Thought this might be interesting for the group. Cheers, Paul
-- http://www.wired.com/news/print/0,1294,50025,00.html http://groups.google.com/groups?hl=en&q=alt.comp.lang.applescript Turning Macs on Thievery By Leander Kahney 1:45 p.m. Jan. 25, 2002 PST Every year about 400,000 computers are stolen in the United States. Only 3 percent are ever recovered. But after his sister's iMac was taken during a burglary, a Houston man was able to get it back using remote-control software, expert help from friends on the Net, a large dose of luck and some incredible naiveté on the thief's part. In a story that is probably unique, R.D. Bridges recovered his sister's stolen iMac using Netopia's Timbuktu Pro, a program that allows computers to be remotely controlled and is widely used by computer-help technicians. Bridges, who lives in Clear Lake, a suburb of Houston, had installed the software to help his sister, who lives across town, when she ran into problems. The iMac and a printer were stolen last October. Foolishly, the thief didn't erase the hard drive. When they connected to the Net, Timbuktu alerted Bridges the iMac was online. Horrified his sister's résumé, tax files and other sensitive files were still on the hard drive, Bridges hoped to install a "suicide script" to erase everything. Using Timbuktu, he figured he could put a script into the Mac's startup folder, which would be automatically executed the next time the machine was turned on. "My sister didn't want a crook going through all that stuff," Bridges said. "You know what it's like, you have tax returns, letters, your résumé, telephone numbers, addresses. There's so much personal and private stuff on your computer. You dont want crooks going through all that and then paying a late-night call on your in-laws and friends." For help, Bridges turned to a Usenet newsgroup, alt.comp.lang.applescript. AppleScript, the scripting software built into the Mac's OS, can be set up to perform all sorts of functions -- including trashing files. Marc Myers, an AppleScript expert who runs AppleScriptsToGo.com , responded with a clever script that moved everything to the trash except the System Folder, emptied the trash and shut the machine down. Myer's "Death Script" excluded the System Folder because any attempt to erase it would prompt an error message, stopping the process in its tracks. Shortly after Myer's script was posted to Usenet, Bridges was alerted that the iMac was online. He copied the script over and surreptitiously erased some of his sister's most sensitive files. Unfortunately, the stolen iMac was connected using his sister's ISP, her login and password, which gave Bridges no identifying information about them at all - no names, phone numbers, anything. He hoped maybe the police could get an IP address or phone number from the ISP, but he later found out the company didn't log incoming calls. Starting to doubt he would track down the stolen machine, Bridges changed the startup screen - the graphic displayed when the machine boots up - to show a Jolly Roger branded with an Apple logo, and emblazoned with "Stolen iMac" in big yellow letters. "I was kind of desperate at that point," he said. "I couldn't figure out where it was. They were using my sister's ISP." A user on the Applescript newsgroup suggested writing another script to launch a pop-up reading, "You have won a special $500.00 prize. Your machine has run for 3,000 hours without a major problem!" The script would prompt for a name, address and phone number to redeem the prize. But Bridges was skeptical. "It seemed kind of ambitious and also relied too heavily on them being both gullible and honest in their answers," he wrote. Instead, he came up with the idea of a script instructing the iMac to call him or his sister. He would then get the thief's phone number from his Caller ID. "The advantage ... is it takes the human factor out of it," he wrote. "(I) don't have to rely on their greed to get the info." At first, it appeared the Death Script had worked. The machine didn't connect to the Net for about a week. But unfortunately, the Death Script had a flaw: If any of the files in the trash were locked, it failed to empty the trash. Myers whipped up a fix, which Bridges copied to the iMac. Meanwhile, the iMac had been switched from his sister's ISP to AOL. (Bridges figured this out by installing WildPacket's EtherPeek, a software program that records IP packets, from which he extracted the IP address and traced it back to AOL's domain). Bridges continued to erase files one-by-one, but was wary of taking full control of the machine in case anyone figured out it was being remotely controlled and shut it down. Bridges also changed the AOL dialup to his home number, with his sister's number as the backup. He and his sister soon received about 15 calls from an unknown number. Bridges tried to look it up online, but it wasn't listed. His sister passed it on to the police. "I think we have a winner," Bridges told the newsgroup, which had attracted quite an audience curious to learn the outcome. "Hopefully the police can get an address from the number and get a warrant." A few days later, Bridges reported he'd talked to the investigator: "He said he went to the house that belonged to the phone number that I had dial my number. A lady there admitted she had it, but said she got it from "some guy." She agreed to bring it and the printer out for him, but didn't want him poking around the inside of her house." Bridges said the woman was charged with possession of stolen property and given one year's probation last week. "The planets lined up for us on this one," said Bridges. "It was really kind of flukey and good fortune." Tim Williams, the Timbuktu product manager at Netopia, said in the 13 years the software has been available, this was the first time he'd heard of it being used to track down a stolen computer. "We had a pretty good laugh," he said. "It was very clever. He took exactly the right approach." Williams said he's now thinking of adapting the software to make it easier to track missing machines. "(Bridges) showed it can be used in that way, but there's probably things we can do to enhance it," he said. Absolute Software , a Canadian security company that tracks computers for corporations, schools and businesses, operates a service called CompuTrace, which works in a remarkably similar way to Bridge's amateur sleuthing. Absolute's CompuTrace software programs computers to call the company's tracking center in Vancouver, B.C., at prescheduled times. If a machine is reported stolen, the monitoring center waits for it to dial in, then reprograms it to call every 15 minutes until its location can be traced. The software is very difficult to remove, and works even if the hard drive is reformatted or repartitioned. The company has been operating since 1997 and claims a 95-percent success rate. "We've recovered hundreds of computers," said spokeswoman Courtney Chauvin. "It's a very stealthy agent." ------ End of Forwarded Message
