
Student Lets Thief Steal His Phone, Spies on Him for Documentary [video] - dragonbonheur
http://www.boredpanda.com/find-my-phone-thief-stolen-smartphone-spying-cerberus-anthony-van-der-meer/
======
pascalmemories
My guess is the 'new owner' was involved in trafficking people for sex
exploitation (the overnight journey to the shelter in France - somewhere
vulnerable people could be easily tricked with a work offer and easily moved
within the EU due to the lack of internal borders).

Meeting the 'Russian' woman and going along with her irrational story and the
suggestion of drugs being supplied and her 'loving' him all sounds like an
exploitative relationship. Consistent with a sex trafficker.

Swapping SIMs (to change phone identity - albeit poorly) and only using for a
few weeks indicates someone used to taking steps to avoiding
tracking/identification. Not someone new to criminal activity nor evading
detection.

Being overnight at homeless shelters suggests he was more likely exploiting
women at these shelters rather than him being homeless and sleeping there (I'm
astonished the filmmaker started for feel sorry for him at the idea he was
homeless - that's just naive; this was someone already demonstrated to be
heavily involved in criminality).

Trying to confront him at the property and finding an aggressive person with a
strong smell of drugs at least gave a reality check. This is a dangerous
criminal and it was reckless to go near him.

~~~
megablast
Nah, I am pretty sure he was a Russian spy smuggling uranium in to build a
smartbomb.

The russian woman was just one of his contacts, and they keep cover because
they expect to be observed at all times. Constant contact with small amounts
of uranium often makes people confused and irrational.

And it is very common for spies to smuggle in small amounts of uranium among
refugees, and this gets picked up from homeless shelters.

They also often use the cover of drugs to hide the unique smell of uranium.

~~~
milansuk
Person who stole phone and then used it for months(without reset) is not a
spy!

~~~
tasty_freeze
megablast was not being serious

------
atmosx
IMHO the most interesting aspect of this is the FAQ, specifically Q4:

4\. Why did you feel sorry for the thief?

I started to feel sorry for the thief because I interpreted all of the data I
got in a way which made me feel sorry for him. What if I wanted to see him as
a criminal? Or a terrorist? The data would allow me to do that because some of
his behaviour can be found suspicious. In the end I was actually shocked when
I saw the guy in real life. He didn't look as lonely, sad and old as I thought
he looked in the footage I took. Instead he looked pretty fit, smelled like
drugs and came very aggressive and suspicious towards me. I saw this man every
day, two weeks long so I thought I knew him. The para-social band I had with
him (a one-sided band trough a screen) fooled me.

------
ChuckMcM
I enjoyed that. I was in a free ranging discussion back around the time
Snowden made his move and we talked about constructing a laptop with a
cellphone embedded inside of it such that it would record things that went on
around it. We figured we could remove the hard drive and replace it with the
guts of a cell phone and an SSD equivalent storage. Then use the existing
laptop's Wifi antenna as a (likely not great) cell phone antenna. The idea
being that you could download analytics from it if it was seized at border
crossings or searched.

No, I never had the courage to actually try something like that. This phone
hack seems like a modest equivalent with the exception that the phone could be
unhacked by a forced OS wipe.

That said, the effectiveness of this as a surveillance tool was pretty eye
opening. It seems possible that the criminal in this story steals phones every
couple of weeks and puts their sim card into it, use it for a while, and then
resell it. Which is pretty good operational security when you think about it
(caveat keeping the same sim card) Mapping the meta data and contacts for this
person then lets you know who else is in their community.

So with law enforcement powers you could presumably "seed" the stolen phone
market with pre-compromised phones and develop a pretty quick understanding of
who the criminals were, their infrastructure for moving phones around, etc.
Which would make it pretty straight forward to roll up these criminal
networks. Of course when it became known that the police were seeding the
stolen phone market with 'mark' phones it would probably cut down on the
number of phones stolen. But if you have prepared for that and are now
supplying a line of cheap "new" burner phones in the shops that you have
compromised. Well it is scary how effective that might be.

Now you tie that analysis with the fact that the Paris attackers all had
burner phones and you start to see how such actions by the authorities would
be justified to law makers.

