Stolen Macbook Pro recovered via Mobile Me
The Macbook Pro was stolen out of my wife’s checked baggage during her Delta flight to LA on July 9th 2008, the same day Apple went live with Mobile Me. We have since learned the thief was a TSA agent working in the Delta terminal at JFK.
At some point in the following 2 weeks, the thief sold the computer to his brother, who elected not to wipe the system and reinstall the OS, but instead had someone reset the admin password so he could use it. He was likely advised to keep it This proved to be a bad decision. More later… He may have been advised by the thief to keep it off the internet for a while in case someone was tracking it, and as a result, the computer was off the grid for months.
In mid-January 2009, he must have decided it was ok to hop on the net again, because the machine suddenly popped up on Back To My Mac, 6 months after it was stolen.
Within a week, and with the help of a clever Tekserve ProServices engineer and the Apple discussion boards, I was able to use the Back To My Mac connection and some handy DNS terminal commands to ferret out both the DNS name (nyc.rr.com) and IP address he was connecting from, which I immediately delivered to the Port Authority Police. Armed with the IP and the name of the ISP allocating it, they subpoena’d the record from the ISP. This process took almost 4 months.
In the meantime, since the computer kept announcing itself to me every time it connected, I endeavored to do everything I could to provide as much possible information to the Police to expedite recovery, which took some industrious clue seeking… Because the password had been reset, I had no admin access, so some guesswork was required. Fortunately, the thief is not schooled in the art of security. I had set up 2 user accounts, and he reset the passwords and changed the names of both accounts. I quickly learned that in fact, the password for account 1 (the admin account) was the username for account 2. From there, things move quite quickly.
I downloaded all the small files I had on the machine that I had lost in the theft, then progressively went through and deleted everything of mine that I didn’t want him to access. A co-worker even wrote a script that snapped a photo and emailed it to me every half hour the computer stayed online. The real key, however was the login keychain.
Using the keychain and passwords in it, I was able to log into several of the possessor’s online accounts to obtain information about him and deliver it to the police. This information included: employers (JetBlue @ JFK, FDNY), home address, Job description, etc. I passed it all to the police, including photos of him in uniform for FDNY, at work at JFK, using the computer at home, and desktop screenshots.
Having provided the police with all the information they could possibly want, it became simply a waiting game… Finally, when TimeWarner responded to the Subpoena and provided an address that matched the one I’d gleaned from his Ebay account, the police moved. They’d already been tracking him due to the information I’d provided, and had already lined up everything. They picked him up at work in mid-May, and he willingly surrendered the machine. At this point it was held as evidence.
The only question now was how a guy who worked in Food Services at the Jet Blue terminal got a laptop out of a bag checked through in the Delta terminal. The Police took him on as an informant, but he was uncooperative. The detective at the Port Authority PD working my case was able to discover that the guy’s brother happened to be a TSA employee working at the Delta terminal! could this be the break?
Unfortunately, since the person who I’d exposed refused to rat on his brother, there was no actionable evidence to make an arrest. But the police knew this couldn’t be just a coincidence. So last month they set up a sting. Delta finally agreed to install a security camera in the presumed thief’s inspection area at the urging of the TSA and the PAPD (Security cameras are the responsibility of the Airline, not the TSA). They sent a checked bag through with a brand new laptop inside, and he stole it!
With the actual culprit finally under arrest, the police were finally able to return the computer to me. Today, July 10th 2009, a year and a day after the machine was stolen, the laptop has finally been returned to me. Unfortunately, the thief deleted 95% of my data (I didn’t have a working backup, Yikes!) but at least the computer is back with it’s rightful owner. It’s been an exciting 6 months since I first saw it pop up on Back To My Mac. The only thing left now is to await news of a conviction for the thief! I’ll post an update when it happens.
Thanks to Aaron, Raji and Quentin on the Tekserve ProServices team, Detective Kehoe at the PAPD, the Mobile Me team at Apple, and “Snoop Dogg” on the Apple Discussion boards for his post that got the ball rolling (http://is.gd/2lgix).
Update: Sting operation nabs the thief! Brian Burton (27)… You can read the full story of the sting operation at the new york daily news website here: http://bit.ly/13BIWw