Sign in to follow this  
Followers 0
Aghaster

Owning my thief!

29 posts in this topic

Hi,

On monday morning, I had class in a computer lab. When I quit the lab, I forgot my laptop under the table. I did not use my laptop for the rest of the day, so I only realized I forgot it when I wanted to take the bus to go home. I got back to the computer lab, checked under the table: it was gone. I then went to college security, asked them if someone brought back a laptop. Nobody did, so I asked to check the surveillance videos from this morning. I passed two hours with the security agent watching for whom stole my laptop, at which hour, etc. We finally noticed someone who came in with a black bag, noticed my laptop, opened it, and then tried to hide it from the camera by putting my black laptop bag along with his own bag and going away.

A surveillance camera alone is not enough to identify my thief, but he logged on the school computer in front of him. That's where hacking comes in. I went down to the computer lab and searched for all files dating from the day of the crime. I found one temporary file, which is a log used by Microsoft Exchange Server I think. The log contained the current computer name + user name. The user name is a student ID, and we can make a search in the Active Directory for user names, etc, and get some info out of it. That way, I found out the name of the thief. A file also has in its properties who created it, in this case, the user we wanted to identify: the thief.

That is not the only thing. I'm really luck on that one. This computer was one I used two weeks ago to show my keylogger to one of my friends. I ran my keylogger on that computer without noticing I ran my version which autoinfects the computer... so it stayed there all the time. When I realized that, I was really excited. I copied the logs on my usb key and then deleted traces of the keylogger. The logs contained something very important: his student ID along with his password, which gave me access to his school schedule, his complete name, his home address, his phone number, his cell number, his email, everything. Of course, I couldn't tell anybody I had this info in hand, because it was somehow illegal to obtain it the way I did.

So, the next day, I went to see the school administrator, and told him about my situation. I showed him the temporary file, and he agreed it was a good hint. He used it to make some kind of proof that he gave to school security. They didn't log who logged on which computers at what time, so this temporary file was an important one. I then came to school security, and spoke with another agent. The agent which I spoke the day before did not make me fill a report, so I had to explain again and fill a report. The agent then got all the incriminating surveillance camera shots on a CD, for the proof against him. The agent told me she would speak to the school director to see if we should call him first.

The next day, I came to see if the agent spoke to the director, but he wasnt there yet. We decided to call the police. The police came, I filled a report, the agent gave the police the proof, etc. I asked the police how long it would take, he told me it would take between 1 week and a month to process. I was a bit disappointed, even if I expected such an answer: that is far too slow, if he hasn't sold the laptop yet, he will, or format it. After the police went away, the school directory arrived. I went to speak with him, he told me that he watched the proof, I explained to him the technical part for the proof involving the computer. He said he was a bit uncomfortable with me knowing the identity of the thief. However, he explained to me that I could let the police do her job, and see if my laptop was covered by my assurances. He also told me that even if he wouldn't call the thief himself because I had already called the police, I could try to do this on my own, but I would be on my own. He explained it was risky, because he could have a negative reaction and try to hide the evidence, which would kill all my chances of seeing the laptop again.

Considering what I knew about the thief that I shouldn't have known, I decided to take the risk to call him at home. Here's translation of the conversation. I changed the name of the thief to Bob:

Me: Hi, I'd like to speak to Bob please.

Him: It's me.

Me: You found a laptop on monday morning, I want you to bring it back to security [school security office]

Him: no...

Me: I know you've found a laptop on monday morning, and I want you to bring it back to college security

Him: I don't see what you're talking about... [weaker voice]

Me: Look, I know your name, your phone number, where you live, and I got proof on video. I know you've got class at 2 PM today so you have time to bring it back before.

Him: I'm not going to my class today...

Me: Then bring it back tomorrow!

Him: Okay, I will

Me: Fine? bye.

Him: bye.

You know what? It worked. By some chance, I happened to take the same bus to go to college this morning. I looked straight at him during all the time it took. When we arrived at college, I came straight to him and asked him if he brought what I asked him for. He said yes, but the laptop bag was in his locker. I said fine, then I'll follow you. When he gave me all my stuff, I just went away.

I then went to school security, told me I got my laptop back.I had to phone the police again, to tell then I've got my laptop back.

I'll never forget my laptop again... but I owned my thief so hard! That's definitly something I'll remember.

0

Share this post


Link to post
Share on other sites

LMFAO nice!

something like that happend to me, but with my cell phone. i just checked who logged into the computer (my school used first name letter, full last name, naming conventions.) i left it at and found all 3 people and demanded me phone back. 3rd guy had it and said sorry i didn't know it was yours, i was gonna turn it in.. yea right buddy.. lol

0

Share this post


Link to post
Share on other sites
LMFAO nice!

something like that happend to me, but with my cell phone. i just checked who logged into the computer (my school used first name letter, full last name, naming conventions.) i left it at and found all 3 people and demanded me phone back. 3rd guy had it and said sorry i didn't know it was yours, i was gonna turn it in.. yea right buddy.. lol

How much time between forgetting your phone and asking it back?

