Retrieving a Stolen Laptop By IP Address Alone? 765
CorporalKlinger writes "My vehicle was recently burglarized while parked in a university parking lot in a midwestern state. My new Dell laptop was stolen from the car, along with several other items. I have no idea who might have done this, and the police say that without any idea of a suspect, the best they can do is enter the serial number from my laptop in a national stolen goods database in case it is ever pawned or recovered in another investigation. I had Thunderbird set up on the laptop, configured to check my Gmail through IMAP. Luckily, Gmail logs and displays the last 6 or 7 IP addresses that have logged into your account. I immediately stopped using that email account, cleared it out, and left the password unchanged — creating my own honeypot in case the criminal loaded Thunderbird on my laptop. Sure enough, last week Gmail reported 4 accesses via IMAP from the same IP address in a state just to the east of mine. I know that this must be the criminal who took my property, since I've disabled IMAP access to the account on all of my own computers. The municipal police say they can't intervene in the case since university police have jurisdiction over crimes that take place on their land. The university police department — about 10 officers and 2 detectives — don't even know what an IP address is. I even contacted the local FBI office and they said they're 'not interested' in the case despite it now crossing state lines. Am I chasing my own tail here? How can I get someone to pay attention to the fact that all the police need to do is file some RIAA-style paperwork to find the name associated with this IP address and knock on the right door to nab a criminal and recover my property? How can I get my laptop back — and more importantly — stop this criminal in his tracks?"
Post the IP address (Score:5, Interesting)
Then maybe somebody here will have something close enough for you to be able to identify the ISP.
Civil action (Score:5, Interesting)
Not legal advice, but you might consider that there is not only a criminal case against the thief, but also a civil case. If you want it back badly enough, you may be able to get a local lawyer to initiate a civil action against the John Doe and subpoena the university to get the identity of the person in possession of the laptop (you could also do this yourself, but it could be very easy for a non-lawyer to make a fatal mistake when going up against the general counsel of a university to enforce the subpoena, assuming they don't just give in, so I don't really think I'd recommend it). That not only identifies who it is so that you could potentially get it returned through the civil court system, it also may increase the likelihood of the police doing something.
Re:If you do most of the work... (Score:5, Interesting)
The two situations are not comparable ... (Score:0, Interesting)
We saw that the police bent over backwards and ransacked a man's home when he possessed a missing iPhone of Apple's. But when a normal person loses an item and has a lead for the police to go on, they aren't interested. Just further proof that the justice system is bought and paid for by corporations, and they exist only to ensure that corporations make money. Sickening.
If the laptop owner had provided a name and address and reasonable cause to believe this person possessed his laptop wouldn't the police have gone into this person's home? If Apple had told the police someone at this possibly shared or possibly temporary IP address has our phone wouldn't Apple have also been ignored?
Once upon a time I knew a few college students publishing software from their garage, literally. At a local computer swapmeet they found someone commercially pirating and selling their disc. They bought a copy and called the FBI. Within a few days the FBI came over, took their statements and then the FBI visited the commercial pirate. The FBI did not care that the victim was 3 students running a company from their garage.
mod parent UP (Score:2, Interesting)
post the IP. let the internet hate machine do its thing. trust us, it's for the best. you will probably have your laptop back in less than a week, with hilarious results.
Subpoena... I do it all the time (Score:1, Interesting)
First, find out if small claims court in your state has subpoena power (it varies from state to state).
If it does, file a "John Doe" case in small claims court. If not, file a "John Doe" case in regular court. You sue the John Doe for "common law conversion" of the laptop.
After the case is filed, then get a subpoena from the clerk of the court, and serve it on the ISP that has the IP address, requiring them to ID the customer who was using that IP at that date/time.
Easy as pie.
Threaten them (Score:4, Interesting)
You have an IP, you have a vague location, and you have an e-mail address that the perp is likely reading. If you can't get law enforcement to do anything about it, and all else fails, they don't have to know that. Send an e-mail telling them that the laptop they are using is stolen property, you have the IP address, which can be used to track their exact location, then give them the location info that you have been able to track. Tell them that you are giving them one chance to respond personally and arrange for return of the stolen property before you contact the authorities to have them arrested. Remind them of the severe criminal penalties for such a theft, and you can even throw in some digital crime mumbo-jumbo (which may or may not actually be prosecutable), to trump up the charges to felony.
