Forgot your password?
typodupeerror
Social Networks Twitter Canada Crime

O'Reilly Author's Laptop Rescued By 'Twitter Posse' and Prey 123

Posted by timothy
from the dog-eat-dog-good-boy dept.
An anonymous reader writes "Bad news: a Canadian who visited New York had his laptop stolen. Good news: it was outfitted with Prey, the open-source computer tracking application. Better news: a group in NYC made a 'geek squad intervention,' faced the culprit and retrieved the laptop safely. This case naturally raises the usual sorts of questions about the 'Twitter posse' culture." The victim-turned-victor is author and consultant Sean Power.
This discussion has been archived. No new comments can be posted.

O'Reilly Author's Laptop Rescued By 'Twitter Posse' and Prey

Comments Filter:
  • If you steal a laptop for the hardware,why wouldnt the first thing you do be formatting it.

    If you steal it for the data, why would you connect it to the internet at all?

    • by XanC (644172) on Saturday May 14, 2011 @01:49PM (#36127766)

      If you're smart enough to even pose these questions, you can probably do something better with your time than steal laptops.

    • Most theives are pretty dumb. I thought that would be obvious.

      On another note, this is the first time I've heard of Prey. It sounds like a pretty awesome utility to have on any laptop or phone. I work for the IT department at a university and we get reports of stolen laptops all the time. Advising users to preemptively install something like this might help. Does anyone know of any drawbacks to installing Prey?

      • I would have thought this would be theft 101
        like changing the SIM after stealing a mobile phone

      • "Does anyone know of any drawbacks to installing Prey?"

        I haven't seen any except it's software-based. The way it works is whenever you boot the machine, it will report the IP it's running from. You can then log into your account and report it as stolen. If someone of course takes out the drive, formats it or boots from an external drive, it will be defeated. But then again, as you said, most thieves are not tech people.

        • by TheLink (130905)
          Hmm I wonder if there's a decent free wifi mac address or BSSID geolocation database available.
      • by Atryn (528846)

        Advising users to preemptively install something like this might help. Does anyone know of any drawbacks to installing Prey?

        Pretty much anything associated with the drawbacks of vigilantism would come to mind... I think the concern expressed here is with regards to advising end users that they should consider taking down criminals themselves simply by equipping them with the means to find those criminals.

      • by rhook (943951)

        Does anyone know of any drawbacks to installing Prey?

        It looks like you have to pay for a subscription if you want access to the good features.

        http://preyproject.com/plans#pro-account-features [preyproject.com]

      • by jvkjvk (102057)

        Does anyone know of any drawbacks to installing Prey?

        The possibility of a truly fubar'd situation, should you try to be a vigilante.

        Everything from ending up dead to the criminal bleeding you dry in civil court.

        Regards.

    • by MoonBuggy (611105)

      If you're opportunistically grabbing laptops, you're probably not particularly smart or forward thinking. An intelligent person, operating outside the law, could almost certainly find a safer and significantly more profitable scheme.

      • by Grishnakh (216268)

        No, intelligent but evil people don't even need to operate outside the law. They find ways of making tons of money that aren't illegal at all, and if some law stands in their way, they just buy off some politicians to have the law changed. Why do you think CEOs are so rich?

    • by GIL_Dude (850471)
      If they stole my notebook, they would have to format it. There is no way they would be able to guess my password and get logged on. And since the drive is encrypted - simply removing it and placing it in another computer to try to get the data is not going to work. I am always amazed at these people who do things like loading this "prey" software but can't be bothered to have a strong password on their notebook. It just seems stupid to not protect your data more than you protect your device. I imagine most
      • by xMrFishx (1956084)
        The only thing there I have to comment on there is Windows passwords are a joke to bypass. Obviously that's why you encrypt, but windows passwords alone won't stop anyone. I've had to break into 3 of my own systems before and I found myself very surprised at just how easy it was to do. Once was a corrupt logon system preventing any users logging on, once was me cocking up a password change (yeah, oops) and the other I think was a friend locking himself out of his own laptop.

        Then again, if your average
        • by snemarch (1086057)
          ...as opposed to *u*x user accounts, which are hard to break into if you've got physical access to the machine? ;)
          • by hedwards (940851)

            Depends, are we talking encrypted /home or just the standard password? The standard password won't protect you any more in *NIX than it will in Windows, if you're really concerned with your data there are better precautions to make.

            • by snemarch (1086057)

              Just the standard account passwords - a vanilla setup :p

              The kind of person that would use encrypted /home on Linux would hopefully use BitLocker or TrueCrypt (or at least NTFS encryption) on a Windows box.

          • by xMrFishx (1956084)
            Honestly, never tried or had to, hence only commenting on Windows. Actually then again thinking about it, Mac ones can be reset with a bootable OS disk iirc with even less effort than Windows. Anyway, my point was that they're only a deterrent (but you all know that anyway :) )
            • by snemarch (1086057)

              My point is simply that if you've got physical access to the machine, any of the major OSes today (with a standard configuration) can be broken into with ease. A traditional *u*x system is even a bit easier than windows, since if you're root you can read everything - if you're mounting somebody else's NTFS disk on a Windows system, you'll first have to reset/modify individual file permissions before you can access everything.

