Ask HN: He stole my laptop, and sent me this, what would you do?

When I was younger, my mother had her wallet stolen. The person who stole it sent it back to her (including her ID, credit cards, etc), minus the hundred or so dollars in cash.<p>While I would have been furious, she was completely okay with it. She calmly told me, "The person who stole it clearly needed it more than me."<p>Now, this isn't to say that stealing is okay. It's certainly not, and I'd be pissed. However, this person knows what he did was wrong. He really seems to hate what he had to do to get the computer. But he clearly needs it. Maybe he wants it so he can get a job, or wants it so his kid can succeed.<p>Try appealing to this side of him. Find out why he needs it. I doubt it's so he can watch YouTube videos, based on his email. You can buy a cheap desktop (or even laptop) for a few hundred dollars. Offer to trade a crappy computer for yours. (I doubt he wants you to buy it back; he seems to care more about the computer than money.)<p>The person almost definitely doesn't need a computer as good as what you had stolen from you, and he's already feeling really guilty about it. And, if he agrees, you can try to find out who actually stole it and tell the police.<p>Sure, it's unfair you'd have to drop a few hundred dollars- but consider it a donation. (Depending on the circumstances, you might even be able to figure out a way to legally donate it to him through some sort of organization- which would be tax deductible.)<p>After all, giving him a computer could change his life. Think about how much your life has improved by merely owning a computer; something most people on HN take for granted. You could turn a bad situation into one you're really proud of.

Here's what I ended up sending him:<p>---- Wow.<p>I really appreciate the offer for the backup. Good to know it was stolen as opposed to carelessly left somewhere.<p>You're actually pretty unlucky. I have this software installed for this occasion:<p>lojackforlaptops.com<p>please call me at 510.213.2990 in the next hour<p>if you don't I will immediately activate the lojack theft alert which means law enforcement is showing up at your door promptly.<p>I don't actually know your location, but they reveal it to the cops, who show up at your door with a lot of questions.<p>thank you in advance for doing the right thing<p>cheers, shereef ----<p>and what I got in return:<p>----<p>I use the laptop in public places. And have no internet at home. Sorry but your info is now deleted. Torrenting copyrighted files is illegal also just to let you know.<p>-----

Report to police.<p>Do not let him create a secondary market for stolen laptops. It would become an economic incentive for the stealers to steal more laptops.<p>Research has shown that tolerance of public crime gradually leads to an increase in major crime. (Read about this in one of the pop economic books, not sure which). Do you want to keep your city a safer place to live?

I can't help but wonder:<p>Can you look at the original email message &#38; get the IP - then run some GeoIP? If he was irresponsible enough to do it from some public place like a University Library then you could probably look the exact address up &#38; have a lead to give the police.<p>Secondly, depending on if you have chrome &#38; a "trusted" website that you provide your location to, then you can run that bit on this fool in a reply email with a link that says something like "Do me a favor &#38; just upload my pictures folder to <a href="http://mysite.com/storage/index.html" rel="nofollow">http://mysite.com/storage/index.html</a> - the user is: johndoe &#38; the pass is: FML123" then wait &#38; obviously log the lat/long &#38; go to the police.<p>Third, if you happen to know the serial number, report it to Apple, then to the police. I say this because he is considering buying a 160gig drive &#38; backing your data up to it - there is a small chance he would go to the Apple store to do this.<p>Next time, consider using <a href="http://preyproject.com/" rel="nofollow">http://preyproject.com/</a><p>Other than that I guess try to get what you can from this guy without paying.

