Slashdot Mirror
Retrieving a Stolen Laptop By IP Address Alone?
CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"
We saw that the police bent over backwards and ransacked a man's home when he possessed a missing iPhone of Apple's. But when a normal person loses an item and has a lead for the police to go on, they aren't interested. Just further proof that the justice system is bought and paid for by corporations, and they exist only to ensure that corporations make money. Sickening.
University cops do the bidding of the school...
Just call the RIAA and tell them that IP downloaded a song. They seem to be able to do all the John Doe stuff through the courts to find out who it was...
Moved to http://soylentnews.org/. You are invited to join us too!
See if you can file a civil replevin action against John Doe to recover the laptop. That will give you the ability to issue subpoenas to trace the IP address. Once you have the identity of the thief, report the information to both the campus police (for the theft) and to the local police (for possession of stolen property). Good luck!
Laws affecting technology will always be bad until enough techies become lawyers.
Simply create a GUI interface using Visual Basic to track his IP address.
"The knee is the elbow of the leg." -- My wife
As I read it, it was stolen FROM a university, and is now located one state away.
So neither the local Muni's or the local Uni's are the right jurisdiction.
Where the machine is NOW is what matters. Those are the only cops who can go knocking on doors in that jurisdiction.
Sig Battery depleted. Reverting to safe mode.
Make sure you call Dell and report it and give them the case number, they can flag it in their system as stolen and if anyone calls in on that system's tag...they'll obtain as much info as they can and act like nothings wrong.
I'm a cybercrimes detective and computer forensics examiner in a Sheriff's Department and do this all the time. It simply requires a subpoena to the ISP that the IP address returns to. If the campus police and city police won't do it, try your county or state police agencies (both which also have jurisdiction). In my state, all police officers have power anywhere in the state and I could "technically" investigate and/or charge anyone with a crime anywhere in the state. We just don't typically do this because it's stepping on each other's toes. As a county officer though, I frequently investigate crimes involving cases inside city or town limits if that agency doesn't have the capability. If the IP address ends up being from another state, we just contact the local police there to ask for their assistance.
Keep asking and ask to talk to a supervisor if they are not helping as much as you would like. While there is no obligation from a police agency to necessarily do everything they can on a property crime, most department heads will do what they can to keep the public happy.
Like others have said though, you may simply get a return to a campus, business, or open wireless network.
Good luck.
I got the IP tracked down to Fuse Network on Cincinnati Bell's home internet service. I'm not going to post the IP address here since that probably violates the TOS of Slashdot or something. I will try calling Cincinnati's police tomorrow, but with the size of the city - and the fact the crime took place in Indiana - i doubt I'll get anywhere.
It's not just theft of the laptop,
They have illegally used Thunderbird to gain access to your e-mail account.
That means they have gained access to both the laptop and your e-mail account without authorization.
Maybe you don't need to stop with the police. File a suitable civil action, and get a court order to compel the ISP to reveal the information.
Not just theft of property, but gaining access to 2 computer systems without authorization, aka 2 accounts of computer fraud and abuse, AND 1 count of theft/conversion.
OK, I'm going to post the IP since it's been requested. According to Gmail, it was last accessed 3 hours ago from this IP. The IP address has been the same EVERY time it's been accessed, starting June 28, 2010. It traces to Cincinnati Bell's Fuse Network (a home internet service). I can't get anywhere with Cincinnati Bell's customer service. "Customer privacy rules," they say.
Here's the IP: 208.102 (DOT) 223.137
I split it up so auto-filters and bots wouldn't find it.
Thank you everyone and anyone who may be on the inside of 'Ma Bell who can help me track this thief down. I apologize if this is a TOS violation for Slashdot, but I am really at wit's end and have PROOF that this is the IP that's violating my account. I need your help.
OMG, we tracerouted the IP address and it's coming from upstairs!
Maybe I'm paranoid. Or maybe I just really want to reign hell down on whom ever steals my laptop.
First, most thieves are dumb, they're not going to wipe it. They're going to sell it as fast as possible to get cash.
All of this is free and open source and should work on Mac and Linux, not sure how to create services in Windows.
1) Prey Project. An OSS theft recovery tool. Uses google geo location, web camera if it comes installed.
2) AutoSSH. I have an autossh run as a service that creates a link between my home router and my laptop. ssh -R 2222:127.0.0.1:22 home.example.com. So no matter where I leave my laptop, if it can get out to the internet, I can ssh into it from my home router.
3) OpenVPN. AutoSSH * 10. No matter where my laptop is, it IS no my home network. Leave it at a friend's house.
4) Keylogger. . I have a launchd (cron) set up to sftp me the log every day and then restart the log.
