

How Tracking Down My Stolen Computer Triggered a Drug Bust - scottshea
http://blog.makezine.com/2012/08/31/how-tracking-down-my-stolen-computer-triggered-a-drug-bust/

======
EliRivers
It is nice to hear a story involving the police in which they're helpful and
effective rather than spraying protesters/journalists/bystanders with pepper-
spray.

~~~
ars
If that's what you think of police you've been reading reddit too much.

There's also a bit of the man bites dog thing going on. Nice police: Normal,
not news. Bad police: Very unusual, so news.

~~~
scottshea
I think the fact that the police officer was so involved with updating the
writer is what stood out to me. It is rare that we see/hear a detailed
explanation of what police work entails and unless we ourselves are the one
they are speaking with it might never happen.

------
maqr
I'd rather lose the laptop but have full disk encryption and keep my data
secure.

~~~
mike-cardwell
I have the best of both worlds. Turn my laptop on and it will automatically
boot into Windows without even so much as a password prompt. From there I have
Prey installed so I can track it.

I never use this Windows installation though and it contains no
valuable/personal data. It's effectively a honey-pot operation system. I have
a Linux installation on there too (my "real" os) which takes up the vast
majority of the drive and uses full disk encryption. I insert a USB stick at
startup which contains the boot partition+loader and boot from that.

I wrote it up here:
[https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sop...](https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks)

~~~
luser001
So you shut down your computer (as opposed to suspending it) every time you
transport your computer from home to office and vice versa etc?

~~~
ryanhuff
What's so unusual about that? I almost never suspend my laptop.

~~~
Jimmie
I almost never shut it down. Probably only once a month.

Waking from sleep is faster and I don't have to re-open my applications and
documents. Shutting it down would save a small amount of power but that's
rarely an issue (I'd shut it down if I was flying somewhere).

Are there some benefits to shutting it down I'm overlooking?

~~~
mike_esspe
If you suspend, you are vulnerable to reading decryption key from RAM
(firewire, ram freezing). If you are doing full disk encryption, then only
shutdown or hibernate are secure.

~~~
mike-cardwell
My encryption key doesn't live in RAM because I use TRESOR. It's hidden in the
debug registers of my CPU. There is still going to be other sensitive
information in RAM though which I wouldn't want to be accessed.

------
msutherl
I had a similar experience that took place over the course of a single day in
which I tracked down that thieves in real-time and confronted them in a
parking lot. Instead of calling the cops, and since they had taken money and
not an actual laptop, I had them give me collateral and gave them 2 weeks to
give me money back in exchange, which they did after.

I actually did write up and submit a police report, but it was about 3 months
before I heard anything from the police.

Lessons learned: (1) sometimes it's better to roll up your sleeves and do it
yourself and (2) some (most?) people legitimately want to come clean.

~~~
Ralith
If they had taken money instead of electronics, how did you track them?

~~~
msutherl
I trailed one of them.

------
omgsean
Too bad that some guy is going to spend years and years in prison over drug
charges when he should really only be charged with theft but I guess the
lesson is don't go stealing traceable devices when you're running a dope
operation.

~~~
rheide
In what way could that possibly be 'too bad'??

"Too bad that some guy is going to spend years and years in prison for
provable murder when he should really only be charged with stealing candy"

Idiot gets caught and gets what he deserves. All is well.

~~~
omgsean
Possession of marijuana and murder, two completely analogous things. I
certainly hope all the people he victimized with his marijuana possession get
compensated.

------
ck2
Great read.

I am going to make all my mobile devices hit a webpage on a few of my servers
silently on bootup (if there is a web connection) so I would at least have
that ip. Also embedding a hidden image into the browser about:blank (startup)
page.

~~~
bostonvaulter2
I wonder if you could install something on the BIOS as well in case they try
and wipe the Operating System (which they really should do if they want to be
safe).

~~~
wmf
Just use FDE; if the thief doesn't know the password everything is effectively
wiped already.

------
agumonkey
As someone said in the article comments, if you liked that story, go watch:

<http://www.youtube.com/watch?v=U4oB28ksiIo>

    
    
          Defcon 18 - Pwned By the owner
          What happens when you steal a hackers computer zoz

------
JoeAltmaier
Mostly agree with his conclusions, but for one. I didn't think Batman was all
that great.

------
terrapinbear
Oh Make Magazine, please put your "close this slide show" button on the upper
right instead of the upper left. I'm conditioned to look for X icons to close
out of modal windows on the upper right not the upper left. Thaaaaaaanks.

~~~
terrapinbear
I have no way of minimizing your "toolbar" at the bottom of your web site
either. Weren't you created by O'Reilly.com?

------
dirkdk
great story! A friend of mine got her iPhone stolen, Find My iPhone didn't
render anything for days so she gave up on it and got another one. This kind
of technology should be standard on any new device

------
ginko
It's surprising that apparently almost no laptop thief takes the time to wipe
the laptops.

That's the first thing I would do if I were in a business like that.

~~~
jakejake
They probably aren't really laptop experts & don't have the install disks
either. But you'd figure the word would have gotten around by now that these
things can phone home.

I have heard of muggers stealing cell phones and taking the time to demand the
pass code as well, so they're getting smarter about it.

------
jason_slack
Great read and this brings me to ask what options there are for hard drive
encryption on OSX?

~~~
tankbot
OS X offers FileVault natively for full-partition encryption. There are also
myriad 3rd party options.

EDIT: See larry's coment :o)

~~~
lawnchair_larry
Pedantic note, it's actually full-partition encryption. The recovery partition
and boot camp partitions, etc, are not encrypted.

~~~
jason_slack
So it would still be possible for the thief to boot to the recovery partition
and wack the encrypted partition. Clean machine but at least none of my data.

Is there a Boot Loader or Bios password type option to beven prevent the user
from holding down 'Option' and selecting a boot device..

NOTE: Yes I know it is EFI, but everyone knows what a BIOS password is, I
think.

~~~
schiffern
>Is there a Boot Loader or Bios password type option to beven prevent the user
from holding down 'Option' and selecting a boot device..

If they know to hold down "Option," chances are they also know how to open up
the case and swap out the HDD.

Backup, encrypt, insure. It's the only way.

~~~
kristofferR
When Firmware Password is activated, you can't use other HDs without entering
the PW.

~~~
tankbot
There are ways around the fw password, so it's an additional layer against the
uninitiated but probably won't help you much and can cause problems for
legitimate users.

~~~
rdl
Don't those require going to an Apple store, officially, which gives them a
chance to check serial # vs. stolen list? (It used to be possible by pulling
the RAM, but on modern MBA's, the ram is soldered to the main board.)

------
alexchamberlain
Brilliant story!

------
sneak
Idiot. Who leaves valuables in a car in Detroit? Are you not aware that the
windows are all that keeps someone from popping the trunk?

