Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: He stole my laptop, and sent me this, what would you do?
99 points by kabuks on Sept 19, 2010 | hide | past | favorite | 125 comments
My laptop was stolen from the trunk of my car yesterday.

Today, I received this email:

--- So as much as i want to rationalize my actions, I understand buying stolen property is still stealing. I am the one who unfortunately bought your laptop from someone who likely stole it. I will eventually pay for my bad karma.

Berating me for my actions is useless.

I am deleting everything off of the laptop.

Is there anything that you want.

I am offering to back up to 160 gigs to another hard drive. There is only about 240 gigs worth of information.

I see that you have backed up most everything using time machine. If there is anything smaller like 4, 8, or 10 gigs worth I can do that faster to DVDs or flash drives.

I would have to buy another hard drive to get you the 160 gigs. Which i would if you need the info.

Again apologies for not having the integrity to turn down the offer to buy your laptop ----

how did he get my email? how does he know i backed up to time machine? what would you do?




When I was younger, my mother had her wallet stolen. The person who stole it sent it back to her (including her ID, credit cards, etc), minus the hundred or so dollars in cash.

While I would have been furious, she was completely okay with it. She calmly told me, "The person who stole it clearly needed it more than me."

Now, this isn't to say that stealing is okay. It's certainly not, and I'd be pissed. However, this person knows what he did was wrong. He really seems to hate what he had to do to get the computer. But he clearly needs it. Maybe he wants it so he can get a job, or wants it so his kid can succeed.

Try appealing to this side of him. Find out why he needs it. I doubt it's so he can watch YouTube videos, based on his email. You can buy a cheap desktop (or even laptop) for a few hundred dollars. Offer to trade a crappy computer for yours. (I doubt he wants you to buy it back; he seems to care more about the computer than money.)

The person almost definitely doesn't need a computer as good as what you had stolen from you, and he's already feeling really guilty about it. And, if he agrees, you can try to find out who actually stole it and tell the police.

Sure, it's unfair you'd have to drop a few hundred dollars- but consider it a donation. (Depending on the circumstances, you might even be able to figure out a way to legally donate it to him through some sort of organization- which would be tax deductible.)

After all, giving him a computer could change his life. Think about how much your life has improved by merely owning a computer; something most people on HN take for granted. You could turn a bad situation into one you're really proud of.


> "The person who stole it clearly needed it more than me."

Counterpoints that will be unpopular, but need to be said anyways:

1. "Needing" is no excuse for stealing, and that demeans all the people who BUST THEIR ASS to get out of poverty. If the thief is not working 12 hours per day and living on bare necessities, they have no excuse, and being even mildly sympathetic to their plight is bad for everyone, most especially poor people. NEVER pardon stealing, ESPECIALLY from another individual. Condoning ANY stealing is terrible - thieves are far more likely to steal near them, which will be from other needy people, thus making their poverty worse. Never condone a criminal's behavior, especially and above all street crime.

> Find out why he needs it. I doubt it's so he can watch YouTube videos, based on his email. You can buy a cheap desktop (or even laptop) for a few hundred dollars. Offer to trade a crappy computer for yours.

2. This could very well be another scam or attempt to rob MORE (the person has already demonstrated that they have no integrity and will steal from people), and you're encouraging the original poster to walk into the lion's den and potentially risk getting robbed or ripped off even more. This is crazy, reckless, and dangerous for the OP.

> After all, giving him a computer could change his life.

It's a THIEF, dude. You can get a used computer for a few hundred dollars, that's like a week worth of saving at the most low quality minimum wage job. Work 80 hours for a couple weeks and use the money to buy a computer. Some of us do stuff like that to get out of povery. God, this smug "crime is okay because they need it" crap among upper middle class people is awful, it makes me sick to my stomach. NO, committing street crime is NOT okay, EVER. There's ALWAYS another way.


>You can get a used computer for a few hundred dollars, that's like a week worth of saving at the most low quality minimum wage job.

While I mostly agree with you, this point is flat-out absurd. I can tell that you haven't ever supported yourself off a 30 hour minimum wage job before. Supporting a kid on one, and still saving hundreds of dollars a week? Not unless your rent is free.


I 100% certainly see your point.

I don't mean to condone it, I'm just looking for a way for him to get his computer back. By understanding the persons motives, he can figure out the best way to do it. (In this case, it doesn't seem to be about money. $100 for the laptop and the name of the person who stole it, like other comments suggested, isn't going to work.)

If there was a way for him to just get it back and get justice, I'd say go for it. I just feel this is a more realistic approach.

And if he gets it back this way, and happens to help someone out along the way? Good. This person did pay for the computer; he just paid the wrong person. And the fact that he was willing to buy a hard drive probably means there's more to it than money.

There's an interesting article on the top of HN right now called "The Most Powerful Word In The Human Vocabulary: Perspective" (http://blog.sokanu.com/the-most-powerful-word-in-the-human-v...). The point I was trying to make basically boils down to that.

Or maybe I've just seen too many sappy movies about the kid from the other side of the tracks getting a second chance.

[Edit: I completely reworked this post, after thinking about it a bit more]


I am not sure why you think your points would be unpopular - you are exactly right.


They would be unpopular on Reddit, certainly. I know this from experience...


HN isn't Reddit..... yet.

When the front page is full of pro-drugs/pro-gay marriage/liberal propaganda/etc then we'll be there.


I think you can check the 'pro drugs' item off that list.


I would +2 if I could.


Thank you, but that's unnecessary. Also, some people are downvoting it, which is predictable but makes me sad. I understand we have moral feelings, but condoning theft and crime is actually bad for honest needy people. The vast majority of people will never commit crime, and when needy people do commit crimes, it's frequently against others who are also in need. I get scared for a society that condones or excuses street crime - no matter how bad things are, we all have individual responsibility not to do wrong against fellow humans.


I didn't understand the OP to be condoning theft and crime; he was approaching the situation from a place of compassion and understanding: "Alright, this guy stole it BUT he had enough human decency to email me... so he can't be a total dirtbag. Let me try and understand why and see if we can resolve this a different way".

I think that requires a lot more work and thought than slapping a "criminal" label on the guy and giving him the same treatment as a serial car-jacker, drug dealer, etc. because they all share that same "criminal" tag.

That being said... yea of course he would need to keep his wits about him and use some moxxy when it comes to spotting some additional theft/scam like "Ok PayPal me for the hard drive so I can make the backup" -- I'm not encouraging the guy to be half retarded -- but stopping the conversation after the first sentence and filling it full of pre-conceptions because the guy with the laptop is a "criminal"... I can't get on board with that.

