Help me catch the bastard who stole my Powerbook
April 23, 2007 9:33 AM   Subscribe

How can I catch the villain who stole my laptop?

On Friday I had a G4 Powerbook stolen. I would like to catch the thief, not so much for the laptop since I was going to replace it anyway, but because I don't like people who steal things.

It didn't have any IP-reporting software on it but it DID have Gmail notifier, iChat and iSync running, plus various other bits of software which phone home with some regularity.

Is there any way to leverage any of these so I can discover the IP it next connects from? What other steps can I take? (I am monitoring eBay and Craigslists in my vicinity).

(Of course any Mac-savvy thief will immediately reformat the drive but I think it was a total opportunist, and they probably have no install discs).

I did already change all my passwords and fortunately I was using Gmail so very little personal email was cached on the machine.

What's the best way to theft-proof a laptop and its data in future?
posted by unSane to Computers & Internet (27 answers total) 5 users marked this as a favorite
Well, the problem is that it doesn't phone your home, and I'm not sure that the people who run those other servers will be interested enough to try to look up that person's IP address. I mean, has it ever happened?

There are software products you can install for the specific purpose of phoning home and getting the IP of a device if it's stolen and used.
posted by delmoi at 9:44 AM on April 23, 2007

Response by poster: I was thinking along the lines of... if I don't change my .mac password, is there any log I can consult of what IP 'I' last connected from? Or are there any other services I might have enabled which would have such a log? I'm not expecting any third parties to do any footwork.
posted by unSane at 9:55 AM on April 23, 2007

Best answer: Possibly of help: Get a new AIM account and sign on with it. Add your old AIM account. Should your old AIM account connect, try to establish a direct connect session with the bastard. By using netstat, you might be able to watch to see what the IP address is.
posted by patr1ck at 9:58 AM on April 23, 2007 [3 favorites]

Of course by that point "the bastard" is the guy that bought the stolen computer, thinking it legitimate, which makes for a disappointing showdown.
posted by mendel at 10:06 AM on April 23, 2007

Was there anything distinguishable about the casing (i.e. a scratch or a sticker)? If so, keep an eye out for it on eBay.
posted by fallenposters at 10:11 AM on April 23, 2007

Those two steps will ensure that you only lose the hardware.

These steps ensure that even if they get the hardware, nobody else will get the data. But you still won't have it. There's only one step that will ensure that: backing up regularly.
posted by DU at 10:13 AM on April 23, 2007

Response by poster: I did back up so didn't lose any data.

Doing a bit more research, it seems that using an Open Firmware password will prevent an unauthorised person from booting from CDs or external drives, zapping the PRAM and so on.
posted by unSane at 10:14 AM on April 23, 2007

While these guys seem to have had a bit of success with their Undercover program, it has its problems - if someone waxes the hard drive and does a full reinstall, you have no real recourse.

However, using the tips given by Odin + this program should cover all the bases that you can cover to try and get the thing back.

That, and insurance. Take out insurance on all of your portible electronics - its cheap, and will pay for itself should you ever befall this type of thing in the future.
posted by plaidrabbit at 10:15 AM on April 23, 2007

Oh - and in response to your follow up about Open Firmware - I asked this question previously about the OF password and how to get around it. It's pretty cold comfort once you know how to get around it.
posted by plaidrabbit at 10:17 AM on April 23, 2007

Sending email to your .mac account with a web bug in it might work.
posted by bac at 10:29 AM on April 23, 2007

Even if you get the IP, what then?
posted by phrontist at 10:51 AM on April 23, 2007

Response by poster: depends on what the IP resolves to.
posted by unSane at 11:14 AM on April 23, 2007

Unfortunately even if you get the IP, unless you have some sort of a preexisting relationship with the gendarmes, I doubt they're going to be interested in getting a subpoena and going after the ISP to determine the user who logged on from it. (Which is what you'd need to do in order to determine who was using it and precisely where they were.)

In my experience, unless you can tell the police exactly who stole your stuff, and where they live, and preferably also when they're likely to be home, they're not going to be of much assistance. Maybe if you look really poor they'll try to do something, but otherwise they're just going to give you a police report and tell you to file an insurance claim.

