Forgot your password?
typodupeerror
Image

Man Uses Remote Logon To Help Find Laptop Thief 251

Posted by samzenpus
from the cyber-bloodhound dept.
After his computer was stolen, Jose Caceres used a remote access program to log on every day and watch it being used. The laptop was stolen on Sept. 4, when he left it on top of his car while carrying other things into his home. "It was kind of frustrating because he was mostly using it to watch porn," Caceres said. "I couldn't get any information about him." Last week the thief messed up and registered on a web site with his name and address. Jose alerted the police, who arrested a suspect a few hours later. The moral of the story: never go to a porn site where you have to register.

*

This discussion has been archived. No new comments can be posted.

Man Uses Remote Logon To Help Find Laptop Thief

Comments Filter:
  • Makes sense (Score:5, Funny)

    by Kr4u53 (955252) on Thursday October 02, 2008 @12:49AM (#25229265)
    What else would someone use a stolen laptop for?
    • by dexmachina (1341273) on Thursday October 02, 2008 @12:52AM (#25229285)
      What else would someone use a laptop for, period?
    • Re:Makes sense (Score:5, Insightful)

      by William Robinson (875390) on Thursday October 02, 2008 @01:05AM (#25229375)
      Note to self: Remove remote access after stealing laptop!!!!
      • Re:Makes sense (Score:5, Insightful)

        by Tubal-Cain (1289912) on Thursday October 02, 2008 @01:19AM (#25229449) Journal

        If not reformat completely.

        • by apankrat (314147) on Thursday October 02, 2008 @02:19AM (#25229801) Homepage

          Q. Can ComputracePlus be detected?

          A. .. snip .. The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.

          http://www.absolute.com/computraceplus/faqs.asp [absolute.com]

          • by setagllib (753300) on Thursday October 02, 2008 @02:31AM (#25229841)

            Let's see it survive a Linux LiveCD.

            • Re: (Score:2, Interesting)

              The same page say something like...

              The Computrace Agent communicates with modems through the Microsoft TAPI interface.

              So, probably it works only if you reinstall Windows (though I would love to know how do they do it).

              I would doubt if it survives after booting Livecd, make hard disk complete ext3fs, and then reinstall Windows.

            • Re: (Score:3, Insightful)

              by knifeNINJA (1369861)
              From the FAQ:
              Computrace Agent Hardware & Operating System Requirements:
              ...
              Microsoft Windows 95, 98, ME, NT and the 32-bit versions of Windows 2000, XP, Windows Server 2003 and all 32 and 64 bit editions of Windows Vista
              ...
              Mac OS X version 10.2

              Looks like you're right. As to how it works, here's my guess:
              • When booting up, BIOS ensures program is properly installed on hard drive
              • If program is missing, BIOS reinstalls program + rootkit to cloak its presence
              • BIOS can only reinstall program + rootkit o
              • by Soruk (225361) on Thursday October 02, 2008 @05:25AM (#25230617) Homepage

                Probably not actually. From TFA:

                Q. What happens if a computer's hard drive is removed?

                A. The Computrace Agent resides on a computer's hard drive so if the drive is removed and installed on another computer, the Agent will initiate contact with the Monitoring Center at its next scheduled call. It will then report its new location. The original computer will no longer be protected.

                If your scenario was correct then it would reinstall the trace software on the new hard disc.

                • by Jesus_666 (702802)
                  Yup. To me the whole thing sounds more like an infective rootkit, possibly residing on its own partition. Boot into anything not supported and you'll probably see the partition and its contents.
              • by ironwill96 (736883) on Thursday October 02, 2008 @08:37AM (#25231543) Homepage Journal

                We have CompuTrace on many of our laptops here at work. Only certain manufacturers have the agent pre-loaded but it is embedded in the BIOS. If you flash the BIOS and put different firmware on it you can wipe it out. CompuTrace won't work if you formatted the machine and put Linux on it since they don't (currently) have a Linux version of their agent.

                CompuTrace is really not a great service though because some of their promise is that they'll recover your laptop in X days or pay you $1000, guaranteed! What they don't tell you is that to keep this "warranty" active you have to make sure that your laptops check in at least once every few weeks or else they call you and demand that you check-in the laptop within a week or lose your warranty.

                This is a real pain when you have laptops that are being taken home by your users and they don't have internet at home or just leave it sitting in a desk drawer for weeks at a time. Trying to track down all of the machines to make sure they are hooked up to the internet to check-in at least once every few weeks is a total mess.

            • by Anonymous Coward on Thursday October 02, 2008 @05:41AM (#25230683)

              Let's see the thief get online when the LiveCD cannot recognize the laptop's WiFi.

              (*Ducks*)

          • Re: (Score:3, Insightful)

            by lhaeh (463179)

            I always found this hard to believe, someone wanna explain how that would work without custom hardware.Do they assume the bootloader will be left behind?