~~~
_audakel
the fbi/nsa does a similar program where they supply a large number of tor
exit nodes

~~~
darpa_escapee
They do a similar program where they tap and track a large number of
Americans, as well.

------
aub3bhat
I remember a similary story, though not creepy, where journalist gave out free
credit cards, and then tracked their usage.

[https://www.thestar.com/news/gta/2010/08/28/how_panhandlers_...](https://www.thestar.com/news/gta/2010/08/28/how_panhandlers_use_free_credit_cards.html)

~~~
iamjeff
That was quite a difficult story to read. While there is an expectation of
accountability for gifts/donations, it was still a little discouraging to find
out that this expectation was not clarified beforehand. This was in no way
empirical and the reporting feels anecdotal, even the repeatedly suggestive
mentions of the liquor store purchases (can't the poor get drunk too...). But
I find it difficult to accept that researchers are the only ones encumbered
with ethical responsibilities.

However, it is worthwhile to know that he did disclose that he is a reporter,
although the fact that he gave them free credit cards, but could not bring
self to find further assistance leaves a bitter taste in the mouth.

That said, OP reminds me of two interesting DEFCON talks [1] [2] [3] re
similar issues. In the contexts delivered in the talks, it seems permissible
to say that the crooks were fair game.

1- DEF CON 18 - Zoz - Pwned By The Owner: What Happens When You Steal A
Hacker's Computer ([https://www.youtube.com/watch?v=Jwpg-
AwJ0Jc](https://www.youtube.com/watch?v=Jwpg-AwJ0Jc))

2- DEF CON 23: Confessions of a Professional Cyber Stalker
([https://www.youtube.com/watch?v=zVJGY2bZ-
Ko](https://www.youtube.com/watch?v=zVJGY2bZ-Ko))

3- _bonus resource on how to set up something similar to Zoz 's_ Inspired by
the defcon hacker who found his stolen laptop... how to update for present day
routers?
([https://www.reddit.com/r/Defcon/comments/2428pf/inspired_by_...](https://www.reddit.com/r/Defcon/comments/2428pf/inspired_by_the_defcon_hacker_who_found_his/))

~~~
aub3bhat
Thanks for the DEF CON links! They are very useful.

------
koolba
Note to self: _Continue never buying used mobile phones._

~~~
hyperliner
Note to self: NEVER assume privacy when using ANY phone with a camera or a
mic.

~~~
stryk
I'd go so far as to say, these days, to just NEVER assume privacy. With ANY
tech. Ever. Doesn't matter where it's manufactured, nor where it's sold.
Everything is data mined, one way or another. The "cloud" (really "someone
else's machine") opposes privacy by definition. If the leak isn't in the
hardware, it's in the software, and if not there it's in the pipe. There's no
feasible way to control every point along the line.

~~~
drdeca
I mean if you manufactured it yourself, I think you can be fairly certain that
it isn't sending your stuff to the cloud.

~~~
mdrzn
Do you trust the tools you used to manufacture it?

~~~
drdeca
Depends on the complexity of the tools.

------
adrusi
They tried recording video of the theft to have proof that they didn't provoke
it, and then conveniently it gets stolen after they stop filming...

------
moomin
I misread Thief as Thiel. Now, THAT would have been a great story.

~~~
LolWolf
Thank god I'm not the only one who did this on a first read.

------
jostmey
The ending is a bit of a twist. I thought the student would encounter a broken
man--most of the homeless I see are broken individuals--but not so.

~~~
kiliantics
I was disappointed in the ending. The dutch student had managed to find some
empathy for the thief. He seemed to be getting an understanding of how tough
it is to live as an immigrant with so much less - in terms of belongings and
prospects - than he himself has. But then a brief glimpse of someone that had
an "aggressive attitude" and smelled of hash, completely reversed this. It
turns out that his prejudice, based on superficial stereotypes, wins after
all.

~~~
arjie
Aggression and drug abuse are not superficial, man.

~~~
kiliantics
It's the impression that is superficial. The dutch guy obviously didn't have a
real interaction with the egyptian man, so I get the feeling that the notion
he gets that the man is "aggressive" stems more from a superficial reading of
him based on prejudices he has for people of the arab community. Also, smoking
hash is hardly drug abuse... The notion that hash is associated with people of
lower class or aggressive behaviour is another superficial stereotype.

------
MichailP
Towards the end of movie I felt sorry for everybody involved. Including me for
watching :P

~~~
1337biz
Odd. I never did. I always waited for the moment he confronted him.

