When geeks attack~

[Falundir]

Thought you all may find this funny.

So I run a small Computer Forensics / eDiscovery consultancy based out of Dublin CA. We do a lot of work for Fortune 500 companies, law firms, the FBI, and local law enforcement.

My mother flew out here for the holidays, and for some odd reason decided to check her laptop in her luggage. Well as you can expect it didn't quite make it to the other side. After reporting it to the carrier and TSA the TSA Security Officer stated that it is a chronic problem and it's gone.

Well some time ago I had my mother install a piece of software that would allow me to interact with the system if she had issues. So I found the laptop online...

-By using the IP address I was able to locate the laptop within 3 city blocks.
-By looking at the available wi-fi connections, someone in the area listed their full name as their wi-fi... So in general you can assume that in a city sprawl the signal would not travel more than half a block.
-Turning the webcam on yielded some interesting pictures...

Let's see (images modified to avoid the legality of posting the suspect's identity)

The first one I saw... whoa ugly!



The next time I logged in... yup that's a kid in the bathroom...



om nom?



And then the important one!



So you can see the brick pattern of the house next to them in the window. Lets see what google maps has for us...



Looks like a match to me!

So I called the detective I was working with with the address information I located on google maps and provided him with the evidence I collected to date.

Hello officers!



Laptop was recovered an hour ago~

Today's lesson, don't steal a laptop from the mother of a forensic expert.

That is all.

P.S. To those who know the typical chain of events in a laptop recovery based on IP, you typically contact the ISP with a subpoena or search warrant and they have 7 days to respond unless it's a missing persons or child pornography case. We were able to gather this information before the ISP got back to us.


Update 1/7: From what was relayed to me from the detective on the case, the FBI has been investigating a theft ring in Chicago's Midway Airport for over a year now. Apparently 9 out of every 10 laptops that gets checked never makes it to the other side.

It seems that they were out of leads until this laptop was recovered, and now they are successfully tracing it back to the source and hopefully will make some arrests.

The quote from the detective I found funny was, 'yea you will probably see this on CBS/NBC soon'.

Since I've done work for the FBI before they have elected to let me do the forensic investigation, so the laptop is being shipped to me right now. I'll continue to update the thread as we go. I'm hoping the thief used it prior to selling it...

[pyr0b0y]

Cool Chris; nice to see someone who knows the backdoors of a laptop!

congratz on getting the laptop back too!

[Mysteek]

That's crazy!!!! I would have been getting hot flashes the whole time I was looking that stuff up cuz I was on the hunt! It's amazing the kinda things ppl will do to get things for free, but you shot them in the butt for it!! AWESOME!!!! :happyani m:

[Overflow]

THAT. IS. AWESOME.

[nasty2ss]

Awesome story. You can actually turn on the web cam? That is awesome

[bandier]

Wayyyy too cool.... I want that software to remotely turn on the laptop for mine! Readily available?

[BowtieBelle]

You, sir, are winning. LIKE A BOSS.

Was the thief a baggage handler?

Sent from my iPad

[TuLe]

Does ur mom's laptop have the flash next to the webcam? If yes, how did you turn on the webcam without turning on the flash (in the dark) im just asking because with my laptop, its standard and i have to leave the flash on a couple seconds before i turn it off in the webcam software manually. And damn its hella cool man ... My major in college is computer science and all i wanna do is like that ... Can u provide a lil bit more info about that?

[The Stig]

Winning.

Isn't using the Internet fun? It's like I tell my employers.

Everything is on the Internets, and I can find it.

Great job OP

[JX2B.Graham]

Awesome! Congrats. I used to use a program called PC anywhere, but not sure if it is out there anymore.

[Falundir]

Quote:

Originally Posted by nasty2ss

Awesome story. You can actually turn on the web cam? That is awesome

Most remote control applications allow for webcam viewing.

Quote:

Originally Posted by bandier

Wayyyy too cool.... I want that software to remotely turn on the laptop for mine! Readily available?

As mentioned below, the best commercially available software is PCAnywhere, or GoToMeeting/LiveMeeting.

This was an in house version that we use as part of our controls. All of our laptops have whole disk encryption and client information is all cloud based. However, if a laptop is stolen we want the ability to remotely wipe it, and potentially recover the hardware. This software, like LoJack for Laptops (CompuTrace) is installed on the hardware of the system, so even if you destroy or remove the hard drive, we will still have full control.

Quote:

Originally Posted by BowtieBelle

You, sir, are winning. LIKE A BOSS.

Was the thief a baggage handler?

Sent from my iPad

Since the police are now looking into the history of how the laptop went from TSA to the suspect's possession, I won't be able to comment until a final arrest is made (if any). I am in the habit of avoiding speculation, but since the TSA is involved it could get interesting...

Quote:

Originally Posted by TuLe

Does ur mom's laptop have the flash next to the webcam? If yes, how did you turn on the webcam without turning on the flash (in the dark) im just asking because with my laptop, its standard and i have to leave the flash on a couple seconds before i turn it off in the webcam software manually. And damn its hella cool man ... My major in college is computer science and all i wanna do is like that ... Can u provide a lil bit more info about that?

The light next to the camera is a separate piece of hardware, so if you exclude it, it will not fire.

We have a mentorship program for those in college/looking to break into the industry. Feel free to hit me up at csitter@cerberusforensics.com and I will be happy to answer any questions you may have.

Quote:

Originally Posted by stieger

Winning.

Isn't using the Internet fun? It's like I tell my employers.

Everything is on the Internets, and I can find it.

Great job OP

Thank you sir, and there is not a statement more true than yours. The same applies for a computer as well.

[ffrcobra_65]

I am scared of you!

[ElManny]

Quote:

Originally Posted by Falundir

We have a mentorship program for those in college/looking to break into the industry. Feel free to hit me up at csitter@cerberusforensics.com and I will be happy to answer any questions you may have.

interesting

[CFD]

That's it. I'm putting a piece of tape over my web cam