-Caveat Lector- Turning Macs on Thievery
http://news.lycos.com/news/story.asp?section=LycosBreaking&storyId=50025 By Leander Kahney Jan 25, 2002 01:45 p.m. PST - - - - - Every year about 400,000 computers are stolen in the United States. Only 3 percent are ever recovered. But after his sister's iMac was taken during a burglary, a Houston man was able to get it back using remote-control software, expert help from friends on the Net, a large dose of luck and some incredible naiveté on the thief's part. In a story that is probably unique, R.D. Bridges recovered his sister's stolen iMac using Netopia's Timbuktu Pro, a program that allows computers to be remotely controlled and is widely used by computer-help technicians. Bridges, who lives in Clear Lake, a suburb of Houston, had installed the software to help his sister, who lives across town, when she ran into problems. The iMac and a printer were stolen last October. Foolishly, the thief didn't erase the hard drive. When they connected to the Net, Timbuktu alerted Bridges the iMac was online. Horrified his sister's résumé, tax files and other sensitive files were still on the hard drive, Bridges hoped to install a "suicide script" to erase everything. Using Timbuktu, he figured he could put a script into the Mac's startup folder, which would be automatically executed the next time the machine was turned on. "My sister didn't want a crook going through all that stuff," Bridges said. "You know what it's like, you have tax returns, letters, your résumé, telephone numbers, addresses. There's so much personal and private stuff on your computer. You don’t want crooks going through all that and then paying a late- night call on your in-laws and friends." For help, Bridges turned to a Usenet newsgroup, alt.comp.lang.applescript. AppleScript, the scripting software built into the Mac's OS, can be set up to perform all sorts of functions -- including trashing files. Marc Myers, an AppleScript expert who runs AppleScriptsToGo.com, responded with a clever script that moved everything to the trash except the System Folder, emptied the trash and shut the machine down. Myer's "Death Script" excluded the System Folder because any attempt to erase it would prompt an error message, stopping the process in its tracks. Shortly after Myer's script was posted to Usenet, Bridges was alerted that the iMac was online. He copied the script over and surreptitiously erased some of his sister's most sensitive files. Unfortunately, the stolen iMac was connected using his sister's ISP, her login and password, which gave Bridges no identifying information about them at all - – no names, phone numbers, anything. He hoped maybe the police could get an IP address or phone number from the ISP, but he later found out the company didn't log incoming calls. Starting to doubt he would track down the stolen machine, Bridges changed the startup screen –- the graphic displayed when the machine boots up -– to show a Jolly Roger branded with an Apple logo, and emblazoned with "Stolen iMac" in big yellow letters. "I was kind of desperate at that point," he said. "I couldn't figure out where it was. They were using my sister's ISP." A user on the Applescript newsgroup suggested writing another script to launch a pop-up reading, "You have won a special $500.00 prize. Your machine has run for 3,000 hours without a major problem!" The script would prompt for a name, address and phone number to redeem the prize. But Bridges was skeptical. "It seemed kind of ambitious and also relied too heavily on them being both gullible and honest in their answers," he wrote. Instead, he came up with the idea of a script instructing the iMac to call him or his sister. He would then get the thief's phone number from his Caller ID. "The advantage ... is it takes the human factor out of it," he wrote. "(I) don't have to rely on their greed to get the info." At first, it appeared the Death Script had worked. The machine didn't connect to the Net for about a week. But unfortunately, the Death Script had a flaw: If any of the files in the trash were locked, it failed to empty the trash. Myers whipped up a fix, which Bridges copied to the iMac. Meanwhile, the iMac had been switched from his sister's ISP to AOL. (Bridges figured this out by installing WildPacket's EtherPeek, a software program that records IP packets, from which he extracted the IP address and traced it back to AOL's domain). Bridges continued to erase files one-by-one, but was wary of taking full control of the machine in case anyone figured out it was being remotely controlled and shut it down. Bridges also changed the AOL dialup to his home number, with his sister's number as the backup. He and his sister soon received about 15 calls from an unknown number. Bridges tried to look it up online, but it wasn't listed. His sister passed it on to the police. "I think we have a winner," Bridges told the newsgroup, which had attracted quite an audience curious to learn the outcome. "Hopefully the police can get an address from the number and get a warrant." A few days later, Bridges reported he'd talked to the investigator: "He said he went to the house that belonged to the phone number that I had dial my number. A lady there admitted she had it, but said she got it from "some guy." She agreed to bring it and the printer out for him, but didn't want him poking around the inside of her house." Bridges said the woman was charged with possession of stolen property and given one year's probation last week. "The planets lined up for us on this one," said Bridges. "It was really kind of flukey and good fortune." Tim Williams, the Timbuktu product manager at Netopia, said in the 13 years the software has been available, this was the first time he'd heard of it being used to track down a stolen computer. "We had a pretty good laugh," he said. "It was very clever. He took exactly the right approach." Williams said he's now thinking of adapting the software to make it easier to track missing machines. "(Bridges) showed it can be used in that way, but there's probably things we can do to enhance it," he said. Absolute Software, a Canadian security company that tracks computers for corporations, schools and businesses, operates a service called CompuTrace, which works in a remarkably similar way to Bridge's amateur sleuthing. Absolute's CompuTrace software programs computers to call the company's tracking center in Vancouver, B.C., at prescheduled times. If a machine is reported stolen, the monitoring center waits for it to dial in, then reprograms it to call every 15 minutes until its location can be traced. The software is very difficult to remove, and works even if the hard drive is reformatted or repartitioned. The company has been operating since 1997 and claims a 95- percent success rate. "We've recovered hundreds of computers," said spokeswoman Courtney Chauvin. "It's a very stealthy agent." ------------------------ "In little more than a year we have gone from enjoying peace and the most prosperous economy in our history, to a nation plunged into war, recession and fear. This is a nation being transformed before our very eyes." http://www.truthout.com Steve Wingate, Webmaster ANOMALOUS IMAGES AND UFO FILES http://www.anomalous-images.com <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om