Ask HN: He stole my laptop, and sent me this, what would you do?
Today, I received this email:
--- So as much as i want to rationalize my actions, I understand buying stolen property is still stealing. I am the one who unfortunately bought your laptop from someone who likely stole it. I will eventually pay for my bad karma.
Berating me for my actions is useless.
I am deleting everything off of the laptop.
Is there anything that you want.
I am offering to back up to 160 gigs to another hard drive. There is only about 240 gigs worth of information.
I see that you have backed up most everything using time machine. If there is anything smaller like 4, 8, or 10 gigs worth I can do that faster to DVDs or flash drives.
I would have to buy another hard drive to get you the 160 gigs. Which i would if you need the info.
Again apologies for not having the integrity to turn down the offer to buy your laptop ----
how did he get my email? how does he know i backed up to time machine? what would you do?
128 comments
[ 2.0 ms ] story [ 171 ms ] threadIt's not a guaranteed chance of course, but I would go for it.
Edit: By the downvotes, I see that apparently HN is not above internet mob justice. My mistake, carry on.
--000e0cd17e7635ad30049092e752 Content-Type: text/plain; charset=ISO-8859-1
Nonetheless, a quick search reveals this individual (http://www.scamwarners.com/forum/viewtopic.php?f=34&p=32...) used/had that ip 3 months ago. (S)he appears to be a security specialist, which goes with the impression I got from the email.
All of those addresses in the header posted are hosts within one of Google's networks. The same address is likely in use on other such networks.
Good luck.
Also available are - your home address and phone number (in Address Book, he'll already know your name from Mail), saved passwords in FireFox (stored as plain text), iTunes account if you've set it to save your password, and websites where you've set 'Remember Me' (GMail and the like) etc
Luckily for you this person seems to have some degree of respect for your data, and hopefully your privacy. If you're not happy with their access to this, it seems they have more leverage over you than you do over them.
Protip: In OSX you can set it to require login password after a certain timeout, eg 1 hour. It's under System Preferences > Security > General
While I would have been furious, she was completely okay with it. She calmly told me, "The person who stole it clearly needed it more than me."
Now, this isn't to say that stealing is okay. It's certainly not, and I'd be pissed. However, this person knows what he did was wrong. He really seems to hate what he had to do to get the computer. But he clearly needs it. Maybe he wants it so he can get a job, or wants it so his kid can succeed.
Try appealing to this side of him. Find out why he needs it. I doubt it's so he can watch YouTube videos, based on his email. You can buy a cheap desktop (or even laptop) for a few hundred dollars. Offer to trade a crappy computer for yours. (I doubt he wants you to buy it back; he seems to care more about the computer than money.)
The person almost definitely doesn't need a computer as good as what you had stolen from you, and he's already feeling really guilty about it. And, if he agrees, you can try to find out who actually stole it and tell the police.
Sure, it's unfair you'd have to drop a few hundred dollars- but consider it a donation. (Depending on the circumstances, you might even be able to figure out a way to legally donate it to him through some sort of organization- which would be tax deductible.)
After all, giving him a computer could change his life. Think about how much your life has improved by merely owning a computer; something most people on HN take for granted. You could turn a bad situation into one you're really proud of.
Counterpoints that will be unpopular, but need to be said anyways:
1. "Needing" is no excuse for stealing, and that demeans all the people who BUST THEIR ASS to get out of poverty. If the thief is not working 12 hours per day and living on bare necessities, they have no excuse, and being even mildly sympathetic to their plight is bad for everyone, most especially poor people. NEVER pardon stealing, ESPECIALLY from another individual. Condoning ANY stealing is terrible - thieves are far more likely to steal near them, which will be from other needy people, thus making their poverty worse. Never condone a criminal's behavior, especially and above all street crime.
> Find out why he needs it. I doubt it's so he can watch YouTube videos, based on his email. You can buy a cheap desktop (or even laptop) for a few hundred dollars. Offer to trade a crappy computer for yours.
2. This could very well be another scam or attempt to rob MORE (the person has already demonstrated that they have no integrity and will steal from people), and you're encouraging the original poster to walk into the lion's den and potentially risk getting robbed or ripped off even more. This is crazy, reckless, and dangerous for the OP.
> After all, giving him a computer could change his life.
