Slashdot Log In
Mac Thief Caught Thanks To Applescript & Timbuktu
Posted by
CmdrTaco
on Thu Jan 24, 2002 05:12 AM
from the funny-late-night-story dept.
from the funny-late-night-story dept.
el.cerrito.slasher sent in an amusing bit found on MacSlash. This story
is a tale of a stolen iMac that just happened to be running Timbuktu (a remote
control program like VNC I believe). Well the stolen box kept getting
used, and the owner was able to track it down through
a variety of amusing Timbuktu Fu. Funny story.
This discussion has been archived.
No new comments can be posted.
Mac Thief Caught Thanks To Applescript & Timbuktu
|
Log In/Create an Account
| Top
| 367 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
applescript strikes back (Score:4, Interesting)
Re:applescript strikes back (Score:5, Funny)
Yikes! That is some urglee code. I mean come on, since when has code used a possessive apostrophe? It's just......wrong.
I'll grant it's wonderfully readable, but in people's experience, is it actually easy to write? I can imagine having difficulty remembering all of the exact 'easy-to-use' identifiers. Also, in some cases it seemed to match good grammar, whereas in other cases parts of verbs, plurals etc. were not used correctly. Is there a set of special cases you have to remember or what?
Re:applescript strikes back (Score:5, Insightful)
Re:applescript strikes back (Score:5, Informative)
"Computer, update website" (computer executes the 'update website' applescript, which would probably be very similar to the parent post's Applescript"
Since Applescript is easy, powerful, and voice-activated like this, you can do some amazing stuff on the mac with very little effort. It impresses the hell out of other people, too.
(FWIW, the PC emulator VirtualPC is Applescriptable - you can have a LOT of fun with that: imagine the above Applescript, but add the part where the script fires up VirtualPC and loads your webpage in IE for Windows to make sure it looks good on that platform too. All this while you're playing Oni)
Re:applescript strikes back (Score:5, Interesting)
Since AppleScript was invented, obviously. (90-91?)
IIRC, set text item delimiters of AppleScript to {":"} works just as well. It's the versatility and its way of knowing where to put parentheses that makes AppleScript easy.
Re:applescript strikes back (Score:5, Insightful)
Uh, no, it just makes sense. Possessive apostrophes are awesome for programming languages.
c++/java:
foo->bar()
AppleScript:
foo's bar()
bar() of foo
It's a hell of a lot easier to type.
PHP:
$myArray[3]
WebSiphon:
myArray'3
It's not wrong, it makes sense. Just try typing those lines of code there. I wish more programming languages used it.
And ya, it's very easy to write. That is, once you understand that it is a programming language which has its own way of forming meaningful statements, so that something that makes sense in English doesn't necessarily mean it will make sense to AppleScript :)
AS is best for making objects from different programs work together. It's a solution to the interoperability problem. Each program can describe itself with verbs and nouns, and AppleScript's syntax is very good at mashing those things from different programs together.
It's not so great for coding intense algorithms, as it tends to be verbose.
set foo to 5
foo = 5
When you do have to make programs talk to each other, AS makes wonderful glue. AS is intended to exploit logic in other code, so rather than running awk/sed to munge my text, or use the language's text manipulation expressions (as you would in Perl), I'll get BBEdit to open the text file, and use all it's insanely powerful multi-file regex features. Apps in OS X are supposed to support opening files and doing operations on them without presenting a user interface specifically for this purpose.
No need for CORBA to solve those problems :P
Can I do this with my laptop? (Score:5, Interesting)
Personally, I'm slightly security paranoid, but I don't believe that anyone who steals my machine is going to care what's on it, but more likely swap drives. Ok, that's what I'd do, at least.
But, looking at this, I'd love to have something like this running. Are they any current security programs that do things like this? I would need it for Windows and Linux.
Now if only I could have it run in the BIOS. Imagine if on the bios level, without a proper key or password or whatever, if the hard drive was removed and replaced, it would then call a panic number whenever connected. That'd be neat.
Re:Can I do this with my laptop? (Score:5, Funny)
Re:Can I do this with my laptop? ... Yes, In theor (Score:5, Funny)
The boot sector is replaced with a BSD style boot selector, set to boot from the "stolen" partition by default (ie if you are using the machine yourself, you select BSD or Windows - thief has 5 secs to figure out what is wrong, and cant, so gets default behaviour.