I regularly track down thieves, theft rings, and other criminals on the Internet, so I can probably give good real-world advice here.<p>Do all of these steps today. Do not contact the sender until you have filed a police report, if possible.<p>Step 1.) Collect all of the evidence you have. Intact email messages are important.<p>Step 2.) Grab a pencil and piece of paper and title it "For the overworked detective".<p>Step 3.) Gather any unique identifiers in the email message headers. Get the originating IP address, geolocate it, find out which ISP owns the IP block (via arin.net) and write all of this down on your piece of paper.<p>If you have a mountain of evidence, print it out and number it page by page, so you (and the detective) can cross reference your notes with the evidence easily.<p>4.) Google the sender's email address, write down any decent info and rate it (solid/likely/unlikely). Do the same with just the username portion of the email address.<p>5.) Bring your notes, and your evidence, and file a police report, preferably in person. The CSO will either pencil whip the report into the system or add some of your evidence to the report. No worries, if you have your notes cross-referenced, the detective will be very interested in it.<p>Many police departments are overworked (or claim to be), so if you do the initial legwork and it can be reliably cross-referenced to evidence you'll have more chance of getting your stuff back.<p>Oh and the guy who emailed you has knowingly purchased stolen equipment, which is a crime. My hunch is that he isn't the thief, but personally knows the thief. So, you grab him and you get the other. These guys have probably victimized a whole lot of other people, so good luck.<p>Feel free to email me if you have any questions or need assistance (my email is in my HN profile)

This really seems like a scam to me. It's possible that the amount of guilt that this person feels is sufficient to motivate them to buy the a 160 gig disk (and spend time selectively copying the most important data) but not to motivate them to buy a 250 gig disk and copy everything. It's also possible, though, that this person is trying to draw you into a conversation focusing on how important the data is to you, in order to convince you to send money to buy a disk or buy the laptop back.<p>Actually, how sure are you that they even have your laptop? Did you mention the theft someplace public, like on a blog or twitter? The only information they've demonstrated that they have is your email address, the fact that you've used Time Machine at least once (probably a pretty safe bet if they know your laptop was a Mac), and the approximate amount of data that you had stored (assuming you know that's correct and aren't just taking their word for it).

He got your email because he has your laptop - same for the backup software. Depending on how valuable your information is consider a sizable monetary amount to get the name of the person he bought it from or just offer more than the laptop's value to get it back and end it. Consider reporting to the police what you're doing... if a physical/in-person exchange of the information occurs and he didn't take you up on your offer, the police might be able to legally influence the buyer into giving up the details of the seller/thief since the buyer committed a crime too.<p>Good luck.

Note: I am not in law enforcement, just going by my instinct here. Observe:<p>&#62; I am offering to back up to 160 gigs to another hard drive. There is only about 240 gigs worth of information. I see that you have backed up most everything using time machine. If there is anything smaller like 4, 8, or 10 gigs worth I can do that faster to DVDs or flash drives. I would have to buy another hard drive to get you the 160 gigs. Which i would if you need the info.<p>This combined with the supposed very quick rapid sale of the laptop has me suspicious - I would bet it's the original thief emailing you. Since he mentions time machine right away and found your email quickly - this is a computer sophisticated person, who possibly has done this before. "Berating me for my actions is useless" is also well written English. This is not a run of the mill stupid person. You're likely dealing with someone intelligent with very bad intentions.<p>I'd be scared now if running into another scam - I'm guessing, again I'm not in LE, but I'm guessing that the offer to buy a hard drive and back up for you will ask of you cash to be sent to a Paypal or Western Union or something, that you'll never see again, nor your data.<p>&#62; what would you do?<p>First, pause and reflect. You don't need to hurry, it's more important you don't do anything stupid.<p>Second, get law enforcement involved. Now, I had my car window smashed once and had a bunch of stuff grabbed when I lived in a bad neighborhood, they took my stereo and cigarettes. Police are good people, but they tend to realize there's not much they can do about something like this, and they have limited resources. So, think about how to approach the police to get them interested - maybe talk to a computer crimes person online who would be interested in helping out, and get all the information you can. If this is a scam or a common thing (again, my intuition says so), then the police will be a lot more interested. Maybe you can put a sting together and get your computer back and/or put this bastard in jail.<p>I think your next two steps should be contacting people online who deal with this sort of thing, and contacting local law enforcement. Maybe the FBI would be interested actually, if you find the right agent and ask if this looks like a pattern/regular thing. Police love to catch and lock up repeat offenders, especially sophisticated ones.<p>Contact a lot of people - people tend to be sympathetic to when crime happens, and hate criminals. Whatever you do, don't contact this person on your own before consulting experts on the matter and law enforcement. It puts you in harm's way. Whatever you do, don't meet them or send any money or resources before contacting experts and law enforcement. Good luck and sorry this happened to you.

