The Feds can solve this in an hour with what you have now. Even if it's on an open WiFi network belonging to someone else the FBI has already solved such problems in the past. Someone is in federal prison for that case in Florida.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Stolen Macbook Pro Located w/ iCloud (Pictures!)
- Thread starter Luke 007
- Start date
- Sort by reaction score
The Feds can solve this in an hour with what you have now. Even if it's on an open WiFi network belonging to someone else the FBI has already solved such problems in the past. Someone is in federal prison for that case in Florida.
I so hope you get this back mate!!!!
We'd never get any help like you In the uk..
The 5 police officers left protecting England are far too busy.. Oh and the thief has a human right to enjoy using a stolen laptop
Anyway best of luck, I love it when the Internet tracks and resolves things like this.
We'd never get any help like you In the uk..
The 5 police officers left protecting England are far too busy.. Oh and the thief has a human right to enjoy using a stolen laptop
Anyway best of luck, I love it when the Internet tracks and resolves things like this.
Im not a local... at all (im from the UK)
but this made me giggle lol
EDIT: and OP i really hope you do get you laptop back, it sucks that it has been such hard work
this has, however, been a gripping read!
Last edited:
Meh,
Personally I'd just bring it with me. Anyone could 'spill' water on it or do something else stupid and ruin the laptop.
Just curious, did you manage to determine the IP of the stolen machine on the open wifi network?
P.S. I suggest that you remove the pictures and maps of the approx location of your MBP (first page of this thread). Macrumors is a very popular forum and the thief may stumble upon your thread by accident whilst looking for help with a Mac issue. At the moment you have the advantage because you've located the thief's approximate whereabouts. But if he finds out that you're on to him your Mac will vanish in the blink of an eye.
I'm not sure how this could be happening. As far as I know it'll connect to one network only. I don't know if it's a Kismac glitch or something but honestly without looking at the kismac file I'd have no idea. What channel is it using?
I think you should give Apple another try at this point. Call them up and give them the serial, the mac address, your iCloud credentials, and ask them for the IP it's connecting from. If you've got a case number, that might help things along, and specify that this is not the thief's data. You're asking for YOUR data, specifically the IP address that YOUR iCloud account is connecting from. Ask if there's a log of connections - I'd be surprised if there isn't. Polite but firm is the way to go, and ask of there are names or numbers you or the police can call if you get stonewalled.
By the way, do you have an iTunes account? That might be another way to go, especially if you have your iTunes password saved in iTunes. Check for purchases.
-the following is of questionable legality. IANAL and you do this at your own risk-
You can sniff with kismac again and do a "capture everything" on the channel that you see the macbook. if the network is unencrypted you'll get every connection the person makes and a lot of traffic in clear text (unencrypted webpages, IM conversations, etc.). You can parse this data in wireshark and you can nail it down to the person using the computer with this data. This might not be legal since you don't have permission to be on the network. If you have to hack the password for the network (there are tools out there) then it's definitely illegal. The information is pretty much unusable anyway since you can't explain how you got it without exposing yourself to legal risk.
Also, look at the link I gave you earlier with the names of people living on that street. Maybe one of them goes to the college you go to and is the perp. I don't know if student attendance is public record or not but you could always try it. Call your school and ask "Does X currently attend the school? Does Y currently attend the school?" If they say no then oh well. If they say yes then it's one more data point to hand to the police. They could have bought your laptop at a yard sale for all you know, so there's no guarantee that they're the thief. But it's something.
I understand the officer's logic: If the network the laptop is on is encrypted, that means that the person who runs it either gave the password to the perp, was hacked by the perp, or is the perp. Two out of the three options mean that they know who has the laptop and a search is warranted. The third would be explainable as an honest mistake. If it's not encrypted, there's no relationship implied and it could be a neighbor with the stolen laptop just taking advantage of free internet. The flipside of that is you can connect to the unprotected network yourself and go to whatismyip.com to get the IP, and get kismac to keep every packet it sees which you can scan through for clues to the current user's identity.
I think calling Apple is your best bet. Second best would be a close-up wifi scan to find where the laptop is operating, but it's probably dangerous to walk around in that neighborhood with an open laptop. It will likely either get you mugged or give away that you're still looking.
Not gonna lie I have no idea what your talking about! I will google but can you elaborate??
I'm not sure if it has been mentioned yet but it is worth mentioning that even if a wireless access point is not secured does not make it legal to connect to it. It is illegal to do and people have been convicted for doing so. Tread lightly OP, you can get into a lot of trouble for what you have already done.
Apple has a well known history of providing no help in these types of matters. He will only get no where, get frustrated, and waste time.
Apple has a well known history of providing no help in these types of matters. He will only get no where, get frustrated, and waste time.
MORE GREAT NEWS!
After more digging through my Kismac data I discovered that the 5 networks it was showing up on it was actually not sending or receiving any data, or giving off an I.P. address, so it must have just been barely detected by the network (airport) and that's why it showed up. I finally found the network (unencrypted Cisco-Lyncsys) that it is sending and receiving data from with the exact I.P. Address!