In my case, we clearly see him trying to hide the laptop and move away with it. That's not showing his intention of giving it back. Also, he could have brought it back to security right away, that's what happens most of the time. He could also have tried to contact me, with my email or at school. My MSN was still with my last email + password, along with a photo of me. I also had a picture of me as a background. He certainly recognized me at school, but he did nothing to bring it back. three days was already too much.

0

Share this post


Link to post
Share on other sites

lmfao! lucky that you got it back though, and hope that nobody at your school finds out how you got the info, otherwise you're probably in for some trouble.

0

Share this post


Link to post
Share on other sites

That is so incredible! You are very fortunate. :P

THIEF GOT PWNED.

0

Share this post


Link to post
Share on other sites
That is so incredible! You are very fortunate. :P

THIEF GOT PWNED.

I think I'll intentionally keylog myself remotely with my program, in the eventuality that it gets stolen another time, in less lucky conditions. If the thief does not format the computer like this one, I'd be able to get personal info from the keylogs :P

0

Share this post


Link to post
Share on other sites

Oh man, that was an awesome read.

Glad you got your stuff back, he must of shat himself when you called.

He messed with the wrong hacker!

0

Share this post


Link to post
Share on other sites

I'm glad you got your laptop back!

However, the way I see it, it may not be so illegal to have gotten his personal info the way you did. The laptop is your own machine and you can have whatever you want to have installed on it. Even though it was stolen, that ownership is still yours meaning you are still allowed to access any services that are made available from it just like normal. Using your keylogger the way you did seems similar to a service called Lowjack for laptops which is a way to recover stolen laptops, which allows the laptop to be tracked when it connects to the internet through the IP address.

0

Share this post


Link to post
Share on other sites
I'm glad you got your laptop back!

However, the way I see it, it may not be so illegal to have gotten his personal info the way you did. The laptop is your own machine and you can have whatever you want to have installed on it. Even though it was stolen, that ownership is still yours meaning you are still allowed to access any services that are made available from it just like normal. Using your keylogger the way you did seems similar to a service called Lowjack for laptops which is a way to recover stolen laptops, which allows the laptop to be tracked when it connects to the internet through the IP address.

You've misunderstood that part of the story: the keylogger was installed on the college computer, not my personal computer. However, it might be a good idea to install it on my own computer.

0

Share this post


Link to post
Share on other sites

Nice. I always like stories like this that have a happy ending.

0

Share this post


Link to post
Share on other sites

Sweet... That's cool.

Glad you got your laptop back... I probably would have stabbed the bottom feeder if I caught him. You have good self-control.

and damn lucky you are obsessed with this keylogger too!! ;)

0

Share this post


Link to post
Share on other sites

So you're saying this "Bob" had your computer for 3 days, and you "did" get it back... I find it funny that you don't mention if he changed things "at all".

Wouldn't that be your first priority? To see if he touched any of your shit? :roll:

If someone stole my laptop, that couldn't get access to any of my stuff, my personal data is under an Blowfish encrypted partition, my / and /usr partition are on an external USB thumb drive that I keep with my at all times. (In a safe place.).

0

Share this post


Link to post
Share on other sites
So you're saying this "Bob" had your computer for 3 days, and you "did" get it back... I find it funny that you don't mention if he changed things "at all".

Wouldn't that be your first priority? To see if he touched any of your shit? :roll:

If someone stole my laptop, that couldn't get access to any of my stuff, my personal data is under an Blowfish encrypted partition, my / and /usr partition are on an external USB thumb drive that I keep with my at all times. (In a safe place.).

Bob accessing my personal data is annoying, but still better than Bob formatting the computer or worse, selling the computer. If the computer had been completely locked, he would have tried to format it for personal use. In this case, he put my data in a separate folder, deleted my account, and created a new one. He then uninstalled most of my software, but this I can reinstall.

0

Share this post


Link to post
Share on other sites
How much time between forgetting your phone and asking it back?

In my case, we clearly see him trying to hide the laptop and move away with it. That's not showing his intention of giving it back. Also, he could have brought it back to security right away, that's what happens most of the time. He could also have tried to contact me, with my email or at school. My MSN was still with my last email + password, along with a photo of me. I also had a picture of me as a background. He certainly recognized me at school, but he did nothing to bring it back. three days was already too much.

1.5hrs

0

Share this post


Link to post
Share on other sites
How much time between forgetting your phone and asking it back?