You should be able to look at the email headers and either track back to the IP of his home connection, or the IP of the email service provider he uses. From there you give the info to the police and get them to issue a warrant or two to get the physical address of where it was sent.<p>If you're lucky they wont have used a proxy to hide their real IP, and wont have used a public access point.<p>Think about any apps you might have running which connect to services online automatically. I have an app which synchronizes my bookmarks with an online service (xmarks.com). I'd be tempted to contact them and ask for an IP address history of my own account to see if I could collect any other IPs that they might have used.

I would offer him a hundred bucks for the name and location of the person he bought the laptop from.

I feel your pain, I was robbed earlier this week and they took my laptop (among other things). There are two things you can do.<p>1) Report the serial number and your police case number to the genius bar. If this guy ever goes for service they'll call the cops. This isn't apple's policy but it seems to be an apple store thing. 2) Renters insurance.

What you lost when your laptop was stolen:<p>1. Privacy<p>2. Data<p>3. Hardware<p>I'd say those are in ranked order.<p>1. Your privacy in relation to the data on that laptop is gone.<p>2. He's offering to return the core data back to you. If your laptop is anything like mine, the value is in the data. You have a means to get it back, so get it back!<p>3. The hardware is fairly unimportant comparatively.<p>With that out of the way, the returning of your data to you will create an interesting dance between you and the purchaser of stolen goods.<p>If you just want the data clean and then to move on with your life, just do as the thief says, get your data and go buy another laptop.<p>If you want to turn up the volume on this, start thinking up methods of doing the data exchange that'll expose the thief's location. Here are my ideas, none the less:<p>1. The thief knows what time machine is and got your email out of your data. Based on this it seems a self installing lowjack.dmg on a keychain drive is unlikely to work. If discovered, you just lost all that data. You lose the moral high ground just by trying it.<p>2. Were you pulling any kind of network/voip log files into time machine regularly? Perhaps on start up your time machine would have pulled identifying information from the laptops new location.<p>3. Reddit style email header trace. That's really taking the gloves off.<p>If/when you are able to get the data, I have a suggestion and a story...<p>In college my girlfriend (now my wife) was a DC intern and had her cell phone stolen. Its been a while since it happened and some of this is likely embellished from re-telling. Back to the story...her reaction to this was to wait a day, call the cell phone and ask the person who answered if she could speak to the lady of the house. She got handed over to the thief's mother, who agreed to meet her in the park to return the cell phone. Telling no one about this, the next day she solo's into the park, gets her cell phone, has a heart to heart with the thief about stealing and returns to work.<p>This path of actions is, of course, insane (and awesome). The moral of the story though is IF you get the contact information, don't both with the thief because they've already said strait up that "Berating me for my actions is useless." Instead, give that thief something to answer for next Thanksgiving. Shame is often felt by proximity, so call in the mommy air strike.<p>Good luck. Be safe.

I'd offer to buy the computer back for a little more than he paid. Sounds like he got a really good deal, so it couldn't cost you too much.

In addition to what others have mentioned I have one piece of advice:<p>Perhaps this person is a visitor of HN and may now be aware of your future course of action. Even if they are completely unfamiliar with HN you have to consider that they have had access to whatever was left of your internet browsing history. Just because they claim to be deleting everything does not mean that they have done it yet. They were able to find your email address, which is easy, but you need to consider the possible extent of their snooping. You need to think about how much of your personal information could be compromised. Hope for the best but prepare for the worst.

If something like this happened to me, I'd take it as an opportunity to upgrade my laptop to something better. If you consider it from his point of view, he just dropped a couple hundred for hardware that was stolen. If he just gave it back, then he'd have lost all his money for nothing. So he's willing to pay a bit extra to get a 160GB hard drive to duplicate the important data and give it back, because hardware is replaceable, but data isn't. It'll make him sleep easier at night, knowing he didn't completely do the wrong thing.

Incidentally, this is why I encrypt my disks. I really wouldn't want someone who traffics in stolen property to have access to all my personal information.

