Burglar Nabbed By Backup Program

Bruce Perens writes "A Berkeley, California, burglar engineered his own arrest, and that of his girlfriend, when he stole a laptop and used it as his personal computer. He didn't realize that the laptop had an automatic backup program, and that the photos he took were being copied to his victim's backup repository. Berkeley police recognized him, and his location, from the photos."

Getting to be a cliche

[gbulmash]

How many times do we have to see this story? There's the famous stolen SideKick [evanwashere.com] from June 2006, then a few months later there was this story about a stolen phone that automatically mailed pics to Flickr [slashdot.org], and on and on and on. This is becoming a cliche "stupid thief" story.

Re:

[dgarciam]

I mean, how hard is to reformat a pc? I guess thieves can't reformat a stole pc.. don't have the brains..

Re:Getting to be a cliche

[rackserverdeals]

I mean, how hard is to reformat a pc?

And how was he going to get windows back on it? Just because he's a thief, doesn't mean he's a pirate. :)

Re:Getting to be a cliche

[Profane MuthaFucka]

Note to self: steal the OS install disk too.

Re:Getting to be a cliche

[Dr_Barnowl]

If the owner was complying with the Windows EULA, the license sticker was firmly applied to the computer, so he only needs a install disk ; the serial number is already there.

Re:

[IBBoard]

Well, all he needs is an OEM install disk for the right edition. I've tried an OEM license with a Retail disk after wiping a laptop and it won't work (even thought they're the same product and it was the serial from the bottom). Much easier to install Linux instead ;)

Re:

[mlts]

Since the property has an OEM sticker, in theory, the thief can use VLK media without IP infringement and complying with the EULA. Physical theft charges are another story, of course.

Re:

[ae1294]

Yes I'm sure using your home internet to reactive your new stolen laptop and then downloading the Windows 'Generous' Advantage update is much much smarter than just trying to use the laptop.

Or I guess I mean it really doesn't make any difference so just Install Linux or at least a pirated copy of XP.

Re:

[IBBoard]

Or he could just not be a pirate or pay for Windows and install Linux ;)

Re:

[sopssa]

Dont break your stolen computers EULA; Use Linux!

Re:

[David Gerard]

Keep in mind that most criminals, particularly petty thieves and burglars, are dumb. They're crooks because they're not competent to make a living not being one. Intelligence and, more importantly, general competence are the exception.

Re:

[nizo]

Exactly; if this guy was smart enough to reinstall Windows, he could get a job as a Windows admin somewhere instead of stealing laptops for a living.

Re:

[Joey Vegetables]

Most criminals who get caught are dumb. Smarter folks of a similar mindset come to understand that there are ways to rob, enslave, and even murder people with little or no chance of serious negative repercussions. The slightly smarter ones can go into law enforcement for instance (not implying that all who do are criminals, but many are, and most of the rest will cover for them). Really bright folks can steal all they could possibly dream of, or more, by becoming lawyers, politicians, or white collar cri

Question: Does society owe you a job when...

[helpacoder]

You WAN'T to work, CAN work, and NEED to work to earn money to survive in 'civilization', and can't otherwise earn money being successfully/legally 'self-employed' through other means.

It appears (national) government is the employer of last resorts for its citizens caught in this predicament. If they do not qualify or are unable to get a job this way, what then? Any suggestions?

Re:

[Restil]

It's also possible that they're lazy, for much the same reason. They might be smart enough to be a competent member of the workforce, but they simply don't want to do the work. We like to think, of course, that laziness breeds innovation. That all of our favorite farm equipment was initially envisioned, developed, and used by some farmer who just frankly didn't like doing all that work.

On the other hand, however, we have the lazy person who figures he can work a full time job pushing heavy boxes around a

Re:

[b0ttle]

Reformatting the pc may not always be the solution.
There are tracking software that can be installed on the BIOS firmware.
http://www.absolute.com/products-core-technology.asp [absolute.com]

Re:

[the_B0fh]

And I wonder how well the embedded bios piece works when I'm running linux or openbsd.

Also, if the thief is capable of re-installing windows, the thief is almost certainly capable of mucking in the bios, and, well, you know, turn the trace thing off...

Re:Getting to be a cliche

[rarel]

If I had to venture a guess, I'd say the dupes come from the backup repository every few month automatically.

Re:Getting to be a cliche

[Nick Ives]

Amateur criminals will always be funny. The real joke here is that the thief didn't pass the laptop onto a fence straight away, keeping and using things you've stolen is the dumbest thing to do if you're a thief!