(I did once get a cellphone back, though, by waiting to see what numbers were called from it, then calling them up and pretending to be various people until I got a name of the person who had my phone; the police did actually help me once I did that. I think the stupidity of the criminals involved raised the amusement factor enough to make it interesting to them.)
posted by Kadin2048 at 12:01 PM on April 23, 2007

In theory you've got a number of avenues to explore for tracing the location of your laptop, but in practice I tend to agree that you're going to find it pretty hard to get traction with the various ISPs & companies that hold the logs in order to piece them together & lead you to a culprit. If you're that pissed off about it I guess you could hire a tech-savvy lawyer or PI to take up your cause, but short of that I think you're SOL.

Moving forward to protecting your next laptop, here's one more recommendation for you: install & register with MacLoJack. It's a free service that has your laptop ping it periodically; when you trigger the alarm with them (via a password set at install time), it kicks the laptop into "stolen" mode & starts continually grabbing all sorts of information (current IP, WiFi AP name, screen grabs & iSight images) & uploading it to the MacLoJack server. It's too late for your current situation but it'll probably give you enough to track them down the next time it happens.
posted by scalefree at 2:25 PM on April 23, 2007

Hmm, looks like Undercover does pretty much the same thing as MacLoJack.
posted by scalefree at 2:35 PM on April 23, 2007

You can try a few simple things, but most likely your computer will not surface in a way that you can track it down.

Notify Apple - they probably have a stolen computer registry.

Notify your local PD so that they can in turn make an official notification to the local pawn shops who will otherwise happily buy and resell this machine (and who may anyway, but it doesn't hurt).

Check your local Craiglist ads daily. If you see the computer, arrange to purchase it in a public location. Bring a friend or three.
posted by zippy at 3:03 PM on April 23, 2007

Uhm...your MAC address won't change regardless of a wipe-or-not.

I don't remember where, but I seem to remember that manufacturers were helping people recover stolen laptops by flagging mac addresses, or something.

I guess this isn't very helpful---but I definately remember reading it somewhere. Lifehacker maybe? Or on here?
posted by TomMelee at 5:11 PM on April 23, 2007

Notify Apple - they probably have a stolen computer registry.

I can say, from first-hand experience, that this is not true. I accidentally purchased a stolen laptop on eBay about a year and a half ago and got zero help from them as to locating its owner.
posted by plaidrabbit at 8:10 PM on April 23, 2007

Notify Apple - they probably have a stolen computer registry.

Apple won't care. My computer was stolen in November, I called them to report it - as I was still under Applecare. They told me that they couldn't do anything unless the police called them and reported it...which the police never did.
posted by thisisnotkatrina at 9:22 PM on April 23, 2007

Response by poster: Oooh, I think I found it on Craigslist... this is gonna be interesting!
posted by unSane at 7:25 AM on April 24, 2007

Huh! Wishing you luck with Craigslist. (Trust your instincts & remember your safety is more valuable than your PowerBook...)
posted by allterrainbrain at 8:55 AM on April 24, 2007

Question: How can programs like lojack work if you have a password and filevault on? The thief can't operate the machine, other than by replacing the HDD (and therefore wiping lojack), right?

Would I be right in assuming that these tracing programs can't work if your machine is password protected, so you would want to set up a honeytrap guest account that doesn't give access to your protected files, but allows the thief to think they can log in as the user?
posted by -harlequin- at 10:52 AM on April 24, 2007

Response by poster: Undercover recommend that you set up a dummy account with no password protection so that the thief logs into that and starts using it.
posted by unSane at 10:57 AM on April 24, 2007

unSane, is the craigslist posting the one that mentions being an architecture student?
posted by abkadefgee at 6:24 PM on April 24, 2007

Response by poster: No, it wasn't that one.

A good honesty check is to ask the seller to give you the serial number so you can check it isn't stolen.

(Go to 'About This Mac' and click the Version number twice... it will then display the serial number)

I'm not convinced the Craigslist post WAS mine, still following it up. However it does seem like a hot one.
posted by unSane at 7:10 PM on April 24, 2007

Unsane, that's brilliant. If abkadefgee is right, this could be really interesting.
Let us know how the... interaction with you and your posse and the bahstard works out.
posted by lilithim at 7:13 PM on April 24, 2007

Also for future reference, laptops have a lock port, and you can get a laptop lock to cable it to another item.
posted by theora55 at 5:45 AM on April 26, 2007

« Older How much sugar is too much for a toddler?   |   VOIP for n00bs Newer »
This thread is closed to new comments.