I have a somewhat related question.<p>You see, I buy used hardware. Mostly from ebay, sometimes from craigslist. I always walk if it smells funny. (if it seems fishy, I often offer to exchange ID, and if the other guy refuses, I walk. Once someone offered me a good deal on a laptop but wanted to meet me on a freeway offramp. )<p>Really, even just exchanging ID every time wouldn't solve the problem... you see, many people buy things used, use them for a while (or not) then turn around and sell them, either in hope of turning a profit, or simply because they got bored with the item; I can imagine many ways a stolen item could come to be owned by someone who had no idea that it might be stolen.<p>My question is this: Is there some sort of publicly accessible stolen goods serial number registry or the like that I can check my goods against? I mean, even after I got the thing, if it turned out to be stolen, I'd be cool with returning it and eating the loss. I buy enough stuff to amortize any losses... but both from an ethical and a liability perspective, I'd really like greater assurance that I don't have stolen goods laying about.

The final correspondence between us:<p>From me:<p>Hey,<p>I hope you're still checking this email. I owe you an apology.<p>You reached out to me in kindness, and with a good nature. And I responded with a threat.<p>Please accept my sincerest apology. Thank you for your generosity in offering to send me my data. Like you said, I didn't need it b/c I had it all backed up.<p>That was truly considerate of you. I hope that my knee jerk reaction doesn't keep you from continuing to be upright and in integrity.<p>Enjoy the machine, I hope it treats you well.<p>All my best, Shereef<p>--------<p>I will likely keep it. I am an entrepreneur myself and will actually be putting the computer to use. First by buying a new power adapter. Can't believe you were using a 60 watt adapter. It requires an 85 watt.<p>And i do know you didn't have lojack. I checked the processes and used little snitch to check out going signals.<p>I am sorry that i don't have better integrity but I know that i can put the computer to use and I will continue to do my part in the world and not be a drain on it.<p>------<p>Yeah. The lo jack thing was a poor bluff.<p>Good luck man. Seriously. I only wish you the best.<p>May your business be super successful.<p>And listen. Don't be too hard on yourself. In the end we are all going back empty handed. :)<p>It was good to meet you. Write back if you need any help with your biz.<p>Peace Shereef

If it is an Apple laptop (time machine) then report the stolen serial number to the police and Apple. If he brings it in to be serviced then there is a chance of recovery.<p>Nothing good comes from the act of stealing. I could get see with food and basic survival items (much less so in the US where organizations will give people these things), but not with a luxury good like a laptop.

Consider this for next time: <a href="http://preyproject.com/" rel="nofollow">http://preyproject.com/</a>

If you embed an image in an HTML email, you can find the IP of the machine in your server logs (when the email client requests the image from your server).

This is a good reminder for people to set an Open Firmware/EFI Password on their hardware.<p>If someone has physical access to your hardware then they can get access to all of your unencrypted data if they really want it. However, a firmware password would probably prevent someone from emailing you from your own account a couple of hours after they've stolen your laptop.<p>When the firmware password is set, your laptop will prompt for the password before booting from DVD, USB, or Firewire drive. It will also prevent booting into Single-User mode. You can set up a firmware password by using the Open Firmware Password.app in your Utilities folder.

You may well be able to trace it at least part of the way (or all if he was dumb enough to use the laptop at his work or home Internet) by looking at the full email headers, which usually retain the hostnames and/or IP addresses of each system it went through along the way. Including the origin IP of the laptop, indicating where it was at the time the email was sent.<p>Who runs your email services? If it is your local ISP, they may be able to get the IP address from the logfiles, though larger companies will probably brush you off.

File a police report, then file a claim with your insurance company. Pony up the deductible, and buy yourself a new laptop and restore it from your time machine backup. Its likely not worth the trouble to pursue getting the stolen property back.<p>This of course assumes that you have decent home owner's or renter's insurance, which should cover theft ever from your car. If you don't, then you should...<p>If someone's already mentioned this, I apologize. I didn't read through <i>all</i> of the comments.