Re:

[CheeseTroll]

Maybe he needed the laptop in order to manage his Ebay 'store', where he could sell the other stolen items.

Re:

[ae1294]

keeping and using things you've stolen is the dumbest thing to do if you're a thief!

Honestly not really man. Leaving all of the serial numbers and not doing a full wipe is dumb. Trying to find someone to fence your stolen equipment too can really backfire on you not to mention they take a huge cut. The fence isn't going to be any brighter than you and when the cops grab him you can expect to be next...

Moral of this story is steal stuff that you understand well enough to insure it can not be traced back to who you stole it from. And remember children not having a receipt for something doesn

Re:

[stkpogo]

no education required to be a criminal

Re:

[somersault]

Well, murder, rape, war, bent politicians, celebrity news etc are all pretty cliched too but the media outlets insist on reporting on them day after day.. and that's why I am not interested in most so called "news". Slashdot is usually fairly interesting, and this is in idle at least.

A product here?

[jimmyhat3939]

The question is whether there's some product that could be installed for this specific purpose. Laptops with webcams seem like they'd be a reasonable target. Also, I seem to recall something being installed right into the bios to facilitate this sort of recovery. Or even something involving MAC addresses. Most thieves aren't smart enough to change those, and on a laptop I'm not sure you could even really do that in hardware (though I know you can do it in software, on linux at least)

Re:A product here?

[Nikker]

Since this is /., 1 cron job and an addition to your /etc/rc.local(or distro equiv.) would do the trick. You could first use mencoder to capture and video sources (using command line it will take snaps at intervals all on its own) and rsync as you cron job taking the diffs of the whole drive to online storage, bonus points to trigger a sync the moment the network route becomes available. Nifty idea would be to set up a gmail account and use it to store incremental backups rather than the original image, 7-8 GB of diffs could likely go a long way.

Re:

[HydroPhonic]

You don't need a backup to facilitate recovery- just transmission of the fresh data. If my girlfriend's laptop ever disappears, the keylogger I've conveniently installed on it might be enough :)

The AntiVir and Spybot installations on this machine are configured with exceptions for this exact product, and it will reliably send me keylogs, web histories, and screenshots every 20 minutes (or whenever it finds a connection). But it doesn't capture from the webcam....

Re:

[Twinky]

I do sincerely hope your girlfriend knows about this. Does she?

Re:

[Joebert]

The guy calls himself "HydroPonic", I'm guessing there's a lot of things she doesn't know.

Re:

[Anonymous Coward]

But it doesn't capture from the webcam....

Thanks for clearing that up. She was afraid you put something on her computer and stopped using her cam. It'll be great to be able to see her boobies while I'm out of town again.

Re:

[dangitman]

Since this is /., 1 cron job and an addition to your /etc/rc.local(or distro equiv.) would do the trick.

Unless it's a Mac, as soon as the thief discovers it has Linux installed, he's going to wipe the system and install Windows, and cron or your scripts won't be available.

Re:

[vertinox]

Unless it's a Mac, as soon as the thief discovers it has Linux installed, he's going to wipe the system and install Windows, and cron or your scripts won't be available.

Can you create a bootloader that tricks a windows CD into installing in a virtual machine? That way you still get access to the hardware and the theif won't be the wiser.

Personally, I think the best solution is to encrypt the internal disk and lock the bios down with something so secure that he'll have to at least take the laptop apart and k

You use auto-login? tsk tsk

[gosand]

Since this is /., 1 cron job and an addition to your /etc/rc.local(or distro equiv.) would do the trick. You could first use mencoder to capture and video sources (using command line it will take snaps at intervals all on its own) and rsync as you cron job taking the diffs of the whole drive to online storage, bonus points to trigger a sync the moment the network route becomes available. Nifty idea would be to set up a gmail account and use it to store incremental backups rather than the original image, 7-8 GB of diffs could likely go a long way.

Your scenario assumes a Linux system... in that case, how would the thief even be able to log in to use it? Surely you don't have it auto-login, do you? And if the thief is good enough to crack the login, your cron job wouldn't stand a chance.

Re:

[Nikker]

Very good! you get a cookie! It is likely though that anyone who does 'receive' your system will at least turn it on and provided you have a web cam (built in or otherwise) you will start recording whether they login or not, taking a snap every second or so will give you a few snapshots and a chance to connect to an open AP and transmit the data. If you have a GPS receiver as well you would at least get the lat/long of the location. After that if he wipes it, its wiped regardless of what software you hav

Go away, you're not 21

[tepples]

It's called 'prey' and the licence agreement is just that you buy the authors a round of drinks if you recover your laptop using it

But must the drinks be alcoholic? If so, the license discriminates against users under age 21.

Re:

[Jjeff1]

Yes, there is a product, computrace [lojackforlaptops.com] makes a product that is installed at the BIOS level on a lot [absolute.com] of corporate level laptops. Even if you replace the hard drive, it reinstalls itself.

Re:

[Anonymous Coward]

you don't "install" anything at the bios level. If it's not already built into the bios you can wipe it clean.

"Even if you replace the hard drive, it reinstalls itself."

Bullshit. Unless it's pre-embedded into the bios, there's nothing that you can install that would accomplish that.

Re:

[Aardpig]

Flashable BIOSes, sir?

You mean the ski mask doesn't work anymore?

[Bob_Who]

I don't see how the cops could recognize him with the ski mask on... Oh yeah, the fuzz can see right through your cloths now. He better wear metal armor next time, or an aluminum foil hat..

Re:

[robthebloke]

a TV set is much bigger than a laptop and needs two people to carry it, that or the parent doesn't know that you can re-install an OS (he might be the burglar?)

Well that's just stupid

[drsquare]

You don't use the laptop you steal, you sell it down the pub or gut it for parts.

Amateur.

Re:

[r_newman]

You don't use the laptop you steal, you sell it down the pub or gut it for parts.

Amateur.

This does imply that *you* are a professional ;-)

Re:

[Aldric]

Well, a lot of us at Slashdot work for technology companies. In my experience, a ski mask and a gun would not be out of place on most executives.

Re:

[interkin3tic]

A billion? My God, then one out of every 6 people has stolen a laptop!

Re:

[4D6963]

No no no, he means 1 in 6.78 people are douchebags. And actually, the estimate seems a little low to me.

You sound like a great person! :D

Re:

[4D6963]

lol, paradise... If more than one in every 6 persons is a douchebag in your neighbourhood you either live in New Jersey or you're just a whiney social misfit. I live in a European capital by the way...

Re:

[4D6963]

The problems is that in this country, about 1 in 6 aspire to be in that 2%. That's pretty much the basis of contemporary American culture.

I'll concede you this point :D.

Which backup program

[cerberusss]

To make this idle thread slightly more interesting, can people recommend some backup programs? It should work on my GFs Vista desktop and should upload the backup somewhere offsite, preferably my own SSH-enabled server.

Re:Which backup program

[David Gerard]

Cygwin does crontabs very nicely to do all sorts of Unixy things. It's a fantastic way to make a Windows box halfway sanely usable. Particularly if you set up sshd.

Re:

[asdf7890]

Cygwin does crontabs very nicely to do all sorts of Unixy things. It's a fantastic way to make a Windows box halfway sanely usable. Particularly if you set up sshd.

Seconded. rsync+ssh is great for backups either directly on Unix-a-like systems or via the CygWin distribution on Windows. Setup is a bit manual of course, but if you have the time you can use the tools to create a very flexible and reliable setup.

Perfectly theft proof

[TiggertheMad]

can people recommend some backup programs? It should work on my GFs Vista desktop

If you are hoping to be able to re-create the scenario described in the article, you have nothing to worry about. Putting Vista on your girlfriend's computer has just insured that NOBODY will ever try to steal it...

Re:

[HaloZero]

Except those who would simply dBAN the device and run Linux on it. There are quite a few machines out there that can't run Vista for shit, but as soon as you load Ubuntu/Kubuntu/SuSE on them, they handle the task pretty well. The only gripes are super proprietary wireless drivers, and those've come a good long way in the last 18 months.

Re:

[cerberusss]

Putting Vista on your girlfriend's computer has just insured that NOBODY will ever try to steal it...

Those Vista stickers have great resell value!

Re:

[BenoitRen]

If anybody on /. would have a girlfriend (and that's a big *if*), he wouldn't let his girlfriend have Windows Vista on her laptop. Tsk tsk.

Re:

[wwphx]

Actually, my GF, now wife, was a Mac user long before I switched to Apple from Windows about two years ago. I'm still stuck with it in my day job (SQL Server DBA) and working on my dad's PC, but them's the breaks.

But it was most gratifying when my brother called me up to complain that he couldn't browse the internet with IE or Firefox on his new(ish) Vista laptop. "Sorry, dude, I don't know Vista." Turned out it was pre-installed Symantec crapware firewall. I'm SO glad I live 400 miles from my brother a

Re:

[socsoc]

Both your GF and your wife use Macs? No wonder you switched...

Re:

[BenoitRen]

Lies. Damn lies. /. users don't have girlfriends or wives! It's impossible!

Okay, okay, enough with the in-joke. It seems out of style these days. :P

I'm still wondering where the geeks of /. get their significant others, though. $DEITY knows how hard it is for most geeks to even start dating.

Re:

[Nethead]

I found mine on a SunOS server at an early ISP (wolfe.net). We started using the 'talk' program and realized that lived just a few blocks from each other. The first place we made out was at the local POP in front of the modem rack. We later went to work for that ISP.

Re:

[cerberusss]

Great story! I loved the part of making out in front of the modem rack!

Re:

[cerberusss]

I'm still wondering where the geeks of /. get their significant others, though. $DEITY knows how hard it is for most geeks to even start dating.

I work at a scientific institute as a software dev, and got my own business at the sides. I found my GF in the conventional way; i.e. at the local pub.

The blokes at work are much more hard-core scientists and have trouble with the conventional way. Lots of them are really into dating through internet, but from what I've seen it takes a lot of time, a lot of effort to write good e-mails, and a lot of dating to find the right one.

Re:

[wwphx]

My wife found me on an online dating site. I was signed up on several and got several dates, but she lived 500 miles away and I wasn't searching that large a radius. She lives in pretty rural New Mexico and wasn't finding people who were smart enough (she has a PhD in astronomy, as seen on MythBusters) or at least not stupid. After some horrible dates, she expanded her search area and found me.

It was well worth the drives back and forth: Thursday is our 4th anniversary.

FYI, the observatory that she works

Re:

[Thumper_SVX]

I used to do that... had a server at an offsite location (a company I consult for generously hosted the box for me). But I really finally got tired of maintaining the physical box, particularly as I moved more and more away from a desktop machine to a laptop... managing a physical box sitting in an office 30 miles from my home became more of a pain that I felt like dealing with.

I eventually moved to Mozy (http://www.mozy.com) which is a company that gives you a free 2GB of storage on their servers. More tha

Re:

[cerberusss]

I eventually moved to Mozy [...]the program is just almost completely invisible to me

Exactly what I'm looking for! Thanks for the tip.

Re:

[Lennie]

Why would I use this as a business, if my company burns down, I don't want to wait a month before I have all my data.

That's just silly.

Re:

[xur17]

I am assuming it took a month to backup because he was using is using dsl, or some other isp with asymmetric upload. Downloading the data would most likely be many times faster.

Re:

[Xoltri]

Been using SyncBackSE at work and home and it's great: http://www.2brightsparks.com/syncback/syncback-hub.html [2brightsparks.com]

HAHAHAH

[hesaigo999ca]

Soooooo funny, this should go on stupidest criminals tvshow!

Oh come on

[Bigbutt]

Look, if it was one of _our_ laptops, the crook wouldn't be able to log in to take pictures. I know my Windows (and Mac and Linux and BSD...) systems have login prompts of some sort and guest is disabled. The crook would open it, turn it on, see a login screen, try a couple of things, bang his (or her) fists impotently, and then sell it to someone.

[John]

Re:

[Talar]

The default bootup option should of course be your dummy OS that is passwordless with no personal information in it and a backup job to transmit photos, keylogs etc. to your server.

Protects your real data from getting wiped by tech-challenged thiefs and will also help you getting your laptop back if stolen.

Re:

[edjs]

One's real data should be backed up anyway, so recovery of the data is a non-issue. I'd feel compelled to wipe and reinstall if the laptop was recovered after being stolen. In the pre-encryption days, I'd have preferred the laptop self-destruct if it left my possession for too long.

Re:

[ifrag]

Or just boot into single user mode.

Windows Admin is easily reset via Linux bootdisk, even on NTFS.

Just a few minutes of google and I'd say there is a fair chance at breaking into it. Without taking REAL precautions physical access is FULL access. Those login prompts don't mean much when using the actual console unless it's specifically configured for it.

Re:

[Lennie]

encryption is probably the only defense against physical access

Re:That doesn't help you

[colinnwn]

The thief doesn't know the computer will be unusable when he steals it, and it still has a scrap value as you pointed out. Why not honeypot it? Enable the guest account and set up picture capture and my documents and desktop file sync to a network drive. Then you might salvage enough info to bust them. That would be more satisfying, and you might get your property back.

Wipe it first !

[berbo]

If you're going to steal a computer, you have to cover your tracks - just wipe the disk and install Linux.

Another reason Linux is favored by criminals [/snark]

Re:

[account_deleted]

Comment removed based on user account deletion