It's a THIEF, dude. You can get a used computer for a few hundred dollars, that's like a week worth of saving at the most low quality minimum wage job. Work 80 hours for a couple weeks and use the money to buy a computer. Some of us do stuff like that to get out of povery. God, this smug "crime is okay because they need it" crap among upper middle class people is awful, it makes me sick to my stomach. NO, committing street crime is NOT okay, EVER. There's ALWAYS another way.
I don't mean to condone it, I'm just looking for a way for him to get his computer back. By understanding the persons motives, he can figure out the best way to do it. (In this case, it doesn't seem to be about money. $100 for the laptop and the name of the person who stole it, like other comments suggested, isn't going to work.)
If there was a way for him to just get it back and get justice, I'd say go for it. I just feel this is a more realistic approach.
And if he gets it back this way, and happens to help someone out along the way? Good. This person did pay for the computer; he just paid the wrong person. And the fact that he was willing to buy a hard drive probably means there's more to it than money.
There's an interesting article on the top of HN right now called "The Most Powerful Word In The Human Vocabulary: Perspective" (http://blog.sokanu.com/the-most-powerful-word-in-the-human-v...). The point I was trying to make basically boils down to that.
Or maybe I've just seen too many sappy movies about the kid from the other side of the tracks getting a second chance.
[Edit: I completely reworked this post, after thinking about it a bit more]
I think that requires a lot more work and thought than slapping a "criminal" label on the guy and giving him the same treatment as a serial car-jacker, drug dealer, etc. because they all share that same "criminal" tag.
That being said... yea of course he would need to keep his wits about him and use some moxxy when it comes to spotting some additional theft/scam like "Ok PayPal me for the hard drive so I can make the backup" -- I'm not encouraging the guy to be half retarded -- but stopping the conversation after the first sentence and filling it full of pre-conceptions because the guy with the laptop is a "criminal"... I can't get on board with that.
At least talk to him and give him a chance to prove he's a dirt bag shithead first :)
In this particular case, I think a non-typical response would yield better results than a black-or-white/militaristic response of trying to get the cops to do something, but that's just my 2 cents.
When the front page is full of pro-drugs/pro-gay marriage/liberal propaganda/etc then we'll be there.
While I mostly agree with you, this point is flat-out absurd. I can tell that you haven't ever supported yourself off a 30 hour minimum wage job before. Supporting a kid on one, and still saving hundreds of dollars a week? Not unless your rent is free.
There are at least a houndred thousand people in every single country in Africa, who needs your retirement money more than you do. In fact they properly need it just to survive.
So why don't you give it to them?
>After all, giving him a computer could change his life. Think about how much your life has improved by merely owning a computer; something most people on HN take for granted. You could turn a bad situation into one you're really proud of.
If you are giving in to blackmail, why should you be proud?
That would be true. We aren't directly responsible for hundreds of thousands of "not our national birth" unless you have the capacity to do something about it. However he is responsible for his actions. And in his situation, he has the capability to do the compassionate thing, even if he is walked over.
As the recent top article says, it is all about perspective. Do the loving thing.
At least that's the way I see it. You're better off living with charity in your heart than hating your fellow man - God knows there's enough reason for hate, but it'll kill you.
That kind of thinking turns too easily into "Well, if my 1 act of kindness can't change enough, why start".
It all matters.
You have compassion for the human condition and an ability to put yourself in other people's shoes. That is a skill that is lost so easily today.
I don't know that many people that still can do this.
As expected, lionhearted's more absolute "He's a thief, QED!" opinion is a more popular reply (looking at the votes). lionhearted is surely welcome to his own opinion, I just don't think life is ever as black and white as we think it is.
Just added this comment because I know the mass majority of people will read your comment, nod their head in agreement and move on and with the voting trending the way it is, you might get the impression that you were "wrong" and re-think your position of trying to understand someone before condemning them.
I just wanted to make sure that didn't happen.
The hard-line "He's a thief" attitude is the sophisticated view, and wishy-washy "well, I suppose he needs it more than the first guy" is actually the morally-thin cop-out that refuses to consider the greater good.
Do not let him create a secondary market for stolen laptops. It would become an economic incentive for the stealers to steal more laptops.
Research has shown that tolerance of public crime gradually leads to an increase in major crime. (Read about this in one of the pop economic books, not sure which). Do you want to keep your city a safer place to live?
I figured from that page that I read about it in either the Tipping Point or in the Freakonomics. I hadn't read about its criticisms before, interesting read.
Who runs your email services? If it is your local ISP, they may be able to get the IP address from the logfiles, though larger companies will probably brush you off.