Somewhat off-topic, but... This is a good time to point out the value of insurance.<p>For a few bucks a month, I pay my insurance company to cover my computers. For anything – theft, me being an idiot, accidental damage, whatever, they'll pay to replace it.<p>Whoever writes your homeowner's/renter's policy (you have a renter's policy, don't you?) can set you up with coverage for your laptop. A few bucks a month to replace what may be the most important, valuable tool you own is a no brainer.

Assuming you know something about digital snooping, and he doesn't know anything about privacy, you can figure out a lot about him, possibly even remotely access your computer and (if it has a webcam) take a picture and report everything to the police. You should talk to the police first (in fact, you should've the moment it was stolen), but explain that you know a lot about computers (most police don't have much in the way of computer security experts on staff, and they wouldn't waste their time on petty theft) and will be trying to find out more about this guy. They'll probably be glad for anything you might find, so long as it's well-documented and provable, and this kind of investigation should be admissible in court. There are reported cases of theft victims snapping pictures of thieves with their webcams and actually getting results.<p>If you feel bad for the guy, and assuming you find him, you can ask the cops to cut him a break if he gives evidence about the thief he bought it from. They will probably offer him this deal too, but since he already reached out to you, he will trust you more when it comes from you.

he's a criminal. he bought a stolen laptop (who buys a used computer without turning it on and exploring it a little to make sure things work? remember, he's smart enough to get your email, etc. he knows about computers and buying used computers).<p>contact your local police and explain the situation to them. ask if an officer can accompany you when you meet this person to receive your data (or whatever they think you should do...). you could then set up to meet in a public space and just have the police officer sitting somewhere nearby and then he'll walk over as your exchange takes place. i'm sure they can help with planning it all out and according to their policies...<p>if they turn you down for some bizarre reason (grumpy/lazy officer or receptionist maybe?) make sure to press the issue. make sure to walk in rather than just call. bring a copy of the email with you.<p>have a good one

I saw you are in the bay area. You should contact the REACT taskforce they specialize in online and technology based crime. <a href="http://www.reacttf.org/" rel="nofollow">http://www.reacttf.org/</a><p>This is a great team, I have dealt with them before and they won't give you the run around like other places.

Cops.<p>Cops, then the bank, then the insurance firm (you did take out contents insurance on the laptop, didn't you?), and then anybody else you have data on stored in your computer.<p>Ignore anybody telling you that they're going to tell the authorities because you have porn on your drive. It's pretty much a given that every laptop and computer in existence now has some porn on it.<p>If he knows what services you use, for goodness' sakes change every password you can remember. If your passwords are created by a master algorithm that you happen to have stowed on your hard drive, change that algorithm.<p>But first and foremost, cops. Give them all of the index and key numbers which identify it. Make sure to let them see that email. It has an IP address, and they can begin investigating from there.

If they're willing to buy a 160GB HD for you, appeal to them to just send you the original 240GB HD instead. For them to have their own 240GB+ HD installed may not be much more time/expense.

act all nice about it, and figure out some way to find out who he is, then fuck up his life.

Prevention is the best medicine... Checkout my recent blog post on portable security: <a href="http://fpux.com/2010/03/23/portable-security/" rel="nofollow">http://fpux.com/2010/03/23/portable-security/</a><p>As previously mentioned, prey project is great. If you combine it with encryption, guest account, and firmware password -- you've created a helpful environment to get your machine back.

Continuing with the investigation of Lionhearted, this person might want to know the exact place of your "sensitive data", instead of searching your hundred gigs. I would suggest that you offer him that you'll return back to him the price that he paid and you won't inform the police. See how it goes with him.

I read this same post on reddit a few weeks (maybe months?) ago. I'm looking for the post, but it's difficult to find old posts on reddit.<p>From what I recall, that person didn't get their data back, and given the nearly word-for-word similarities between that post and yours, I would guess that this is an ongoing scam.

