Caught a Theif

Forgive me as I am just excited over the fact that I was able to catch a student that possibly stole 16 laptops from one of my High Schools.

It all started when I received alerts for iMesh being run on one of our computers connected to the network. At first I thought nothing of it and called over to the school and asked the local tech to ghost the laptop because it looked like the program just may have gotten installed. Well he tells me that the laptop has been missing since last spring when a bunch were stolen. Well obviously it is still on our network somewhere so I decided to play detective. I assigned it a static IP using a DHCP reservation so it would always get the same IP and make it easy for me to know when the laptop was online. When it would come online I would get a response alert and I then would go through my cisco switches searching the mac address tables to trace down what part of the network it was connected on. Since it was on the wireless I could only get what access point it was using so I only got a general area. I did this for a couple days and a pattern was noticed. So with the help of the tech staff in that building we scheduled a couple stake outs and sure enough it connected and they looked and saw a student using a laptop. This made me happy that we were able to catch this kid with a stolen laptop, but what made me even more happy is when the police got there they discovered he had 15 more laptops in his possession. He claims he and his father bought them off ebay so the police are gathering the information so we can cross reference serial numbers, but 16 is the number of laptops that were taken from that school. So hopefully with the help of the police and eBay (if they were infact purchased off there) we can track down the original thief it does not turn out to be this kid himself.

Why I got excited was is because originally my boss felt I was wasting my time on looking for this one laptop and now that it turns out we may be able to recover all 16 of them he is glad that I spent a little time doing what I did.

Hah..always is nice when something turns out like that..I wonder just what the chances are that someone in the same town, going to or hanging around the same school, actually purchased those off of ebay?

Good job! Glad to see it worked out for you.
I hope he doesn't really believe such a see through story that he bought them off EBay is going to work. Then again a thief who doesn't take the necessary steps to cover their tracks deserves to be caught for being not only foolish enough to steal but foolish enough to believe he won't get caught.

Score!

How does someone spirit away sixteen (count 'em, 16) laptops without someone else seeing them ?

Strange.

Relatively easy CCT. With that many, people assume that you are doing something that you have permission to do. you stick em on a cart and walk em right out the building and no one will give you a second look.

So, it's not the laptops we need to control, it's the carts?

lol


:)

Then people would complain they can't use carts. We could go one step further and just control the people watching... Oh wait they're testing that dynamic in my country I believe they call it the Patriot Act. OK better plan that doesn't harm society just make the laptops uglier and less lucrative to steal. Some suggestions are Epoxy an alarm tag that not only looks gaudy but also trips a sensor that sets off a buzzer in the room that it's going where it shouldn't, An engraved section that says I'm stolen from [name of location} call this number for a reward. I'm sure I can come up with others but that's just the ones I'll say for now.

BTW Bob - great detective work!

Should have said that first.


:thumbs:

Quote:

---

Originally Posted by geoscomp

Hah..always is nice when something turns out like that..I wonder just what the chances are that someone in the same town, going to or hanging around the same school, actually purchased those off of ebay?

---

Thats why I think there is more to the story. This just happened today so I am sure I will get more details once the police investigate. I plan on calling a couple friends that I happen to have on the Police department in the town where it happened.

Quote:

---

Originally Posted by CCT

How does someone spirit away sixteen (count 'em, 16) laptops without someone else seeing them ?

Strange.?

---

Well my school district does not believe in using security cameras and I think that was because of our last superintendent. We got a new superintendent this year and we are in the process of rolling out a 3 year plan to implement campus wide security cameras starting with our computer labs and a couple other key areas. My district has had a high theft problem and we have lost countless computers and sometimes (like in this case) and entire lab or cart of laptops have been stolen. Part of the problem is the fact that teachers, staff, and probably students prop open doors and they stay open all night. We have a magnetic locks on many of our outside doors and because of their lazyness and refusal to carry around their mag key they leave the doors open. So we are putting these mag locks on the labs along with the cameras and they will also have a passcode pad so at a certain time we can lock it down and only assign the people that need afterhours access. Hopefully this move will help cut down or eliminate most of the theft. Some of the theft has been inside jobs from our outsourced maintenance staff and I know of at least 6 people fired and arrested in the past couple years alone. Over the past 5 years I have worked for this school district we have lost over $300,000 in technology equipment alone and I am surprised our insurance company has not dropped us as a result of the claims.

You also need some kind of alarm to indicate open doors, etc...in this day and age, a school building that doesn't have a lockdown plan seems like an anachronism

Quote:

---

Originally Posted by geoscomp

You also need some kind of alarm to indicate open doors, etc...in this day and age, a school building that doesn't have a lockdown plan seems like an anachronism

---

we do not have any audible alarms but the doors are electronically controlled and set on a time schedule to lock and open and allow access to certian people with a programmed Mag key. Of course proping them open defeats that purpose, but there are logs of doors left open on the server that controls them which the Deans office and Building security are responsible for monitoring. The ultimate source of the problem is our Administration Staff (Principals, Superintendents, etc...) have no real concept of management and no one is held accountable for their violations. There seems to be a lot of finger pointing going around and blinders that are put on when bad things happen. Like if they ignore it the problem will go away.

Like I said in a previous post we got a new Superintendent this year and I am already seeing signs of change for the better. Our last one was more worried about his golf game than making our school district safe and efficient. To be completely honest the only reason I think they are adding security cameras to our 3 high schools is because last spring one of our Staff members was sexually assaulted by someone that got into the building after hours and now she is sueing the District for not doing everything in their power to make the school safe for everyone.

