Join 3,439 readers in helping fund MetaFilter (Hide)


Computer thief foiled
February 8, 2008 11:11 AM   Subscribe

Boo is not the smartest computer thief on the planet. Or maybe not the luckiest since he grabbed a computer from an IT specialist.
posted by SuzySmith (50 comments total) 3 users marked this as a favorite

 
Boo got shot! Boo got shot!
posted by mr_crash_davis at 11:17 AM on February 8, 2008


Jesus; television news is awful, isn't it?
posted by mr_roboto at 11:18 AM on February 8, 2008 [2 favorites]


You give us 30 seconds worth of news and we'll give you six minutes!

Holy hell that was a lot of canned footage.
posted by phearlez at 11:19 AM on February 8, 2008 [3 favorites]


Wow, that is some shit news story there. Nice use of the matrix footage.
posted by puke & cry at 11:24 AM on February 8, 2008


If tracking software was already loaded, the story is boring. If they tracked it using a non-premeditated means, then the story is woefully incomplete.
posted by butterstick at 11:24 AM on February 8, 2008 [1 favorite]


Seems like an "IT specialist" would have a backup of the photo album.
posted by mealy-mouthed at 11:27 AM on February 8, 2008 [6 favorites]


Theives are obviously not smart enough to reinstall the OS when they steal a system.
posted by mrbill at 11:36 AM on February 8, 2008


Ok, I'm stupid, but here's what I don't understand.

Someone steals my laptop.

How the mother-shit-fuck-dick do I possibly find it when it goes online somewhere else?

I mean, if I had a program already loaded that automatically SMS-ed me the IP address every 5 minutes or something, fine, but what if I didn't?

I mean, the only unique identifier, as far as I can tell, is the MAC address, it's not like you can query the internet at large for that piece of information. Unless you can.

Maybe some sort of magic with having dynamic DNS setup?
posted by kbanas at 11:38 AM on February 8, 2008


Is the host drunk? God, New Zealand is a shambles.
posted by nicolas léonard sadi carnot at 11:42 AM on February 8, 2008 [1 favorite]


God that's awful.

I like how they were able to connect to the machine, but the news people are all like "he got the computer, and his precious photos back!" Well, once he hacked in he should have been able to get the pictures.

Also, they used clips from The Matrix. Gawd.
posted by delmoi at 11:47 AM on February 8, 2008


What, kbanas, you don't have your MAC address memorized??? I'll be confiscating your Geek Badge now...

I dunno either -- maybe an instant messenger client was left running? Or... hmmm... I guess you could check your own router's logs to get the MAC address and then... Yeah, I dunno.
posted by LordSludge at 11:51 AM on February 8, 2008


Slow news day in New Zealand, I guess.

And I guess none of you ever look at your wireless router logs?
posted by Dave Faris at 11:54 AM on February 8, 2008


You ever try and throw a boomerang? It never seems to act like it does on TV does it? It's a lot trickier to make it it come back to you.

Their IT is the same way.
posted by Uther Bentrazor at 11:55 AM on February 8, 2008


(guess I shoulda hit preview.)
posted by Dave Faris at 11:55 AM on February 8, 2008


I do not.
posted by Mister_A at 11:55 AM on February 8, 2008


Well, let's say you had your MAC address memorized, because you're a fucking nut, or, you know, let's say you got it out of your router's logs or something - ok, I'll buy that, then what?!?!

You write the Internet Gods and say, "Hey, when this MAC address comes online, anywhere in the world, write me and let me know the IP address it's using!"

*bangs head*

Maybe they used the Matrix.

Yeah, that's it.
posted by kbanas at 11:55 AM on February 8, 2008


I think you'd have to have a Dynamic DNS pinger set up, or something else that would automatically query a known server (email, perhaps?) periodically, or you'd be screwed.
posted by Kadin2048 at 11:59 AM on February 8, 2008


I'm reading all of your comments in a New Zealand accent.
posted by sugarfish at 12:00 PM on February 8, 2008 [5 favorites]


Thieves may be stupid, but it looks like we could use some help with reading comprehension.

From the second paragraph of the second link:

Software designed at the university has tracked down an Apple iMac stolen in November from the home of a computer support group worker at the university's School of Education.

So, yeah, it's gonna pretty much be a remote ping or cron job of a wget or something.