So now I have the specific network (although it is open), the MAC ID#, and the I.P. address my computer is connecting from. Still waiting for my detective to call me back after emailing him all of this!
Gonna call the FBI right now!
After more digging through my Kismac data I discovered that the 5 networks it was showing up on it was actually not sending or receiving any data, or giving off an I.P. address, so it must have just been barely detected by the network (airport) and that's why it showed up. I finally found the network (unencrypted Cisco-Lyncsys) that it is sending and receiving data from with the exact I.P. Address!
So now I have the specific network (although it is open), the MAC ID#, and the I.P. address my computer is connecting from. Still waiting for my detective to call me back after emailing him all of this!
Gonna call the FBI right now!
Please be careful with what you are doing. I know you mean no harm, but you should probably consult with your detective first.
According to the new Homeland security laws, unauthorized access to the even the unencrypted wifi is a felony (both federal and in some states). (see http://www.dba-oracle.com/t_unauthorized_access_computer_network_crime.htm
Not only, you may be arrested, the evidence you collected also can't be used to prosecute the perpetrator in the court.
You should consult your detective, asking him about getting a warrant, then collect the evidence (again). Your kismet packets contained timestamp showing at the time you collected it, the police had no warrant.
Also without a warrant, even you find out the ISP from the real IP. You can't get expect ISP to disclose their subscriber's name and address.
Hopefully your perpetrator doesn't also steal WiFi from his neighborhood. If that is the case, you might want to ask the police to check who in that area goes to the same university as you do.
According to the new Homeland security laws, unauthorized access to the even the unencrypted wifi is a felony (both federal and in some states). (see http://www.dba-oracle.com/t_unauthorized_access_computer_network_crime.htm
Not only, you may be arrested, the evidence you collected also can't be used to prosecute the perpetrator in the court.
You should consult your detective, asking him about getting a warrant, then collect the evidence (again). Your kismet packets contained timestamp showing at the time you collected it, the police had no warrant.
Also without a warrant, even you find out the ISP from the real IP. You can't get expect ISP to disclose their subscriber's name and address.
Hopefully your perpetrator doesn't also steal WiFi from his neighborhood. If that is the case, you might want to ask the police to check who in that area goes to the same university as you do.
I highly doubt those people would have a spare drive to back up all that. Remember, they stole a laptop, you really think they'll have a drive to do backups?
If they do however, the back up will reconnect the machine back to iCloud and OP can wipe it again, and again and again.......
I hope you get it back but I must say.
This thief has to be one of the dumbest people in the world.
This thief has to be one of the dumbest people in the world.
If you think the FBI is going to help then you deserve to loose your laptop. Sorry to be harsh but they really do not care. You could call the police to sit outside the place and try to call them out but they could shut you out and you'll be stuck with police shrugging their shoulders.
What would I do? Go round with a bat and beat the hell out of them if they don't give it back within 60 seconds. Would I recommend this to others? Nope. How much time and money have you spent? Or even worse, lost out on your studying this time of year? Break in and steal it back... while your there, take a dump in their fridge.
I've subbed to keep track of this... Good luck!
What would I do? Go round with a bat and beat the hell out of them if they don't give it back within 60 seconds. Would I recommend this to others? Nope. How much time and money have you spent? Or even worse, lost out on your studying this time of year? Break in and steal it back... while your there, take a dump in their fridge.
I've subbed to keep track of this... Good luck!
A few thoughts, in case the thief also steals neighbor's WiFi....
Can you (and the police) monitor wifi signal strength from the Cisco-Linksys router web admin page? You can guess whether perp is in the same house as router's owner, or how far he is from the signal strength.
Another idea is if you (and the police) can identify the location of five SSIDs you listed, you can roughly triangulate the perp's house using google map, and draw 100-200ft circles center from each SSID's location. The perv must be in the overlapped area.
Good luck and hope you get your MBP back soon.
Can you (and the police) monitor wifi signal strength from the Cisco-Linksys router web admin page? You can guess whether perp is in the same house as router's owner, or how far he is from the signal strength.
Another idea is if you (and the police) can identify the location of five SSIDs you listed, you can roughly triangulate the perp's house using google map, and draw 100-200ft circles center from each SSID's location. The perv must be in the overlapped area.
Good luck and hope you get your MBP back soon.
He needs to call I.C.E.
ICE has the cyber skills and access to federal warrants just as the FBI does. They are more likely to help than the FBI.
This detective should have contacted both federal agency's as well. It's common for local police to do so.
LOL yeah I think I'll use my brain and get it back that way
----------
They aren't. The person who stole it has no idea that I am tracking him and goes online frequently. I have a feeling if he had read this forum he would have wiped the macbook clean of my ability to track him a long time ago.
----------
I will do so first thing in the morning. I will also let my detective know that at this point in the investigation it would be beneficial for us to do so.
Now that we have the I.P. address my detective is trying to locate the service provider. So far when he puts the I.P. address into his database he gets the company "IANA - Internet Assigned Numbers Authority" which is headquartered in Marina Del Ray.
But that company apparently does not actually handle the I.P.s, it just issues them out...or something along that line. After speaking to my Detective he seemed to think he could figure something out and move forward with pinpointing the residence hosting that I.P.