<i>how did he get my email? how does he know i backed up to time machine? what would you do?</i><p>Your browser probably has a cookie that goes to the login page of your email service, which probably defaults to your name even if you type your password in manually every time. That page is likely near the top of your browser history. I do malware removal for friends from time to time and even after years of that I am still surprised by how much information is stored by browsers, and in how many places.<p>Same with time machine, the lists of what were backed up are probably stored on your HD in case you ask it to do a differential backup next time. All those little conveniences and preferences get squirreled away on your hard drive.<p>Your profile says you're in Oakland; with an underfunded police dept and one of the highest murder rates in California, you'll have to do your own detective work and give them an easy collar.<p>If you have the serial number, Apple can assist directly. If not, then there's still hope - the MAC address of your network card is often stored in firmware and may well survive a wipe of the hard disk and reinstall (even assuming the buyer is thorough enough to truly wipe the system). Do you use Wifi in your office? Routers often keep a log of MAC addresses and names of the computers that connect to them. Hardware routers can too, but they're more plug-n-play, whereas usually people configure the wifi to put a password on it and may have enabled the logging if it wasn't on by default. Failing that, since you have this person unwisely offering to help, at the very least you want them to copy your \system and \user folders in their entireties, preferably using some kind of automatic utility instead of by hand so that hidden files and stuff get included. So I say take them up on the offer, be pathetically grateful 'as long as you can get your settings and preferences back'. Having the MAC address won't help you find the computer, but it will help you verify that it's the one which was stolen if the thief hasn't been thorough.<p>Assuming the person actually comes through, there's a reasonable chance that you'll be able to find a log of the last IP address that was used, because they probably contacted you using your own computer. Could be in a coffee shop but if so they probably go there regularly. If it's associated with a residential address you're really in business. The cable or DSL company will probably be willing to tell you if that is the case as long as you don't ask for the street address or subscriber name, because then you can give that information to the police and the cable company won't mind giving it to them the way they would to you - getting a warrant for that ought to be very easy since a theft has occurred. You should report the theft straight away if you haven't already, you can fill them in on the technical details later after you have a case #.<p>If it is a residence, the police will take care of it. Having them turn up with a warrant is intimidating enough for most people, if they have printouts of system logs or something to wave around the thief/roommate/friend will probably spill everything they know, and try to give them enough information to track down whoever broke into your car. It's quite possible that the police already know this person but don't have an open and shut case to make a prosecution easy. Computer data can make for an impressive looking evidence trail, which can lead to a nice story in the local newspaper - 'cops and DA nab thief using computers tracking data'. Good publicity, pleases the taxpayers, deters a few wannabes.<p>If the offer to send back your data is just a cruel bluff, don't give up. You run a website, presumably you log in there all the time. If it's your start page or a favorite, there's a chance that the person opened it in the browser by accident or out of mild curiosity - people are nosy that way. Look at your visitor logs and see if there were any failed connection attempts to your admin account or whatever you have, and what IP addresses they came from. Of course you'll probably have a stack of new connections starting right after your HN posts from people like me. Look at the email timestamp and start tracing logged IP addresses about 90 minutes on either side of it - anything within say 20 miles is a possible.<p>That's enough to be going on with. Take the person up on the offer, maybe with some mealy mouthed words about how you don't have much alternative, suggesting (not explicitly!) that you tried the cops and they were indifferent. Say something pissy as well for credibility. Beg a little for your system and root directories - look at someone else's Mac, I don't know offhand how big those folders get. I would ask for the stuff on DVDs if that does not seem unreasonable: those can be got at Walgreens and the person is much less likely to blow off a trip to walgreens than a trip to store to buy a hard drive; they take fingerprints better than a hard drive will; and the lead-in data may contain forensically useful information.

If that was my laptop (and it wasn't encrypted), I'd take his offer and then report it to the police. I don't see what you lose on taking his offer, and every theft imho should be reported, if only for making statistics.

Short and simple; two-fold.<p>1. Read the advice on this page so that you've allowed yourself to see all possible angles. 2. Call the police and take it one step at a time with them.

It sounds like he may have visited the website of your email provider. Contact them directly and see if you can get an IP address from them.

My question is how did he unlock your computer in the first place?

tough luck...have heard quite a bit of unpleasant stuff about Oakland :( But,why would you want tell the whole world(HN), the exact contents of the mail?<p>And if he were to follow HN.. with comments about tracing IP, etc .. he might have gotten really scared...perhaps your laptop is enroute to your house!

filevault &#38; crashplan.com

post the email headers here

Ask the police permission to send him a virus by email..