Slashdot Mirror

← Back to Stories (view on slashdot.org)

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com)

Posted by EditorDavid on from the I-know-what-you-posted-last-summer dept.

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."

10 of 377 comments (clear)

  1. Security expert? by Anonymous Coward · · Score: 5, Interesting

    If he is such a "computer security expert", why did he not have his laptop fully encrypted as well as (naturally) an OS login password? Seems to me that he was either actively trying to bait somebody like this, or he's a complete moron.

    1. Re: Security expert? by rworne · · Score: 5, Insightful

      This is precisely how the anti theft software for my Macs work. For it to be most effective, you should set the firmware password (to prevent booting off other media), encrypt the disk, set a password on your account, and leave the guest account active.

      The whole idea is to get the thief to use it so it can phone home. If it is locked up too tight, they'll just be parted out or tossed.

      That nifty law they passed for kill switches in cell phones means they no longer steal phones to resell and reactivate, now they just steal them for the the parts.

      --
      I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
    2. Re:Security expert? by BarbaraHudson · · Score: 5, Insightful

      Regardless, he left it in plain view in his unlocked car.

      "Regardless, she was dressed in a short skirt and top" - and should have expected what happened next.

      "Regardless, they left their dog in the back yard alone with a gate that didn't have a padlock" - and should have expected someone to steal their dog.

      "Regardless, they were unarmed when they asked a total stranger for directions" - and deserved to be mugged.

      Screw your "regardless." Honest people wouldn't have taken it. Same as I should be able to leave my doors unlocked and not have strangers walk into my home and take stuff.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
    3. Re:Security expert? by BronsCon · · Score: 5, Insightful

      No, you actually do have an obligation to not be naive and pretend crime can't happen.

      That's not quite the same as saying dressing a certain way makes sexual assault not a crime; in fact, it states quite the opposite! Read the statement again, with your head located outside your rectum. When a rapist rapes, it is the rapists fault, as the rapist should not rape; when a rapist rapes YOU, however, you must ask yourself why that rapist (who would have raped anyway and is still full at fault for the actual rape) chose you and not someone else.

      Is it okay for a rapist to rape you if you dress a certain way? Oh hell no, and nobody said it was. But, just knowing that the rapist is there and that the rapist will rape, regardless of you, you have a responsibility to acknowledge that fact and make yourself less of a target. Will that prevent the rape? No, because, and I'll repeat this again so you can't get confused and think I'm victim blaming, the rape is the rapist's fault. What it will prevent is your rape.

      Now, let's apply that logic to a less sensitive subject so you can see how things work in the real world. If you, knowing that people steal shit from cars, leave a laptop sitting on the passenger seat of your unlocked car over night and it gets stolen, it is the thief's fault a laptop was stolen, but it is your fault it was your laptop that was stolen.

      How does this work? It's quite simple, really.

      The thief is going to steal a laptop, that is a decision the thief made and the thief is completely responsible for that decision. Neither you, nor me, nor the police, nor the thief's parents, nor anyone else holds any responsibility for that decision. However, you know that there exist people who make such decisions and it is up to you to protect yourself from them. If you do not, that is a decision you made and you are completely responsible for that decision. Neither the thief, nor me, nor the police, nor your parents, nor anyone else holds any responsibility for that decision.

      If you didn't leave the laptop in plain view, would a laptop still have been stolen? Yes, because the thief decided they were going to steal a laptop. Wold it have been yours? No, because you decided not to allow it to happen.

      As a victim of both theft and rape (among other various crimes) in my younger, more naive, years, I quickly developed an understanding of this concept. Perhaps not quickly enough, but I did develop it, nonetheless, where you (and many others) still seem to have not figured it out.

      Is it my fault my rape occurred? No, but it is my fault I was chosen over someone else. Is it my fault an MP3 player was stolen from me? No, but it is my fault I left it unattended so that it may be stolen. Is it my fault I was robbed at gunpoint twice? No but, in both cases, it is my fault I was unarmed and alone in a high-crime area late at night.

      Should I have been able to trust my rapist not to rape me? Should I have been able to leave my MP3 player (back when those were a new thing, mind you) at my desk for 5 minutes? Should I have been able to safely walk around, alone and unarmed, at night? In an ideal world, yes.

      We, however, do not live in an ideal world, and you're not doing yourself, or anyone else, any favors by ignoring that fact while you insist that we should.

      One thing we agree on, though, is that we should live in an ideal world. Our main point of contention is how to reconcile the fact that we do not. My belief is that we should not let ourselves be attractive victims to the crimes we know will be committed anyway. You seem to believe the exact opposite, for which I suppose I should thank you, as you make it that much easier to do what I believe is right when you set the bar so low for criminals.

      You can have the crime and victimhoood, I've been done with it for over a decade.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  2. More likely scenario by StickyKeys · · Score: 5, Insightful

    More likely is that the laptop got converted for cash at a pawn shop and later bought in good faith, which means he's humiliated a poor girl who had nothing to do with the theft.

  3. Re:'computer expert'. by dwywit · · Score: 5, Interesting

    So who brings the criminal suit for identity theft? The thief would have to swear out a complaint in which she admits theft - or that fact would come out in court. Even if hard evidence of identiy theft was available, a half-decent lawyer would have the case dismissed after a chat to the thief via the prosecutor: "If you proceed with this case, you'll face criminal and civil proceedings for theft, loss of income, etc, etc, etc. You'll be so in debt with legal bills, and a criminal conviction will be your legacy. Do you really want to proceed?"

    --
    They sentenced me to twenty years of boredom
  4. dude by Noah+Haders · · Score: 5, Funny

    > In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.")

    I like thought of a dude watching another dude endlessly watch porn, and being like, why can't you say your name!!!

  5. Security 102, chapter 1 - Risk Analysis by raymorris · · Score: 5, Insightful

    If you go a bit beyond the corporate-mandated annual security training, most information security curriculum says that step one is identifying the assets at risk and their value. It would be silly to spend $50,000 turning your garage into a vault to protect a $15,000 car, and similarly for information security the value of the asset determines the maximum effort you should put into protecting it. This not only avoids wasting more time/money/hassle than the asset is worth, but it allows you to spend your efforts on the most valuable assets. Any time/money spent on a low-value asset is time NOT spent protecting a higher-value asset.

    The identity of your favorite gaming site is worth about 5 cents US, so it is error to spend more than 5 cents worth of time trying to protect that information.

    Additionally, in most cases it is better to protect and encrypt data on a per-account basis, for both technical and practical reasons. On a laptop, that means you encrypt the home directory, not the system. Multiple user logins have separate encryption, and one account can't access the encrypted files of another account. If you want to take it a step further, you can have a work account on the machine and a separate account for checking personal email, etc. Along with the obvious security benefits, that avoids having the browser or search engine auto-complete a URL based on *personal* browsing history in the middle of a presentation.

    Given per-account security, a guest account with restrictions on it is quite feasible, and a theif would likely click the guest account.

  6. Re:That's ENTRAPMENT! by BarbaraHudson · · Score: 5, Insightful

    Entrapment only applies to law enforcement. You're free to "entrap" anyone you wish if you're not a cop.

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  7. Re: That's ENTRAPMENT! by jcr · · Score: 5, Insightful

    unauthorized access to a computer system

    It's his computer. I don't see how the access can be unauthorized.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."