At least talk to him and give him a chance to prove he's a dirt bag shithead first :)

In this particular case, I think a non-typical response would yield better results than a black-or-white/militaristic response of trying to get the cops to do something, but that's just my 2 cents.


>While I would have been furious, she was completely okay with it. She calmly told me, "The person who stole it clearly needed it more than me."

There are at least a houndred thousand people in every single country in Africa, who needs your retirement money more than you do. In fact they properly need it just to survive.

So why don't you give it to them?

>After all, giving him a computer could change his life. Think about how much your life has improved by merely owning a computer; something most people on HN take for granted. You could turn a bad situation into one you're really proud of.

If you are giving in to blackmail, why should you be proud?


I think the point here is that the money was already stolen. So what are you going to do now? Live a bitter life of regret, or shrug and say, "I have more money, let's go on with our lives now."?

At least that's the way I see it. You're better off living with charity in your heart than hating your fellow man - God knows there's enough reason for hate, but it'll kill you.


tomjen3,

That kind of thinking turns too easily into "Well, if my 1 act of kindness can't change enough, why start".

It all matters.


-There are at least a houndred thousand people in every single country in Africa, who needs your retirement money more than you do. In fact they properly need it just to survive.

That would be true. We aren't directly responsible for hundreds of thousands of "not our national birth" unless you have the capacity to do something about it. However he is responsible for his actions. And in his situation, he has the capability to do the compassionate thing, even if he is walked over.

As the recent top article says, it is all about perspective. Do the loving thing.


gkoberger,

You have compassion for the human condition and an ability to put yourself in other people's shoes. That is a skill that is lost so easily today.

I don't know that many people that still can do this.

As expected, lionhearted's more absolute "He's a thief, QED!" opinion is a more popular reply (looking at the votes). lionhearted is surely welcome to his own opinion, I just don't think life is ever as black and white as we think it is.

Just added this comment because I know the mass majority of people will read your comment, nod their head in agreement and move on and with the voting trending the way it is, you might get the impression that you were "wrong" and re-think your position of trying to understand someone before condemning them.

I just wanted to make sure that didn't happen.


I think you're trying to cast the "He's a thief, QED!" opinion as the "black and white" opinion while you have the more sophisticated "it depends" opinion, but I think you've got it backwards. The reason why it is important to strongly denounce thievery is actually the second-order effects. A thief almost always "needs" what they have stolen more than the person they stole it from, but that's not the interesting point. The interesting point is that in a society without strong property laws, it is vastly harder to claw your way out of poverty and you have a huge general problem with crime taking a bite out of society's ability to progress. This isn't good for anybody, not even the proximate thief who will still be better off in a prosperous society than one dragged down by pervasive crime.

The hard-line "He's a thief" attitude is the sophisticated view, and wishy-washy "well, I suppose he needs it more than the first guy" is actually the morally-thin cop-out that refuses to consider the greater good.


Anyone whose "guilty response" is to offer to buy you a 160GB hard drive either (i) has enough money to buy a laptop that hasn't been stolen or (ii) is trying to extort you for more money, which you'll most likely never see again


Or realizes that your data may be worth more than the device it sits on.


Here's what I ended up sending him:

---- Wow.

I really appreciate the offer for the backup. Good to know it was stolen as opposed to carelessly left somewhere.

You're actually pretty unlucky. I have this software installed for this occasion:

lojackforlaptops.com

please call me at 510.213.2990 in the next hour

if you don't I will immediately activate the lojack theft alert which means law enforcement is showing up at your door promptly.

I don't actually know your location, but they reveal it to the cops, who show up at your door with a lot of questions.

thank you in advance for doing the right thing

cheers, shereef ----

and what I got in return:

----

I use the laptop in public places. And have no internet at home. Sorry but your info is now deleted. Torrenting copyrighted files is illegal also just to let you know.

-----


This is why you never bluff but just take action.

What a silly move.


"What a silly move."

More like, what an infuriating move. Why didn't he take the well-considered advice of the people in the comments? Or post a comment with his intentions so that someone could talk him out of it?


I don't think that's limited to this particular Ask HN.

It's a pretty good object lesson in what happens when you ask for advice and then proceed to completely ignore it. Kudos for posting the results though.


That doesn't sound good. :( If I had that installed I'd just have activated it without telling him. Or if I didn't I wouldn't have told him about the software in the first place. Anyways... good luck.


I think this was probably one of the worst responses you could have given. The email seems to indicate that the guy feels guilty about buying your laptop, and that his offer is an attempt to ease his conscience. Now he's thinking to himself that he tried to set things right but couldn't because you responded by being a jerk.

The second best thing would have been to cooperate and get the files - and I would have suggested this if you needed them - but the best would have been to refuse to cooperate with him on the grounds that you don't want to ease his conscience when you belive him to be guilty.

Too late now, I guess, but that's what I think.

(Apologies if I sound rude or blunt in this comment; I don't have the time to revise/edit it.)


I would have thought talking to the cops first might have been a good idea... let us know how well lojack works out.


Yeah, I was attempting a bluff. Clearly not a very good one.


File a police report and have Apple flag the serial number as stolen. If it ever makes its way into the Apple store you'll get it back.


loljack Theft Alert System - True vaporware.


Report to police.

Do not let him create a secondary market for stolen laptops. It would become an economic incentive for the stealers to steal more laptops.

Research has shown that tolerance of public crime gradually leads to an increase in major crime. (Read about this in one of the pop economic books, not sure which). Do you want to keep your city a safer place to live?


Not sure if this is what you're referring to but it's interesting and relevant: http://en.wikipedia.org/wiki/Broken_windows_theory


Yes, that's the one. Thanks a lot.

I figured from that page that I read about it in either the Tipping Point or in the Freakonomics. I hadn't read about its criticisms before, interesting read.


I can't help but wonder:

Can you look at the original email message & get the IP - then run some GeoIP? If he was irresponsible enough to do it from some public place like a University Library then you could probably look the exact address up & have a lead to give the police.

Secondly, depending on if you have chrome & a "trusted" website that you provide your location to, then you can run that bit on this fool in a reply email with a link that says something like "Do me a favor & just upload my pictures folder to http://mysite.com/storage/index.html - the user is: johndoe & the pass is: FML123" then wait & obviously log the lat/long & go to the police.

Third, if you happen to know the serial number, report it to Apple, then to the police. I say this because he is considering buying a 160gig drive & backing your data up to it - there is a small chance he would go to the Apple store to do this.

Next time, consider using http://preyproject.com/

Other than that I guess try to get what you can from this guy without paying.


