Slashdot Mirror
Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com)
An anonymous reader quotes Hot Hardware:
Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.
The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.
Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.
Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Or maybe it was his "Just surf the news sites and play a game to pass the time" laptop. You know, the one with no reason whatsoever to encrypt anything.
-=This sig has nothing to do with my comment. Move along now=-
A "computer security expert" would not leave their laptop in their car overnight.
Sleep your way to a whiter smile...date a dentist!
This is a dickish move. What if the thief sold the computer and someone else is new the new owner who actually paid for the computer? Vigilantism is bad.
More likely is that the laptop got converted for cash at a pawn shop and later bought in good faith, which means he's humiliated a poor girl who had nothing to do with the theft.
As it should be. Geeks deserves nothing but being shit upon. This particularly uppity geek will soon receive a visit from a friend of this lady, who will teach him in a rough way what his place in the natural order is. His fingers will be broken one by one, his skin will be burned with cigarettes, he will be forced to eat dog feces and horribly humiliated. This is what happens to geeks who get too uppity. Too uppity.
This is precisely how the anti theft software for my Macs work. For it to be most effective, you should set the firmware password (to prevent booting off other media), encrypt the disk, set a password on your account, and leave the guest account active.
The whole idea is to get the thief to use it so it can phone home. If it is locked up too tight, they'll just be parted out or tossed.
That nifty law they passed for kill switches in cell phones means they no longer steal phones to resell and reactivate, now they just steal them for the the parts.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
If he is such a "computer security expert", why did he not have his laptop fully encrypted as well as (naturally) an OS login password?
And that would have prevented it from getting stolen how?
Well maybe a security expert would be smart enough to not leave a laptop unattended, much less leave it overnight in his car.
I browse on +1 so AC's need not respond, I won't see it.
If you go a bit beyond the corporate-mandated annual security training, most information security curriculum says that step one is identifying the assets at risk and their value. It would be silly to spend $50,000 turning your garage into a vault to protect a $15,000 car, and similarly for information security the value of the asset determines the maximum effort you should put into protecting it. This not only avoids wasting more time/money/hassle than the asset is worth, but it allows you to spend your efforts on the most valuable assets. Any time/money spent on a low-value asset is time NOT spent protecting a higher-value asset.
The identity of your favorite gaming site is worth about 5 cents US, so it is error to spend more than 5 cents worth of time trying to protect that information.
Additionally, in most cases it is better to protect and encrypt data on a per-account basis, for both technical and practical reasons. On a laptop, that means you encrypt the home directory, not the system. Multiple user logins have separate encryption, and one account can't access the encrypted files of another account. If you want to take it a step further, you can have a work account on the machine and a separate account for checking personal email, etc. Along with the obvious security benefits, that avoids having the browser or search engine auto-complete a URL based on *personal* browsing history in the middle of a presentation.
Given per-account security, a guest account with restrictions on it is quite feasible, and a theif would likely click the guest account.
Entrapment only applies to law enforcement. You're free to "entrap" anyone you wish if you're not a cop.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
unauthorized access to a computer system
It's his computer. I don't see how the access can be unauthorized.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Regardless, he left it in plain view in his unlocked car.
"Regardless, she was dressed in a short skirt and top" - and should have expected what happened next.
"Regardless, they left their dog in the back yard alone with a gate that didn't have a padlock" - and should have expected someone to steal their dog.
"Regardless, they were unarmed when they asked a total stranger for directions" - and deserved to be mugged.
Screw your "regardless." Honest people wouldn't have taken it. Same as I should be able to leave my doors unlocked and not have strangers walk into my home and take stuff.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
No, you actually do have an obligation to not be naive and pretend crime can't happen. Many of the things you list are just outright negligence. If you exhibit many of he negligent behaviors your list, they affect the crime(s) committed and your ability to recover losses. For example, if your home door is unlocked and a theft occurs, the crimes committed are less than if the door was locked, and your ability to recover damages from your insurance will likely be impacted.
Virtually every top comment is a victim-blaming shitfest.
"Ooooh CRIME he's a hacker! Arrest the victim!"