              Resetting user passwords is as easy on Windows as it is on Linux - but keep in mind

              • by xMrFishx (1956084)
                I understand you now, sorry wasn't trying to argue or anything.

                p.s. This click anywhere to unfold the page thing is really annoying on /.
              • How does NTFS per file encryption work if I boot the disk in a Linux box?
                • by snemarch (1086057)

                  Good question, I honestly don't know how (or if) it's implemented.

                  But, basically, you've got a pub/privkey per user, protected by logon credentials; each file has a different symmetric cipher protected by the pubkey. So if you don't bruteforce the user credentials, you're not getting access to the files.

      • Considering I use my laptop mostly to access web services, the cost of the laptop itself is more important than anything in it. So Prey is better in my case than whole disk encryption.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        I don't care about the data on my laptop. However I do care about my laptop.

        Solution? I don't put any password or encryption on it, and any thief can instantly use it. They think "allright won't have to format it", and then Prey kicks them in the nuts.

        • by rhook (943951)

          I would keep all important data encrypted and leave a separate account for thieves to use. Just name it 'Friends' or something similar.

          • by RockDoctor (15477)
            Wrong way round : the default account that the system presents to the user should be the (relatively limited) account you want the thieves to use. YOUR account should take time and effort, as well as knowledge to access. You'll need to know to change the username to "rhook943951" from the default, and to enter the strong password.

            For added security, tape a bit of paper to the keyboard saying something like "un : Default User ; pw : password" and have that account be the default one that pops up waiting to

            • by rhook (943951)

              I've had a laptop stolen from me before and recovered so I am speaking from experience here. Thieves will use whatever account they can simply click on to login. I made sure that my dummy account was limited so that they could not install or change anything on the system. Snatch and grab thieves hardly know anything about the stuff they steal. In fact it appeared that they were only using it to look at porn.

          • by he-sk (103163)

            That's what I did when I had Adeona installed. The laptop automatically boots into a honeypot account, while my actual account is encrypted. Then Adeona went offline and I got a new laptop, where I didn't bother to replicate the setup.

      • by snemarch (1086057)
        Protect your valuable data in a TrueCrypt container (or dedicated partition) rather than having the system partition encrypted, coupled with Prey or some other service. Best of both worlds?
      • by rhook (943951)

        If your drive encryption scheme doesn't have a boot password/PIN, your encryption can be bypassed.

        http://www.ghacks.net/2008/07/20/software-to-defeat-disk-encryption-released/ [ghacks.net]

      • It actually makes a lot of sense not to have a strong password on the laptop, here's why:

        All of this tracking software is software based so if you use strong passwords and full drive encryption then the first thing the thieves will do is rip out the drive, thus disabling your tracking software, and you'll lose any chance of recovering it. On the other hand, if you put no password on it (or tape the password to the screen) then the thief isn't going to bother ripping out the hard drive and your tracking sof
    • by Noughmad (1044096)

      If you steal a laptop for the hardware,why wouldnt the first thing you do be formatting it.

      If you steal it for the data, why would you connect it to the internet at all?

      It's still very useful for phones. I don't know what the situation is elsewhere, but here in Slovenia there's a long tradition of stealing mobile phones.

    • How was the guy able to use the laptop? Didn't the owner have a password plus encryption on it? Either he wasn't very bright, or he was so devious he left these things off so that any potential thief could use the laptop, thus allowing his "Prey" application to catch the miscreant. Very clever sir, very clever. Or not, whichever the case.
  • I would definitely prefer to use full-disk encryption on my laptop, and write off the hardware. Much better than having who-knows-who access to all my data.

    • Well for this author which one would be most valuable would depend largely on where his work/authoring was stored. For me all of my critical work that I would regret losing is on an encrypted flash drive attached to my key-chain, and backed up to a dropbox account (encrypted before backed up of course). If my laptop was stolen the cost of the laptop would be the biggest loss, personally I don't go with whole disk encryption because I don't like the chance of having to re-install re-setup my things in the sl
      • by snemarch (1086057)

        and backed up to a dropbox account (encrypted before backed up of course).

        Good call, considering how untrustworthy dropbox are - consider checking out SpiderOak instead, zero-knowledge crypto ftw.

    • You can have it both ways. Have a tiny partition with a dummy XP install with no password and Prey setup. Put the real stuff on an encrypted Linux or other Win install. Use Grub to manage everything and keep a second Windows install happy with the partitioning.

    • Why not just encrypt the important data (truecrypt container, for example) rather than encrypting the entire freaking disc? That way your data is safe and you stand a chance of recovering your laptop. I prefer not to write-off stolen $1200 machines if I can avoid it. Also, if you value your time at $100/hr (I don't know about you, but that's way more than I get paid) then you can spend up to 12 hours recovering your laptop (calling police, filling out reports, etc.) and still come out ahead economically.
  • "Power tweeted that he had called police but said they told him they wouldn't pursue the case unless he filled out an incident report."