I regularly track down thieves, theft rings, and other criminals on the Internet, so I can probably give good real-world advice here.

Do all of these steps today. Do not contact the sender until you have filed a police report, if possible.

Step 1.) Collect all of the evidence you have. Intact email messages are important.

Step 2.) Grab a pencil and piece of paper and title it "For the overworked detective".

Step 3.) Gather any unique identifiers in the email message headers. Get the originating IP address, geolocate it, find out which ISP owns the IP block (via arin.net) and write all of this down on your piece of paper.

If you have a mountain of evidence, print it out and number it page by page, so you (and the detective) can cross reference your notes with the evidence easily.

4.) Google the sender's email address, write down any decent info and rate it (solid/likely/unlikely). Do the same with just the username portion of the email address.

5.) Bring your notes, and your evidence, and file a police report, preferably in person. The CSO will either pencil whip the report into the system or add some of your evidence to the report. No worries, if you have your notes cross-referenced, the detective will be very interested in it.

Many police departments are overworked (or claim to be), so if you do the initial legwork and it can be reliably cross-referenced to evidence you'll have more chance of getting your stuff back.

Oh and the guy who emailed you has knowingly purchased stolen equipment, which is a crime. My hunch is that he isn't the thief, but personally knows the thief. So, you grab him and you get the other. These guys have probably victimized a whole lot of other people, so good luck.

Feel free to email me if you have any questions or need assistance (my email is in my HN profile)


This really seems like a scam to me. It's possible that the amount of guilt that this person feels is sufficient to motivate them to buy the a 160 gig disk (and spend time selectively copying the most important data) but not to motivate them to buy a 250 gig disk and copy everything. It's also possible, though, that this person is trying to draw you into a conversation focusing on how important the data is to you, in order to convince you to send money to buy a disk or buy the laptop back.

Actually, how sure are you that they even have your laptop? Did you mention the theft someplace public, like on a blog or twitter? The only information they've demonstrated that they have is your email address, the fact that you've used Time Machine at least once (probably a pretty safe bet if they know your laptop was a Mac), and the approximate amount of data that you had stored (assuming you know that's correct and aren't just taking their word for it).


He got your email because he has your laptop - same for the backup software. Depending on how valuable your information is consider a sizable monetary amount to get the name of the person he bought it from or just offer more than the laptop's value to get it back and end it. Consider reporting to the police what you're doing... if a physical/in-person exchange of the information occurs and he didn't take you up on your offer, the police might be able to legally influence the buyer into giving up the details of the seller/thief since the buyer committed a crime too.

Good luck.


To expand; System Preferences > Time Machine will tell you time of last backup, date of oldest backup, etc. You email address will be in the Account settings of Mail (Preferences > Accounts)

Also available are - your home address and phone number (in Address Book, he'll already know your name from Mail), saved passwords in FireFox (stored as plain text), iTunes account if you've set it to save your password, and websites where you've set 'Remember Me' (GMail and the like) etc

Luckily for you this person seems to have some degree of respect for your data, and hopefully your privacy. If you're not happy with their access to this, it seems they have more leverage over you than you do over them.

Protip: In OSX you can set it to require login password after a certain timeout, eg 1 hour. It's under System Preferences > Security > General


That's what's puzzling to me. I have it set require login everytime it sleeps. Somehow this guy got passed this


Note: I am not in law enforcement, just going by my instinct here. Observe:

> I am offering to back up to 160 gigs to another hard drive. There is only about 240 gigs worth of information. I see that you have backed up most everything using time machine. If there is anything smaller like 4, 8, or 10 gigs worth I can do that faster to DVDs or flash drives. I would have to buy another hard drive to get you the 160 gigs. Which i would if you need the info.

This combined with the supposed very quick rapid sale of the laptop has me suspicious - I would bet it's the original thief emailing you. Since he mentions time machine right away and found your email quickly - this is a computer sophisticated person, who possibly has done this before. "Berating me for my actions is useless" is also well written English. This is not a run of the mill stupid person. You're likely dealing with someone intelligent with very bad intentions.

I'd be scared now if running into another scam - I'm guessing, again I'm not in LE, but I'm guessing that the offer to buy a hard drive and back up for you will ask of you cash to be sent to a Paypal or Western Union or something, that you'll never see again, nor your data.

> what would you do?

First, pause and reflect. You don't need to hurry, it's more important you don't do anything stupid.

Second, get law enforcement involved. Now, I had my car window smashed once and had a bunch of stuff grabbed when I lived in a bad neighborhood, they took my stereo and cigarettes. Police are good people, but they tend to realize there's not much they can do about something like this, and they have limited resources. So, think about how to approach the police to get them interested - maybe talk to a computer crimes person online who would be interested in helping out, and get all the information you can. If this is a scam or a common thing (again, my intuition says so), then the police will be a lot more interested. Maybe you can put a sting together and get your computer back and/or put this bastard in jail.

I think your next two steps should be contacting people online who deal with this sort of thing, and contacting local law enforcement. Maybe the FBI would be interested actually, if you find the right agent and ask if this looks like a pattern/regular thing. Police love to catch and lock up repeat offenders, especially sophisticated ones.

Contact a lot of people - people tend to be sympathetic to when crime happens, and hate criminals. Whatever you do, don't contact this person on your own before consulting experts on the matter and law enforcement. It puts you in harm's way. Whatever you do, don't meet them or send any money or resources before contacting experts and law enforcement. Good luck and sorry this happened to you.


I am in LE (well, investigations anyway).

For the most part you are smack on! However I suspect this is ''not'' the thief - even after such a short time. As pointed out elsewhere they will shift it off pretty quickly.

From the text of the mail the person probably knew it was dodgy. So it's probably been fenced and then sold on - the person probably knows or has a friend who knows the fence (but not the thief) [this is just a guess, but it is usually what happens].

Second the advice to get LE involved; in fact it is crucial that he does so. By reporting as much as possible the police know about all the crimes. So, for example, if they grab someone on theft and can't link him to the specific incident they are investigating they may still be able to link him to your theft - because it is on record (this happened the other month, we had a stolen laptop to examine, no evidence... but the serial number of the external HDD with it matched on reported stolen 10 months ago).

In terms of tracking down this person, there are a few ways to do it. Where did the email come from (i.e. webmail, or the PC?) and from what address? You might be able to geolocate an IP address to get a rough location (this is useful information for the police because they may be aware of fences/thieves in that area to question). If it is webmail the police would need a warrant, which they might get in this case due to the explicitness of the case.

If the laptop is signing into chat etc. then perhaps you could convince the person to talk directly to you via that - at which point the police could try to get a warrant for the chat providers records and track him down.