The ability to communicate with the possible thief (or eventual owner) is a powerful thing, so if you can't find any other route, don't waste that chance. If it's already been resold, then the new owner may be more than willing to negotiate a return. I had my laptop stolen early last year, and after endlessly calling pawn shops, scouring Craigslist and Ebay for months, we finally gave up. I was perfectly willing to take matters in to my own hands if I saw it turn up on ebay or craigslist, knowing full well that the local Police as much as admitted there was little they could do about it.
step 1? (Score:3, Interesting)
what's the ip address? you could post it here and get some "help" in more ways than one.
Setting that aside for the moment, the first thing you should be doing is tracerouting the ip address and doing a lookup on it also to see who owns it. That should get you a geographic location and a contact. Figure out who the ISP is and contact them directly. They are almost guaranteed to say they won't give you customer information, expect that. BUT, they are almost certainly used to these sorts of things already, and will know the name and number of their local police department or sheriff you need to contact to GET that request. (THEFT if a matter of jurisdiction, but possession of stolen property is a local matter) Sometimes the ISP requires a subpoena, sometimes they're used to it enough that a fax from the local sheriff on their letterhead will do the trick. Usually they won't give YOU the information, but they will give it to the law enforcement agent. Hopefully, if it was the one the isp recommended to you in the first place, that should be a person experienced in handing this sort of issue, knows what an IP address is etc, and can at least somewhat sympathize with your situation.
All that considered, you may still be crap out of luck if it turns out to be the open wifi at Starbucks. But then again it may pull up a specific home address somewhere. (most thieves are less technical than the police you've been dealing with, and don't forget it's entirely possible your computer has already been sold and is in the hands of a soccer mom or a friend of the thief or through a pawn shop already) Be sure you have EXACT DATE AND TIME to go with the IP addresses, since DHCP leases on cable modems expire and change from time to time. The ISP SHOULD have record of who had what IP when, but don't bet the farm on them keeping that information indefinitely, so you need to act fast. It's very challenging, although possible, to track down a wifi user.
Bonus info: nmap has a very nice OS fingerprint feature that can often guess what is at the end of an ip address. It may say something like "busybox linux vers xxx" indicating a router. or it may say "Mac OS X 10.5" or it may say "windows xp sp 1" etc. If it gives a computer and not a router, you can think more positive.
Post IP address on 4chan (Score:1, Interesting)
You know they're better than the FBI.
wait... if it was $5 of crack (Score:2, Interesting)
or a similar amount of weed they might find and raid the address. its incredible that, yes, the police are not here to help us, even when it just makes common sense that they should, yet they choose not too. in most countries they exist simply to make money
Re:I have cases like this a lot (Score:3, Interesting)
Well it depends on the agency. For most agencies in my area, you start off as a patrol officer and work your way up. A degree in an IT field or similar will help you stand out, although not always required. Then get ready for LOTS of schools to learn the methodology to not only get the information you're looking for, but to then prepare it for court.
I know that some agencies in other areas hire non-sworn personnel for computer forensics experts (typically larger departments). Also, the FBI has civilian (non-agent) examiners that have security clearances. They require a degree and likely some previous experience.
My laptop security (Score:5, Interesting)
My Mac Powerbook takes a picture every time it wakes up or is rebooted, then stores the picture. If there is a network connection, (any stored) pics are emailed to me along with a text containing the IP and timestamp, then the pics are deleted from the Mac. While it's likely that someone may disable this feature, it's unlikely that it will be before it gives me what I need to find them. In other news, anyone want to buy a couple thousand candid pictures of me (and some other people) opening my laptop?
File a civil suit for discovery of the IP address (Score:3, Interesting)
You can handle this outside of the criminal justice process for a fair amount of the process.