If you feel bad for the guy, and assuming you find him, you can ask the cops to cut him a break if he gives evidence about the thief he bought it from. They will probably offer him this deal too, but since he already reached out to you, he will trust you more when it comes from you.
contact your local police and explain the situation to them. ask if an officer can accompany you when you meet this person to receive your data (or whatever they think you should do...). you could then set up to meet in a public space and just have the police officer sitting somewhere nearby and then he'll walk over as your exchange takes place. i'm sure they can help with planning it all out and according to their policies...
if they turn you down for some bizarre reason (grumpy/lazy officer or receptionist maybe?) make sure to press the issue. make sure to walk in rather than just call. bring a copy of the email with you.
have a good one
For a few bucks a month, I pay my insurance company to cover my computers. For anything – theft, me being an idiot, accidental damage, whatever, they'll pay to replace it.
Whoever writes your homeowner's/renter's policy (you have a renter's policy, don't you?) can set you up with coverage for your laptop. A few bucks a month to replace what may be the most important, valuable tool you own is a no brainer.
To insure both my own and my girlfriend's laptops (both mid-range MacBook Pros), it costs me about $9 a month.
We're talking about $3,200 (USD) in coverage. It would take about 29 years to save up that much (at $9 a month). In the event that my laptop is destroyed/stolen/dropped in a bathtub tomorrow, that savings of $160 since last year isn't going to do me much good.
Speaking from experience, the ability to walk into my agent's office, report the loss, and have a check in my mailbox before the end of the week is a truly powerful thing.
edit: And, it's worth pointing out, I'm pretty sure that in the space of 29 years, something terrible is going to happen to my laptop. In which case, I've come out ahead.
Problem was, when the laptop finally died about 3.5 years later, they made up some bullshit excuse about there being a "liquid spill" on it and refused to honor the extended warranty. (Yeah, Circuit City, no wonder they're out of business...)
Anyway, I found the whole experience of trying to convince the service company that yes, my laptop needed servicing so distasteful that I didn't bother with any sort of insurance or extended warranty for my second. And wouldn't you know, it lasted for 5 years, never needed servicing, and can still boot up and run today, though the network's a bit flaky and the battery is basically dead.
My point (and presumably webwright's, though I disagree with him in another thread) is that the insurance company has to be making money off this policy somehow - they've got lots of actuaries calculating odds to make sure they come out ahead at the rates they charge. If you think "of course my laptop is going to die within 29 years - I'm bound to come out ahead", I'd suggest reading over your policy very carefully. My guess is that they have some very strict conditions on how it dies, and there's a good chance they won't cover it for many mundane run-of-the-mill failures.
Buy insurance because you can't afford to cover the loss otherwise, not because you expect to make a profit on it.
Yet I am speaking from experience.
Here's how it went down last time:
"Yeah, so, I dropped it in the sink. I have this paperwork from the Apple store."
"Wow, okay. I'll start the claim for you. Someone will give you a call in a few days."
A few days pass. I get the call.
"You dropped it in the sink?"
"Yeah, right into the one bowl in there full of water."
"Okay. What did you pay for the replacement? Oh, I see it on the paperwork here. Okay, thanks."
A few more days passed. Then I had a check in my mailbox.
It helps, I think, that I'm going through a real, consumer-facing insurance company instead of an outfit that sells coverage through a retail middleman. Retail extended warranties are, indeed, bullshit, but the distinction here is that I'm buying real insurance, which covers accidents and liquid damage.
They also cover my car, my apartment, and a life policy I have to pay off my student loans in case I should meet an untimely end.
But they're the real deal and they haven't screwed me yet. I suspect if I made a regular habit of making claims on my policies, it'd be a different story. So far, though, it's all good.
I'm not sure of that at all. If it's true, the insurance company is run by fools who are guaranteed to lose money. For starters, I'm pretty sure that if it breaks 5 years from now you won't be getting a check for the original inflation-adjusted purchase price.
I forget what it's called, but the policy has a provision to protect me for exactly this issue. And, again, I have already made a claim on it once for a boneheaded accident. Everything was great and I didn't get screwed.
However, the point of insurance isn't to come out with a profit in strict dollar terms, at least not for the customer. It's to protect yourself against differing marginal utilities of money. A dollar when your livelihood is stolen or when you're in the hospital or when a loved one has just passed away is worth a lot more than a dollar that would otherwise get spent at Starbucks.