Move quickly, the IP information can go stale very quickly.


This is good advice - from the timestamp and IP address in the header of the email, the ISP in question may even be able to tell law enforcement (i.e. with a subpoena, if necessary) the actual user. It's not as cut-and-dried as it used to be, given the existence of public WiFi, but there's a lot of information in log traces. Avail yourself of it. Quickly.


Agreed; getting the info from the service provider can take up to 30 days, if you're not quick their records go stale (no matter how long they are supposed to keep them).

Unless the records are 100% solid they won't be able to get a search or arrest warrant based on it.


As a member of LE, what do you think your department would actually do in this case? I bought a stolen laptop on ebay, got in contact with the owner and got him his laptop back, and my money back through paypal. We gave the police the ebay and paypal account information of the seller, including name, two physical addresses, phone number, email address, and pictures of the laptop inside their apartment. The police didn't do anything.

My boyfriend's laptop was stolen from our living room while we were sleeping in the bedroom, after the thief climbed through a window. The police didn't do anything then either.


The FBI will not be any help at all. Their backlog of cases is completely unworkable. Based on interactions with them from previous work I've done, there has to be monetary loss. The (unofficial) threshold to get them to investigate a crime involving monetary loss is at least $100,000 I believe. These guys are chasing criminals stealing millions, they won't be bothered with somebody who's laptop got stolen from his car.

His best bet is local law enforcement, but even this is likely a waste of time. What can they possibly do? They have a better chance of solving the crime from physical evidence than they do from electronic evidence.

He should file a police report for insurance purposes. Then just learn his lesson and move on.

Some thoughts for next time:

- Encrypt your hard-drive, especially on laptops or other portable devices. Check out http://www.truecrypt.org/

- Install a program to monitor/track your machine. Check out http://preyproject.com/


"... His best bet is local law enforcement, but even this is likely a waste of time. What can they possibly do? ..."

Disagree.

The law has a long memory and criminals are stupid. Better to get a record of the events logged. Some time in the future this person/persons will try it again and a pattern emerge. In some ways, stealing laptops is like stealing cars in the past. Instead of a get-away car, the criminal now has a get-away computer with someone else's fingerprints on it.


If the email was sent from a Yahoo/Google/Microsoft email account, it's IP was logged, meaning if the person was using their home internet, you can get a trace to their house with a warrant.

If the email was sent from a private domain, they're traceable in many more ways.

It might be a wasted effort, but you should still try. If the police don't want to give you the time, bring your lawyer in with you... they'll have the time then.


Might I point out that if this has happened to other users in the same neighbourhood, the cops will become aware of the emerging pattern. If the thief and his fence start repeating their behaviour, the cops will gather more data and evidence by which they can track down, apprehend and incriminate the culprits.

So the OP ought to report it. This might be the first instance they hear of, or the third, or the eighteenth. But if it fits the pattern, that's one more piece of the puzzle that can bring the day when the thieves get their collars felt by the Law that much closer.


http://preyproject.com/ looks awesome!

Can't believe it's free. Haven't looked at these for a while, but from what I remember they were one step above a command line tool last time I checked. Prey looks great.


I've gotten the recommendation to encrypt my laptop drive already from a few people, so I've been considering whether I should do that or not. My worry now is that if my drive is encrypted, then isn't it much more easy to corrupt the drive? Also I suppose there is some chance, probably as high as getting my laptop stolen, that I would forget my own password and lose access to my own data that way.


If you are on a Mac (like the OP), you might consider using FileVault. Then, use a very secure master password, write it down and keep it somewhere very, very, very safe.

In the event you ever forget your password, you can unlock the encrypted volume with the master password.

I don't know if Truecrypt has a system like this now; they didn't when I last used them (about...what...5 years ago? O.o ).


If this person bought it in person from the thief, then the cops can get him to identify the thief. If it's ebay, then this person can tell you the account username. Maybe they'll uncover something big, like an underground ring of thieves.


I was thinking the same thing. Take the emailer up on his offer to back up whatever data you need, then offer to cut him deal - him the laptop + reward money + amnesty/immunity if he tells you who the thief was.


The monetary loss used to be $10,000.00 before they would lift a finger, but that was 10 years ago.


I find it kind of ridiculous that losses would need to exceed even $10,000 to be investigated. There's something wrong when a huge portion of our tax dollars goes into investigating, arresting and locking up non-violent offenders such as drug users and these cases involving theft are ignored.


When my house was broken into the police told me that stolen posessions are typically sold within 30 minutes to 1 hour after being stolen. So I think it's highly unlikely that it's the original thief. I've had folks offer to sell me what were quite likely stolen goods on the street before. Probably what happened here.

At this point, however, it's wise to consider the guy who DID buy it a thief... and he is. If he's willing to provide you with a backup, take it and try your damnedest to track as much of it as you can (I'd involve law enforcement).


> I would bet it's the original thief emailing you.

I have to agree: if it was an "innocent" third party, I imagine they would have offered to just ship the laptop back. S&H certainly can't cost more than a new hard drive. Clearly, this person wants to keep the laptop, and it seems they think the laptop can be sold for more than enough to cover the cost of sending your stuff back.

That said, this person isn't that smart... They could just offer to use Dropbox.


It could still be someone who wanted a cheap laptop, and won't give it back now that they paid a thief for it, but wants to mitigate the harm to the original owner. (I agree with lionhearted it might be the original thief extending the scam but wouldn't rule out a 3rd party.)


You should be able to look at the email headers and either track back to the IP of his home connection, or the IP of the email service provider he uses. From there you give the info to the police and get them to issue a warrant or two to get the physical address of where it was sent.

If you're lucky they wont have used a proxy to hide their real IP, and wont have used a public access point.

Think about any apps you might have running which connect to services online automatically. I have an app which synchronizes my bookmarks with an online service (xmarks.com). I'd be tempted to contact them and ask for an IP address history of my own account to see if I could collect any other IPs that they might have used.


I would offer him a hundred bucks for the name and location of the person he bought the laptop from.


Plus take his offer on backing up the data. I'm assuming it's valuable if you backed it up.


Seconded. With your data, and the name of the real thief, you have a chance at both getting your data back, and getting a judgment against the thief for the value of the laptop.

It's not a guaranteed chance of course, but I would go for it.


I feel your pain, I was robbed earlier this week and they took my laptop (among other things). There are two things you can do.

1) Report the serial number and your police case number to the genius bar. If this guy ever goes for service they'll call the cops. This isn't apple's policy but it seems to be an apple store thing. 2) Renters insurance.