File a civil suit against "Joe Doe and Does 1 to N, etc." (just like the RIAA) for theft of private property and asking for a judgement ordering the return of the property, etc. In tandem with that, file a request for a subpoena with the ISP to whom this IP belongs for the associated address.
Because the filing of the suit, getting the subpoena, etc., is going to take some time, you should send a letter to the ISP informing them that the subpoena will be coming shortly and that you are informing them of their responsibility to preserve evidence in a pending civil suit.
Once you have the name and address of the party in question, you should do two things:
First, file a formal criminal complaint with the local police and DA concerning stolen property which is being used in their jurisdiction. The original theft may not be their concern, but the receipt of stolen property is there concern.
Second, file a request for in civil court for an order requiring the return of stolen property at address X. Once you have this court order, you can go and get a sheriff (usually at a cost to you) to accompany you to this address and force them to open up and show you it isn't there.
Too often people forget their are parallel legal systems - civil and criminal - in this country and fail to realize that they have control. The RIAA does and takes advantage of it. Why shouldn't you?
Re:"Kind of deserved it"??! (Score:3, Interesting)
It isn't really a strawman. You were blaming the victim. He's pointing out other common examples of victim-blaming.
Re:Report it to the Univeristy's judicial board... (Score:3, Interesting)
I'm not sure where you're getting your legal theories from but it isn't right.
If I steal a car in Minnesota, the state doesn't lose jurisdiction because I go to Wisconsin. Both states can prosecute me, but only Wisconsin can arrest me. Minnesota has to ask Wisconsin nicely(via extradition) to hand me back to them. The charges aren't necessarily the same though.
In this hypothetical, Wisconsin could prosecute me for probably a variety of misdemeanors or maybe even felonies. Likely, they would prefer to extradite me to Minnesota because MN could prosecute me for felony theft which carries a max 10 year sentence.
Re:Post the IP address (Score:5, Interesting)
Go ahead and email your credit card info to that email. Once they use the card - assuming they are stupid which thieves usually are - you will have the address to where they send stuff too. Also, now they have committed credit card fraud (not sure if using someone's credit card - therefore pretending to be that person - also counts as identity theft.)
Think! A idiot's Dell laptop - who cares. (Score:1, Interesting)
That was a prototype - this is a $500 -$1000 laptop. Apple probably spend $1M on its product launch - advertisements and all that. And this is a used laptop (though new) worth less that what the buyer paid for it.
How much time do you want the police to spend on a idiot who leaves his laptop in his car ?
@$50K per cop, and them working 20 days a month, the police cost $50,000/20/12 = $208.00.
So lets see, a brand new dell, and a burglary that harmed no one physically or some murder or rape investigation???
Re:My laptop security (Score:3, Interesting)
just curious, how did you set this up?
Re:Report it to the Univeristy's judicial board... (Score:5, Interesting)
Re:Report it to the Univeristy's judicial board... (Score:4, Interesting)
I suggest calling the ISP yourself if you haven't already and BEG them to get you to their 2nd or 3rd level support guys that can get to someone that can at LEAST preserve the IP lease information for you. Just in case it takes a while to educate or motivate the cops.
Its the FBI's Job (Score:3, Interesting)
Re:Post the IP address (Score:1, Interesting)
dedicatedornot.com [dedicatedornot.com] seems to indicate that it's a dedicated IP and shows the lat, long as (38.9598, -84.2295) google maps [google.com] indicates that it's in the middle of a paddock?
Mine was stolen and I got it back, here's how: (Score:5, Interesting)
I actually just went through this exact situation a week ago. Here's my story and how I was able to get the computer back with the cops' help. My country (Canada) works very similar to most US states so hopefully this will help you.
Our outfit is into tech in a big way. We are all scientists of some sort and up and up on O/S, security and the latest tech gizmos. When my boss wanted to upgrade his systems to dual Macbook Pros, we immediately setup s mirroring system where he could be perpetually synchronized between his office and home with automated backups to the university servers. We had a script I had written to do much of this along with posting an IP address every hour in 24 blocks. We also were using Log Me In so that he could remote control his systems. The server ran on startup and wasn't viewable in the taskbar as my boss hates clutter.