So now I know: 1) Where my laptop is and possibly have a photo of who is using it. 2 & 3) Can access my laptop and play fun tricks 4) Know exactly what said person is up to and when they login to gmail, facebook, etc. I have their passwords.
Sadly my laptop hasn't been stolen yet.
Talk to the dean of your college. Call up and setup a meeting. Remember HIS time is important. So make it quick.
"I recently had my laptop stolen. The police say it is the campus police jurisdiction. They refuse to help. I have an IP which uniquely identifies who it is. However I need their help getting the proper warrants to find my laptop. Please help me I need my laptop to continue my education here.'
You would be amazed the reaction you get. The campus police have people *THEY* answer to. The dean will pick up a phone and make it happen.
If the dean refuses to help. Your next stop should be your local college newspaper and the local city newspaper laying out the story. Embarrass them into helping you. However, remember you are now flaming out a bridge over a 1k laptop. Be prepared for that.
Now another response is to go back to the local campus police and lay it out for them. What is an IP? How to get an search warrant for an address. Make it STUPID easy for them, (in many cases you are dealing with ex jocks/military grunts who really couldnt cut it at any other job). I used this approach a few times with other stolen items over the years. Cops can be lazy. Remember you are dealing with basically babysitters here. They are not exactly having rocking cases and have been relegated to babysitting the 'rich brats'. A hard night for them is when there is a major game on. So lay the whole case out for them. Show them how for a few hours of work they can do the good thing. Be personable. 'hey hows it goin' 'looks like you had a rough night last night...' etc... Its cheesy but it works. It shows you are not looking for them to run forms for you but want help and hey they can help right? If you go in with phone numbers and address instead of an IP that could help too. It shows you are interested in getting your property back and have run into legal black holes that only they can help with. Show them you are willing to help them out. Cops are notoriously 'you scratch my back I scratch yours'.
Another place you could go is the mayor of the city you live in. "The police are giving me the run around in recovering my property even though we have enough information to find the criminal". The MAYOR runs the police... You can also get a civil judgment to compel them to help you. This could make your life really uncomfortable in the future MAKE SURE YOU ARE WILLING to do it. You need to ask yourself what are you willing to do to recover your property?
There are multiple jurisdictions involved, any of which could choose to pursue the case if they wanted to. They include:
The best revenge is that which you can obtain for yourself. Find out what ISP has the IP address. Contact the local police where that ISP is and ask that they contact the ISP to get the subscriber data for that IP. If that doesn't work, you can sue John Doe from your own jurisdiction and force the ISP to provide the information you seek. The police may be more willing to take up the case if you do the legwork.
Another option too is to contact the prosecuting attorney who handles the university polices cases. They might be able to pressure the police to take action, considering the ease with which the criminal can be identified.
Lastly, but certainly not leastly, post the IP address to 4chan. They have more than enough unscrupulous individuals that could find the person for you. If nothing else, they will at least DDOS the IP for you.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
I don't think you can do much, and the sooner you put this sorry episode behind you the better.
Agreed. On an entirely unrelated note: I just got this new Dell laptop and it seems to be going to off to an e-mail server somewhere. Anybody have any idea how to make it stop doing that?
And then, have you considered that the person in possession of the laptop may not be the one who stole it? It could be he bought off eBay and for whatever reason, is examing what's on the hard drive.
So? It's still the poster's laptop, and he has a right to try to get it back. The person who bought it, if that's what they did, bought stolen property, and will have to take that issue up with the seller. Of course, the seller will be busy dealing with the police.
Just because another innocent person may have gotten involved, doesn't mean the poster shouldn't attempt to regain his rightful property and bring the criminal to justice.
Come on CorporalKlinger - you know they're reading your mail - work with it. Do I have to get Radar to bail you out?
Bonus points if you pull a real Corporal Klinger and go in a dress. Either way, bring a camera. And a few friends. Make him wish he was in Toledo.
Post his IP address on 4chan, not here. Within minutes, they'll have his name, address, mother's maiden name, his high school yearbook picture photoshopped onto longcat, 50 pizza delivery guys on the way to his place, and the FBI at this guy's door to search his (your) laptop for child animal porn. ...or maybe that's not such a good idea.
I have a friend who was in a similar situation a while ago. Luckily, he had sshd running and the thief wasn't behind NAT, so we had ssh access to the machine once we found its IP address. The local police didn't know about IP addresses, so we were unsuccessful in motivating them to subpoena the ISP. However, we were able to remotely install Undercover, which used nearby SSIDs to give an approximate location of the laptop. Based on our work with Kismet and a directional wifi antenna, we were able to localize the thief to a single apartment building. With this information, the thief's name (gleaned from monitoring the thief's visits to myspace), and a multitude of webcam photos of the thief, the police managed to just walk in to the front office, get an apartment number, and retrieve the laptop. Unfortunately, none of this will help if you don't have remote access...