What you lost when your laptop was stolen:

1. Privacy

2. Data

3. Hardware

I'd say those are in ranked order.

1. Your privacy in relation to the data on that laptop is gone.

2. He's offering to return the core data back to you. If your laptop is anything like mine, the value is in the data. You have a means to get it back, so get it back!

3. The hardware is fairly unimportant comparatively.

With that out of the way, the returning of your data to you will create an interesting dance between you and the purchaser of stolen goods.

If you just want the data clean and then to move on with your life, just do as the thief says, get your data and go buy another laptop.

If you want to turn up the volume on this, start thinking up methods of doing the data exchange that'll expose the thief's location. Here are my ideas, none the less:

1. The thief knows what time machine is and got your email out of your data. Based on this it seems a self installing lowjack.dmg on a keychain drive is unlikely to work. If discovered, you just lost all that data. You lose the moral high ground just by trying it.

2. Were you pulling any kind of network/voip log files into time machine regularly? Perhaps on start up your time machine would have pulled identifying information from the laptops new location.

3. Reddit style email header trace. That's really taking the gloves off.

If/when you are able to get the data, I have a suggestion and a story...

In college my girlfriend (now my wife) was a DC intern and had her cell phone stolen. Its been a while since it happened and some of this is likely embellished from re-telling. Back to the story...her reaction to this was to wait a day, call the cell phone and ask the person who answered if she could speak to the lady of the house. She got handed over to the thief's mother, who agreed to meet her in the park to return the cell phone. Telling no one about this, the next day she solo's into the park, gets her cell phone, has a heart to heart with the thief about stealing and returns to work.

This path of actions is, of course, insane (and awesome). The moral of the story though is IF you get the contact information, don't both with the thief because they've already said strait up that "Berating me for my actions is useless." Instead, give that thief something to answer for next Thanksgiving. Shame is often felt by proximity, so call in the mommy air strike.

Good luck. Be safe.


I'd offer to buy the computer back for a little more than he paid. Sounds like he got a really good deal, so it couldn't cost you too much.


Yes, but then the resellee is down a laptop, and wouldn't get another good deal like that. Unlikely that he would accept said offer.


And you will trust the person who buys stolen laptops to call the amount of money (s)he wants for it? I bet it will be very close to retail price :)


In addition to what others have mentioned I have one piece of advice:

Perhaps this person is a visitor of HN and may now be aware of your future course of action. Even if they are completely unfamiliar with HN you have to consider that they have had access to whatever was left of your internet browsing history. Just because they claim to be deleting everything does not mean that they have done it yet. They were able to find your email address, which is easy, but you need to consider the possible extent of their snooping. You need to think about how much of your personal information could be compromised. Hope for the best but prepare for the worst.


If something like this happened to me, I'd take it as an opportunity to upgrade my laptop to something better. If you consider it from his point of view, he just dropped a couple hundred for hardware that was stolen. If he just gave it back, then he'd have lost all his money for nothing. So he's willing to pay a bit extra to get a 160GB hard drive to duplicate the important data and give it back, because hardware is replaceable, but data isn't. It'll make him sleep easier at night, knowing he didn't completely do the wrong thing.


Incidentally, this is why I encrypt my disks. I really wouldn't want someone who traffics in stolen property to have access to all my personal information.


I have a somewhat related question.

You see, I buy used hardware. Mostly from ebay, sometimes from craigslist. I always walk if it smells funny. (if it seems fishy, I often offer to exchange ID, and if the other guy refuses, I walk. Once someone offered me a good deal on a laptop but wanted to meet me on a freeway offramp. )

Really, even just exchanging ID every time wouldn't solve the problem... you see, many people buy things used, use them for a while (or not) then turn around and sell them, either in hope of turning a profit, or simply because they got bored with the item; I can imagine many ways a stolen item could come to be owned by someone who had no idea that it might be stolen.

My question is this: Is there some sort of publicly accessible stolen goods serial number registry or the like that I can check my goods against? I mean, even after I got the thing, if it turned out to be stolen, I'd be cool with returning it and eating the loss. I buy enough stuff to amortize any losses... but both from an ethical and a liability perspective, I'd really like greater assurance that I don't have stolen goods laying about.


The final correspondence between us:

From me:

Hey,

I hope you're still checking this email. I owe you an apology.

You reached out to me in kindness, and with a good nature. And I responded with a threat.

Please accept my sincerest apology. Thank you for your generosity in offering to send me my data. Like you said, I didn't need it b/c I had it all backed up.

That was truly considerate of you. I hope that my knee jerk reaction doesn't keep you from continuing to be upright and in integrity.

Enjoy the machine, I hope it treats you well.

All my best, Shereef

--------

I will likely keep it. I am an entrepreneur myself and will actually be putting the computer to use. First by buying a new power adapter. Can't believe you were using a 60 watt adapter. It requires an 85 watt.

And i do know you didn't have lojack. I checked the processes and used little snitch to check out going signals.

I am sorry that i don't have better integrity but I know that i can put the computer to use and I will continue to do my part in the world and not be a drain on it.

------

Yeah. The lo jack thing was a poor bluff.

Good luck man. Seriously. I only wish you the best.

May your business be super successful.

And listen. Don't be too hard on yourself. In the end we are all going back empty handed. :)

It was good to meet you. Write back if you need any help with your biz.

Peace Shereef


Sorry but that whole exchange seems like this (skip to 8 mins in) http://www.youtube.com/watch?v=snTBE_ykam4

He sounds like an arrogant toerag. I'd pass on all details to the police.


The first thought that popped into my head was - this guy sounds somewhat sophisticated. He might even read HN.

I think these emails provide further evidence that this guy may in fact be on HN.


If it is an Apple laptop (time machine) then report the stolen serial number to the police and Apple. If he brings it in to be serviced then there is a chance of recovery.

Nothing good comes from the act of stealing. I could get see with food and basic survival items (much less so in the US where organizations will give people these things), but not with a luxury good like a laptop.


Consider this for next time: http://preyproject.com/


Looks great. I know have it installed on my new laptop, and my wife's


If you embed an image in an HTML email, you can find the IP of the machine in your server logs (when the email client requests the image from your server).


most email clients don't automatically show remote images/resources exactly for this reason.


This is a good reminder for people to set an Open Firmware/EFI Password on their hardware.

If someone has physical access to your hardware then they can get access to all of your unencrypted data if they really want it. However, a firmware password would probably prevent someone from emailing you from your own account a couple of hours after they've stolen your laptop.