After the initial boot sector process, control passes to a next stage, "Stolen" ... This displays a message "Unable to start Windows ... perhaps modem cable is not connected to the phone? ... Please connect cable to phone, and press return"
The average thief will understand this, and connect the phone cable. The real owner would press CTL-ALT-DEL.
When the thief connects the cable and presses "enter" the phone dials the owner, his mates, his mobile, his dog, cat, ma, pa, and the 911, 999 (in case its in Europe), FPI's private number, SWAT, the US Marines, Bin Laden, the Mafia hit-man hot line, and that number the Gas Company reserves for reporting leaking gas mains.
Not only that, the boot sequence will auto-hack so this is the ONLY boot option, and disable CTL-ALT-DEL. The dialling sequence will repeat till the battery runs out.
Someone will be pissed enough to find out who owns the unlisted number and send the boys with big sticks round for a visit.
Re:Can I do this with my laptop? (Score:5, Insightful)
You would be smart enough to swap hard drives to evade detection, but you'd also be smart enough to not steal a computer...
Re:Can I do this with my laptop? (Score:5, Insightful)
An apt insight. If you were to take a look at the mind of a developing criminal, you will often find someone who, after one or two several nervous crimes, discovers that getting caught is actually indeed quite rare. After this discovery, they become increasingly brazen, disregarding basic precaution. This is how most criminals actually get caught.
C//
Re:Can I do this with my laptop? (Score:5, Informative)
Actually you can most likely do that on a Mac. All of the Macs in the past 5 - 8 years use a BIOS-like system called called Open Firmware. Open Firmware basically sets up the machine to load up the operating system and it does other initialization tasks. It is also used by some other computer manufacturers as it is an open standard.
The neat thing about Open Firmware is that it is programmable. It is written in Forth and you can write additions to it and install them. These additions are persistent across power-downs and can be password protected. So it is possible that you can write some sort of network notification into Open Firmware, I do know that it is aware of TCP and such because you can remotely operate the machine if it crashes in open firmware and you can also use Open Firmware to network boot the machine.
The other cool thing about Open Firmware is that you can set it to require a password at boot. If the password is not entered then the machine will not load ANY drive. This password is much harder to disable than an operating system password or hard drive password lock, although there are a few obscure and involved ways of bypassing it if you are extremely familiar with the system.
This page [openfirmware.org] has some good links on Open Firmware. This site [sun.com] is hosted by Sun and has a ton of very specific and detailed information on Open Firmware. And lastly, Open Firmware is the only firmware standard in existence to have its own song [sun.com]!
Reminds me of Cuckoo's Egg (Score:4, Informative)
Reminds me of Distributed.net (Score:5, Interesting)
Wired Article [wired.com] on how d.net helped someone track down their stolen computer.
Good Idea (Score:1, Interesting)
Neat! But . . . (Score:5, Interesting)
With a Windows box, on the other hand, you could easily write a program to verify the computer's IP address at boot time, and if it doesn't match, send an email to you reporting the unusual IP address and any other useful info you can think of. At each boot thereafter (common with Windows, of course) it checks a particular file on a particular server for instructions on what else to do, such as activating auto-destruct. That way you never auto-destruct your own computer by accident, since it requires permission first.
If you were particularly ambitious, you could have it activate a keystroke logger and email the recorded info to you each time it boots.
NEEDED: new feature for Timbuktu (Score:3, Funny)
Google Groups Archive (Score:3, Informative)
http://groups.google.com/groups?q=Bridges+myers+a
Cliff Stoll flashback|easy tagging scritps forunix (Score:5, Informative)
Honestly, I'm not -too- surprised that this happened. My machine runs:
/bin/date | mail
/sbin/ifconfig -a | mail
(Running dyndns would be interesting also.)
on bootup. I originally did this so that I could keep track of my box and identify when it went down and what the current IP was so I could ssh in and look around more comprehensively, although it has crossed my mind that if my machine were to get stolen it might report back to me where it was. I'd happy to see that it's worked out at least once for someone.