In my case, we clearly see him trying to hide the laptop and move away with it. That's not showing his intention of giving it back. Also, he could have brought it back to security right away, that's what happens most of the time. He could also have tried to contact me, with my email or at school. My MSN was still with my last email + password, along with a photo of me. I also had a picture of me as a background. He certainly recognized me at school, but he did nothing to bring it back. three days was already too much.

1.5hrs

lol... and hour and a half. You shouldn't have been so hard towards the guy, it is still a short amount of time

0

Share this post


Link to post
Share on other sites
lol... and hour and a half. You shouldn't have been so hard towards the guy, it is still a short amount of time

yea but i knew him(not firends, but knew him in high school), and i knew he would of sold it or used it. he was a skidmark.. lol i knew he had no intentions of turning it in.

0

Share this post


Link to post
Share on other sites

Good story dude i'm glad you were able to get your computer back

0

Share this post


Link to post
Share on other sites

That was a great story, I don't think I could have handled the situation so well. I would have been at his house ready to flip out the moment I got his address. Man this is making me mad thinking about it. Good job though.

0

Share this post


Link to post
Share on other sites

Great job & a good read.

Although, if I were in that position, I wouldn't have been so polite (just walking away from the kid).

Glad you got your laptop back though, bro. ;)

0

Share this post


Link to post
Share on other sites

To be honest with you, after I got my laptop back I would have done one of the following:

a) knocked his head against a wall, and beat him until security was called again (disclaimer: joking of course)

B) demanded that he give me $1000 or be turned over to the police (disclaimer: joking of course)

c) turn him over to the police and press charges for theft

d) went to the dean and gotten him expelled

At the very least, how long did all of this take you, travel time and phone min included, reinstalling programs? My going rate for teir 3 support is 125-200 an hour; I'd consider computer forensics above and beyond teir 3, and you worked outside of your normal schedule, that's time and a half right there. I would have invoiced that cocksucker for $300 an hour plus expenses. Just tell him how its gonna be; if you don't get your money, bad things will happen; even within the law, bad things.

Edited by BrakeDanceJ
0

Share this post


Link to post
Share on other sites
To be honest with you, after I got my laptop back I would have done one of the following:

a) knocked his head against a wall, and beat him until security was called again (disclaimer: joking of course)

B) demanded that he give me $1000 or be turned over to the police (disclaimer: joking of course)

c) turn him over to the police and press charges for theft

d) went to the dean and gotten him expelled

At the very least, how long did all of this take you, travel time and phone min included, reinstalling programs? My going rate for teir 3 support is 125-200 an hour; I'd consider computer forensics above and beyond teir 3, and you worked outside of your normal schedule, that's time and a half right there. I would have invoiced that cocksucker for $300 an hour plus expenses. Just tell him how its gonna be; if you don't get your money, bad things will happen; even within the law, bad things.

All I wanted was to get my laptop back, before anything really bad happens to it (such as formatting, selling on eBay, dismantling for pieces, destruction of evidence). I think I've scared the shit out of him by knowing a lot about him, "haunting" him in public places, and that phone call. He knew who I was because I had my picture as a background. His worst fear was to be discovered, which I did.

This kid is 17 y/o, and even if what he did is really bad, I don't want to get into more trouble by beating the shit out of him and asking more. I've got my stuff, now he may go piss in his pants and start thinking about what he did. He does not know about me calling the police, so I'll make sure he knows that the police has evidence against him and that even if I was good enough to remove my charges against him, the police will investigate the case and decide if they want to hold charges against him. This way, he won't have his conscience cleared, which is what I want.

I might eventually try to have a real chat with him. I don't believe violence is always the best solution. If I start making threats and beating him, and then the police calls him to have his version of what happened, I'd be in for real trouble. No, this guy does not look like a tough guy, he looks more like a kid who thought he was lucky to find a forgotten laptop, and thought he could get away with it for personal use. If he feels bad enough for what he did, he won't do it again if such an opportunity is offered to him again. That's the most important point.

0

Share this post


Link to post
Share on other sites

LMFAO! sign him up for some free bowflex videos since you do have his addy. maybe some other funny ones. lol!!

0

Share this post


Link to post
Share on other sites

Lolz nice job, I had a mp3/flash drive that got jacked at work one time but i had already set the FD to send what ever IP its subnet-ed on to send the IP to my email, so i just called the local police dept. and the sent out a detective with me, and they got a search warrant, went end and took it off his desk and suck him in cuffs.

0

Share this post


Link to post
Share on other sites

It is always nice to hear a good story like that. I agree with many that I probably wouldn't have dealt so calmly with the whole situation.

and took it off his desk and suck him in cuffs.

suck him in cuffs huh? :P

0

Share this post


Link to post
Share on other sites

i really enjoyed reading the story.

good work in getting your laptop back,

also great job on your keylogger!

C

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0