When the firmware password is set, your laptop will prompt for the password before booting from DVD, USB, or Firewire drive. It will also prevent booting into Single-User mode. You can set up a firmware password by using the Open Firmware Password.app in your Utilities folder.


Does the firmware password also cause the hard drive contents to be encrypted? I don't think so. Anybody with a screwdriver can take the hard drive out, pop it into another box, and bypass whatever password you've set up. After all, why would a thief care about voiding the warranty?


As much as I hate to quote my own comment:

"If someone has physical access to your hardware then they can get access to all of your unencrypted data if they really want it. However, a firmware password would probably prevent someone from emailing you from your own account a couple of hours after they've stolen your laptop."


as much as I hate to quote previous comment:

"Anybody with a screwdriver can take the hard drive out, pop it into another box, and bypass whatever (BIOS/EFI) password you've set up."

if you really don't wan't somebody to have access to your system you need full disk encryption.


You may well be able to trace it at least part of the way (or all if he was dumb enough to use the laptop at his work or home Internet) by looking at the full email headers, which usually retain the hostnames and/or IP addresses of each system it went through along the way. Including the origin IP of the laptop, indicating where it was at the time the email was sent.

Who runs your email services? If it is your local ISP, they may be able to get the IP address from the logfiles, though larger companies will probably brush you off.


File a police report, then file a claim with your insurance company. Pony up the deductible, and buy yourself a new laptop and restore it from your time machine backup. Its likely not worth the trouble to pursue getting the stolen property back.

This of course assumes that you have decent home owner's or renter's insurance, which should cover theft ever from your car. If you don't, then you should...

If someone's already mentioned this, I apologize. I didn't read through all of the comments.


Somewhat off-topic, but... This is a good time to point out the value of insurance.

For a few bucks a month, I pay my insurance company to cover my computers. For anything – theft, me being an idiot, accidental damage, whatever, they'll pay to replace it.

Whoever writes your homeowner's/renter's policy (you have a renter's policy, don't you?) can set you up with coverage for your laptop. A few bucks a month to replace what may be the most important, valuable tool you own is a no brainer.


This is a good time to point out the non-value of insurance. Insurance companies make money on selling you insurance most of the time. That means, statistically speaking, you will give them more money than they give you. Take the few bucks per month and put it in a savings account.


I used to think that a lot when I was younger, and vowed I'd never pay for insurance. The math certainly checks out.

However, the point of insurance isn't to come out with a profit in strict dollar terms, at least not for the customer. It's to protect yourself against differing marginal utilities of money. A dollar when your livelihood is stolen or when you're in the hospital or when a loved one has just passed away is worth a lot more than a dollar that would otherwise get spent at Starbucks.

The point of money is to have enough that it'll never become the limiting factor in doing what you want to do (unless you're one of those folks who defines their net worth as a human being by their net worth). As long as you have enough, it's all good, but when you don't have enough, that's bad. It makes sense to trade more money when you have enough for less money when you would otherwise not have enough.

Incidentally, many financially-irrational decisions can be explained by this reasoning. Like the lottery. For many people, an extra dollar a day means no practical difference in their standard of living, but an extra few million dollars leads to a massive improvement. Or the financial industry: on the face of it, the financial industry shouldn't exist, because money is a completely fungible quantity and each party has the same yardstick for whether a transaction was a success. However, they don't, really - it makes sense to pay more in interest later if receiving some capital up front lets you capitalize on an opportunity now.


I wish I could agree with you. I love to avoid bullshit money traps perpetrated by large companies preying on the fears of consumers, but this is legitimately a good deal.

To insure both my own and my girlfriend's laptops (both mid-range MacBook Pros), it costs me about $9 a month.

We're talking about $3,200 (USD) in coverage. It would take about 29 years to save up that much (at $9 a month). In the event that my laptop is destroyed/stolen/dropped in a bathtub tomorrow, that savings of $160 since last year isn't going to do me much good.

Speaking from experience, the ability to walk into my agent's office, report the loss, and have a check in my mailbox before the end of the week is a truly powerful thing.

edit: And, it's worth pointing out, I'm pretty sure that in the space of 29 years, something terrible is going to happen to my laptop. In which case, I've come out ahead.


I figured the same thing when I got the extended warranty on my first laptop. Laptops are fragile, they die often, it was only like $100 (that's your $9/month for a year...), and if the laptop was broken before the extended warranty ran out (5 years, I think), I'd get a new one, based on current laptop price/performance. I thought this was a great deal, since I thought it quite likely that my first one would die before 5 years and then I could get a much better one at no additional cost.

Problem was, when the laptop finally died about 3.5 years later, they made up some bullshit excuse about there being a "liquid spill" on it and refused to honor the extended warranty. (Yeah, Circuit City, no wonder they're out of business...)

Anyway, I found the whole experience of trying to convince the service company that yes, my laptop needed servicing so distasteful that I didn't bother with any sort of insurance or extended warranty for my second. And wouldn't you know, it lasted for 5 years, never needed servicing, and can still boot up and run today, though the network's a bit flaky and the battery is basically dead.

My point (and presumably webwright's, though I disagree with him in another thread) is that the insurance company has to be making money off this policy somehow - they've got lots of actuaries calculating odds to make sure they come out ahead at the rates they charge. If you think "of course my laptop is going to die within 29 years - I'm bound to come out ahead", I'd suggest reading over your policy very carefully. My guess is that they have some very strict conditions on how it dies, and there's a good chance they won't cover it for many mundane run-of-the-mill failures.

Buy insurance because you can't afford to cover the loss otherwise, not because you expect to make a profit on it.


I 100% share your cynicism with regard to this world.

Yet I am speaking from experience.

Here's how it went down last time:

"Yeah, so, I dropped it in the sink. I have this paperwork from the Apple store."

"Wow, okay. I'll start the claim for you. Someone will give you a call in a few days."

A few days pass. I get the call.

"You dropped it in the sink?"

"Yeah, right into the one bowl in there full of water."

"Okay. What did you pay for the replacement? Oh, I see it on the paperwork here. Okay, thanks."

A few more days passed. Then I had a check in my mailbox.

It helps, I think, that I'm going through a real, consumer-facing insurance company instead of an outfit that sells coverage through a retail middleman. Retail extended warranties are, indeed, bullshit, but the distinction here is that I'm buying real insurance, which covers accidents and liquid damage.

They also cover my car, my apartment, and a life policy I have to pay off my student loans in case I should meet an untimely end.

But they're the real deal and they haven't screwed me yet. I suspect if I made a regular habit of making claims on my policies, it'd be a different story. So far, though, it's all good.


