track his IP address.
"The knee is the elbow of the leg." -- My wife
Make sure you call Dell and report it and give them the case number, they can flag it in their system as stolen and if anyone calls in on that system's tag...they'll obtain as much info as they can and act like nothings wrong.
I'm a cybercrimes detective and computer forensics examiner in a Sheriff's Department and do this all the time. It simply requires a subpoena to the ISP that the IP address returns to. If the campus police and city police won't do it, try your county or state police agencies (both which also have jurisdiction). In my state, all police officers have power anywhere in the state and I could "technically" investigate and/or charge anyone with a crime anywhere in the state. We just don't typically do this because it's stepping on each other's toes. As a county officer though, I frequently investigate crimes involving cases inside city or town limits if that agency doesn't have the capability. If the IP address ends up being from another state, we just contact the local police there to ask for their assistance.
Keep asking and ask to talk to a supervisor if they are not helping as much as you would like. While there is no obligation from a police agency to necessarily do everything they can on a property crime, most department heads will do what they can to keep the public happy.
Like others have said though, you may simply get a return to a campus, business, or open wireless network.
Good luck.
Not legal advice, but you might consider that there is not only a criminal case against the thief, but also a civil case. If you want it back badly enough, you may be able to get a local lawyer to initiate a civil action against the John Doe and subpoena the university to get the identity of the person in possession of the laptop (you could also do this yourself, but it could be very easy for a non-lawyer to make a fatal mistake when going up against the general counsel of a university to enforce the subpoena, assuming they don't just give in, so I don't really think I'd recommend it). That not only identifies who it is so that you could potentially get it returned through the civil court system, it also may increase the likelihood of the police doing something.
I'm a lawyer, but not yours. I wouldn't represent someone who thinks taking legal advice from Slashdot is a good idea.
I got the IP tracked down to Fuse Network on Cincinnati Bell's home internet service. I'm not going to post the IP address here since that probably violates the TOS of Slashdot or something. I will try calling Cincinnati's police tomorrow, but with the size of the city - and the fact the crime took place in Indiana - i doubt I'll get anywhere.
It's not just theft of the laptop,
They have illegally used Thunderbird to gain access to your e-mail account.
That means they have gained access to both the laptop and your e-mail account without authorization.
Maybe you don't need to stop with the police. File a suitable civil action, and get a court order to compel the ISP to reveal the information.
Not just theft of property, but gaining access to 2 computer systems without authorization, aka 2 accounts of computer fraud and abuse, AND 1 count of theft/conversion.
Maybe it's his insurance company he should be contacting anyway. They may do their own investigation based on your evidence because they don't want to have to pay a claim. They may have a little more clout than the average citizen too.
You have an IP, you have a vague location, and you have an e-mail address that the perp is likely reading. If you can't get law enforcement to do anything about it, and all else fails, they don't have to know that. Send an e-mail telling them that the laptop they are using is stolen property, you have the IP address, which can be used to track their exact location, then give them the location info that you have been able to track. Tell them that you are giving them one chance to respond personally and arrange for return of the stolen property before you contact the authorities to have them arrested. Remind them of the severe criminal penalties for such a theft, and you can even throw in some digital crime mumbo-jumbo (which may or may not actually be prosecutable), to trump up the charges to felony.
The ability to communicate with the possible thief (or eventual owner) is a powerful thing, so if you can't find any other route, don't waste that chance. If it's already been resold, then the new owner may be more than willing to negotiate a return. I had my laptop stolen early last year, and after endlessly calling pawn shops, scouring Craigslist and Ebay for months, we finally gave up. I was perfectly willing to take matters in to my own hands if I saw it turn up on ebay or craigslist, knowing full well that the local Police as much as admitted there was little they could do about it.
Not this -- The thief will simply sell the laptop making it harder to track, you're better off not tipping your hand until you have your hands around them.
