Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 377
An anonymous reader quotes Hot Hardware:
Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.
The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.
Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.
Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Security expert? (Score:5, Interesting)
If he is such a "computer security expert", why did he not have his laptop fully encrypted as well as (naturally) an OS login password? Seems to me that he was either actively trying to bait somebody like this, or he's a complete moron.
Re:Security expert? (Score:5, Insightful)
Or maybe it was his "Just surf the news sites and play a game to pass the time" laptop. You know, the one with no reason whatsoever to encrypt anything.
Re: (Score:3)
You know, the one with no reason whatsoever to encrypt anything.
In this day and age there is no such thing.
Re: (Score:3)
If he's an computer security expert, he knows that there is no such thing as "non security relevant pc", because you always leave traces of your personal data (and if its only your favourite gaming site).
Security 102, chapter 1 - Risk Analysis (Score:5, Insightful)
If you go a bit beyond the corporate-mandated annual security training, most information security curriculum says that step one is identifying the assets at risk and their value. It would be silly to spend $50,000 turning your garage into a vault to protect a $15,000 car, and similarly for information security the value of the asset determines the maximum effort you should put into protecting it. This not only avoids wasting more time/money/hassle than the asset is worth, but it allows you to spend your efforts on the most valuable assets. Any time/money spent on a low-value asset is time NOT spent protecting a higher-value asset.
The identity of your favorite gaming site is worth about 5 cents US, so it is error to spend more than 5 cents worth of time trying to protect that information.
Additionally, in most cases it is better to protect and encrypt data on a per-account basis, for both technical and practical reasons. On a laptop, that means you encrypt the home directory, not the system. Multiple user logins have separate encryption, and one account can't access the encrypted files of another account. If you want to take it a step further, you can have a work account on the machine and a separate account for checking personal email, etc. Along with the obvious security benefits, that avoids having the browser or search engine auto-complete a URL based on *personal* browsing history in the middle of a presentation.
Given per-account security, a guest account with restrictions on it is quite feasible, and a theif would likely click the guest account.
Re: (Score:3)
No, the problem is, you try to seperate, what seems important and confidential to you. And there is the mistake. Because it requires you to think about what's confidential all the time.
Why would you encrypt /home and not /? Is there any reason preventing / encryption? No.
So you install your system, make a checkmark at "full encryption" and enter a reasonable password (here you can make tradeoffs and choose one you can remember without tools). Next you don't need to think too much while using it. Your top-se
Re: (Score:3)
If you are storing sensitive personal information on a laptop or phone, you should already know that the question is not if, but when, it is going to leak out.
So have a plan for cases such as bank account info, and for the rest, it's not important enough to give a sh*t about anyway. There was an article about the risks of families, friends, and others snooping around your Facebook account. If you're posting stuff on Facebook, even using their privacy settings, that you don't want to get out there, you're a
One of us is misunderstanding the other (Score:3)
FYI I've been a fulltime security professional for 20 years. My advice is based on what I actually do when your bank hires me to test their security, how I can actually hack your accounts.
> No, the problem is, you try to seperate, what seems important and confidential to you. And there is the mistake. ...
> Because it requires you to think about what's confidential all the time.
> reading some private e-mails won't hurt now, because if they are left in the cache in your firefox profile
I never said
Re: (Score:3)
This is an artificial and silly way to view security. Nobody gives a shit about your gaming site, but the data I obtain from your gaming site will be useful in obtaining more valuable accounts or real life threats. For example, if the gaming site shows you how much you play and when, I can be pretty sure you're not going to be home during the hours when you've never played except for national holidays. If it shows in-game "friends", I can contact them saying I know you from the game and haven't seen you on
The dam is valuable, the parking lot crack not muc (Score:3)
> Your thought process is akin to saying it makes no sense to spend $5k to patch a 2" crack in a dam because the crack is only 2".
No, the dam is extremely high value, therefore you pay attention to it. When the Banqiao hydroelectric dam failed, it killed hundreds of thousands of people. So the dam is at the top of your "most protected" list. What I'm saying is this:
There's a 2 inch crack in the dam, and a 2 inch crack in the parking lot. What's your first step? Your second step?
Obviously your first st
"No reason whatsoever to buy a car with doorlocks" (Score:2)
Or maybe it was his "Just surf the news sites and play a game to pass the time" laptop. You know, the one with no reason whatsoever to encrypt anything.