And, it's worth pointing out, I'm pretty sure that in the space of 29 years, something terrible is going to happen to my laptop. In which case, I've come out ahead.

I'm not sure of that at all. If it's true, the insurance company is run by fools who are guaranteed to lose money. For starters, I'm pretty sure that if it breaks 5 years from now you won't be getting a check for the original inflation-adjusted purchase price.


Everyone's such an expert on my policies – you break into my filing cabinet or something?

I forget what it's called, but the policy has a provision to protect me for exactly this issue. And, again, I have already made a claim on it once for a boneheaded accident. Everything was great and I didn't get screwed.


Whether it's worth it also depends on how likely it is the laptop will get stolen. Is P(laptops stolen per month) * $3200 > $9, ie, roughly P(laptops stolen per month) > 0.3%?


Laptop insurance can often cover accidental damage on top of theft and other things that can happen to a laptop. In very limited cases, other insurance policies may offer limited coverage as well. They're all capped with limitations, but for the one time that something disastrous happens, it may be worth it to some for the peace of mind.


Generally correct. Insurance only makes sense for losses you absolutely can not afford. For most people this would mean a phone is definitely not worth insuring, a laptop probably not worth insuring, but a house definitely worth insuring. For the super rich it's probably not even worth insuring a house.


That I do too.


Assuming you know something about digital snooping, and he doesn't know anything about privacy, you can figure out a lot about him, possibly even remotely access your computer and (if it has a webcam) take a picture and report everything to the police. You should talk to the police first (in fact, you should've the moment it was stolen), but explain that you know a lot about computers (most police don't have much in the way of computer security experts on staff, and they wouldn't waste their time on petty theft) and will be trying to find out more about this guy. They'll probably be glad for anything you might find, so long as it's well-documented and provable, and this kind of investigation should be admissible in court. There are reported cases of theft victims snapping pictures of thieves with their webcams and actually getting results.

If you feel bad for the guy, and assuming you find him, you can ask the cops to cut him a break if he gives evidence about the thief he bought it from. They will probably offer him this deal too, but since he already reached out to you, he will trust you more when it comes from you.


he's a criminal. he bought a stolen laptop (who buys a used computer without turning it on and exploring it a little to make sure things work? remember, he's smart enough to get your email, etc. he knows about computers and buying used computers).

contact your local police and explain the situation to them. ask if an officer can accompany you when you meet this person to receive your data (or whatever they think you should do...). you could then set up to meet in a public space and just have the police officer sitting somewhere nearby and then he'll walk over as your exchange takes place. i'm sure they can help with planning it all out and according to their policies...

if they turn you down for some bizarre reason (grumpy/lazy officer or receptionist maybe?) make sure to press the issue. make sure to walk in rather than just call. bring a copy of the email with you.

have a good one


if he's a competent criminal he'd offer to mail the hard drive not meet..........


I saw you are in the bay area. You should contact the REACT taskforce they specialize in online and technology based crime. http://www.reacttf.org/

This is a great team, I have dealt with them before and they won't give you the run around like other places.


Cops.

Cops, then the bank, then the insurance firm (you did take out contents insurance on the laptop, didn't you?), and then anybody else you have data on stored in your computer.

Ignore anybody telling you that they're going to tell the authorities because you have porn on your drive. It's pretty much a given that every laptop and computer in existence now has some porn on it.

If he knows what services you use, for goodness' sakes change every password you can remember. If your passwords are created by a master algorithm that you happen to have stowed on your hard drive, change that algorithm.

But first and foremost, cops. Give them all of the index and key numbers which identify it. Make sure to let them see that email. It has an IP address, and they can begin investigating from there.


If they're willing to buy a 160GB HD for you, appeal to them to just send you the original 240GB HD instead. For them to have their own 240GB+ HD installed may not be much more time/expense.


act all nice about it, and figure out some way to find out who he is, then fuck up his life.


Prevention is the best medicine... Checkout my recent blog post on portable security: http://fpux.com/2010/03/23/portable-security/

As previously mentioned, prey project is great. If you combine it with encryption, guest account, and firmware password -- you've created a helpful environment to get your machine back.


Continuing with the investigation of Lionhearted, this person might want to know the exact place of your "sensitive data", instead of searching your hundred gigs. I would suggest that you offer him that you'll return back to him the price that he paid and you won't inform the police. See how it goes with him.


I read this same post on reddit a few weeks (maybe months?) ago. I'm looking for the post, but it's difficult to find old posts on reddit.

From what I recall, that person didn't get their data back, and given the nearly word-for-word similarities between that post and yours, I would guess that this is an ongoing scam.


how did he get my email? how does he know i backed up to time machine? what would you do?

Your browser probably has a cookie that goes to the login page of your email service, which probably defaults to your name even if you type your password in manually every time. That page is likely near the top of your browser history. I do malware removal for friends from time to time and even after years of that I am still surprised by how much information is stored by browsers, and in how many places.

Same with time machine, the lists of what were backed up are probably stored on your HD in case you ask it to do a differential backup next time. All those little conveniences and preferences get squirreled away on your hard drive.

Your profile says you're in Oakland; with an underfunded police dept and one of the highest murder rates in California, you'll have to do your own detective work and give them an easy collar.

If you have the serial number, Apple can assist directly. If not, then there's still hope - the MAC address of your network card is often stored in firmware and may well survive a wipe of the hard disk and reinstall (even assuming the buyer is thorough enough to truly wipe the system). Do you use Wifi in your office? Routers often keep a log of MAC addresses and names of the computers that connect to them. Hardware routers can too, but they're more plug-n-play, whereas usually people configure the wifi to put a password on it and may have enabled the logging if it wasn't on by default. Failing that, since you have this person unwisely offering to help, at the very least you want them to copy your \system and \user folders in their entireties, preferably using some kind of automatic utility instead of by hand so that hidden files and stuff get included. So I say take them up on the offer, be pathetically grateful 'as long as you can get your settings and preferences back'. Having the MAC address won't help you find the computer, but it will help you verify that it's the one which was stolen if the thief hasn't been thorough.

Assuming the person actually comes through, there's a reasonable chance that you'll be able to find a log of the last IP address that was used, because they probably contacted you using your own computer. Could be in a coffee shop but if so they probably go there regularly. If it's associated with a residential address you're really in business. The cable or DSL company will probably be willing to tell you if that is the case as long as you don't ask for the street address or subscriber name, because then you can give that information to the police and the cable company won't mind giving it to them the way they would to you - getting a warrant for that ought to be very easy since a theft has occurred. You should report the theft straight away if you haven't already, you can fill them in on the technical details later after you have a case #.