"Every security expert encrypts every piece of technology they own regardless of circumstances! It's his own fault!"
".. and they ALWAYS take every possession with them everywhere they go, and never lock anything in their vehicle, because they're infallible! Clearly he's not an expert!"
"That poor thief. ;("
Ugh.
A government is a body of people notably ungoverned - AC
One of my examples was about sexual assault - and your response to those examples was "No, you actually do have an obligation to not be naive and pretend crime can't happen." So you did say something about those examples, which did include sexual assault. Read what you wrote, instead of what you think you wrote.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
"Stu Gale, who just so happens to be a computer security expert" There is no way a 'security expert' left their laptop in a state where a random thief could log into it. Password on sleep, password on screen saver, full-disk encryption, no guest account... These are thing EVERY 'security expert' has configured. If you stole my laptop, you'd have to wipe it and install a new OS, and then I'm not going to be able to remote into it anymore.
-- This sig is only a test. If this were a real sig it would say something witty. --
No, you actually do have an obligation to not be naive and pretend crime can't happen.
That's not quite the same as saying dressing a certain way makes sexual assault not a crime; in fact, it states quite the opposite! Read the statement again, with your head located outside your rectum. When a rapist rapes, it is the rapists fault, as the rapist should not rape; when a rapist rapes YOU, however, you must ask yourself why that rapist (who would have raped anyway and is still full at fault for the actual rape) chose you and not someone else.
Is it okay for a rapist to rape you if you dress a certain way? Oh hell no, and nobody said it was. But, just knowing that the rapist is there and that the rapist will rape, regardless of you, you have a responsibility to acknowledge that fact and make yourself less of a target. Will that prevent the rape? No, because, and I'll repeat this again so you can't get confused and think I'm victim blaming, the rape is the rapist's fault. What it will prevent is your rape.
Now, let's apply that logic to a less sensitive subject so you can see how things work in the real world. If you, knowing that people steal shit from cars, leave a laptop sitting on the passenger seat of your unlocked car over night and it gets stolen, it is the thief's fault a laptop was stolen, but it is your fault it was your laptop that was stolen.
How does this work? It's quite simple, really.
The thief is going to steal a laptop, that is a decision the thief made and the thief is completely responsible for that decision. Neither you, nor me, nor the police, nor the thief's parents, nor anyone else holds any responsibility for that decision. However, you know that there exist people who make such decisions and it is up to you to protect yourself from them. If you do not, that is a decision you made and you are completely responsible for that decision. Neither the thief, nor me, nor the police, nor your parents, nor anyone else holds any responsibility for that decision.
If you didn't leave the laptop in plain view, would a laptop still have been stolen? Yes, because the thief decided they were going to steal a laptop. Wold it have been yours? No, because you decided not to allow it to happen.
As a victim of both theft and rape (among other various crimes) in my younger, more naive, years, I quickly developed an understanding of this concept. Perhaps not quickly enough, but I did develop it, nonetheless, where you (and many others) still seem to have not figured it out.
Is it my fault my rape occurred? No, but it is my fault I was chosen over someone else. Is it my fault an MP3 player was stolen from me? No, but it is my fault I left it unattended so that it may be stolen. Is it my fault I was robbed at gunpoint twice? No but, in both cases, it is my fault I was unarmed and alone in a high-crime area late at night.
Should I have been able to trust my rapist not to rape me? Should I have been able to leave my MP3 player (back when those were a new thing, mind you) at my desk for 5 minutes? Should I have been able to safely walk around, alone and unarmed, at night? In an ideal world, yes.
We, however, do not live in an ideal world, and you're not doing yourself, or anyone else, any favors by ignoring that fact while you insist that we should.
One thing we agree on, though, is that we should live in an ideal world. Our main point of contention is how to reconcile the fact that we do not. My belief is that we should not let ourselves be attractive victims to the crimes we know will be committed anyway. You seem to believe the exact opposite, for which I suppose I should thank you, as you make it that much easier to do what I believe is right when you set the bar so low for criminals.
You can have the crime and victimhoood, I've been done with it for over a decade.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.