Stolen Laptop

[caffineehacker]

Background: My sister's laptop was stolen out of her car. The idiots then logged on to her Gmail (she didn't have a password to log in to her machine) so she got their IP address. The police gave my sister the address for the IP address but it's an open access point being used by the thieves. The police gave my sister strict instructions not to knock on doors or in any other way interfere outside of tracking down, from the street, which house her computer is in. I gave her moocherhunter and some basic instructions but having never done this myself I am limited in how much I can help her.

My request: I live in Washington State and she lives in Rhode Island meaning that I can't really go help her. Would anyone that lives in Rhode Island feel like being a good White Hat hacker and help her track the house her laptop is in? As a bonus, the police said they will arrive within 10 minutes of when she finds the right house and you can watch them arrests the idiots.

Thanks in advance for any help offered, the police are pretty much useless beyond getting the street address the IP address is from.

[Zimmer]

I smell a scam of some sorts... if not let the police do there jobs, the people could be dangerous!! Also this is what insurance us for :-)

[caffineehacker]

I smell a scam of some sorts... if not let the police do there jobs, the people could be dangerous!! Also this is what insurance us for :-)

The neighborhood is quite nice. I actually told my sister the easiest thing would be to knock on the neighbor's doors with some of her guy friends and greet the person with "So I hear you have a stolen laptop?" if they sh*t their pants then they stolen, if they're legitimately confused then it's one of the other neighbors.

The police won't do anything because they don't know what house it's in. The detective my sister talked to thought using a directional antennae was a great idea but that the police just didn't have the ability to do it themselves. If there isn't anyone who could actually help her, is there a simple step-by-step way with the required hardware for her to track a computer on a wifi network. She has admin access to the router (it's just a simple linksys router with default ESSID and default password). Short of a packet sniffer and a compatible wifi card I don't know how to track it and given that I have not done this before I was hoping someone with more expertise could help.

[SomethingToChatWith]

LoJack

[digip]

short of having a program that either phone shome and gives its location and ip, not much you can do. Also, it would have to of been installed PRIOR to beign stolen. Now, if th emachien has a web cam that is always on or something and you find out the ip of the person who stole it, then it might be possible you could get a pic of them to give to police, but I don't hold a lot of hope for recovery at this point, short of them beign dumb criminals and doing somehting to ge tthemselves caught, like this guy: http://www.twistedpairrecords.com/blog/200...during-robbery/

[caffineehacker]

Well they were dumb enough to log in to my sister's GMail from their house so we have the IP address of the access point they were using. They also bought two songs on my sister's iTunes. With that we know they are in one of 3 or 4 houses, we just need to somehow use a directional antenna and a packet sniffer to pick up exactly which house. That last part is what we need help with.

[digip]

Well they were dumb enough to log in to my sister's GMail from their house so we have the IP address of the access point they were using. They also bought two songs on my sister's iTunes. With that we know they are in one of 3 or 4 houses, we just need to somehow use a directional antenna and a packet sniffer to pick up exactly which house. That last part is what we need help with.

Several points of flaw I see in this topic, and not sure I evne believe the story.

I don't see how the police wouldn't be questioning these 4 suspected houses, but seriously, what can they do without even knwiing if this really happened. They would need more than "my laptop was stolen" to go on.

Even geolocaters like http://www.ip2location.com/demo.aspx only get you general areas, but not down to a 4 house radius. How then are the police getting you information that its in a 4 house area? Only the ISP can get that kind of pin pointing, and if they are getting that from the ISP, they would not only have it down to 4 houses, but down to THE house itself, or account used in question.

The ISP would be able to get the mac addresses associated with the cable or dsl modem involved, and then associate it with the real people on that acocunt. Without a court order, I don't think that is going to happen either.

Also, Police usually don't give out information like this to anyone, because they wouldn't divulge any part of an ongoing investigation if it could compromise their efforts, hence, having you show up at one of the so called 4 houses while they are still tyring to find the people.

[caffineehacker]

Only the ISP can get that kind of pin pointing, and if they are getting that from the ISP, they would not only have it down to 4 houses, but down to THE house itself, or account used in question.

That's where the police got the address from. They went to the house that the IP address belonged to but it was an older couple with no kids and the detective stopped investigating there. My sister went to the area and discovered the open access point and saw her computer on the network. I'm not trying to scam anyone, not even sure where a story like this would become a scam. I just want to help her get her laptop back. Instead of questioning the story, can we put our brains together and form something fool proof for tracking what would be a rouge device on an open access point? She's not tech savvy and I haven't done this before so it is very difficult for me to help her. I could probably do it myself if I were there, but that's not possible right now.

Can someone at least recommend a good cheap usb wifi adapter that a directional antenna can be hooked up to. The wifi adapter also needs to work in promiscuous mode for sniffing packets/wifi networks. Are cantennas (made from pringle cans) directional or omni-directional?

Thanks,

Tim

[3w`Sparky]

I would make a note of the time and date that the ip was seen on the gmail account , ISP's generally use dynamic allocation so the time and date are important, you can prob do a whois lookup (google it) to see what isp own the address, then tell the police that this is the ip address that it was seen from and this is the ISP who they use, from this the police can contact the ISP who by law "uk law in my case" have to keep a record for 6 years , this will link to the account phone line the service is on and ultimatly the address (providing it's not an internet cafe or unprotected wifi spot) then your on your way to catching them.

on another note ,

if your able to gain access to your neighbours router (Social Engineering) look in the dhcp allocations and see if your laptop name is in there ;o) only one way that will be in there config !