~~~
arjie
Yeah, me neither. I'm hoping that this becomes easy to do and hard to detect.
Poison the stolen phone market.

~~~
tasty_freeze
it would poison the used phone market in general. I'm currently using a Nexus
5 that I got via a craigslist transaction. Even if the phone came from the
original buyer, how do I know the college-aged seller didn't put on the spy
software for the lulz?

~~~
arjie
How do you know that right now?

------
transposed
Interesting development of the narrative - how the author began to feel guilty
once he noticed the thief had to buy extra call credits since the spyware was
depleting his data faster than normal. I kind of felt bad watching as well.
Here is a man who is driven to steal, sleeps in homeless shelters, gets
ditched by friends when he's unable to pay for a bus. . . And he prays to God
every hour on Fridays, so that all his prayers will be answered.

~~~
_audakel
see above comments, but it is just as likley he was a sex traffiker who picked
up women at the homeless shelter

------
tyingq
Includes remote video of the thief watching porn on the phone while, er,
entertaining himself. Ouch.

------
AlexCoventry
This would be illegal in some US states. What are the EU laws regarding covert
video and audio surveillance?

~~~
briandear
It's also illegal to steal phones. The proximate cause of the surveillance was
itself a criminal act, thus it would be rather hard to prosecute. If I have my
phone set to record and someone steals my phone and thus they are recorded,
the thief himself is the one that 'caused' himself to be surveilled.

~~~
chopin
At least in Germany, you can't retaliate an illegal act with another illegal
act. I'd expect that this was the rule in any civilized state.

~~~
jasonlotito
Considering it was still the film makers phone, and he was recording through
his phone (and the person holding the phone knew it wasn't his phone, and that
the phone had a camera that could record when the user wanted), what would the
illegal part be? Just curious as to what specific law covers this.

~~~
chopin
Not all recordings are legal even if it is my phone. I am not saying that this
is case here. But it may not be as clear-cut as it may seem.

------
M4v3R
The film seems to imply that there is a way to circumvent iCloud account
protection on iOS. Is this really the case? I know there are services which
promise that, but as long the phone is on the latest firmware I cannot imagine
how anyone could reset the iCloud lock. So these services are either hoaxes or
work only for certain phones (with old, vulnerable OS versions). Or maybe I'm
missing something?

~~~
tromp
How does the film imply that? The phone that was setup to be stolen was an HTC
Android phone, not an iphone...

~~~
arjie
It says so from 2:14 to 2:23.

------
jahnu
Very creepy thing to do.

~~~
mrlatinos
Yeah I really don't understand the point... Obviously thieves have sad lives
for the most part. No reason to put this man's shame on display, especially
when you baited them in the first place.

~~~
jasonkostempski
If anything, stories like this being out in the wild are a good deterrent.

~~~
kiliantics
I don't get the feeling that the thief here had all the wonderful
opportunities that the student or most readers of HN have. I'm sure he's
making the best of a bad situation and making choices that many of us would if
we were in his position, given the deterrents or not.

~~~
mikekchar
To be fair, I've known a fair number of people with serious problems in their
life and a large percentage of them started out life in an advantageous
position. I don't doubt that there are people who would consider that just
being born in the US is advantage enough. Advantage is a relative term.

People often make bad choices in their life. Sometimes it is easy to
understand why, other times it is really obscure. It is my experience that
even when someone makes such a bad choice, they rarely understand how bad it
is. People are strangely optimistic in this way. People weigh alternatives
based on the best case outcome. If an alternative does not give them what they
want, they will disregard it out of hand -- even if it turns out to be the
best course of action. Ironically they will consider it stupid to pursue
something that has no chance of leading to what they desire. Instead they will
dig themselves a pit they can't get out of.

Having done so, they will often remark, "It is so unfair. All I wanted was X,
which should be everyone's right. Society has let me down so badly, why should
I care about anyone else?" I remember being taught in high school that a
tragedy is a type of story where the main character's own actions lead to
their downfall. In that way, I have witnessed many tragic stories. I have,
indeed, been party to my own personal tragedies.

I also believe that deterrents are not particularly effective in these cases
(because people optimistically believe that the deterrent will not apply to
them). I don't, however, believe that most people will make the same choices
in the same circumstances. Neither do I believe that most people's situations
are hopeless from the beginning.

Having said all that, I am powerless to act because I have no idea how to help
people who make bad choices. I have a hard enough time doing it when people
decide to choose some ridiculous framework rather than to write code. I hope,
over time, we as a society will be able to help people like this more
effectively, though.

------
cdevs
That was well done for what was available to him. I could see how you could
feel bad eventually if you dangle a fancy phone in front of a junkie or
homeless person and watch their every move for weeks but this could also be a
great tactic for infiltrating real theft based organizations.

------
1337biz
So, how do I root my phone similar to that guy so I will have access to it for
the rest of my life?