From an IT perspective, this would only really be interesting if it were running in the firmware... that is, before the OS loads. That would be very hard to remove, and would actually be somewhat newsworthy.

As is, this is a remarkably weak post.... not just newsfilter, but boring and mundane newsfilter. "Tracking software gets computer back!" Um... yay?
posted by Malor at 12:02 PM on February 8, 2008


It looks like they had a dynamic dns, or IM service like jabber with their own server already set up, so they could easily get the IP address when it was online, and then try to connect to whatever internet-accessible services they had already setup (eg ssh).

IP Geolocation services can usually narrow you down quite well, and a supoena can get the real address used by a certain IP at a certain date from the ISP.

I think their problem then probably came from their thief using public, or semi-public Wifi, so thats why ney needed to used the webcam to further narrow down the location...


(by the way, MAC addresses never make it further than the first router... They are only used for identifying machines within a single LAN)


However, what kind of IT 'Specialist' does not make backups of his photo album for fucks sake. On a laptop as well which is (A) stealable and (b) fragile. And when they work at a uni and have gigs of storage on tap with seriously sensible incremental backup strategies available to them. Idiots.

(having lost data several times by mechanical, and user error -- I have my photos and important vids synced on 2 hard drives on different computers, and on DVDs in another location in case of catastophy. I would like to use one of these intenet backup facilities, but my ISP's cost/gig is too much for that)
posted by nielm at 12:05 PM on February 8, 2008 [1 favorite]


I like how they were able to connect to the machine, but the news people are all like "he got the computer, and his precious photos back!" Well, once he hacked in he should have been able to get the pictures.

There was a remark about the thief deleting the photos before the IT guys got it back. They probably had to run some sort of undelete utility once getting the stolen machine back, or sent the drive to a data recovery joint.

Either way, yeah. 30 seconds of news in a 6-minute spot.
posted by Mikey-San at 12:07 PM on February 8, 2008


You mean, that was a news story, and not an advertisement for the technical school?
posted by Dave Faris at 12:08 PM on February 8, 2008


Forget all that. If someone asked me, I would just jazz up the story a little bit:

"Oh hey you're that guy that recovered his stolen computer! Hey, how did you do that anyway?"

"Eye of the tiger, baby, eye of the tiger..."
posted by P.o.B. at 12:08 PM on February 8, 2008 [3 favorites]


However, what kind of IT 'Specialist' does not make backups of his photo album for fucks sake.

This, like a thousand times over. How does an IT person not have backups of his or her important stuff?
posted by Mikey-San at 12:09 PM on February 8, 2008


Well, the cobblers kids don't have shoes and such.
posted by puke & cry at 12:19 PM on February 8, 2008 [1 favorite]


And I guess none of you ever look at your wireless router logs?

Yes. I masturbate to mine.

"oh yeah baby...."
-09:40:49 Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11)
-09:30:46 Unexpected access from 216.238.112.7 to 216.238.98.41 (prot=11)
-09:30:42 Unexpected access from 216.238.112.7 to 216.238.98.40 (prot=11)

"thats right...just like that baby."
-09:30:42 Unexpected access from 216.238.112.7 to 216.238.98.41 (prot=11)
-08:30:14 Unexpected access from 216.238.112.7 to 216.238.98.40 (prot=11)
-08:30:14 Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11)

"Oh yeah...."
-06:45:00 Unrecognized access from 216.39.134.13:137 to UDP port 137
-06:44:58 Unrecognized access from 216.39.134.13:137 to UDP port 137
-06:44:57 Unrecognized access from 216.39.134.13:137 to UDP port 137
-01:23:36 Unrecognized access from 63.119.26.75:2457 to TCP port 25

"OH YEAHHHH!!!!"
-01:23:34 Unrecognized access from 63.119.26.75:2457 to TCP port 25


--end transmission--
posted by KevinSkomsvold at 12:22 PM on February 8, 2008 [6 favorites]


The three of them strutting out of their school in baggy shorts, played over and over, was pretty funny, though.