The only reason to even consider "not to encrypting anything" is if your processor doesn't support AES instruction sets.
I mean, are you actually proposing that he was likely to have a dedicated machine for gaming/browsing that had no Steam logins, no news site logins, no forum logins, in fact no logins or personal information of any kind and was never used as a backup machine to check email, etc. in a pinch?
Just encrypt. It requires less consideration, and it removes the need to shred a drive before
Re: (Score:3)
Re:Security expert? (Score:5, Insightful)
Regardless, he left it in plain view in his unlocked car.
"Regardless, she was dressed in a short skirt and top" - and should have expected what happened next.
"Regardless, they left their dog in the back yard alone with a gate that didn't have a padlock" - and should have expected someone to steal their dog.
"Regardless, they were unarmed when they asked a total stranger for directions" - and deserved to be mugged.
Screw your "regardless." Honest people wouldn't have taken it. Same as I should be able to leave my doors unlocked and not have strangers walk into my home and take stuff.
Re: (Score:2, Insightful)
No, you actually do have an obligation to not be naive and pretend crime can't happen. Many of the things you list are just outright negligence. If you exhibit many of he negligent behaviors your list, they affect the crime(s) committed and your ability to recover losses. For example, if your home door is unlocked and a theft occurs, the crimes committed are less than if the door was locked, and your ability to recover damages from your insurance will likely be impacted.
Re: (Score:2, Interesting)
I never lock my doors when I'm not home, because I'm not worried about theft. Knowing your neighbors and having a dog are much better risk-reduction factors than any lock ever will be. All locks can be bypassed. Watch the link I posted elsewhere which shows where to buy a device that will let you reprogram any car with keyless entry to accept any other key, so you just drive off.
I've had things stolen when I used to lock stuff up - the insurance company will make it as hard as possible to get what you're o
Re: (Score:3, Insightful)
Re:Security expert? (Score:5, Insightful)
No, you actually do have an obligation to not be naive and pretend crime can't happen.
That's not quite the same as saying dressing a certain way makes sexual assault not a crime; in fact, it states quite the opposite! Read the statement again, with your head located outside your rectum. When a rapist rapes, it is the rapists fault, as the rapist should not rape; when a rapist rapes YOU, however, you must ask yourself why that rapist (who would have raped anyway and is still full at fault for the actual rape) chose you and not someone else.
Is it okay for a rapist to rape you if you dress a certain way? Oh hell no, and nobody said it was. But, just knowing that the rapist is there and that the rapist will rape, regardless of you, you have a responsibility to acknowledge that fact and make yourself less of a target. Will that prevent the rape? No, because, and I'll repeat this again so you can't get confused and think I'm victim blaming, the rape is the rapist's fault. What it will prevent is your rape.
Now, let's apply that logic to a less sensitive subject so you can see how things work in the real world. If you, knowing that people steal shit from cars, leave a laptop sitting on the passenger seat of your unlocked car over night and it gets stolen, it is the thief's fault a laptop was stolen, but it is your fault it was your laptop that was stolen.
How does this work? It's quite simple, really.
The thief is going to steal a laptop, that is a decision the thief made and the thief is completely responsible for that decision. Neither you, nor me, nor the police, nor the thief's parents, nor anyone else holds any responsibility for that decision. However, you know that there exist people who make such decisions and it is up to you to protect yourself from them. If you do not, that is a decision you made and you are completely responsible for that decision. Neither the thief, nor me, nor the police, nor your parents, nor anyone else holds any responsibility for that decision.
If you didn't leave the laptop in plain view, would a laptop still have been stolen? Yes, because the thief decided they were going to steal a laptop. Wold it have been yours? No, because you decided not to allow it to happen.
As a victim of both theft and rape (among other various crimes) in my younger, more naive, years, I quickly developed an understanding of this concept. Perhaps not quickly enough, but I did develop it, nonetheless, where you (and many others) still seem to have not figured it out.
Is it my fault my rape occurred? No, but it is my fault I was chosen over someone else. Is it my fault an MP3 player was stolen from me? No, but it is my fault I left it unattended so that it may be stolen. Is it my fault I was robbed at gunpoint twice? No but, in both cases, it is my fault I was unarmed and alone in a high-crime area late at night.
Should I have been able to trust my rapist not to rape me? Should I have been able to leave my MP3 player (back when those were a new thing, mind you) at my desk for 5 minutes? Should I have been able to safely walk around, alone and unarmed, at night? In an ideal world, yes.