Maybe I'm paranoid. Or maybe I just really want to reign hell down on whom ever steals my laptop.
First, most thieves are dumb, they're not going to wipe it. They're going to sell it as fast as possible to get cash.
All of this is free and open source and should work on Mac and Linux, not sure how to create services in Windows.
1) Prey Project. An OSS theft recovery tool. Uses google geo location, web camera if it comes installed.
2) AutoSSH. I have an autossh run as a service that creates a link between my home router and my laptop. ssh -R 2222:127.0.0.1:22 home.example.com. So no matter where I leave my laptop, if it can get out to the internet, I can ssh into it from my home router.
3) OpenVPN. AutoSSH * 10. No matter where my laptop is, it IS no my home network. Leave it at a friend's house.
4) Keylogger. . I have a launchd (cron) set up to sftp me the log every day and then restart the log.
So now I know: 1) Where my laptop is and possibly have a photo of who is using it. 2 & 3) Can access my laptop and play fun tricks 4) Know exactly what said person is up to and when they login to gmail, facebook, etc. I have their passwords.
Sadly my laptop hasn't been stolen yet.
My Mac Powerbook takes a picture every time it wakes up or is rebooted, then stores the picture. If there is a network connection, (any stored) pics are emailed to me along with a text containing the IP and timestamp, then the pics are deleted from the Mac. While it's likely that someone may disable this feature, it's unlikely that it will be before it gives me what I need to find them. In other news, anyone want to buy a couple thousand candid pictures of me (and some other people) opening my laptop?
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
I think CorporalKlinger needs to learn the first rule of owning tech devices - don't leave them unattended in a car. If you can't observe basic security of your own devices then you kind of deserve to have it stolen.
Never leave anything in the car unattended. Hmmm. So, by that logic you can then never leave the car itself unattended, because you are asking to have it stolen?
You forgot to remind them that they shouldn't dress in any way that another person might find sexy, because then they "kind of deserve to" be raped.
(not sure if CorporalKlinger is female or just wears women's clothes)
Come on CorporalKlinger - you know they're reading your mail - work with it. Do I have to get Radar to bail you out?
Bonus points if you pull a real Corporal Klinger and go in a dress. Either way, bring a camera. And a few friends. Make him wish he was in Toledo.
OK, so the laptop was stolen on school grounds. But the problem is now to locate and recover it from another state. The school cops have jurisdiction on school grounds and keep the peace there. So if the laptop turns out to be on another campus you could try the cops in THAT school (though it seems unlikely, since the person holding the laptop is using a service). Don't expect the cops at the school where it was lifted to go out of their way to chase down stolen property in another state, outside their jurisdiction. Once you have a specific thing to ask for (like trying to get the location from the ISP and forward that info to the cops of local jurisdiction there) maybe they'll do it - and maybe not.
Got the report number? You (or a lawyer) might be able to get the ISP to cough up the info with that, or get started on getting a court order if they're reticent.
(You might also try the county sheriff. In some states they have overriding jurisdiction on school grounds. File a crime report with them, too.)
= = = =
The laptop is phoning home from an apparently static IP address - or a long-duration connection. Can you remotely log into it? If so you might be able to do things like turn on the microphone, look at files the new user is taking notes in, or follow his browsing. Does it have a built-in camera? Does it have any remote administration or monitoring software installed - or could you install some remotely?
Does it have built-in WiFi and if so do you have the MAC address of it? (You could probably get it by that hypothetical remote login if you don't have it recorded.) If the WiFi is on or can be turned on and if you can get the neighborhood information you could then sniff the location when nearby. (That would also help the cops with jurisdiction in the area if you go along with them to sniff it when they want to bust it. Gives 'em probable cause.)
Note that IANAL. So I could be talking through my Stetson.