Next time I steal a computer I am so totally changing the root password. They'll never catch me then! heheheheheh
posted by alloneword at 12:24 PM on February 8, 2008


Well, if he could SSH into the machine he could have downloaded the contents, installed anything he wanted, like Skype, then have the laptop call 911 and use some-sort of text-to-speech program to tell the police where it was located and have cops come and pick it up. Or make the battery explode or something.
posted by blue_beetle at 12:25 PM on February 8, 2008


reminiscent of this story

But seriously, not a great news item BUT I'd be interested in installing some freeware on my macbook that did this. Anyone know what to do?
posted by Rumple at 12:27 PM on February 8, 2008


So I built a computer and sent it to my daughter in a faraway city. It was stolen from her apartment. Months later I got a horrendous bill from my local ISP for using an awful lot of bandwidth. I went down to have a chat. Turns out they still had the MAC number from my stolen machine on file. Someone had brought it back into my area and was using it to download movies. I tried to get my ISP to take some action or at least give me a name but they chickened out. Mumbled nonsense about changing MACs and so on. I figured the machine had been stripped for parts (the case was modded and very recognizable) and the user only had the motherboard anyway, but I wanted to find out where he got it.
Anyways...
posted by CCBC at 12:42 PM on February 8, 2008


It may have run 6 minutes, but some only took in 30 seconds, it was an iMac, but not a laptop.
Seems the news department has oodles of money and time to flesh out said 30 second news flash. Matrix, puhlease, gack.

Keep speaking with that NZ accent though, sweet.

"You mean, that was a news story, and not an advertisement for the technical school?
—Dave Faris"

You marketing genius, you./
posted by alicesshoe at 12:53 PM on February 8, 2008


Mumbled nonsense about changing MACs and so on. I figured the machine had been stripped for parts (the case was modded and very recognizable) and the user only had the motherboard anyway, but I wanted to find out where he got it.

I can see why they'd be worried about just giving it to a random person, after all how would they know if you were the real owner? If you'd gone to the police they might have been more forthcoming.
posted by delmoi at 12:59 PM on February 8, 2008


kbanas: "Ok, I'm stupid, but here's what I don't understand.

Someone steals my laptop.

How the mother-shit-fuck-dick do I possibly find it when it goes online somewhere else?

I mean, if I had a program already loaded that automatically SMS-ed me the IP address every 5 minutes or something, fine, but what if I didn't?

I mean, the only unique identifier, as far as I can tell, is the MAC address, it's not like you can query the internet at large for that piece of information. Unless you can.

Maybe some sort of magic with having dynamic DNS setup?
"

My laptop has a Lojack-branded phone home/security feature built in. The machine is set to ping their servers at regular intervals. If the laptop is stolen there's an 800 number I can call. After it's reported stolen, they give the machine's IP and whatever other information they have to the nearest police agency. The documentation states they will not give me the IP, only the cops.

It's built into the mahcine's BIOS so even wiping the hard drive wouldn't disable it.
posted by aerotive at 1:07 PM on February 8, 2008 [2 favorites]


delmoi: I had photos of the building process and they had the MAC number under my name. Sure, I understand their reluctance (and support their not giving out any of my info to government agencies) but... Going to the cops required synchronizing two separate departments. I fell at the first hurdle: explaining MACs to a policeman. ("Well, if it's an address you know where it is, right?...So it's not an address?...Every machine has one?...Just some parts?...So where do I look for this number on the computer?")
posted by CCBC at 1:14 PM on February 8, 2008


Seems like an "IT specialist" would have a backup of the photo album.

I don't think that the guy who owned the laptop himself was the hotshot. He seemed to imply that he didn't really understand how it had been tracked down.

kbanas, to me nielm's hypothesis that the laptop was logging on to some kind of server at the school seems the most likely. So it was good luck but if you've got a corporate laptop or one that might connect to other institutional servers the same approach might work.

In which case I would say Go Kiwis!, though it would have been nice if they'dve explained that in the news piece. But I suppose the journalists maybe didn't understand it themselves.
posted by XMLicious at 1:25 PM on February 8, 2008


How the mother-shit-fuck-dick do I possibly find it when it goes online somewhere else?

Here's an example, based on the idea that you didn't plan for it, but got lucky: say your browser goes to yourispwebmail.com as the home page, and you have your userid and password prepopulated (or even better in a cookie, a la MetaFilter!) As soon as the thief opens the browser while connected to the internet, they hit the page and are presented with the ability to log in as you, they might click "login" (or again, in MetaFilter-style, you're logged in automatically) and now your machine's IP is logged in connection with your username.

A couple of phone calls to a sympathetic person at your ISP (or Mathowie) might get you that IP address, and then you can go from there.
posted by davejay at 1:29 PM on February 8, 2008


And I guess none of you ever look at your wireless router logs?