Most ISPS keep logs of usernames and passwords on certain ips (especially if they're static/near static as in a cable modem or dsl connection). From there, it's fairly easy for the ISP for connect that back to a real name.
I'd be very intrested to see if this is enough information to get a search warrent.
No, the thief wasn't caught. (Score:5, Informative)
Possession of stolen property is very different to theft. She claims to have bought the imac from "some guy". Ok, she might be complicit, but we won't ever know.
Some thoughts (Score:1)
Whoever the "fence" is(hot item buyer), they should know a few things.
However, I've known a few machines that had a hard drive crash due to heads hitting the platters, maybe that would be a useful "feature";) to implement.
I have another idea. ID the cpu somehow, so no matter if you pull the drive, unless you dissect the sucker, it will register itself, and the phone number connected, to a security co., then pay them a visit *weg*
A Friendly Face for Magic Lantern (Score:2, Funny)
<SARCASM>
In related news, the FBI has announced that its stealthy "Magic Lantern" program is officially being launched under the name "fbiJack."
"This guy got lucky, but how 'bout you, Slick?" taunted Special Agent Kay. "Wouldn't you feel better knowing that fbiJack is running on your machine? You can pick up an installer disk at any U.S. Post Office or download it from Microsoft.com."
</SARCASM>
right-fucking-on! (Score:1, Redundant)
Mac Thief (Score:3, Funny)
Oh THAT kind of Mac.
Very nice... (Score:2, Interesting)
The problem with doing something like this under a system requiring user accounts is that once the person discovers that they can't just turn it on and get a point-and-drool interface, they'll erase it and start from scratch. Perhaps if you wanted something like this (and had a bit of technical skill) you could have it boot from a small partition (I mean, how many users know much about that?) that checks to see if what its booting into is what it should be (ie has windows been installed where linux should be), and if so alters something on that OS to make it phone home (obviously, something different for every OS that may be installed would have to be done, but this is hypothetical), and then proceeds to boot the new OS normally.
In the case of many Linux machines on dialups with a dedicated phone line, they are told to dialup on boot anyway, so that would give you some oppertunity to trace it, by checking the number that it is calling from. However, that is assuming that someone sets everything up, including the modem cable, before turning it on the first time.
On another note, how come erasing everything didn't remove Timbuktu? Does it live in the System Folder only?
Now I understand... (Score:2, Funny)
praise osx (Score:4, Interesting)
sudo rm -rf /
Applescript is my least favorite part of Macs. (shudder). it's nice to be able to integrate shell scripts as AppleScript now; just wrap the entire shell script in a single line of Applescript.
lamers (Score:5, Funny)
If you were really serious about inflicting pain, how about:
setting up one of those $125 per call phone lines in the bahamas and then having the imac call it every 2 minutes...
repeatedly call 911 and play recorded message: "help! I've fallen and I can't get up!" over and over again
install a keylogger so you can post their most intimate conversations on your website.
those are just a few ideas that have popped in my head.. Hell, you could do that with VB email virii and make a mint with the first one...
Re:lamers (Score:5, Funny)
I'm thinking that you need to turn off the speakers, turn off the modem sound and if there has been no activity for a few hours, at 4am have the system call that $125 number about 20 times in just a few hours.
With this scheme you could sell reconditioned iMacs setup with this software out of the back of a van for about $100 apeice and just sit back and rake in the cash. The people who bought what they thought was stollen property will never say a word as long as you only ripped them off for a couple of thousand dollars.
So, people, if you buy computers from the back of a van, don't complain when you get ripped off.
Re:lamers (Score:5, Funny)
Record 'em! (Score:5, Interesting)
The lack of a prosecution for the theft is disappointing. (As someone who has had their place robbed twice in the past two years, I find the low capture/prosecution rates depressing; it just doesn't seem to be a priority with law enforcement. Sigh. Oh well, if anyone tries to hit me again, they'll be on candid camera
What might also have been cool, would be to use AppleScript to flip on the microphone, record the sound in the room, and send the recordings now and then, when connected. (Or use AppleScript to download a program that does the same; I don't know AppleScript.) That would potentially allow more "evidence" to be collected. If the lady didn't steal it, there's a chance you'd record something that would be useful. (Her thanking her brother-in-law for the Mac, or the like.) Having the Mac copy you on all incoming and outgoing mail may also be useful. (Not sure if the Mac could do it; Outlook almost does this by itself, with all the viruses it accepts
Probably not admissible in court, I guess. Although using a stolen device for surveillance really *should* be a legal means of admissible evidence, in a perfect world
-me
Re:Record 'em! (Score:4, Informative)
I'm not so sure it wouldn't be admissable in court. Unauthorized taps are illegal in some, but not all jurisdictions. Also, illegaly obtained evidence is admissible under some conditions; in particular when the illegal evidence is obtained by someone who is NOT a police officer, etc.