Check with a lawyer if you can find one with the appropriate specialization. If you're a student at that university you might have legal advice resources available through them. Or if they have a law school ask who among the faculty is expert on this and talk to that prof. Academics sometimes like to help, especially where the law is squishy. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
http://www.gorissen.info/Pierre/maps/googleMapLocation.php?lat=39.0972&lon=-84.1225&setLatLon=Set
there you go, it's on Bauer rd near the intersection with 276 in Batavia Ohio. Assuming the infosniper geolocater is working.
Some drink at the fountain of knowledge. Others just gargle.
Except for the 4chan part. The IP they DDoS might not be assigned to the thief when they get it. (also illegal blah blah)
To add to the IP address part:
When you find the ISP, call them. Wait on the phone, get transfered to people. Always be nice and polite and say stuff like "I understand you are really busy.." and "I know this is an unusual request but..." and patiently wait, acknowledging their apologies and asking advice like "what can you do for me?" and "is there anyone else I can talk to?"
Doing this will get you far.
Now, tell the person who you finally get on the phone with the IP address and the TIME it was accessed. If the IPs were of the same ISP then ask if each one used the same MAC address at the time it was accessed. Then ask "Can you give me the information on that account or do I have to do something else?" You might get someone who does, you might get transferred to someone who can give it to you or you might be told that it might have to be done with more formal measures.
Then get the address of where the company receives subpoenas, get the person's name who you talked to. Ask them who to ask for next time if you have any more questions. Thank them for their time and their help and then call the cops with the information you got.
This works. I have done it before (but not with a stolen laptop). Sometimes the information you get is astounding. Sometimes they blow you off (Verizon will do both but they have big call centers so try many times)
Good luck.
Actually, if you do something to be liable for killing or seriously injuring someone, it's pretty damn likely that insurance won't help you.
Get out your policy. Go ahead, I'll wait. Now read it carefully. Somewhere buried in there is the maximum amount of money the insurance company will pay for such a claim. Now go look up how much plaintiffs win when you're held liable for someone dying or getting maimed, and compare it to the first number. If you kill or main someone, you're pretty much going to declare bankruptcy unless you're Bill Gates, pure and simple, and there's not a damn thing having insurance will do for you.
What insurance is good for is one thing and one thing only: To handle things between minor fender benders up to totaling a car and/or covering relatively minor injuries to others or major ones to yourself. Anything past that and you're screwed. Anything less than that, and you're better off simply paying out of your own pocket because of how much higher your premiums will be.
In case you don't know this yet, insurance is a scam. It sounds nice in theory, but it's legalized gambling with a twist--you're betting money on something bad happening instead of something good. Just like in a casino, in which the house always comes out ahead, the insurance companies will always come out ahead, too. There's actually a special word for people who make sure this stays true, they're called actuaries. Add up all of the money you--and your employer, on your behalf--have paid over the years for insurance, and imagine how far that money would have gone had you paid it into, I dunno, a mutual fund or something instead of paying for actuaries and marble-halled buildings. You might actually be able to pay off a large liability claim if you had.
And now, a lot of states have mandatory automobile insurance laws on the books. Do you live in one? I do, and I remember when it went into effect. If you do, have your premiums gone down because so many more people are now paying into the system and because there are so fewer uninsured motorists on the roads now? Yeah, mine haven't either. Funny how that works, isn't it? Again, it sounds nice in theory, but in reality, these laws are just a blatant money grab by insurance companies to use police power to force you to pay them money. Like I said, the industry as a whole is a scam.
I totally agree with you. I had a similar rant typed in about expensive yachts and skyscrapers, but I've posted such here before and it doesn't generally go anywhere productive.
With regards to the third party insurance issue I thank you for correcting me. I was writing on the assumption of an American audience and it's not too surprising I got it wrong.
In my country of residence we can't be sued into bankruptcy, due to a government department that pays for injuries arising from accidents. We are still liable for actual damages, but million dollar lawsuits for pain and suffering don't happen. As a result my yearly premium on a V6 sedan is 127 dollars.