Piece of advice Bob - play it cool and quiet with your involvement if you can. Make sure EVERYONE in the know shuts up.


DO NOT call your buddies in the Force.


Let it die down.


You keep being Rambo and you WILL raise your risk level. That district sounds like it has problems and they will NOT be gone soon.


Or not.


:)

Ooooh here is a fun idea! I forgot the name of the movie but make the laptops explode if they go outside of a certain radius (idea stolen from a movie that had exploding collars on the inmates). Hmmm could cover them in bacon grease and once they get outside ravenous guard dogs would pick up the scent.

Quote:

---

Originally Posted by CCT

Piece of advice Bob - play it cool and quiet with your involvement if you can. Make sure EVERYONE in the know shuts up.


DO NOT call your buddies in the Force.


Let it die down.


You keep being Rambo and you WILL raise your risk level. That district sounds like it has problems and they will NOT be gone soon.


Or not.


:)

---

You're probably right, I am just curious to see if the other laptops they have all belonged to us. I was going to wait and see what information the school gives up to me. I just had a conference call with the Head Dean and the Security Officer because they wanted a statement from me on how this was discovered and told me that I may be called into the police department later today or tomorrow.

'Curiosity killed the cat.'


Given the times, the climate, and the weakness of North American law, ................

Satisfaction brought him back:)

Congrats on a good result Bob!

Quote:

---

Originally Posted by CCT

So, it's not the laptops we need to control, it's the carts?

lol


:)

---

LOL :devil:



Great one Bob.. I have great respect for people who follow instincts like that..

A good piece of work, Bob. I think the whole Ebay story sounds like a sham, and I expect you're safe from the mob. We have a huge refinery right on my doorstep, and they see something like a couple dozen laptops disappear every year. Oddly enough, most of the thefts happen right around Christmas.

Most of the time, these are "in-house" affairs, but there have been some contractors involved as well. I get a fair number of these machines, because the thieves can't manage do things like figure out how to clear a password set in the BIOS and reformat the drive to install a new OS or otherwise cover their tracks.

Of course, it isn't like a log on screen that says "Warning! This computer is the property of Humongous Oil!" is obvious or anything. I call the IT Director, verify the serial number, he calls the sheriff, I do a deposition a few days later. In fact, I'm thinking about adding an entry to my resume to showcase my skills at giving depositions.

I get a kick out of ragging said IT Director, because he's a friend and also, a former NSA (that would be the National Security Agency) employee. Cheer up! If you feel as though your security concerns aren't taken seriously, imagine how my friend feels.

Well the police gave us the one laptop back and we will get the others once serial numbers and ownership are verified.

The kid put a BIOS password on the laptop so now I have to find a way to clear it. I think I should be able to just remove the CMOS battery, but I have run across several laptops that does not work.

Belated congratulations on a fine piece of detective work and following your gut instincts! :thumbs:

I wouldn't worry too much about repercussions, because if that kid was truly "connected", those laptops would have been fenced hours after leaving the school. I think the lad simply found some open doors, espied a cartful of laptops, and followed his larcenous inclinations. A fluke.

And, at the cost of 16 laptops, he just bought himself at least one major felony charge and a free trip to the Big House.

Bob, just in case you haven't done your deposition yet, I'm going to share some of my hard earned experience. First of all, you are going to be answering direct questions, so keep your responses short and to the point. Resist embellishments.

Second, and most importantly, be careful about using the words "Well" "uh" "anyway" and the like. Use them too often, and you will sound like an idiot. Don't use them at all and your testimony will sound like a script and it won't be convincing. Normally, your deposition will be recorded, and you will be asked to read and sign a transcript which will then be entered as evidence.

If you goof it up, there is a fair chance you may have to testify in court. That's boring and is a huge waste of productive time.

Quote:

---

Originally Posted by BOB IROC

Well the police gave us the one laptop back and we will get the others once serial numbers and ownership are verified.

The kid put a BIOS password on the laptop so now I have to find a way to clear it. I think I should be able to just remove the CMOS battery, but I have run across several laptops that does not work.

---

Bob, i know several companies have bios password reset utilities, others still have jumpers to clear cmos, what make/model of notebook do you have?

Quote:

---

Originally Posted by Matridom

Bob, i know several companies have bios password reset utilities, others still have jumpers to clear cmos, what make/model of notebook do you have?

---

That kind of quantities in a school district, I'm bettin Dell.

Quote:

---

Originally Posted by BOB IROC

Well the police gave us the one laptop back and we will get the others once serial numbers and ownership are verified.

The kid put a BIOS password on the laptop so now I have to find a way to clear it. I think I should be able to just remove the CMOS battery, but I have run across several laptops that does not work.

---

If it is a Dell, you can call their tech support, and if you can prove you own it, they have a way to clear the password based on the serial number.

nice detective work...reminds me of The Cuckoo's Egg. the kid must be arrogant, thinking he was smarter than you.

Quote:

---

Originally Posted by geeksRus

nice detective work...reminds me of The Cuckoo's Egg. the kid must be arrogant, thinking he was smarter than you.

---

No, just stupid..not knowing that they had a way to see which computers are on their network and what they're doing.

Quote:

---

Originally Posted by FatalException0E

No, just stupid..not knowing that they had a way to see which computers are on their network and what they're doing.

---

It was stupid, but I think many of my schools students have a bit of arrogance thinking they are ahead of the tech staff. They may get away with it at first in some cases but always seem to get caught. It reminds me of watching Cops or the TV shows where they show criminals trying to outrun and get away from the police who always end up caught.