Stealth-cam software snaps laptop looter A laptop thief has been busted after a security application activated the computer's built-in camera, snapped shots of the crook and sent them back to the original owner. A few months ago, Joshua Kaufman had his Macbook nicked from his apartment in Oakland, CA. Instead of wallowing in despair, though, he started to blog images …
Wouldn't having strong passwords and encryption mean that this hidden thing wouldn't have a chance to work? Even if it did start working when the login screen is presented, then the thief would get bored (if they knew what they were doing they'd more likely to format it to get round the password), if it's easy to get into then they'd use it and hidden could collect more evidence.
I guess multiple accounts would be one way to go, I don't really like the idea of having to create an account especially for thieves though.
Motion is pretty good doing the capture, trigger, etc. Your problem is elsewhere. A MacBook is likely to remain under MacOS. A stolen linux laptop will be zapped with a bootleg Windoze XP install straight away. So there will be very little or no use of putting motion on it and scripting it.
By the time they find a way of shoehorning Windows XP onto an Eee 701SD (8Gb SSD, 512Mb RAM, 7" WVGA display, etc.) and making it work acceptably, they'll probably have gone to so much trouble that I'd almost let them have the machine to reward their perseverance...
Tux, 'cos my 701 won't accept anything less ;-)
Didn't do a single thing that any quarter-tech-savvy person would do in the circumstances, and didn't notice the bright green light next to the webcam... (Or does "Hidden", er, hide that light when it takes the sneak pics?)
OK: where's the "Darwin" icon when you need it?
Bought a laptop last week on eBay.
I have now thousands of (SFW, natch) holiday snaps, 15gb of rubbish music, 30gb of OK films & series, all materials for a nursing course, expenses and budget list, copies council tax / passport / utility bills / ..., and an invitation to an upcoming engagement party (hm... better not show up).
Emailed the owner because I started to wonder if the lappie was stolen, but no. "Oh I thought I deleted it". Not zeroing out I understand, yes, but here not even an effort at deleting.
I had a Windows/Intel laptop stolen back in 2008 which had a similar piece of software on it. The one on my laptop, like alot of these things, sits as an extension to the BIOS and also has a client installed that's hidden within the OS. Every time you boot up it looks for an internet connection and talks home and confirms if it's stolen or not.
Now because my hard disk was encrypted and password locked, the tealeaves couldn't get the data off the hard disk, and they couldn't even boot it, so they put in a new 2.5" disk.
(thus, Ru, why passwords don't mean anything - and on a mac if you know how to do it you can get around the login passwords on the OS and gain root access fairly easily. I now have a BIOS password on my Mac which is very difficult to circumvent and doesn't allow booting from alternative sources without a password)
The tracker software on the laptop is clever because if it doesn't detect itself installed in the OS when you boot, it installs itself into the OS for you like spyware (assuming you install something like Windows of course). It then calls the website and if it finds out it's stolen it starts broadcasting loads of it's details back to base. You can do things like remotely wipe the disk and groovy things like that.
Natch, we report the theft to the police and tell them it has a tracker on it. They seem disinterested.
So, the wazac in Lincolnshire who had my laptop plugs it into his Sky broadband and it starts calling home without him knowing. I have his email address, his broadband ID and the current IP address of his home router. Doing a bit of digging using this information, I find out exactly who he is, where he lives, his home phone number and so-on. In fact, by this time it had swept the disk for an image, so I can tell you the games he liked playing, which bank he banked with, what type of porn he liked, who he worked for and so-on. You name it, I had it. So I know all about this guy. I wonder if he worked out why one morning his laptop was duff - because I'd formatted the HDD in the background.
So I tell the police all this. They don't want to know at all. Even the company who make this software embedded on my laptop tried to get the police to go round and collect the laptop, but because the police are so inept at the moment when it comes to technology thefts, it was only when we escalated it that someone eventually went round. 3 months after it had been stolen. Biggest barrier the police said was getting the account details from Sky Broadband.
Guess what -when policeman knocks on the door, they find nothing. Laptop suddenly disappears (police never recovered it) and it, obviously being too hot to handle, disappears off the face of the earth and we've never seen it reappear.
So even though I have stacks of evidence to convict this guy, the police weren't interested. So although it looks like a great idea, we need the Police to be bought in to the idea of repatriation of kit.
Pay mates for alibis. go and burn his fucking house down. Torch his car etc etc. Make sure you have alibis, dont use your own car, wear hoodies, dont take your mobile. Use disposable gloves, dont get seen on obvious cameras but DO get seen on local cameras wearing different clothes.
I hate fucking theives.
Wiping the machine was probably your downfall. He either skipped it as faulty, or passed it onto someone more technical. Most probably the former.
Best thing you can do in this kind of situation is keep your head down and harvest everything you can from the guy. The cops far prefer the old "caught him red handed with the stolen goods" than anything complicated and technical.
I confess, I would probably Frape him a bit just for the giggle.