PS - My father is in fact an actuary. Your expected return on most policies is 50 - 70 cents on the dollar.
Insanity: voting in the same two parties over and over again and expecting different results
I actually just went through this exact situation a week ago. Here's my story and how I was able to get the computer back with the cops' help. My country (Canada) works very similar to most US states so hopefully this will help you.
Our outfit is into tech in a big way. We are all scientists of some sort and up and up on O/S, security and the latest tech gizmos. When my boss wanted to upgrade his systems to dual Macbook Pros, we immediately setup s mirroring system where he could be perpetually synchronized between his office and home with automated backups to the university servers. We had a script I had written to do much of this along with posting an IP address every hour in 24 blocks. We also were using Log Me In so that he could remote control his systems. The server ran on startup and wasn't viewable in the taskbar as my boss hates clutter.
Anyhow, we had two separate systems that were capable of posting IP addresses when online.
Three days after the theft we started getting IP writes in the logs.
The first and major things we both had to do was 1) restrain ourselves from doing absolutely anything to jeopardize the comp from going offline 2) contact the police immediately with the IP information.
Before we contacted the police again, I had determined where the IP was coming from (a home account from a major ISP). We waited another three days, consistently getting the same IP posting. We then went back to the police. Like the OP, they view a computer theft as insignificant given their work load. They saw a wealthy scientist ($500k/year) who had lost out on a $5000 laptop (Macbook Pro 17" with all the fixins) containing $30k of specialized software (and we had the discs of course to reload) a digital project worth $1.5k and a few other smaller items. Even though this was over $5000 (which is like a felony in Canada), they simply weren't able to provide us with much help. They knew what a computer was and even an IP but after that they were deers in headlights. I requested to speak with someone in their cyber-crimes division and I was told that because of the G8 and G20, I was out of luck there.
Not unlike research institutes and universities world-wide, this police department fought for funds internally and also internally, departments would "pay" other departments for work. In this case, because it would be a "special favour," during an immensely chaotic time for our police forces because of the heads of states well, they simply said no to all those requests.
Here is where things got both fun and tricky but I think could work for the OP.
A consistent IP can easily be traced to the ISP. If the IP is consistent over a select period of time, a motion can be filed before a judge and a warrant issued to get the personal information of the person owning said account. I happen to be a trained lawyer, so the detectives were really open to what I was suggesting, and since I also happen to be a computer scientist who does research into security as well as other things, they viewed me as an expert in the field. The first warrant was sought and granted within two days of us suggesting this avenue. This is your first MAJOR task and one that will be the most fruitful.
Legally, I was able to log into the stolen computer without comprising any investigation because I was about to be "contracted" by the police department to do what their cyber-crime division wouldn't do but could: gain network access and collect as much data as possible.
I did this and eventually worked around the router (a joke given the default settings that existed) and then the grey area began where we required another warrant: checking out the other comps on the network. While the search warrant was being issued for this, a SECOND warrant (and really the only other one we needed) was being issued to search the premises the cops received via the ISP. The IP had been consistently posting with the same address over 10 days and staying online for 6-10 hours at a time. I could hav
I have talked to ISP's before about legal issues (specifically, a hacking incident). I said "hey, there's a hacking incident coming from one of your IP addresses, and I need all the information that you have on the person."
Their questions: "Are the police involved?" and "Are you a network administrator?"
Since I answered the questions right ("No" and "Yes"), they gave me all the information. Had the police been involved, their instructions were to only provide information with a warrant.
The moral of the story is to ask for the information first, prior to getting the police involved. Mod me up, so the guy sees this critical piece of information!
That person was tracked down to his location - he lives in New Richmond and uses ISP Fuse Internet Access.
Please contact Rick Wagner by email at wagner@fuse.net or hostmaster@fuse.net , or phone at +1-513-397-6598 or +1-800-387-3638.
I talked to Dick and he said he will be happy to assist you.