Close.
Step 1: Use whois to find out the owning ISP.
Step 2: Use social engineering techniques as needed to obtain the direct telephone number for the wire center for the city in question.
Step 3: Call the wire center using a telephone from work (where caller ID is blocked) and use social engineering techniques, pretending to be from another part of the company (claim to be calling from the NOC in another state trying to track down rogue BGP packets from the specified IP number) and request that they disable the circuit. At some point, casually ask what circuit ID they disabled so that you can properly fill out the work order after the fact.
Step 4: Have another person call at the same time (preferably female) and ask them if [your fake name] had reached them about the aforementioned problem while you are still on the phone. This instills a sense of urgency.
Step 5: Upon obtaining the circuit ID, wait a day. Then use a similar social engineering technique (call until you get a different person) and tell them you're a line worker out in the field and you're trying to trace down a problem with incoming calls on circuit [insert circuit ID here]. Tell them that it's an E911 call center and you really need things fixed urgently, but you don't have the direct dial phone number associated with that circuit ID. Obtain the phone number for the circuit.
Step 6: Using a reverse number lookup, determine the street address of the person in question.
Step 7: Drive to the address in question.
Step 8: Lift the prints from the person's doorknob.
Step 9: Construct a negative impression using photoresist on copper.
Step 10: Construct a positive using gelatin or silicone.
Step 11: Wait for a murder to occur. Use social engineering techniques to find out the model of handgun used.
Step 12: Purchase a similar model of handgun and file off the serial numbers.
Step 13: Use the gelatin fingertips to leave conspicuous fingerprints on the weapon, fire it several times, then leave it in the thief's car.
Step 14: Place an anonymous tip call from a pay phone near the house (use gloves), then leave the city for a few days.
Step 15: Wait for the police to arrest the thief.
Step 16: Break into the person's house that night and take your stolen laptop back.
Now that is how it's done.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Actually, if you do something to be liable for killing or seriously injuring someone, it's pretty damn likely that insurance won't help you.
Get out your policy. Go ahead, I'll wait. Now read it carefully. Somewhere buried in there is the maximum amount of money the insurance company will pay for such a claim. Now go look up how much plaintiffs win when you're held liable for someone dying or getting maimed, and compare it to the first number. If you kill or main someone, you're pretty much going to declare bankruptcy unless you're Bill Gates, pure and simple, and there's not a damn thing having insurance will do for you.
What insurance is good for is one thing and one thing only: To handle things between minor fender benders up to totaling a car and/or covering relatively minor injuries to others or major ones to yourself. Anything past that and you're screwed. Anything less than that, and you're better off simply paying out of your own pocket because of how much higher your premiums will be.
In case you don't know this yet, insurance is a scam. It sounds nice in theory, but it's legalized gambling with a twist--you're betting money on something bad happening instead of something good. Just like in a casino, in which the house always comes out ahead, the insurance companies will always come out ahead, too. There's actually a special word for people who make sure this stays true, they're called actuaries. Add up all of the money you--and your employer, on your behalf--have paid over the years for insurance, and imagine how far that money would have gone had you paid it into, I dunno, a mutual fund or something instead of paying for actuaries and marble-halled buildings. You might actually be able to pay off a large liability claim if you had.
And now, a lot of states have mandatory automobile insurance laws on the books. Do you live in one? I do, and I remember when it went into effect. If you do, have your premiums gone down because so many more people are now paying into the system and because there are so fewer uninsured motorists on the roads now? Yeah, mine haven't either. Funny how that works, isn't it? Again, it sounds nice in theory, but in reality, these laws are just a blatant money grab by insurance companies to use police power to force you to pay them money. Like I said, the industry as a whole is a scam.
Just call the RIAA and tell them that IP downloaded a song. They seem to be able to do all the John Doe stuff through the courts to find out who it was...
Actually, you can do that stuff yourself. File a claim with the courts for recovery of your possession, send a subpoena to the ISP, get the address, then either serve papers to continue the possession claim or hand the address to the state police.
I have talked to ISP's before about legal issues (specifically, a hacking incident). I said "hey, there's a hacking incident coming from one of your IP addresses, and I need all the information that you have on the person."
Their questions: "Are the police involved?" and "Are you a network administrator?"
Since I answered the questions right ("No" and "Yes"), they gave me all the information. Had the police been involved, their instructions were to only provide information with a warrant.
The moral of the story is to ask for the information first, prior to getting the police involved. Mod me up, so the guy sees this critical piece of information!
That person was tracked down to his location - he lives in New Richmond and uses ISP Fuse Internet Access.
Please contact Rick Wagner by email at wagner@fuse.net or hostmaster@fuse.net , or phone at +1-513-397-6598 or +1-800-387-3638.
I talked to Dick and he said he will be happy to assist you.