Apart from a surreptitious wipe of his HDD, we didn't do anything else apart from harvest his info - it only took him a couple of days to rebuild the laptop and start installing his hooky software again, and that was about a week after it was pinched. The problem was the police (3 months later) knocking on his door asking for the laptop - it was active that morning, but in the afternoon after they'd been round it vanished never to be seen again. 'We'd like to search your premises for a Dell Laptop etc..'
It did cross my mind to get a load of people round and do him in, but I was trusting the police to do the job we bloody pay them for.
Oh - and it's definitely not an urban legend - and the thing that pissed me off the most in this whole thing was the rucksack they pinched was my own that I'd bought in America, a brand new iPod Nano, and it also had my own personal 17" Macbook Pro in it too. Stupidly I hadn't itemised it on my house insurance so it's replacement was a Black Macbook, which was the most the insurance company would stretch to. Positive though was I had a backup, so nothing was lost apart from cash from my wallet. However, it's not quite a 17" Macbook Pro is it :( Wankers.
Oh - and the other thing to add - the cockmonsters who stole it also broke into a car on the same day to nick another laptop. Shame they missed the case with £150k in used notes in the boot as he was an unmarked courier. He'd stupidly left his laptop on the back seat. :)
That's grim.
The cops are really going to have to start taking this kind of information seriously or with the current crop of GPS enabled devices, people are going to start taking the law into their own hands.
What would be perfect though would be getting his online banking details, log in, transfer the value of the stolen goods (plus a little bit for your trouble) into your account and tag them with "payment for stolen laptop".
Bet he would never report that!
I'm rather lucky in that a close personal friend is a cop, and he's rather old school when it comes to dealing with crims, he loves nothing more than a good scuffle with a few broken bones. He calls it job satisfaction. So that would be my first phone call.
Sorry u also had a Macbook pro stolen that u just forgot to mention... U were more bothered about the cheap Windows Laptop.........As for the unmarked courier who was carrying 150K in used noted in his car and was kind enough to go round your house and let u know about it..........Yes this story is so obviously true..........
The key thing about this whole article and the reason I wrote about my direct experience of this was the traceability of the laptop, not what type of laptop it is. My work laptop had computrace on it. Sadly my Macbook wasn't. It didn't seem any point mentioning the Macbook Pro as the Dell was the one that had the computrace software on it and we're talking about computrace here? Even now there's nothing for a Mac that sits at a BIOS/EFI level like Computrace does on a Dell or HP laptop.
As for the unmarked courier - there were multiple thefts at the same time from the same location. (A motorway service station as it happens - a word to the wise (and yes, I would never do this again) - never leave your laptop bag in your car even if you think it's locked safely in the boot - they broke my boot open to get the laptop out - and before you jump in and say 'but they saw you put it in the boot' - not unless they'd followed me the 50 miles from my house) and I know about the money because I was stood next to the courier as we were discussing it with the policeman.
Next?
" .....and I know about the money because I was stood next to the courier as we were discussing it with the policeman....."
So the courier was discussing the fact that he had "150K in used bank notes in the boot of his car" THAT HADN'T BEEN STOLEN. There are very few legit reasons for having that sort of cash in your car. I'm sure the police would be the last people he would be telling about the cash. Why dont you just write a book ?
For a time I worked for a company providing vehicle tracking devices, we had a stolen JCB digger that alerted in 3 times from the same location - each time we called the police out there and "nope, no diggers around here". Then a different JCB alerts in from the same location, call them up and false alarm, so I used some initiative and asked where it was "oh it's at our depot on <whatever> road" which matched the map location, turns out the one that had been stolen the tracker had been removed the day before and was in their depot office (which they forgot to mention when asking us to find it for them...)
What I found amazing was that the police had apparently sent 3 different police officers on 3 separate occasions to a depot full of diggers and such and reported that they couldn't see a digger anywhere... so i'd hate to think how hard it would be for them to find a laptop.
Calling the police is pointless as you found out. Whatever made you think they give a toss about crime?
Given that I had the guys address, his porn collection, and probably a load of other private info, I would have spent 3 or 4 weeks collecting as much as possible. I would then have doorstepped the fool one night with a few mates. A couple of the bigger ones sit on his head while I nip upstairs and collect my laptop. I would then tell him that it had a web cam and that I've got a disk full of pics of him whacking himself off. I'd mention some of his porn tastes, just so he knows I am not kidding.
which is all very well except the vast majority of us wouldn't have the faintest idea where to find such porn and I certainly wouldn't be looking for it to frame chummy.
No teh correct weay to deal with this situation is the late night visit with a couple of mates and then you call the police about the stolen lappy.
As has been said, you just make sure you have an appropriate alibi.
"The $15 (£9) Kaufman paid for the application turned out to be worth every cent yesterday after Oakland police swooped, arresting the man in question, based on the evidence supplied."
Doesn't say he got his laptop back though, so unless you think it's worth paying an extra $15 (on top of your taxes) for the privilege of doing all the detective work to enable the police to arrest someone (if you can embarrass them enough into action), I'm not sure it's worth it.
Might be better just encrypting and password protecting the laptop, keeping decent backups, and paying for insurance to get you a replacement machine if it gets nicked. You'd probably get it quicker than waiting for the police to decide they no longer need to keep your old one as evidence as well!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