Finally, consider this: if you use the phone or use the bathroom, this is an illegal tap. Phones are not recorders and bathrooms are not cameras, there is an expectation of privacy. But a computer can be and is an audio and video recording device, as well as a network data collector. Many computers have built-in microphones and network devices; no reasonable person should assume they don't work. In other words, there is no expectation of privacy; especially if the lawful owner has configured it to act as a remote device.
I'm sure the laywers will eventually hash this out, but I can assure you the evidence would be admissible in my jursdiction; legal or not, because I am not a cop.
This reminds me.... (Score:3, Interesting)
See this?? (Score:1, Troll)
Reader: I have got a much better idea!
Write a script that pops up a window saying "You have won a special 500.00 prize. Your machine has run for 3000 hours without a major problem!"
Create fields for them to enter name, address and phne numbers to receive the prize.
Make the script write that data to disk and you can pull it with timbuktu
Then call the police.
Crooks often fall for the stupidest tricks, especially if you appeal to GREED!!!
I know THIS would work. I steal computers all the time, and I ALWAYS click on every pop up and fill out ALL the forms. As everyone knows, they are all 100% real!
The scary thing is, it works.... (Score:1, Redundant)
Kidding, of course. But you know that Microsoft is working on something like this already, if they haven't finished it by now. On the other hand, it *would* be nice to have a THIRD-PARTY tool that I could purchase separately (for less than Timbuktu) that would let me do things like this, locate it online anywhere should it be stolen simply by using a login/password combination I secretly set myself. It wouldn't do any system-takeover kind of stuff, just tell me what phone number or static IP it's being used at. Yes, a hard-drive format would solve the thieves' problem for me, but as this story indicates, not everyone is that careful when dealing with stolen property.
I just don't want Microsoft to install it for me by default. But that's a given.
Not the first Mac thief to be caught (Score:4, Funny)
So he called up all the places in town that sold Macs (all two or three of them) and waited. Sure enough the idiot kid shows up at a store asking about an HD-20 boot disk. Snagged!
The difference now is that the internet is everywhere, and it's now possible to have the computer "phone home".
Why would you want the system to shutdown? (Score:1)
Well now... (Score:1)
Think of the fun you could have with that...
Powerbook... Phone home! (Score:2, Interesting)
So I placed a Lost and Found ad with a Reward, and sure enough a couple days later this kind person calls me to say they found the laptop.
The people who found it said they watched it fall off my car on the highway and stopped to pick it up. The amazing thing was that the only damage to the Powerbook was the floppy drive and a scuffed case (battle scars.)
Unfortunately, the people who rescued my mac weren't mac users. Actually I don't think they were computer users at all as it seemed the only thing they were capable of was changing the names of all the files on the desktop to variations of :aaasjkdfl;jjj, including the hard disk:fhhdks;jasdfjjh. And that's what really would've been nice, a form of nag-ware that ran when powered up saying: to whom it belonged, and how a reward for return would be paid, etc. And maybe an applescript to auto-dial the modem to my home phone. Then at least I'd have a chance of caller-id picking up!
-
Windows-based mailer (Score:4, Informative)
1. I wrote a one-line
ipconfig > c:\windows\system32\ip_ADDR_resolv.sys
to make it look like a system file. All it is really is an output of my local IP address.
2. I used the free StealthMailer program at: http://www.amecisco.com/stealthmail.htm to mail my
3. For added cool, you can use low-level key-logging software [amecisco.com] and mail out everything that use types and mail it to yourself. Cost is about $79/license.
You can't beat that for peace of mind.