          • The Agent can survive a hard drive re-format, F-disk command and hard drive re-partitioning.

            dban.org How it Works :) [absolute.com]

            • You install the client software on your computers using your preferred method â" this could be an MSI installer, login script, image or any other deployment method that works for you. It's easy and itâ(TM)s secure. The client software is small, stealthy and hidden on the computer. The end-user will not even know it is there.
            • Your computer reports location, user, hardware and software information to our confidential, secure Monitoring Center every day it connects to the Internet.
            • You track and manage your computer assets, including remote/mobile computers, using reports, alerts and administration functions from the secure Customer Center website.
            • If your computer is lost or stolen, the Absolute Recovery Team works with local law enforcement agencies to track the location of the computer, secure subpoenas and warrants and return your stolen computer to you.
            • If you choose, and at your request, an optional Data Delete function can be performed on your stolen computer to keep sensitive data from falling into the wrong hands.

            Them ten dollar words sure do make it sound like much more then glorified software over protective parents would use after they install on a governer on little snow flakes 93 civic....

            What... where... am i?

            • sorry almost forgot...

              Most Computer manufacturers also provide embedded support for Computrace in the BIOS or Firmware of the notebook computer.

          • Re: (Score:3, Informative)

            by dave420 (699308)
            It uses the hard drive's Host Protected Area [wikipedia.org] to store the software, so you need special software to remove it.
          • Used properly, wipe and/or dd = squeaky clean disk drive with total amnesia. Formating does almost nothing for data destruction.
          • by d3ac0n (715594)

            A simple format might not remove it, as a simple format just wipes the tables, and not the entire drive. But a utility like KillDisk would absolutely wipe it, and you can get KillDisk for free with the Ultimate Boot CD [ultimatebootcd.com].

            Somehow I doubt the computrace software would survive being overwritten 12 times with random ones and zeros.

  • by Korbeau (913903) on Thursday October 02, 2008 @12:51AM (#25229273)

    Never leave your laptop on top of your car when carrying other things home!

    What, did you think this thing was portable?

    • Never leave your laptop on top of your car when carrying other things home!

      Never plug in a laptop, or a usb memory stick, that you just found lying somewhere in a parking lot (or on top of some car). Aside from the normal legal risks of taking something that is not yours. A perv could be watching your every move. Your identity could get stolen the next time you buy something online. And last, but not least, you could be unwittingly letting a known trojan getting inside your home-network (or your work-networ

  • Pft (Score:5, Funny)

    by inKubus (199753) on Thursday October 02, 2008 @12:58AM (#25229321) Homepage Journal

    Talk about getting caught with your dick in your hand...

  • by Max_W (812974) on Thursday October 02, 2008 @12:59AM (#25229325)
    How could be this done? How could he connect to his laptop without knowing the IP address?

    I use remote access, but I have to type in the IP address to connect. How could he knew the I address?

    I read this story several times but nowhere the software name is mentioned.

    • by Anonymous Coward on Thursday October 02, 2008 @01:02AM (#25229355)

      He was probably running a dynamic DNS client.

    • by jswigart (1004637) on Thursday October 02, 2008 @01:04AM (#25229369)

      Prob running something like dyndns or something that would automatically notify the server of the ip address when online, so he simply had to use his registered dyndns name.

    • by Schemat1c (464768) on Thursday October 02, 2008 @02:27AM (#25229827) Homepage

      How could be this done? How could he connect to his laptop without knowing the IP address?

      One word, DynDNS.

      • Probably GoToMyComputer.

        GoToMyComputer creates an outgoing connection to the GoToMyComputer server. When you want to log in, you log on to the central GoToMyComputer server and click connect. The server contacts the laptop and logs you in.

        This bypasses the need to know the IP personally since the laptop creates the outgoing connection to the central server. This also bypasses 99% of all home firewalls since an outgoing connection session is established, enabling the session and allowing for data to p
    • Re: (Score:3, Informative)

      by Spad (470073)

      Several remote access apps have an option to notify via email when your IP address changes.

    • by zakezuke (229119)

      How could be this done? How could he connect to his laptop without knowing the IP address?

      Odds are pretty good we're talking about a dynamic dns client. I know I install one on laptops for the purpose of remote login.

      Even if not a dynamic DNS client, then the gent might have his e-mail being checked on his own domain. If not his own, then he "could" get this information from his mail provider. There is so much software being run the demands updates it's impossible to tell from the story how the person was able to narrow down the IP address.

      But regardless once you narrow down which ISP the thi

  • Plans within plans? (Score:2, Interesting)

    by TiberSeptm (889423)
    Doesn't this mean that the guy who had his laptop stolen also didn't bother to set a login or boot password? One might argue that he deduced that a boot password or login password might just get his drive wiped by a clever thief. He may have even st up the remote access partly to act as a way to catch thieves and get it back if it was ever lost. He could have even used fairly strong encrpytion to protect most of his data. Of course anyone arguing for the assumption that his sercurity plans were a series
  • by pizzach (1011925) <pizzach@gmailTIGER.com minus cat> on Thursday October 02, 2008 @01:20AM (#25229461) Homepage
    CmdrTaco? Is that you?
  • TISM! (Score:5, Funny)

    by Director of Acronyms (232303) on Thursday October 02, 2008 @01:28AM (#25229509) Homepage

    For those in Australia : looks like his laptop was stolen by TISM. Especially considering the lyrics to this TISM song :

    http://www.stlyrics.com/songs/t/tism10923/beencaughtwankin434144.html [stlyrics.com]

  • by superdave80 (1226592) on Thursday October 02, 2008 @01:28AM (#25229513)

    Yeah, it must have been sooooo frustrating to have to sit there and watch that porn. Poor bastard!