Anyhow, we had two separate systems that were capable of posting IP addresses when online.
Three days after the theft we started getting IP writes in the logs.
The first and major things we both had to do was 1) restrain ourselves from doing absolutely anything to jeopardize the comp from going offline 2) contact the police immediately with the IP information.
Before we contacted the police again, I had determined where the IP was coming from (a home account from a major ISP). We waited another three days, consistently getting the same IP posting. We then went back to the police. Like the OP, they view a computer theft as insignificant given their work load. They saw a wealthy scientist ($500k/year) who had lost out on a $5000 laptop (Macbook Pro 17" with all the fixins) containing $30k of specialized software (and we had the discs of course to reload) a digital project worth $1.5k and a few other smaller items. Even though this was over $5000 (which is like a felony in Canada), they simply weren't able to provide us with much help. They knew what a computer was and even an IP but after that they were deers in headlights. I requested to speak with someone in their cyber-crimes division and I was told that because of the G8 and G20, I was out of luck there.
Not unlike research institutes and universities world-wide, this police department fought for funds internally and also internally, departments would "pay" other departments for work. In this case, because it would be a "special favour," during an immensely chaotic time for our police forces because of the heads of states well, they simply said no to all those requests.
Here is where things got both fun and tricky but I think could work for the OP.
A consistent IP can easily be traced to the ISP. If the IP is consistent over a select period of time, a motion can be filed before a judge and a warrant issued to get the personal information of the person owning said account. I happen to be a trained lawyer, so the detectives were really open to what I was suggesting, and since I also happen to be a computer scientist who does research into security as well as other things, they viewed me as an expert in the field. The first warrant was sought and granted within two days of us suggesting this avenue. This is your first MAJOR task and one that will be the most fruitful.
Legally, I was able to log into the stolen computer without comprising any investigation because I was about to be "contracted" by the police department to do what their cyber-crime division wouldn't do but could: gain network access and collect as much data as possible.
I did this and eventually worked around the router (a joke given the default settings that existed) and then the grey area began where we required another warrant: checking out the other comps on the network. While the search warrant was being issued for this, a SECOND warrant (and really the only other one we needed) was being issued to search the premises the cops received via the ISP. The IP had been consistently posting with the same address over 10 days and staying online for 6-10 hours at a time. I could hav
Re:Report it to the Univeristy's judicial board... (Score:5, Interesting)
Just call the RIAA and tell them that IP downloaded a song. They seem to be able to do all the John Doe stuff through the courts to find out who it was...
Actually, you can do that stuff yourself. File a claim with the courts for recovery of your possession, send a subpoena to the ISP, get the address, then either serve papers to continue the possession claim or hand the address to the state police.
Re:Actually, that's NOT what insurance is good fo (Score:2, Interesting)
The reason is that in the UK you won't get damages of fifty or a hundred million against you for killing someone.
The problem lies with the US courts for awarding ridiculously high damages, not the insurance companies - you can't realistically expect them to insure everyone for virtually unlimited liabilities.
Re:Mine was stolen and I got it back, here's how: (Score:2, Interesting)
1) Purchase new replacement from insurance process
2) Restore from a backup and move on!
If you _REALLY_ wanted to see "vigilante" style justice served in the case of such thefts, partition the drive as follows. One partition is a securely encrypted OS that you use. The other is Windows. Set the default to automatically boot Windows and load it up with backdoors, keyloggers, automatic webcam capture to web etc like people have already described.
Talk to Dell (Score:1, Interesting)
You said that this was a new Dell laptop. Depending on what model you purchased, Dell may have installed a security chip in the laptop, the 'laptop lo-jack'. And unless you've already disabled all of the annoying programs installed by default on all dell laptops that regularly communicate with Dell in the background, they'll be able to provide more information to law enforcement. I imagine that if dell has any sort of protocol for communicating with law enforcement about stolen laptops, they could be helpful. Of course, it's dell. So you may find out that your warranty expired the day before the laptop was stolen and it'll cost you twice the purchase price of a new laptop to get their assistance.
But it might be worth a shot.
File a Civil Writ of Replevin (Score:3, Interesting)