The point of money is to have enough that it'll never become the limiting factor in doing what you want to do (unless you're one of those folks who defines their net worth as a human being by their net worth). As long as you have enough, it's all good, but when you don't have enough, that's bad. It makes sense to trade more money when you have enough for less money when you would otherwise not have enough.
Incidentally, many financially-irrational decisions can be explained by this reasoning. Like the lottery. For many people, an extra dollar a day means no practical difference in their standard of living, but an extra few million dollars leads to a massive improvement. Or the financial industry: on the face of it, the financial industry shouldn't exist, because money is a completely fungible quantity and each party has the same yardstick for whether a transaction was a success. However, they don't, really - it makes sense to pay more in interest later if receiving some capital up front lets you capitalize on an opportunity now.
Nothing good comes from the act of stealing. I could get see with food and basic survival items (much less so in the US where organizations will give people these things), but not with a luxury good like a laptop.
If someone has physical access to your hardware then they can get access to all of your unencrypted data if they really want it. However, a firmware password would probably prevent someone from emailing you from your own account a couple of hours after they've stolen your laptop.
When the firmware password is set, your laptop will prompt for the password before booting from DVD, USB, or Firewire drive. It will also prevent booting into Single-User mode. You can set up a firmware password by using the Open Firmware Password.app in your Utilities folder.
"If someone has physical access to your hardware then they can get access to all of your unencrypted data if they really want it. However, a firmware password would probably prevent someone from emailing you from your own account a couple of hours after they've stolen your laptop."
"Anybody with a screwdriver can take the hard drive out, pop it into another box, and bypass whatever (BIOS/EFI) password you've set up."
if you really don't wan't somebody to have access to your system you need full disk encryption.
1. Privacy
2. Data
3. Hardware
I'd say those are in ranked order.
1. Your privacy in relation to the data on that laptop is gone.
2. He's offering to return the core data back to you. If your laptop is anything like mine, the value is in the data. You have a means to get it back, so get it back!
3. The hardware is fairly unimportant comparatively.
With that out of the way, the returning of your data to you will create an interesting dance between you and the purchaser of stolen goods.
If you just want the data clean and then to move on with your life, just do as the thief says, get your data and go buy another laptop.
If you want to turn up the volume on this, start thinking up methods of doing the data exchange that'll expose the thief's location. Here are my ideas, none the less:
1. The thief knows what time machine is and got your email out of your data. Based on this it seems a self installing lowjack.dmg on a keychain drive is unlikely to work. If discovered, you just lost all that data. You lose the moral high ground just by trying it.
2. Were you pulling any kind of network/voip log files into time machine regularly? Perhaps on start up your time machine would have pulled identifying information from the laptops new location.
3. Reddit style email header trace. That's really taking the gloves off.
If/when you are able to get the data, I have a suggestion and a story...
In college my girlfriend (now my wife) was a DC intern and had her cell phone stolen. Its been a while since it happened and some of this is likely embellished from re-telling. Back to the story...her reaction to this was to wait a day, call the cell phone and ask the person who answered if she could speak to the lady of the house. She got handed over to the thief's mother, who agreed to meet her in the park to return the cell phone. Telling no one about this, the next day she solo's into the park, gets her cell phone, has a heart to heart with the thief about stealing and returns to work.
This path of actions is, of course, insane (and awesome). The moral of the story though is IF you get the contact information, don't both with the thief because they've already said strait up that "Berating me for my actions is useless." Instead, give that thief something to answer for next Thanksgiving. Shame is often felt by proximity, so call in the mommy air strike.
Good luck. Be safe.
> I am offering to back up to 160 gigs to another hard drive. There is only about 240 gigs worth of information. I see that you have backed up most everything using time machine. If there is anything smaller like 4, 8, or 10 gigs worth I can do that faster to DVDs or flash drives. I would have to buy another hard drive to get you the 160 gigs. Which i would if you need the info.
This combined with the supposed very quick rapid sale of the laptop has me suspicious - I would bet it's the original thief emailing you. Since he mentions time machine right away and found your email quickly - this is a computer sophisticated person, who possibly has done this before. "Berating me for my actions is useless" is also well written English. This is not a run of the mill stupid person. You're likely dealing with someone intelligent with very bad intentions.
I'd be scared now if running into another scam - I'm guessing, again I'm not in LE, but I'm guessing that the offer to buy a hard drive and back up for you will ask of you cash to be sent to a Paypal or Western Union or something, that you'll never see again, nor your data.