----------
Thanks for the tips, I'm actually not sure exactly what the "signal" in Kismac's data represented, the strength of the signal between Kismac and the computer or the signal between the stolen computer and the router, I will research to find out, does anyone know?
I have narrowed it down to one unencrypted SSID (network right?) now with my macbook clearly sending and receiving data with my unique Airport MAC address and I.P. number.
Take that IP address to the cops - that's all they will need to find out who it is.
There is a possibility he is stealing wifi but it's worth a shot. Maybe try to find out a way to determine signal strength of the connected devices (I'm sure there is software for this - some routers provide this info too). If the signal is strong then you're golden.
Maybe also look at the names of the devices - this isn't scientific or anything but it might give you some clues.
There is a possibility he is stealing wifi but it's worth a shot. Maybe try to find out a way to determine signal strength of the connected devices (I'm sure there is software for this - some routers provide this info too). If the signal is strong then you're golden.
Maybe also look at the names of the devices - this isn't scientific or anything but it might give you some clues.
Last edited:
Hahahahahahahaaha mac nerd who thinks he's tough.
Mate, that's a great way to get yourself killed. What good is a bat against a gun? Or you against several bigger guys in the house? Yep, you've *really* thought this through
Hahahahahahahaaha mac nerd who thinks he's tough.
Mate, that's a great way to get yourself killed. What good is a bat against a gun? Or you against several bigger guys in the house? Yep, you've *really* thought this through
1: You presume i'm a nerd who hasn't has an 'old life' part of this racket... This may be based on your own perception of your friends or even yourself but never presume someone can't take care of themselves...not anyone
How much did you spend on your retina macbook? Did you find that money down the back of the sofa? I understand you though if you're 'a nerd' who isn't in the position of doing this. That's ok, its not the safest way and not worth the risk if you're not confident. 2: You presume they have a gun when it's likely just uni students as the op was in the library. I'm sure these scary library students are tough guys too.. I think you've watched too many films, this isn't 'Taken' with organised crime gangs who have guys hidden amongst their library books where the mac was picked up. We're talking about a couple of kids that would avoid violence if a group of large guys turned up at their doorstep. Think about it, turning up at your doorstep - that's scary enough.
3: This may be a route I would take. And i said, i wouldn't recommend this to others. If i were to do this, I wouldn't go alone. I'd bring my 'nerd' friends and buy them drinks rather than pay for a private investigator.
I've read a few stories like this with all the hassle of trying to get it back and paperwork/red tape before the macbook was sold off on craigslist to get it far away as possible. and you'll never see it again so get the police on this quick if you're still on it. I've had circles of friends in an old life who use to get goods, send them to different parts of the country for sale. It's been over 1 week so far... Hope you get it back
Last edited:
Have you captured a public or a private IP address? There's a very important distinction here: if it's a private address (see ranges below), then it's not really useful for identifying or locating the thief. For instance, I have the private address 192.168.1.1 which is probably used by millions of other people with wifi routers or other NAT-enabled devices.
Private ranges:
a) 10.0.0.0 10.255.255.255
b) 172.16.0.0 172.31.255.255
c) 192.168.0.0 192.168.255.255
IMHO Apple is your best chance to get the IP address of the thief, providing that he is connecting to Apple's servers with his own ISP (and not piggy-backing off an open wifi hotspot).
Anyway, I really hope you get your MBP back. I've had stuff stolen from me when I didn't have a lot of money and it was really a painful experience.
As another poster mentioned, since it's on an unencrypted network you can sniff all the traffic going to / from your mac address. (sort of like google did when they drove around taking street view pictures) I'd park outside a few hours a get a huge capture file then go sifting through it later.. Other than traffic which is encrypted at the application layer (ie traffic such as https, ssh, vpn, or any other apps which encrypt data themselves prior to transmission like FaceTime), you'll be able to see everything in clear text .
Sounds like you've gotten in touch with a receptive detective and if you could pull some personal data from the capture file it would likely help your case.
You should be able to sniff data going to/from your MAC address without actually connecting to the unencrypted network... not sure if kismet does that but wireshark (in promiscuous mode) does. Still as others have mentioned maybe run this over with the detective to ensure you're not violating any laws.
Sounds like you've gotten in touch with a receptive detective and if you could pull some personal data from the capture file it would likely help your case.
You should be able to sniff data going to/from your MAC address without actually connecting to the unencrypted network... not sure if kismet does that but wireshark (in promiscuous mode) does. Still as others have mentioned maybe run this over with the detective to ensure you're not violating any laws.
Luke,
If you have the IP, try plugging it into http://www.ip2location.com/demo
Should confirm the location and tell you the provider too.
Don't take that information too literal either. I plugged my IP in there and the zipcode was wrong. However, everything else was good.
Good luck!
Jeff.
If you have the IP, try plugging it into http://www.ip2location.com/demo
Should confirm the location and tell you the provider too.
Don't take that information too literal either. I plugged my IP in there and the zipcode was wrong. However, everything else was good.
Good luck!
Jeff.