    Let this success story be a testimony that you can still rely on your neighbor when you're in need! Kudos to those who helped, when the police bureaucracy let it fall through the cracks.

    • by Nidi62 (1525137)

      Kudos to those who helped, when the police bureaucracy let it fall through the cracks.

      The police bureaucracy didn't let it fall through the cracks, he did when he declined to file an incident report.

      • The police bureaucracy didn't let it fall through the cracks, he did when he declined to file an incident report.

        Unless it's a huge loss or it happens to a talking head, the police really don't give a damn.

    • Frankly, that's how it's supposed to work. It is perfectly possible to have people deal with minor infractions of law & order between themselves without bringing in police (or resorting to violence). In many cases, merely pointing out that you have seen it and strongly disapprove can have a great effect if the majority of people around can be bothered to do it, and not just shrug it off as "not my problem, there's police for that" and walk away.

      This also frees up police officers to deal with those issue

  • Prey sounds all well and good, but who's watching them? How do I know they aren't using this to track where I am?
    • by Bazirker (1507659)

      Prey sounds all well and good, but who's watching them? How do I know they aren't using this to track where I am?

      I haven't looked closely at it, but isn't their software open source, therefore you can look at/compile the code yourself and know exactly what it is that you're running on your own machine, i.e. you're "watching the watchers"? I'm curious to know the answer to this too!

  • by dtmos (447842) *

    But when remembered about the software a couple days later, he set about to track his computer down.

    Are there no editors left in Canada? Who writes this stuff?

  • I agree with ArchieBunker [slashdot.org] and people seem to be commenting completely on the sidelines. I really recommend RTFA if only to avoid going to the joint that the thief co-owns (I don't care what he says at the end, he should have given it back, he didn't, he's a thief).
    • by rhook (943951)

      If you read the article you will see that he did in fact get the laptop back.

      • by cyberfin (1454265)
        I didn't express myself as intended, apologies. I meant to say that he should have given back the laptop as soon as he laid hands on it, not wait until he got confronted.
  • I've been reading Slashdot for a loooong time, so you can understand my surprise to read a useful article! I've got some kids coming through my neighborhood ripping off electronics from inside people's cars. I shouldn't have to lock my car in my own driveway. Luckily, I have an old laptop that I was getting ready to donate. It's going to be fun!
    • "I shouldn't have to lock my car in my own driveway." lol.. where do you live that you think you don't need to lock up your possessions?
      • You shouldn't have to lock anything. People shouldn't take what isn't theirs.

        Obviously he's not speaking in terms of reality, but rather what should ideally be the case.
  • by TechnoGrl (322690) on Saturday May 14, 2011 @05:18PM (#36128988)
    I've been seeing this story all over the web the past few days. Some people have brought out some very interesting points that seem to have got lost in the promotion of this story:

    The author happens to be a Canadian SEO marketing person who published a few books on SEO techniques with O'Reilly

    The author's completely random twitter contact,Nick Reese, who helped him turns out to be also an SEO marketing person. Interesting coincidence there.

    The author claims to have lost his Canadian health card, his birth certificate and a significant sum of money along with the laptop that were all in his laptop bag yet he never reports this to the police at the time of the theft. Only several days afterwards in a twitter post does he claim to have contacted the police. Does this make sense?

    A young woman that the author describes as "Purple Sarong Girl" was the one who actually recovered the laptop as twittered by Nick Reese. Yet both Power and Reese refuse to release Sarong Lady's name even though she was the one who actually recovered the laptop. Sarong Lady remains an unsolved mystery.

    The author says he installed Prey but "completely forgot about it" untill several days after the "theft" after which he twitters about the Prey screen shots that re remembered to look at. If you installed Prey and your laptop was stolen do you think you would have forgotten about your primary recovery system for 3 days after the theft?

    So a LOT of questions remain here as this story continues to be pushed out to all major tech sites around the world. Really good SEO technique wouldn't you say. In my mind the question remains whether Sean Power really had a theft here or is just demonstrating his use of marketing technique ("hey - look what we did for Prey in just a week !" ). It is probably very hard to determine one way or another but this story fails the "Does this make sense" test in so many ways that I have to question it's legitimacy.
  • Unfortunately Prey has not been of any help in getting my laptop back. :( It was stolen from my house while my mom was out on her day off running errands and I was at school. My best guess is that the person who stole it just nuked the windows install. I have a suspicion of who may be the perp, but no real evidence, we're waiting on DNA results that should come back 3-12 weeks from being collected. The machine was stolen almost a month ago, I doubt I will be getting it back, but I guess the good thing is
  • Here is a good log of the relevant tweets, by both Sean and others that were connected, and some commentary: Man tracks stolen laptop hundreds of miles away, calls thief - storify.com [storify.com].
  • I use a different program to protect my laptop. It's called Pray. It involves 5 cubic centemeters of C5 explosive. Nuff Said.

    • Oh? I heard of a different Pray that protects your stuff. The Christians use it, I think, and it is 100% effective at preventing the theft of objects that God does not want stolen.

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...