How to recover your stolen computer ?
[french version] There is no miracle. To find your stolen computer, you have to anticipate the steal. You’ll never know when it’s going to be stolen, and it will most certainly be stolen if you use it often outside of your home.
I have no other pretention here to explain how I managed to recover my own computer. What I’m about to discuss is not a novel, nor is it a viral ad for a software company, it’s only the description of a robbery, of a successive stalking that led the police to recover the stolen computer. Police intervention isn’t necessary, but in my case the computer was stolen and stayed oversees.
The picture illustrating this article is of Roberto Serrano, the person who was using my computer and next to whom it was recovered. Roberto Serrano is presumed innocent until proven otherwise. He may haven’t actively participated in the robbery, but he benefited from it, which is enough for me to consider him guilty of crime of concealment without any form of trial. In other words, Roberto Serrano is a fence.
But let’s get back to the story. To recover your computer you need prior to that to get some tools to track it, to prepare your computer in case it’s stolen, and to install some preventive software just in case…
- Suitable tools. I acquired prior to the robbery a licence of Orbicule for their Undercover software for Mac. There are equivalent softwares for PC, and Undercover isn’t the only Mac software existing. But it’s the one I’ve chosen, because the software’s overall cost is only made of the licence (no annual costs), and the price of the licence is fully refunded if the computer isn’t found. The way the software works is pretty simple. Each time it is connected to the internet, it calls Orbicule’s servers. If the server declares it has been stolen, the computer will start sending at regular intervals it’s IP address, screenshots and pictures taken with the internal iSight of you computer if it has one.
- A necessary preparation. First, remember to make regular backups. You are making backups, aren’t you ? Then, you have to think as a thief. What would (s)he do of a computer whose only account is locked with an unrecoverable password ? (S)he would probably just format the hard drive… In that case, you wouldn’t be able to use the functionalities of your software. Some knowledgeable people will oppose that you can prevent a hard drive format by setting a Firmware password, but only 2 minutes of googling will explain you how to circumvent that measure. If the thief wishes to format the hard drive, you won’t be able to prevent it. On the contrary, you have to allow him (her) to benefits from all that is installed on your computer to distract him (her) from such tentation. So create a guest account without any password, preferably without any admin rights either (although I personally chose otherwise), and you will rest assured that the thief or the end user of the crime won’t look any further. You have to define the parameters of your connection tracking software such as Little Snitch (if you use it) so that they’ll permanently accept any outgoing connections.
- A little bit of prevention doesn’t hurt. There are a few tools available to prevent the worst situation in daily activities. A classic situation, you are at the library and you must get some books. Your computer stayed unattended. In that case I use the freeware IAlertU that acts like a car alarm system. It uses the Sudden Motion Sensor that comes with Apple’s portable computer’s hard drives to detect any movements of your computer. Adjusting the screen, lifting the computer or pressing any key will trigger a loud alarm raising everybody’s attention, but that not all as the software also takes picture of whatever is facing the screen during these alarms using your iSight and sends it by email to an address of your choice. The software is activated and deactivated with the infra red remote control that comes with your Mac.
So, you’ve done all that was described here, and oh horror, like me your house get robbed and your computer disappear. You then contact Orbicule and you start getting multiple screenshots with crucial informations, mugshots of the people using your stolen computer, as well as the various IP addresses used to connect to internet. Basically at this point know in a few days who is using your computer, his (her) postal address, his (her) various e-mail addresses and his (her) different IDs on the web.
Then to recover you computer, you can either use the services of the police, or take the matter into you own hand… It’s your choice. You know everything from the one using your computer, and he (she) knows nothing about you. He (she) may be able to recognize you, only if you’ve used a picture of you for your account on the login screen. Besides that you’re a total stranger to him (her).
Because of the geographical distance I followed my intel to the police. I had sent that info relative to the possession of stolen goods to the person to whom the burglary took place, but the police wasn’t reactive enough. Months later I started calling the detective in charge, insisting to get my computer back that was still regularly used, and I finally got what I was hoping for. The detective was issued a search warrant and my computer was sent to me back home. I have to thank detective Mickael Reymer from the Laporte County Police Sheriff’s office, without him that wouldn’t have been possible. The story got the attention of the local newspaper, who published it in another local edition, and it ended up on 01net.com. From there it spread on the internet and was mentioned on many blogs and websites. Some people thought of it as a viral ad. That looked like it, but all it was indeed was the narration of real facts. It is true I received from Orbicule a free update of my single user licence to the household licence that allowed me to register my 3 other macs (I had to buy a new one after the robbery). But I had to ask and it was way after the buzz around that story.
Some would think the story ends here, but that’s not it. Once you get your computer back, you can access the Guest account, open the Keychain Access utility and discover all the passwords for all e-mail accounts as well as various acces codes for the different websites visited by your thief/fence. What you won’t find here, you’ll discover it in the preferences of the various browsers installed on your computer (Safari, Firefox, etc.). I also discovered many pictures left by Roberto Serrano (aka : the fence). Roberto really spoiled me… Well, you see you have enough matter in you hand to have fun during weeks, the only limit you have to your vengeance is your suddenly flourishing imagination.
I offered Roberto Serrano to tell his version of the story, to beg forgiveness and limit my vengeance to a simple disapproval, but he didn’t bother replying to my request, even unfavorably. Too bad. For him.
I can’t resist to list the various facts I’ve learn over time about Roberto « The Fence » Serrano. Please don’t do anything stupid with that :
- On facebook he is Roberto Serrano : http://www.facebook.com/profile.php?id=1172541290
- On Yahoo he uses the account r500horses (email@example.com), but he also uses the email firstname.lastname@example.org sometimes and seems to be a student at Ivy tech (email@example.com).
- He often uses the login/password : refujiano (on Woome for example)
- He’s on myspace : http://www.myspace.com/chidoclas
- He was born on september 9th, 1988 in Colotlan, Mexico (although sometimes he pretends he was born in 1970, like when he opened an account on sexsearchcom.com website), he pretends to be 6″6 (lol).
- On http://www.hrapply.com/ his username is rserrano
- Last time I checked he lives at 215 Tilltston St, Michigan city IN 43360 (that is were the police found my computer at least), although he once mentioned living at 4108 Valley Oak Dr, Trail Creek, IN 46360.
- I have his mexican driver licence number that I won’t give up… yet.
- He arrived in the US on june 2005
- The last name of his favorite teacher was canucha
- His mother’s maiden name is Yolanda (seems eBay asks for it…)