We, however, do not live in an ideal world, and you're not doing yourself, or anyone else, any favors by ignoring that fact while you insist that we should.
One thing we agree on, though, is that we should live in an ideal world. Our main point of contention is how to reconcile the fact that we do not. My belief is that we should not let ourselves be attractive victims to the crimes we know will be committed anyway. You seem to believe the exact opposite, for which I suppose I should thank you, as you make it that much easier to do what I believe is right when you set the bar so low for criminals.
You can have the crime and victimhoood, I've been done with it for over a decade.
Re: (Score:3)
Re:Security expert? (Score:5, Interesting)
You seem to think that he is a complete moron, but it seems to me that he made the right decision.
Re: (Score:2)
You seem to think that he is a complete moron, but it seems to me that he made the right decision.
Only if he was planning to have his laptop stolen. I'd rather risk losing the laptop than risk the thief stealing my logins, wagering that he's too lazy/ignorant to bother reinstalling the OS.
I think there might be out of band options for thief tracking if this is really a huge priority, but I think it would be better and simpler to alter one's habits to reduce the risk of theft.
Re: (Score:2)
My laptop drops into a mostly Windows desktop after a timeout for exactly above reasons.
autologin-user=[name] - Name of the user
autologin-user-timeout=[value] - Timeout before session is loaded
If my laptop drops into a DOS looking command prompt they'll think the laptop is dead and won't bother trying to use it. If the laptop is usable the thief will probably try to use it as a laptop. It'll be wiped or dumped.
Re:Security expert? (Score:5, Informative)
if the laptop has any information about him or his accounts or logins, then the theft of the laptop could lead to identity theft and fraud. Dude didn't encrypt, so he's not a computer expert, so he's probably employed under false precincts, and should be fired.
it's false PRETENCES not precincts.. ;)
you are here under the false pretence you know what words mean
Re: Security expert? (Score:3)
It's false pretenses as it happens.
Re: (Score:3)
In my country we spell it 'forudsætninger'. Pretty sure most of the rest of the world don't speak English as their primary language, so they probably call it other things, too.
Re: Security expert? (Score:5, Insightful)
This is precisely how the anti theft software for my Macs work. For it to be most effective, you should set the firmware password (to prevent booting off other media), encrypt the disk, set a password on your account, and leave the guest account active.
The whole idea is to get the thief to use it so it can phone home. If it is locked up too tight, they'll just be parted out or tossed.
That nifty law they passed for kill switches in cell phones means they no longer steal phones to resell and reactivate, now they just steal them for the the parts.
Re: (Score:2)
If he is such a "computer security expert", why did he not have his laptop fully encrypted as well as (naturally) an OS login password?
And that would have prevented it from getting stolen how?
Re:Security expert? (Score:5, Insightful)
If he is such a "computer security expert", why did he not have his laptop fully encrypted as well as (naturally) an OS login password?
And that would have prevented it from getting stolen how?
Well maybe a security expert would be smart enough to not leave a laptop unattended, much less leave it overnight in his car.
PR stunt? (Score:2)
Well maybe a security expert would be smart enough to not leave a laptop unattended, much less leave it overnight in his car.
Unless said expert deliberately set it up as a honey pot so he could track down the thief and boast online about how good he is at catching thieves.
Everybody gets tired (Score:2)
Re: (Score:2)
Also you could had called the police with proof of your laptop being stolen. Being a laptop plus the info on it it could be considered grand theft.
Per-account encryption is often better than full-d (Score:2)
In many cases, it is better to encrypt files for each account separately, rather than full-disk encryption. This is partly because most full-disk encryption sucks in one of two ways. (Google "ecb penguin" for an example.)
Along with avoiding technical problems with full-disk encryption modes, this improves security because the user of one account can't access files owned (and encrypted) by another account. You can even have a "guest" account for a houseguest to use, and guest can't access your files.
Since yo
Re: (Score:2)
Admittedly not everyone has a crate of obs
Re: (Score:2)
Re: (Score:2)
+ they left it in a car, so yes either bait or retard
I lean towards retard
Re: (Score:2)
Re: (Score:2)
And if he had put an OS login password on it, the thief would have just given it to someone to wipe down. He would still haven't gotten his laptop back, and he would never have known who stole it.
At least mobile phone passwords, the phone can still receive calls, so you can call whoever "found" it and offer a small reward for it's return.
Re: Security expert? (Score:2)
It says he's a security expert in the article.
Re: (Score:2)
It's the Calgary Sun, as someone who has read both that and the Toronto Sun. I'd imagine anyone who uses more then one password is a security expert in their eyes.
Re: (Score:2)
Transport companies always leave the loading doors on empty trailers unlocked so that thieves don't cause damage breaking into them. There's a reason for that.
Most kids today wouldn't know how to unlock the steering wheel anyway without a key, so it's not like they can steal the car if you leave it unlocked - and a pro will just buy a device online (watch the first 17 minutes [www.cbc.ca] - you'll see homebrew hardware, where to buy the hardware ready made, interviews with hackers and police and a car manufacturer) tha
Re: (Score:2)
Watch the video, asswipe. Anyone can go on ebay and buy a device that will reprogram any car to accept any key fob code, same as there are devices that let you roll back the electronic odometers on the dash and in the transmission electronics.
You don't need a dent puller or a big hammer to pop the lock and a screwdriver to turn the ignition on any more (the old skool way, which I had to use twice on old cars. The little pin at the bottom of the lock casting breaks, leaving the lock freewheeling without act
Re: (Score:2)
I have had a window smashed and a lock knocked in (by what looked like a cold chisel), both instances were much more expensive then the stereo + CD's they stole
Re: (Score:2)
I know relatives who leave their car unlocked but don't store anything of value (apart from a 10kg bag of cat kibble).
That's a horrible idea. Seriously. That's just asking for a mouse infestation. Once they're in the car they'll chew on wires, get into the insulation and if they nest in the heating/ventilation system you'll never get the urine smell out.
'computer expert'. (Score:5, Interesting)
In general, the various 'identity theft' type laws which make it illegal to access others accounts don't have exceptions because it's a stolen computer.
Re:'computer expert'. (Score:5, Interesting)
So who brings the criminal suit for identity theft? The thief would have to swear out a complaint in which she admits theft - or that fact would come out in court. Even if hard evidence of identiy theft was available, a half-decent lawyer would have the case dismissed after a chat to the thief via the prosecutor: "If you proceed with this case, you'll face criminal and civil proceedings for theft, loss of income, etc, etc, etc. You'll be so in debt with legal bills, and a criminal conviction will be your legacy. Do you really want to proceed?"
Re: (Score:2)
It doesn't have to be a suit. There are federal laws. Once the process starts the federal attorney can bring the charges, getting both the thief (though that's only a state charge) and the revenge seeker.
Re: (Score:2)
Hence in quotes. 'unauthorised access to a computer' type statutes.
Re: (Score:2)
Re: (Score:2)
He is allowed to. However, simply because he owns the computer doesn't give him the rights to use other connected computers. (facebook et al)
Any more than customer support would have the right to post on your social media or go through it if you happen to leave a tab open.
Re: (Score:2)
You aren't allowed to use your computer to commit fraud. The thief didn't give permission to the victim to impersonate him. The victim's type of usage was fraudulent.
Re: (Score:2)
The thief didn't engage in identity theft, the victim did. The thief engaged in burglary however. Dwywit was claiming the case against the victim would fall apart because the thief during the suit would have incriminate themselves in a larger tort. I disagree with the larger claim, that's unclear.. But my main point I was commenting this isn't just a tort its a crime on both sides which means there is a 3rd party (the state) which might be happy to go after both of them if this starts getting reported
Re: (Score:2)
Didn't realize this was Canada. The same structure applies there however: http://www.cbc.ca/news/canada/... [www.cbc.ca]
Re: (Score:2)
Obtaining and possessing identity information with the intent to use the information deceptively, dishonestly or fraudulently in the commission of a crime.
Trafficking in identity information, an offence that targets those who transfer or sell information to another person with knowledge of, or recklessness as to, the possible criminal use of the information.
Unlawfully possessing or trafficking in government-issued identity documents that contain the information of another person.
That bill seems to just apply to criminal use of stolen identities, but you're welcome to quote the relevant parts
http://www.parl.gc.ca/HousePub... [parl.gc.ca]
Re: (Score:2)
The crime of theft is nothing compared to reputational damage. We're talking a several hundred dollar fine vs a many 10s of thousands of dollar lawsuit here. The odds favour the thief in the US legal system.... By a really large margin.
Re: (Score:2)
In general, the various 'identity theft' type laws which make it illegal to access others accounts don't have exceptions because it's a stolen computer.
I agree, and think the smartest thing to do is gather the info on thief and report it to the police. IANAL, but I would guess there is no presumption of privacy if you are using a stolen laptop and that the owner has a right to access their machine remotely; a similar situation might be you steal my car and i see it, use a key to drive off and then go through your wallet and papers which were left in the car. I can turn that over to the police but not use your credit card to charge something or post picture
Re: (Score:2)
In general, the various 'identity theft' type laws which make it illegal to access others accounts don't have exceptions because it's a stolen computer.
That doesn't necessarily mean the courts wouldn't create an exception based on some "no expectation of privacy" principle. Common law can be fun.
Re: (Score:3)
In general, the various 'identity theft' type laws which make it illegal to access others accounts don't have exceptions because it's a stolen computer.
True, but look up the "clean hands doctrine". Criminals can't use the courts to get relief.
Oxymoron (Score:4, Insightful)
A "computer security expert" would not leave their laptop in their car overnight.
Re: (Score:2)
Needless to say, Gale probably won't be leaving his car unlocked again - especially with high-priced items in plain view of thieves.
I can appreciate that in an ideal society, people wouldn't steal, and you should be able to leave your valuables unsecured and in plain sight. However, this man was a victim of a crime that he could have easily prevented.
An acquaintance of mine performed the same mistake as this man. He left his laptop visible in the back seat of his unlocked car, which he knew was unlocked, because he thought it should be safe there. The next morning the laptop was gone, and
imho (Score:3, Insightful)
This is a dickish move. What if the thief sold the computer and someone else is new the new owner who actually paid for the computer? Vigilantism is bad.
Re:imho (Score:5, Informative)
This is a dickish move. What if the thief sold the computer and someone else is new the new owner who actually paid for the computer? Vigilantism is bad.
Someone else is _not_ the new owner. You can't become the owner of a laptop by buying it from a thief. If you knew it was stolen you are a criminal buying stolen goods. If you didn't know you are an idiot who will be parted from his money.
The guy is still the _owner_ of the laptop and can do what he can to recover the stolen laptop from whoever has it now.
A rather low threshhold for "vigilantism" (Score:2)
This is a dickish move. What if the thief sold the computer and someone else is new the new owner who actually paid for the computer? Vigilantism is bad.
This was the only 'dickish' move I saw:
He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.
He should not have done that bit. But the rest of it--sending texts to her phone numbers, calling the friend (âoeI called one of them and told her the thief was on a stolen laptop and told her Iâ(TM)d give her the opportunity to return it.â), and sending all of the information to the police--are all entirely reasonable.
We don't even know the timescales involved here. If this login happened mere hours after the theft, it's reasonable to assume the thie
Re: (Score:2)
There is no new owner, there is only a different person in possession of stolen property. It doesn't matter if the buyer doesn't know it's stolen.
Re: (Score:2)
Doesn't make a difference. Just because you paid for stolen property doesn't mean it's now legally yours. The thief who sold it to you didn't have legal title to it, so your only legal recourse if the laptop is returned to the rightful owner is against the thief.
You're an idiot if you buy stolen goods. The thief knows where to go the next time they need to steal them for a new customer, and they also know you can't file a complaint - even if you catch them in the act.
She kept closing the remote login request (Score:2)
I'm going to bet he was using chrome remote desktop or some such. That's not "security software". Jeez, this reeks of incompetence if he's a "security expert".
Real remote monitoring software for these purposes would silently mirror the screen on a remote system and not ask for permission. "The original owner is attempting to connect to this laptop. [A]ccept or [D]eny?
More likely scenario (Score:5, Insightful)
Re: (Score:2)
More likely is that the laptop got converted for cash at a pawn shop and later bought in good faith, which means he's humiliated a poor girl who had nothing to do with the theft.
In which case the pawn shop owner would be in trouble. Many locales have laws to make it harder to fence stolen property; if she bought it off of Craig's List cheap it would be hard to make a good faith argument.
Re: (Score:2)
Maybe the laptop was like two years old already, which makes it rather low value in the second hand market, like 10-20% of the new value. Thief lists it at the low end of normal prices for such laptops, makes a quick sale, and for the buyer the good faith argument is easy enough to defend.
Re: (Score:2)
More likely is that the laptop got converted for cash at a pawn shop and later bought in good faith, which means he's humiliated a poor girl who had nothing to do with the theft.
Without knowing the time scales involved, that seems very unlikely. Unless he waited weeks to do this.
Also, pretty sure all the savvy thieves use Craigslist these days, not pawn shops. But either way, the chances of a buyer pouncing very quickly is pretty low unless he was selling at a very steep discount.
The "more likely" claim really makes me pause.... why would you say this? Does this have something to do with the alleged thief being female?
Re:More likely scenario (Score:5, Insightful)
which means he's humiliated a poor girl who had nothing to do with the theft.
Which means it should be easy enough for her to prove that to the cops. "Here's the receipt -- go see who sold it to the shop to begin with."
She might be the poor girl, she might be the thief. In any case she's in possession of a stolen computer. I wouldn't stop to stay "Excuse me , miss, you happen to be operating a computer of mine that has gone missing. Perhaps you would be so good as to inform me how you are in possession of such a thing?"
My first reaction would be she's the actual thief as well, which may easily NOT be correct. On the other hand she physically has a random computer which I *CAN* produce a receipt and a serial number for.
Possession may be 9/10 of the law, but not when it can call home and tattle.
Re: More likely scenario (Score:4, Insightful)
In your zeal to punish, you managed to miss the "good faith" part.
Re: (Score:3)
"[In] good faith [wikipedia.org]" has nothing to do with religion. But you quite possibly knew that already and were merely trolling.
Tired of this pussy footing (Score:2)
dox her already.
dude (Score:5, Funny)
> In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.")
I like thought of a dude watching another dude endlessly watch porn, and being like, why can't you say your name!!!
Security expert, or blowhard? (Score:4, Informative)
- Why did this "expert" leave his laptop in his car?
- Why was this "expert"'s laptop not encrypted?
- Why does this "expert" assume the woman in possession of his laptop is the thief... or that she even knows the laptop was stolen?
Re: (Score:2)
You've never parked your car overnight A) at a job site (last minute state of emergency) or B) in front of a woman's house, one you don't yet know all that well?
Possible answer is that he has a life.
Can backfire (Score:4, Interesting)
What happened in a similar case in my country - the thief successfully sued the geek for damage to his reputation, and was awarded a compensation an order of magnitude higher than what was the value of the laptop.
Re: (Score:2)
What happened in a similar case in my country - the thief successfully sued the geek for damage to his reputation, and was awarded a compensation an order of magnitude higher than what was the value of the laptop.
So what you're saying is that after the thief paid his lawyer, he ended up losing 10 orders of magnitude more than the compensation he was awarded. Because a lawyer is going to charge 10,000 to win a 1000 award over a 100 laptop.
Re: (Score:2)
He left an unencrypted laptop in an unlocked car (Score:3)
How do I hire this guy, he sounds like a real security genius /s
Joke's on you (Score:4, Informative)
Even when the laptop is stolen, "hacking" the thiefs facebook account and monitoring the computer usage of other people (without some work contract allowing this) is a crime.
Re: (Score:3)
Even when the laptop is stolen, "hacking" the thiefs facebook account and monitoring the computer usage of other people (without some work contract allowing this) is a crime.
Not necessarily. They still own the computer so there is no unauthorized access to the computer; just don't then use information gleaned to login to the account from another machine. The problem is geeks then think it's cool and OK to use the information to strike back, at which point they cross the line into criminal behavior. Real world rules still apply.
Re: (Score:2)
It's a bit complicated depending on what and how it is done and what the intention is. For example if somebody checks his e-mails on your pc, that's no argument that you may log his password. Even when it's your pc.
Re: (Score:2)
Even when the laptop is stolen, "hacking" the thiefs facebook account and monitoring the computer usage of other people (without some work contract allowing this) is a crime.
Citation needed.
Even if the text of a law supports that, I suspect that the courts would be eager to apply some red letter duct tape that would specify that no one has a reasonable expectation of privacy whilst using a stolen laptop.
He didn't "hack the account" as far as I could tell, by the way. It sounded more like a remote desktop thing.
Re: (Score:2)
What's your point? It's not legal either. Call it what you like. Hacking or similiar verbs are what judges say, when they hear, that somebody does this remotely.
Re: (Score:2)
i set the "hacking" in quotes, but the important part is, that you're not allowed to use the account. Just because i don't lock my door, you are still not allowed to steal my stuff.
Re: (Score:2)
Re: (Score:2)
> You see it doesn't matter that it is a crime, for most people it only matters if you will be persecuted for the crime, which is not a problem here.