Very Sad (Score:4, Interesting)
Why is that? Is it because traffic citations are easy and gain them money? Is it because they can bust someone for possession of a "controlled" substance and also get forfeiture of property? Is it because law enforcement is just lazy when it comes to going after real criminals who leave behind real victims because it's not economically viable?
I'll let you decide.
Amazing that nobody has thought of... (Score:3, Insightful)
here's how da penguin does it (Score:3, Informative)
If they get past that, and boot, they'll be confronted with a password prompt to mount your
So they will have to remove somehow repartition the drive and install another operating system. Can a thief do that too? This causes the thief precious time and effort... more and more the machine becomes a less interesting proposition.
Between boot and trying to mount your sensitive crap in
BTW, I can't spel.
Privacy? (Score:4, Insightful)
The Timbuktu extension that's installed on it posts a unique identifier to Netopia's IP Locator server (findme.netopia.com) whenever it connects to the internet.
What about the privacy aspects of this? Sure, in this instance it worked out to be a good thing, but do you really want someone else to know where you are using their license? How is this different than Windows XP phone home? What -other- information is being transmitted to Netopia?
You need the callerid, not just an IP (Score:2, Interesting)
Moral of the story: Have it call home to a CallerID box- having just the IP won't get you anywhere.
Proving theft? (Score:1)
In order to prosecute someone for possession of stolen property (their only option in this case unless there was evidence to show that the lady was the actual thief) you have to show that they knew or had reason to believe that the computer was stolen, and that's a pretty hard thing to prove in court.
So if I burn/tattoo/carve "Property of name" into the machine, is that proof enough that it's stolen property? Then when I sell it, I can include some kind of signed proof of sale.
Erase the HD... (Score:4, Informative)
But most thieves are dumb, or at least cheap; do you think they are going to erase PhotoShop, etc and go out and buy a copy, and then do that 20 or 50 more times? It isn't much use without apps.
If you don't leave your SW about in an obvious place, they won't have an OS install CD (to boot an iMac or any Mac made since about 1996. A boot floppy is useless; most won't boot with System 7.1, which did fit on a floppy. And if your floppy collection is anything like most people's, there won't be a decent label on it anyway. x86 is, of course, different; boot floppies are pretty easy to come by and they work).
Auto-dial 911 is A Bad Idea; they have enough trouble with users who can't figure out why the cellphone called 911 from a football game cuz the guy sat on it and it auto-dialed with "quick 911" enabled.
A periodic eMail to your own account sounds good; there is plenty of evidence there and, properly done, it doesn't compromise your own security (or risk your own life w/electric keyboards... YIKES! -I don't trust any computer that far).
Hire a private investigator and Do It Yourself! (Score:1)
And private dicks aren't that pricey!
I think, armed with a phone number, I would've been a little more likely to track down this woman on my own and steal my computer back from under her nose. Maybe leave a note--"Your computer was stolen property and I'm taking back what's mine. I dare you to call up the police and report it!"
Chances are pretty good that the PI will be able to track down that "some guy" that she got the 'puter from as well by following her round and taking photos. That would be even cooler.
Ahh, the good old days. (Score:1, Interesting)
I used to admin a Mac only shop, and all of our desktops and powerbooks had Applescripts to email us any new files that had been created if they were stolen. Authentication was a dialog box at boot that said "Erase Computer?"
It was very simple, and I believe that lowendmac.com has a story about recovering a stolen powerbook.
Issues with potentially stolen computers. (Score:3, Informative)
If you buy from a store, or from an auction, you're probably safe. But if you buy from an individual, especially from someone you don't know, you might want to do some sanity checks. First, check for serial numbers. If there aren't any, DON'T BUY IT. This can be tough if the computer was self assembled as some clone cases don't have serial numbers on them, but practically all OEM computers will.
After purchasing it, WIPE IT. Reinstall the operating system from scratch at the very least. If you're a good samaritan, you might want do back up the system, especially if there seems to be any personal information on it. But you want the system itself to be clean.