  • article icon (Score:3, Interesting)

    by v1 (525388) on Thursday October 02, 2008 @01:42AM (#25229595) Homepage Journal

    They did a poor job of airbrushing the apple off the back of that macbook.

  • Wait, shouldn't it go like this:

    1) get WAN IP of computer being used at thief's house(e.g. 66.245.54.53)
    2) do reverse DNS IP lookup, see that it belongs to Earthlink or whatever ISP
    3a) if it's a fixed IP then we're done, have the Police ask the ISP to whom they assigned the IP (or get a warrant if we're good monkeys)
    3b) if it's a dynamic IP then the ISP has to check their logs to see to whom they gave the IP at the time, but they should have that
    4) Police show up at the door as above.

    Why do you ne
    • by magarity (164372)

      Because both 3a and 3b require the cops to bestir themselves a lot more than giving them a picture of the guy so their computer can just do a matching on the database of prior-record thefts. You have to make it as easy as possible for them to track down the bad guys unless you have an angry investigative reporter or DA on your side. Which stolen laptop cases usually do not.

    • by jroysdon (201893)

      As another person pointed out, 3a and 3b are difficult. However, if you have remote access, a list of nearby APs/SSIDs would be useful. If the folks are near any open APs that are listed in many DBs online, then you can go war driving and triangulate your laptop (since you'll already know where to start near the open AP).

      Once you can show the cops "I have the signal coming from there, and it's got to be one of these 3 locations" then I'm sure as the other person posted, they'll just check out the address

      • Re: (Score:3, Insightful)

        by Zenaku (821866)

        3a and 3b aren't all that difficult. My Macbook Pro was stolen back in April and once I had the IP address, all it took was a 15 minute conversation with the investigating officer, who then got a subpoena to get the address from Comcast. How is driving around to triangulate the signal and narrow it down to a few locations easier than that?

        I'm pretty sure if I had gone to the cops with "Here's the house I traced my laptop's radio transmissions to!" instead of "Here's the IP address that he is using, please

  • Chances are this guy was just a casual thief who got lucky seeing an unattended laptop...
    Either that, or he bought the laptop from the real thief.

    There are people who regularly steal laptops, and most of them either sell the machine on immediately without using it, or they wipe the machine first and then sell it on with a clean install. Anyone so incompetent as to steal the machine, and then go on to actually use it online without erasing any of the data won't have a very long career of stealing laptops.

  • Couldn't help myself.

  • The ending of the story is missing.

    "After police got hold of the thief and the laptop. Jose Caceres now has his laptop back at home..........with sticky buttons."
    • Actually, that's a really good point. The laptop is no longer trustworthy now; it's been in the hands of criminals for weeks. So really, he should get a fresh laptop.

      But.. will insurance (if he has any) pay for a new one if the laptop is recovered?
  • I recently had something like this happen to me, except quite a bit worse.. While I was at work in the mid-afternoon, someone pryed open the door to my apartment, breaking out the doorframe out around the deadbolt. They grabbed my laptop bag with lots of goodies inside, and another bag containing a Wii, PSP, Nintendo DS, etc. Police came but did not dust for fingerprints or anything. An investigator was assigned to my case but he said he had 70 other cases to investigate. Three days later, the entire t

  • Maybe I'm missing something here, but don't people use authentication to access their machines? If anyone stole my laptop they would have to either re-install the OS or spend time hacking into it to get anywhere. I'm not saying that's necessarily that difficult, but I would be extremely surprised if a thief stole my laptop, cracked my password, and then used the machine to surf porn. It would be easier for him just to put a fresh OS on it.

    Maybe I should create a guest account just for this purpose....

  • the moral of the story is: 'Don't trust a computer system you didn't setup yourself. '
    This kind of thing isn't going to work for long. Smart thieves will learn to wipe the laptop and re-install before connecting it to a network.

    • by debest (471937)

      Smart thieves will learn to wipe the laptop and re-install before connecting it to a network.

      Ummm, thieves (particularly smash & grab style thieves) aren't generally known to fall into the "smart" category very often. "Learn to wipe the laptop", eh? If they knew how to do that, they're more knowledgeable than 95% of the computer-using population, and therefore more than likely not going to be a petty thief. I'm sure more and more idiot thieves will be caught this way as time goes on.

  • ...of pr0n sites where you DON'T have to register!

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.

Working...