This may be true, but what they are doing is still illegal and there is no minus by minus is plus rule for crimes.
> Stealing the laptop is a crime. Remotely accessing the thief's facebook account is a crime.
This.
> So my next thought was perhaps you are just morally against crimes being committed as the basis for your post.
I am against using one crime t
Security expert? (Score:2)
Wow. Some obviously clueless thief manages to log in into his computer without re-installation? Doesn't he use LUKS/Bitlocker?
My Laptops are encrypted. I dont plan to change that for the slim change of catching a hardware thief by installing a tracking SW, which requires the OS to boot up unencrypted.
Illegal (Score:2)
What he did to the alleged thief looks like it's illegal to me.
Hopefully the 'geek' will be tried and condemned for his spying, invasion of privacy, blackmailing and identity theft.
Uh, can't recover hardware? Why? (Score:5, Interesting)
"I'm realistic. I'm not going to see that computer again..."
The victim stated he went through her Facebook profile when she "left the room", implying he might have also had remote control of the camera. Is a picture of her face along with an entire Facebook profile and IP address somehow not enough gift-wrapped evidence to provide to the authorities for them to execute a simple knock on a fucking door to recover stolen property? What the hell...
Broken law enforcement (Score:4, Interesting)
From what anecdotal evidence I have myself, he is right. Even if police do find the asshole-thief and take the laptop from him, the victim is not going to receive it. They'll keep it "for the duration of the investigation" and then it might just "disappear" from the evidence room.
And the next asshole-thief (this one with a police ID) will be smart enough to wipe it so as not get caught the same way. And, even if he does not, calling police again will not be fruitful — police protect their own, "because no one else would".
Oh, and the original thief will not do any actual time either (much less have his hand chopped-off) — unless, maybe, this is his third offense in a "three strikes" state.
While it may seem petty, theft costs humanity immensely — if you count the things we all have to do to keep it under control...
Could have done something more practical. (Score:2)
If you had remote access, you should have put BitLocker on it, or encrypted it with your Open OS version.
Or installed a dialler to call 911 repeatedly from the laptop. Eventually the police will go to their house and find oh wow, there's lots of stolen property here.
Doing all the wrong things (Score:5, Interesting)
The owner of the laptop missed his opportunity to recover his property by trying to publicly shame the woman into returning it. That was a counterproductive waste of time. She could just claim she bought it from someone, and how could he, or the police, prove otherwise?
Anti-theft software should be designed to allow the thief to use the laptop on a guest account, while password protecting your personal account. You want the thief to use the laptop. Locking it remotely will only ensure that it is immediately disposed of, or sold for parts.
So, assume your laptop is stolen and you've activated the remote tracking software: immediately call the police and file a report. The police won't do a thing unless you take that first step. Next, start collecting data on the thief: home address, work/school address, phone numbers, images of the thief using it, etc. Organize all of that data into a folder and take it, along with a copy of your police report, to the local police station. Show them that you know exactly who has the laptop, that person's address, the location of the laptop, etc. Also point out that if this person was the thief, there is an excellent chance that additional stolen property will be found at their residence.
The police now have the justification they need to go knock on that person's door, or possibly get a search warrant. Granted, the person who has it may still claim it was purchased from some third party, but when police are standing in someone's home, showing them pictures of their own faces taken through the laptop camera, and saying, "Give us the laptop now, or we'll come back with a search warrant", the chances are excellent that it will be handed over.
No one may be prosecuted, but you'll at least have your property back. Of course, this scenario presumes that the police care enough to follow through with the information you provide. In larger cities, they may not bother, but in smaller towns and rural areas, they may be very happy to assist when you present all the evidence they need on a silver platter.
Comment removed (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
It's **********.
Re:That's ENTRAPMENT! (Score:5, Insightful)
Re:That's ENTRAPMENT! (Score:4, Funny)
If it's one thing I know, it's the LAW, and that's ENTRAPMENT!
If the one thing you think you know is the law, I have some bad news for you. First off, only the police can entrap, (from a legal point of view). Secondly, setting bait does not equal entrapment. And that isn't even what happened here. In short, the one thing you thought you knew, you don't know. That would make you, by your own admission, a know-nothing.
Comment removed (Score:5, Insightful)
Re: (Score:3)
His computer, but her facebook account.
Of course if he'd just screen grab whatever shows up on his computer then I assume that would be fine, after all he wouldn't be the one accessing facebook.