

Bitcoin stolen while laptop was in Apple store - golubevpavel

This is a sad story how I got robbed for $8500 while my laptop was in Apple Store.<p>I dropped my laptop at Apple Store, the Falls in Miami to fix minor cooling system issue on Feb 2. And picked it up on February 4. Cooling system was fine, but when I launched my Bitcoin wallet, I realized that over 10BTC (worth $8500 at that moment) has been transferred from my wallet (https:&#x2F;&#x2F;blockchain.info&#x2F;tree&#x2F;111322425) on Feb 3, 20:25, when my laptop was in Apple. It was very stupid, but yes, my wallet was not encrypted.<p>I checked Mac system logs and it says that my laptop has been booted on Feb 3, 20:36, only 11 minutes after my BTC have been stolen. Looks like someone has connected my laptop as external drive and scanned it before booting it up.<p>I never used my wallet on other devices.
I never download suspicious stuff from the Internet.
I never hand my laptop to anyone else.
I have not been using my wallet for about a month before I dropped it at Apple.<p>Nevertheless, I downloaded latest antivirus software and performed full system scan — no viruses.<p>I filed a police report and talked to the manager at Apple Store. It&#x27;s been a week and there is no update.<p>$8500. Nobody cares.
I wonder what else people copy from laptops when you drop it for service.<p>The moral of the story — encrypt your drives.
======
d0
Moral of the story: don't deal with the Apple Store. The amount of people I
know who have had their data trashed (after possibly being cloned) is quite
high. The solution to most problems is wipe the machine. They usually come to
me after telling them to fuck off. I haven't had to destroy a single machine
yet.

We're talking trivial shit like an HP printer driver thrashing the CPU or
corrupt mail folders.

Seriously, 11 people so far and I don't repair Macs for a living.

I wouldn't trust them with an etch-a-sketch.

Also treat your computer like a credit card. If it goes out of sight, you're
fucked, encrypted or not. FileVault and BitLocker are faulty by design.

~~~
golubevpavel
Hm. What's wrong with FileVault?

I knew that there could be some issues with my laptop after service it Apple,
they informed me about it. But I thought to myself, come on, it's just a minor
cooler issue, they won't even need to login to fix it. How could they possible
break anything.

~~~
d0
FileValult problems: [http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-
back...](http://mjtsai.com/blog/2012/08/07/filevault-2s-apple-id-backdoor/)

AFAIK they don't login to fix hardware issues -- they netboot diagnostics
software but on multiple occasions I was informed by people that Apple had
"made a backup of their system" before a reinstall. What that entails and what
the retention policy is, I do not know but I suspect unless they're doing a
three-pass erase on their temporary storage devices afterwards (which is
unlikely) then your data is easy pickings...

My MBP, which is incidentally knackered, is still FileVault encrypted. It will
stop a casual theif getting in but not much more

~~~
aroch
So turn off letting your Apple ID unlock your FV volumes. A FV drive, that's
locked cannot be unlocked just by having local access.

You authorize Apple to make a backup of your drive if yu're having work done
that may cause data loss.

~~~
d0
There is an issue with user switching and firewire/DMA that allows remote
access as well as cold boot attacks but these are out of reach of most people.

~~~
acdha
firewire / thunderbolt DMA access was fixed many years ago: if you enabled a
firmware password, those buses have DMA disabled.

~~~
toomuchtodo
Are you saying that if I have a firmware password on my MBA that my internal
SSD is inaccessible via Thunderbolt externally (until I've entered my
password)?

~~~
aroch
No, but your TB device wouldn't have read access to physical memory (where
keys would be)

------
patio11
Speak to an attorney. You may have signed something which waives all claims,
but even if you don't have a prayer of winning in a court, at the very least
an attorney is going to pester the heck out of Apple rather than waiting
around by the phone for them to make it their problem.

~~~
golubevpavel
Well, yes, they informed me that I might lose my data, but they did not inform
me, that it might be stolen.

I tried to settle it down, but it looks you are right and I have to hire an
attorney to get my money back. I wonder how much it will cost me.

~~~
rmc
"lose you data" means it might be deleted. This looks like someone might have
processed the data itself and moved it. This cannot happen accidentally.

------
nppc
Moral of the story - do not leave your money with others if you want it back.

------
melomac
Might be a good time to backup your drive before logs are rotated... At the
time of your writting, you only have kernel.log as a boot time clue, and it
will self erase.

~~~
golubevpavel
Good point. I already saved a copy of system logs.

~~~
shiftpgdn
IANAL but I'd suggest you go further and stop using your computer as soon as
possible. Use linux to DD the drive onto a secondary backup drive as a bit for
bit archive, put the existing drive in the possession of a third party and
then start from scratch. Each time you use the computer you're damaging your
credibility in a potential lawsuit.

------
ef47d35620c1
Sorry to hear about your loss. I hope they catch the thief.

Another very good reason to encrypt your hard drive is to prevent others from
placing data on it. If they can access the drive, their motive may be to frame
you by placing illegal files on your drive rather than simply taking your
files.

Think about it.

~~~
headShrinker
Maybe I'm not hearing you right. You are talking about a conspiracy to frame a
complete stranger? While it's possible and easily doable, dare I ask, "why
would anyone care to do this?". For fun? What financial gain is there in
framing a stranger?

My drives are encrypted btw.

~~~
ef47d35620c1
Anyone could do it for any reason. Blackmail, revenge, etc.

------
gesman
Some underpaid employees do like to take matters in their own hands.