Yes. I masturbate to mine.

"oh yeah baby...."
-09:40:49 Unexpected access from 216.238.112.7 to 198.32.1.116 (prot=11)
-09:30:46 Unexpected access from 216.238.112.7 to 216.238.98.41 (prot=11)
[misc wankery deleted]
"OH YEAHHHH!!!!"
-01:23:34 Unrecognized access from 63.119.26.75:2457 to TCP port 25

--end transmission--


Don't you mean "buffer overflow"?
posted by phearlez at 1:37 PM on February 8, 2008 [1 favorite]


Good post.

Where to begin with this one...

What a horribly done piece with all of its stupid B roll and dumb camera angles showing dumb things in the background INSTEAD of explaining how they found the computer's IP address. This piece could have been 30 seconds and way more informative even to people who aren't tech savvy.

Yeah, if you steal a computer, reformat the hard drive and reinstall the OS, or at least change the root password and delete the other user accounts. It's also a good idea to change the MAC address of both the Wired and wireless ethernet cards should they be able to get the IP address.
posted by hellslinger at 1:50 PM on February 8, 2008


My laptop has a Lojack-branded phone home/security feature built in. The machine is set to ping their servers at regular intervals. If the laptop is stolen there's an 800 number I can call. After it's reported stolen, they give the machine's IP and whatever other information they have to the nearest police agency. The documentation states they will not give me the IP, only the cops.

It's Computrace from Absolute Software. It's a self-healing agent built into the BIOS and can't be removed. Used frequently by school boards, companies and government agencies, increasingly popular as an add-on from the OEMs, bundled with Anti-virus software and the like. Comes with a guarantee!
posted by loquax at 2:04 PM on February 8, 2008


I'm reading all of your comments in a New Zealand accent.

On your Epple iMeck?
posted by chococat at 2:15 PM on February 8, 2008 [9 favorites]


Or maybe not the luckiest since he grabbed a computer from an IT specialist.

I was hoping the IT specialist had built a terminator style robot to track down the thief and tear him limb from limb... so I was slightly disappointed by the actual outcome
posted by fearfulsymmetry at 2:19 PM on February 8, 2008


Aside from how crap the actual news piece is, the thing that made me LOL the hardest was the news anchor. I mean.. just.. wow!
posted by pyrex at 2:22 PM on February 8, 2008


Yeah, nice moustache.
posted by chuckdarwin at 2:35 PM on February 8, 2008


I drink your iMilkshake! I drink it up!
posted by ColdChef at 3:06 PM on February 8, 2008


This is stupid. Why didn't they just ask the Great Eagles to find the stolen Palantir? One does not simply hack into Mordor.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 3:36 PM on February 8, 2008 [1 favorite]


Srlsy, that is the most awesome "news report" evar
posted by mrnutty at 4:39 PM on February 8, 2008


We all know Mordor's firewall was disabled by children. Children with hairy feet. Off my lawn, now!
posted by ersatz at 4:42 PM on February 8, 2008


Mark Sainsbury, the announcer at the start and end of the piece, was official spokesman for "movember" in New Zealand.

also, a collective cringe at our news reporting, stock footage, and clips from the matrix.
come on guys, SRSLY!
posted by Dillonlikescookies at 7:01 PM on February 8, 2008


On your Epple iMeck?

You appear to have confused them with South Africans.

/is momentarily homesick for overfluffy puff pieces on channel one
posted by Sparx at 2:35 AM on February 9, 2008


Wow. I thought I knew what I was in for when the first B shot was a cheesy Matrix effect, but it went downhill from there.

And yes, like everyone else, I watched the whole thing waiting for them to tell me HOW THE HELL THEY FOUND IT ON THE INTERNET.

Like others, too, I have to assume (six minutes and I'm still guessing) that it was doing some sort of silent sending all along, and the 'experts' just realized they could go look at that log somewhere. Logins with GMail checker or to somewhere, anywhere, that keeps a log.

It is a heck of an argument for running a ddns service, even if you never actually use the thing.

Also, I think we're all guilty of not-having-backups of some things sometimes, no matter how 'expert' we should be, so I don't think that's wholly incredible.
posted by rokusan at 7:17 AM on February 9, 2008


« Older It's been going on in Britain for a while. Now hun...  |  Citing the organization's "sha... Newer »


This thread has been archived and is closed to new comments