Take the serial number on the computer and any other equipment you bought, and report it to the police. Pawn shops do this all the time. First of all, if any equipment you report comes back stolen, you can't be prosecuted for possession of stolen property, even if you had a pretty good idea it was stolen. Secondly, I'm not sure about every state, but in Texas even if it IS reported stolen, you're still the rightful owner of it and its the responsibility of the original owner to prove in court that they are the rightful owner before being able to reclaim it. Pawn shops usually get around this by offering to return the equipment for the price they paid for it (which is generally a small fraction of what the equipment is really worth). In many cases the equipment is insured and the original owner would easier collect on the insurance rather than spend a couple years in court trying to get a computer back that by the time they finally get it would need to be replaced anyways.
As for the lady in the article, it was probably one of those "look the other way" things. I'll get a good deal on a computer and I just won't pay attention to how I got it. If there was even the slight bit of legitimacy to her purchase she wouldn't have been so eagar to take a plea agreement.
-Restil
No iMac for me (Score:1)
- Applescript/Timbuktu run as root,
- People can upload and run all kinds of interesting applications to any computer running Timbuktu and execute them in real time.
How is this better than Outlook Express and VBScript ? The #2 feature is useful, I suppose, but running it as root (#1) turns it from a useful tool into a nuclear bomb on a self-timer.Make it undesirable!! (Score:4, Interesting)
My method. (Score:1)
Using GPG I make sure the digital signature of the file matches before running the commands. This way I can remotely update the file and it can execute anything I can program in Python.
Never had to use it yet though.
Something that already exists like this for PC? (Score:1)
strange conclusions (Score:1)
Howabout do something that preserves the content, yet renders it useless/unreadable to crooks? I'm of course talking about using encryption, either file level or file system level.
Of course there is a saying, "If all you have is a hammer, everything starts looking like nails.". I say "If all you know is Applescript, start learning about other more widely used solutions."
-k
I'm upset at the lack of useful suggestions here! (Score:1)
1) I run a cable modem. Because of this the phone line is never plugged in. Create a script that dials the modem to 911 after 2 hours of inactivity and play a recorded message stating that the system was stolen and to call you at home for details, etc. All 911 calls are recorded, caller ID'ed and taken seriously. Instant thief ID.
2) Install Back Orifice! It does everything you could ask it to do when a user gets online. Easy and proven effective. If for some reason the 911 trick fails or the cops aren't amused, you'll always have this a a backdoor.
An amusing story (Score:1)
The best punishment would have been to let them keep it, that way they'd never learn about "real" computers
Another Solution - user-flashable startup screens (Score:2)
When I turn my Thinkpad on, it gives me a nice big IBM logo. What if one could replace that logo with a bitmap of some sort, that was password protected like BIOS passwords are? It could say "property of, gimme the thing back, etc etc" and would be completely impenetrable.
The whole phone-home thing seems logical, but for those of us who use OS's that can't be accessed without a password (ie XP/WinNT/Win2k, assuming it's set up properly) the machine is going to NEED a reformat/reinstall before it's been swiped anyways. By the time someone got into my OS (so that a dialer could work) they would need my user pwd, which hopefully they wouldn't have.
It would also be nice to see a machine *properly* support secure smartcards so that the machine would be useless (except for parts, no way around that) without it.
Of course, I like the mini-tower-case-on-the-porch-stuffed-with-C4-and-
-
Re:Suggestions are crap (Score:2)
Re:Suggestions are crap (Score:2, Funny)
-dair
Re:Suggestions are crap (Score:1)
Re:Goole usenet archive thread (Score:1)
Re:Replying to myself.... (Score:1)
Re:Hey CmdrTaco! (Score:1)
Re:Illegal hacking? (Score:3, Insightful)
Re:Funny "story". (Score:1)
Also, if the herd of mac users gathering at te board to help this poor soul recover his computer sounds far fetched, you obviously do not spend enough time arround mac users
Re:Illegal hacking? (Score:1)
I don't think the theif could convince the judge that it was coincidence that the log in and password was the same as the one defined by the guys sister.
Try getting your facts straight
Re:Computer stolen (Score:1)
Re:Illegal hacking? (Score:1)
Would you then be doing something illegal to remove the secret cache of money you've hidden beneath the seat?
And to use your analogy, it's kinda like opening the door to someone's house, with the key to your own house, when they're not home, because you think they stole your house.
Re:Didn't this happen before? (Score:1)
Sounds like something I would do. Thank god I live in Texas where recovering stolen property using any means necessary (even if it means filling the luser full of lead) is still a right.
-