[Sparda]

What will you do if you do find it? Steal it?

[SWFu]

Get an Alfa AWUS036H 500mW. Cantennas are directional.

Then use kismet/airodump-ng (you will find them in the backtrack live usb) looking for the MAC address or probes.

Would be great fun then to setup airbase-ng/karma when finding it and toy with the thief for a bit.

Maybe an easy option would be borrow a Mac and use Kismac as it has a GUI and will be easier to use.

http://trac.kismac-ng.org/

[digip]

Anything you do to monitor wireless traffic skirts the law. They may have stolen your sisters laptop, but the second you start sniffing packets on a network other than your own, its breaking the law. Even if you were to say, log on to the router in question that they used and block the mac address to force them to use another connection, like a wired one to trace to(which you can always hope they will do at some point), you would in effect be breaking the law yourself.

You could hire a private investigator to monitor the houses, which at that point, might as well save the money and buy a new laptop. Sitting in front of someones house and sniffing traffic to find the thief would mean havign to sniff everyone else in the neighborhood.

Short of the thief doing something else to get caught I don't see a way to get it back. Stake out the neighborhood with a camera and wait forever until you see said laptop, chances are not looking very good...

[barry99705]

Well they were dumb enough to log in to my sister's GMail from their house so we have the IP address of the access point they were using. They also bought two songs on my sister's iTunes. With that we know they are in one of 3 or 4 houses, we just need to somehow use a directional antenna and a packet sniffer to pick up exactly which house. That last part is what we need help with.

Wait, she hasn't changed every password she has yet??!! Didn't you learn anything from this site's info getting stolen??

[Brian Sierakowski]

Wait, she hasn't changed every password she has yet??!! Didn't you learn anything from this site's info getting stolen??

Well, I think they might want to let them keep using gmail, as that's the only website I know that backlogs IP's publicly. If they keep that open, no use changing any other passwords as once you have someones email accounts you don't really need passwords.

But seriously, the only thing to do here is to light these four houses on fire. Explain that one house contains a stolen laptop, inform everyone that hell will cease to rain down upon them when the laptop is returned.

Simple really.

Actually, I really like the idea of blocking the MAC from the router, if its open you should be able to do that no problem, a lot of ssid's I've seen announce what they are, netgear or linksys.

This should be helpful: http://www.phenoelit-us.org/dpl/dpl.html.

Anything you do at this point would be illegal strictly from the viewpoint that the police have instructed you to do nothing, any action would be vigilantism.

Did she keep up with windows updates? Not sure what you could install, but if all hope is lost maybe the best thing to do is corrupt the OS, make the laptop useless to the thugs in question.

Best of luck!!

-B

[caffineehacker]

Get an Alfa AWUS036H 500mW. Cantennas are directional.

Then use kismet/airodump-ng (you will find them in the backtrack live usb) looking for the MAC address or probes.

Would be great fun then to setup airbase-ng/karma when finding it and toy with the thief for a bit.

Maybe an easy option would be borrow a Mac and use Kismac as it has a GUI and will be easier to use.

http://trac.kismac-ng.org/

Thank you for the one constructive post on this thread. I'll have her give that a try since she does have friends with macs and I know a gui will make things a bit easier. It looks like that wifi adapter uses the RTL8187 chipset which kismac says is "in progress towards full support." Do you have experience with this working?

Thanks again for the good advice,

Tim

[SWFu]

Personally, no I haven't, but check out the FAQ and forum over at the kismac-ng site. It quotes that the Realtek chipset is one of only two chipsets which support injection on a Mac, you don't need to worry about this really but shows that there must be pretty good support for the chipset and is probably why it is still in development. It also goes on to say that you DO NOT want to install the drivers supplied with the chipset.

http://trac.kismac-ng.org/wiki/FAQ

It's a great adapter BTW I have two here.

[psydT0ne]

i think this guy is full of shit.

[firebrand]

Apparently, the AWUS036H works with Backtrack okay (I don't know this from personal experience: I was looking for a wireless adapter with directional antenna that would work with Backtrack, and my online searching led me to the AWUS036H). So your sister could, for instance, (and *hypothetically* speaking) boot into Backtrack, use airodump-ng to find her laptop (by mac address) then home in on it by use of the directional antenna and keeping an eye on the signal power. To do that she's going to need to read up on using aircrack-ng; and, as has already been pointed out, these actions would probably be illegal - so when she tells the cops where she thinks the laptop is, and they ask how does she know that, she's going to have some problems.

Also, the stuff you said about her having admin privileges on the router definitely smacks of illegal activity. She logs onto that router to block the laptop's mac address, that's a crime right there (in the uk it's a violation of the Computer Misuse Act - substitute with the relevant US law to discover how many years in prison she might get!).

Just like other posters here, I am suspicious about this whole story. I thought that to get an ISP to reveal details about who used a particular ip address at a particular time, the police would need a court order. But they didn't, did they? And if the police really encouraged your sister to track down the thieves herself, that means they're encouraging vigilantism and computer crime - which isn't usual police behaviour. It's all very well you saying "Instead of questioning the story, can we put our brains together", but by asking for our help you are asking us to aid and abet a crime, which is a crime in itself. If you really want complete strangers to implicate themselves just to do you a favour, you could at least try to convince us that you're for real.

Everything I have suggested to you is entirely hypothetical. By no means do I suggest that you or your sister should actually do any of this. To track down this laptop, you or your sister would have to break the law. Which is why I have serious doubts about the story. In my experience, the police do not encourage citizens to break the law. Locating a stolen computer is the police's job, not your sister's.