~~~
notdang
You don't have to root your phone to use Cerberus. However if you want to keep
Cerberus running even after a factory reset you have to do this (from Cerberus
FAQ):

The easiest way to install Cerberus as a system app is with the "Convert to
system app" feature of Link2SD: install the app, open it, long-press on
Cerberus in the list of installed apps and select "Convert to system app".

I had Cerberus installed for several years. I converted it to be a system app
after watching the video. Now I secretly hope to be able to record something
similar if it gets stolen.

~~~
tdkl
You can also flash a disguised version (the app will have the name "System
Framework" and a stock Android icon)[1].

[1] [https://www.cerberusapp.com/get](https://www.cerberusapp.com/get)

After that you can set it to be run only with a specific number entered in the
phone dialer, so the shortcut isn't visible in the app drawer.

You have to really know about Cerberus to find it, or be knowledgeable to re-
flash the device when you steal it. That's what it makes it a very good anti-
theft app.

------
mattmanser
Is this not a serious crime of illegal wiretapping in Holland? Doesn't usually
matter that it's his phone.

Does he address it in the video?

~~~
mpol
Wiretapping your own phone should be legal.

The concern is how it got stolen... It is illegal to leave your car running
while walking into a shop and coming back a minute later. Not sure about a
good English translation, but you are urging someone to steal your car.

Depending on how his phone got stolen (it was a setup), he could be charged
with something similar.

~~~
dep_b
That only counts if you're the police or something similar. You can't leave a
car running as _bait_.

~~~
bonoboTP
Are you sure? In which country? Because in Hungary we had a team of guys who
regularly left bicycles out in the street (with GPS) and then waited for them
to get stolen and then called the police with the GPS data. And it worked, the
bike owner guys didn't get into trouble for leaving a "bait" out there. If
someone steals it, they committed a crime and get caught by the police.

~~~
dep_b
But that's civilians. The police can't do that. At least in the countries I
know of, Hungary can be different.

------
kapitza
Spoilers: thief is a 40-something Egyptian, appears to live in a French
migrant shelter in Mulhouse and work as some kind of a pimp in Amsterdam, very
religious but also watches porn and smokes a lot of hash.

Director develops sympathy for him, even sends him free credits because the
spyware is eating his bandwidth. Later goes to one of the thief's hangouts and
realizes that in fact, the thief is a weird scary guy and not lovable at all.

Sequel hook: phone has been reactivated in Romania. Stay tuned for next
episode. "Diversiteit is onze kracht."

------
saycheese
Here's the post to the original content:
[https://news.ycombinator.com/item?id=13201134](https://news.ycombinator.com/item?id=13201134)

------
cgvgffyv
Reddit is leaking again.

~~~
tasty_freeze
That was a very redditesque comment.

------
samirillian
Couldn't get too far into this before feeling like a total voyeur. I'm
uncomfortable with the tacit assumption that the guy would've stolen someone
else's phone if not this guy's planted phone, and that the theft justifies
covert surveillance, like two wrongs make a right.

------
wernercd
The question I have is, without watching the video, is this the ACTUAL thief?
or someone who bought a "used" phone?

I had a co-worker who had his iPhone stolen... and it ended up in some other
country. He locked the phone (standard iPhone capability) and then got
contacted by the new "owner". That person obviously didn't steal it (east
coast US -> somewhere far away).

I'd worry about recording someone who simply bought a "used" phone on ebay -
and the legal ramifications of such a move.

~~~
krzrak
> Khazackastan (or somewhere out there, however you spell those names)

You know this "Google" thing? You can look up the spelling there, if you don't
remember countries names from school.

~~~
oh_sigh
Poster obviously remembers the name of the country - just not how to spell it.
Did you not understand what the poster was trying to say?