If it is a residence, the police will take care of it. Having them turn up with a warrant is intimidating enough for most people, if they have printouts of system logs or something to wave around the thief/roommate/friend will probably spill everything they know, and try to give them enough information to track down whoever broke into your car. It's quite possible that the police already know this person but don't have an open and shut case to make a prosecution easy. Computer data can make for an impressive looking evidence trail, which can lead to a nice story in the local newspaper - 'cops and DA nab thief using computers tracking data'. Good publicity, pleases the taxpayers, deters a few wannabes.

If the offer to send back your data is just a cruel bluff, don't give up. You run a website, presumably you log in there all the time. If it's your start page or a favorite, there's a chance that the person opened it in the browser by accident or out of mild curiosity - people are nosy that way. Look at your visitor logs and see if there were any failed connection attempts to your admin account or whatever you have, and what IP addresses they came from. Of course you'll probably have a stack of new connections starting right after your HN posts from people like me. Look at the email timestamp and start tracing logged IP addresses about 90 minutes on either side of it - anything within say 20 miles is a possible.

That's enough to be going on with. Take the person up on the offer, maybe with some mealy mouthed words about how you don't have much alternative, suggesting (not explicitly!) that you tried the cops and they were indifferent. Say something pissy as well for credibility. Beg a little for your system and root directories - look at someone else's Mac, I don't know offhand how big those folders get. I would ask for the stuff on DVDs if that does not seem unreasonable: those can be got at Walgreens and the person is much less likely to blow off a trip to walgreens than a trip to store to buy a hard drive; they take fingerprints better than a hard drive will; and the lead-in data may contain forensically useful information.


... what about the old good trick: 1x1 image in mail reply, hosted in some controlled box? hopefully the guy is not checking mail with mutt. :)


Just a note: MAC addresses are usually stored right on the device itself. There is a function in the driver code or deep in the networking stack that allows you to change the hardcoded MAC to another MAC of your choice.


Quite - I'm guessing the laptop thief won't be so thorough, though. Anyone that security-minded would hardly compromise themselves so blatantly as to email their victim.


If that was my laptop (and it wasn't encrypted), I'd take his offer and then report it to the police. I don't see what you lose on taking his offer, and every theft imho should be reported, if only for making statistics.


Short and simple; two-fold.

1. Read the advice on this page so that you've allowed yourself to see all possible angles. 2. Call the police and take it one step at a time with them.


It sounds like he may have visited the website of your email provider. Contact them directly and see if you can get an IP address from them.


My question is how did he unlock your computer in the first place?


tough luck...have heard quite a bit of unpleasant stuff about Oakland :( But,why would you want tell the whole world(HN), the exact contents of the mail?

And if he were to follow HN.. with comments about tracing IP, etc .. he might have gotten really scared...perhaps your laptop is enroute to your house!


filevault & crashplan.com


post the email headers here


Delivered-To: shereef@gmail.com Received: by 10.227.137.69 with SMTP id v5cs104210wbt; Sat, 18 Sep 2010 18:42:06 -0700 (PDT) Return-Path: <101badkarma@gmail.com> Received-SPF: pass (google.com: domain of 101badkarma@gmail.com designates 10.142.223.11 as permitted sender) client-ip=10.142.223.11; Authentication-Results: mr.google.com; spf=pass (google.com: domain of 101badkarma@gmail.com designates 10.142.223.11 as permitted sender) smtp.mail=101badkarma@gmail.com; dkim=pass header.i=101badkarma@gmail.com Received: from mr.google.com ([10.142.223.11]) by 10.142.223.11 with SMTP id v11mr6012112wfg.29.1284860525531 (num_hops = 1); Sat, 18 Sep 2010 18:42:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=En3bZiL4+B5vTtybnZXiAYgxVH8KE7aSzQ8trXFJhfw=; b=b0mf+OtiHbF5VdsI9H27MN7Tmwz6NLqkFU/1fPmYNqbBNOR7kkXv0OrJsD3zIbZ4Js i6eaN1cBbq5DEDjxxJIqhwPBaJw6qUAJkQvFXeg9F/afpS6e3/jyfBbthgcXCEKxFfg+ vwaTfaiQeFFyXHTI1CG5XZLCICl2L7LXVH/tA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=aZps057Ba5cXMeIEOROw7bo/ZxucfJyDaLxN0F3nepTGQYtaUFtpA+H1irq3s5CfeE A0z0zWtaKFAVe3K6VJibIRleRkCaIy8WDKkoWMUTze1xQcSWphWiiDK8yixD989a8LRW unv0IRELrI4cauF32fgTvT4wW3Sa+leUuv20I= MIME-Version: 1.0 Received: by 10.142.223.11 with SMTP id v11mr6012112wfg.29.1284860525521; Sat, 18 Sep 2010 18:42:05 -0700 (PDT) Received: by 10.142.135.13 with HTTP; Sat, 18 Sep 2010 18:42:05 -0700 (PDT) Date: Sat, 18 Sep 2010 18:42:05 -0700 Message-ID: <AANLkTi=ek0sq9johN8AYFjQQXpg0kvGtE5ZXn0MZ=zU0@mail.gmail.com> Subject: Stolen Laptop From: karma bad <101badkarma@gmail.com> To: shereef@gmail.com Content-Type: multipart/alternative; boundary=000e0cd17e7635ad30049092e752

--000e0cd17e7635ad30049092e752 Content-Type: text/plain; charset=ISO-8859-1


I don't know much when it comes to ips, i.e., I can't tell whether that is a shared ip, or otherwise.

Nonetheless, a quick search reveals this individual (http://www.scamwarners.com/forum/viewtopic.php?f=34&p=32...) used/had that ip 3 months ago. (S)he appears to be a security specialist, which goes with the impression I got from the email.


You're right, you don't know much about IP addresses. The entire 10.x.x.x block was reserved long ago for use on private networks, it's not routed anywhere on the internet. This RFC from 1996 describing best practices for their use is still accurate: http://tools.ietf.org/html/rfc1918

All of those addresses in the header posted are hosts within one of Google's networks. The same address is likely in use on other such networks.


Or 4chan. It seems those people love challenges like this.


Now, now. Let's not go vigilante. There's a site dedicated to that stuff if the OP is interested. It's called Reddit.

Edit: By the downvotes, I see that apparently HN is not above internet mob justice. My mistake, carry on.


I can tell you first hand the police don't have the manpower or knowhow to track people on the internet. They're good but they need help.


It's only vigilante justice if someone illegally punishes the criminal. Helping the police locate a suspect is called "being a good citizen".


Ask the police permission to send him a virus by email..




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: