Mac Thief Caught Thanks To Applescript & Timbuktu 367
el.cerrito.slasher sent in an amusing bit found on MacSlash. This story
is a tale of a stolen iMac that just happened to be running Timbuktu (a remote
control program like VNC I believe). Well the stolen box kept getting
used, and the owner was able to track it down through
a variety of amusing Timbuktu Fu. Funny story.
applescript strikes back (Score:4, Interesting)
Can I do this with my laptop? (Score:5, Interesting)
Personally, I'm slightly security paranoid, but I don't believe that anyone who steals my machine is going to care what's on it, but more likely swap drives. Ok, that's what I'd do, at least.
But, looking at this, I'd love to have something like this running. Are they any current security programs that do things like this? I would need it for Windows and Linux.
Now if only I could have it run in the BIOS. Imagine if on the bios level, without a proper key or password or whatever, if the hard drive was removed and replaced, it would then call a panic number whenever connected. That'd be neat.
Good Idea (Score:1, Interesting)
Neat! But . . . (Score:5, Interesting)
With a Windows box, on the other hand, you could easily write a program to verify the computer's IP address at boot time, and if it doesn't match, send an email to you reporting the unusual IP address and any other useful info you can think of. At each boot thereafter (common with Windows, of course) it checks a particular file on a particular server for instructions on what else to do, such as activating auto-destruct. That way you never auto-destruct your own computer by accident, since it requires permission first.
If you were particularly ambitious, you could have it activate a keystroke logger and email the recorded info to you each time it boots.
Very nice... (Score:2, Interesting)
The problem with doing something like this under a system requiring user accounts is that once the person discovers that they can't just turn it on and get a point-and-drool interface, they'll erase it and start from scratch. Perhaps if you wanted something like this (and had a bit of technical skill) you could have it boot from a small partition (I mean, how many users know much about that?) that checks to see if what its booting into is what it should be (ie has windows been installed where linux should be), and if so alters something on that OS to make it phone home (obviously, something different for every OS that may be installed would have to be done, but this is hypothetical), and then proceeds to boot the new OS normally.
In the case of many Linux machines on dialups with a dedicated phone line, they are told to dialup on boot anyway, so that would give you some oppertunity to trace it, by checking the number that it is calling from. However, that is assuming that someone sets everything up, including the modem cable, before turning it on the first time.
On another note, how come erasing everything didn't remove Timbuktu? Does it live in the System Folder only?
praise osx (Score:4, Interesting)
sudo rm -rf /
Applescript is my least favorite part of Macs. (shudder). it's nice to be able to integrate shell scripts as AppleScript now; just wrap the entire shell script in a single line of Applescript.
Reminds me of Distributed.net (Score:5, Interesting)
Wired Article [wired.com] on how d.net helped someone track down their stolen computer.
Re:applescript strikes back (Score:5, Interesting)
Since AppleScript was invented, obviously. (90-91?)
IIRC, set text item delimiters of AppleScript to {":"} works just as well. It's the versatility and its way of knowing where to put parentheses that makes AppleScript easy.
Record 'em! (Score:5, Interesting)
The lack of a prosecution for the theft is disappointing. (As someone who has had their place robbed twice in the past two years, I find the low capture/prosecution rates depressing; it just doesn't seem to be a priority with law enforcement. Sigh. Oh well, if anyone tries to hit me again, they'll be on candid camera
What might also have been cool, would be to use AppleScript to flip on the microphone, record the sound in the room, and send the recordings now and then, when connected. (Or use AppleScript to download a program that does the same; I don't know AppleScript.) That would potentially allow more "evidence" to be collected. If the lady didn't steal it, there's a chance you'd record something that would be useful. (Her thanking her brother-in-law for the Mac, or the like.) Having the Mac copy you on all incoming and outgoing mail may also be useful. (Not sure if the Mac could do it; Outlook almost does this by itself, with all the viruses it accepts
Probably not admissible in court, I guess. Although using a stolen device for surveillance really *should* be a legal means of admissible evidence, in a perfect world
-me
Re:Can I do this with my laptop? (Score:3, Interesting)
Well I'm sure plenty of people would want my massive pr0n collection
Are they any current security programs that do things like this?
Well I looked into this last year when I was flatting with 5 new people. It's not that I didn't trust my roommates but when flatting with so many people they're bound to at least have a couple of pretty dodgy friends amoung them.
Linux is pretty straightforward, I mean if your using a dial out you can just use pppup to launch a script to mail you when they're online or whatever.
Problem is most theives aren't likely to be able to pring up ppp on my box, oh well.
For windows I don't know. But it shouldn't be too hard to set something up like this, even modify back-oriface 2k or something to give you the functionality you need.
In the end I decided the best way to do this was to get a prepaid cellphone with GPS (charged by the 5v line with a regulator), have it send an SMS message every day or so. The benefit is it doesn't matter if the machine is dial up/lan, or even if it's not used by the theives. Of course the problem with this system is a GPS cell phone isn't cheap.
Re:Neat! But . . . (Score:3, Interesting)
LILO boot: linux -s
To be precise, that should be whatever the name of the image is, followed by '-s'. You can hit TAB to view a list of images.
Now, if whoever installed Linux locked down lilo as well (with the restricted keyword in
This reminds me.... (Score:3, Interesting)
Re:Can I do this with my laptop? ... Yes, In theor (Score:2, Interesting)
Powerbook... Phone home! (Score:2, Interesting)
So I placed a Lost and Found ad with a Reward, and sure enough a couple days later this kind person calls me to say they found the laptop.
The people who found it said they watched it fall off my car on the highway and stopped to pick it up. The amazing thing was that the only damage to the Powerbook was the floppy drive and a scuffed case (battle scars.)
Unfortunately, the people who rescued my mac weren't mac users. Actually I don't think they were computer users at all as it seemed the only thing they were capable of was changing the names of all the files on the desktop to variations of :aaasjkdfl;jjj, including the hard disk:fhhdks;jasdfjjh. And that's what really would've been nice, a form of nag-ware that ran when powered up saying: to whom it belonged, and how a reward for return would be paid, etc. And maybe an applescript to auto-dial the modem to my home phone. Then at least I'd have a chance of caller-id picking up!
-
Very Sad (Score:4, Interesting)
Why is that? Is it because traffic citations are easy and gain them money? Is it because they can bust someone for possession of a "controlled" substance and also get forfeiture of property? Is it because law enforcement is just lazy when it comes to going after real criminals who leave behind real victims because it's not economically viable?
I'll let you decide.
Re:applescript strikes back (Score:3, Interesting)
In fact, although it seems a little 'ungodly' I can see the appeal of the apostrophe to refer to a member variable. Of course, this would likely not work in C++ as the -> and . operator mean different things, so could not just be replaced. I can see how it would work nicely in Java however (*slap* Java uses . not -> there is no need for a pointer dereferencing operator in Java because of its pointer model)
Not too sure about using it to reference array elements though, it loses some of its English semantics, and there is a lot to be said for having one operator to do one thing.
I guess the most enlightening part of the response was about using it for interoperability. I guess you're right, it makes perfect sense for that; after spending the last week doing efficiency hacking, I was looking at the code from the wrong viewpoint
tell application "Finder"
Nice way to bring apps into context.
Anyway, enough rambling, but thanks for the info.
NB. I'll stick with bash for now...
Re:applescript strikes back (Score:3, Interesting)
It takes some getting used to, but AppleScript is extremely powerful. Scriptable applications written by competent authors/companies include a dictionary of all the scriptable terms/objects/etc so you have a ready reference.
I few months ago I wrote an AppleScript CGI that duplicated the functionality of Outlook Web Access, but pulled the mail from the copy of Microsoft Entourage [microsoft.com] (not the OS X version) on my Mac at home.
I did this mostly just because I was bored one day at work. It worked very well during testing with a copy of Entourage with only a few dummy messages scattered around, but unfortunately any decent amount of mail (like that contained on my Mac at home) would bring timeouts galore because it took too long to parse the mail folders and generate the pages. I dropped the project, but kept the code because it had a lot of useful functions I might need again someday. It was also pretty portable-- in less than two hours, I made two more versions of the CGI that worked with Claris Emailer and Outlook Express to see if things would work better, but they didn't.
~Philly
Re:Can I do this with my laptop? (Score:3, Interesting)
But your average guy who stole the computer to make a quick buck won't.. and neither will the schmuck who bought it from him.
Several companies sell packages for the PC that are theft-detection packages. Very low-level virus-like things that are internet aware, etc.
You need the callerid, not just an IP (Score:2, Interesting)
Moral of the story: Have it call home to a CallerID box- having just the IP won't get you anywhere.
Ahh, the good old days. (Score:1, Interesting)
I used to admin a Mac only shop, and all of our desktops and powerbooks had Applescripts to email us any new files that had been created if they were stolen. Authentication was a dialog box at boot that said "Erase Computer?"
It was very simple, and I believe that lowendmac.com has a story about recovering a stolen powerbook.
Make it undesirable!! (Score:4, Interesting)