> what would you do?
First, pause and reflect. You don't need to hurry, it's more important you don't do anything stupid.
Second, get law enforcement involved. Now, I had my car window smashed once and had a bunch of stuff grabbed when I lived in a bad neighborhood, they took my stereo and cigarettes. Police are good people, but they tend to realize there's not much they can do about something like this, and they have limited resources. So, think about how to approach the police to get them interested - maybe talk to a computer crimes person online who would be interested in helping out, and get all the information you can. If this is a scam or a common thing (again, my intuition says so), then the police will be a lot more interested. Maybe you can put a sting together and get your computer back and/or put this bastard in jail.
I think your next two steps should be contacting people online who deal with this sort of thing, and contacting local law enforcement. Maybe the FBI would be interested actually, if you find the right agent and ask if this looks like a pattern/regular thing. Police love to catch and lock up repeat offenders, especially sophisticated ones.
Contact a lot of people - people tend to be sympathetic to when crime happens, and hate criminals. Whatever you do, don't contact this person on your own before consulting experts on the matter and law enforcement. It puts you in harm's way. Whatever you do, don't meet them or send any money or resources before contacting experts and law enforcement. Good luck and sorry this happened to you.
I have to agree: if it was an "innocent" third party, I imagine they would have offered to just ship the laptop back. S&H certainly can't cost more than a new hard drive. Clearly, this person wants to keep the laptop, and it seems they think the laptop can be sold for more than enough to cover the cost of sending your stuff back.
That said, this person isn't that smart... They could just offer to use Dropbox.
His best bet is local law enforcement, but even this is likely a waste of time. What can they possibly do? They have a better chance of solving the crime from physical evidence than they do from electronic evidence.
He should file a police report for insurance purposes. Then just learn his lesson and move on.
Some thoughts for next time:
- Encrypt your hard-drive, especially on laptops or other portable devices. Check out http://www.truecrypt.org/
- Install a program to monitor/track your machine. Check out http://preyproject.com/
Disagree.
The law has a long memory and criminals are stupid. Better to get a record of the events logged. Some time in the future this person/persons will try it again and a pattern emerge. In some ways, stealing laptops is like stealing cars in the past. Instead of a get-away car, the criminal now has a get-away computer with someone else's fingerprints on it.
If the email was sent from a private domain, they're traceable in many more ways.
It might be a wasted effort, but you should still try. If the police don't want to give you the time, bring your lawyer in with you... they'll have the time then.
So the OP ought to report it. This might be the first instance they hear of, or the third, or the eighteenth. But if it fits the pattern, that's one more piece of the puzzle that can bring the day when the thieves get their collars felt by the Law that much closer.
Can't believe it's free. Haven't looked at these for a while, but from what I remember they were one step above a command line tool last time I checked. Prey looks great.
In the event you ever forget your password, you can unlock the encrypted volume with the master password.
I don't know if Truecrypt has a system like this now; they didn't when I last used them (about...what...5 years ago? O.o ).
At this point, however, it's wise to consider the guy who DID buy it a thief... and he is. If he's willing to provide you with a backup, take it and try your damnedest to track as much of it as you can (I'd involve law enforcement).
For the most part you are smack on! However I suspect this is ''not'' the thief - even after such a short time. As pointed out elsewhere they will shift it off pretty quickly.
From the text of the mail the person probably knew it was dodgy. So it's probably been fenced and then sold on - the person probably knows or has a friend who knows the fence (but not the thief) [this is just a guess, but it is usually what happens].
Second the advice to get LE involved; in fact it is crucial that he does so. By reporting as much as possible the police know about all the crimes. So, for example, if they grab someone on theft and can't link him to the specific incident they are investigating they may still be able to link him to your theft - because it is on record (this happened the other month, we had a stolen laptop to examine, no evidence... but the serial number of the external HDD with it matched on reported stolen 10 months ago).
In terms of tracking down this person, there are a few ways to do it. Where did the email come from (i.e. webmail, or the PC?) and from what address? You might be able to geolocate an IP address to get a rough location (this is useful information for the police because they may be aware of fences/thieves in that area to question). If it is webmail the police would need a warrant, which they might get in this case due to the explicitness of the case.
If the laptop is signing into chat etc. then perhaps you could convince the person to talk directly to you via that - at which point the police could try to get a warrant for the chat providers records and track him down.
Move quickly, the IP information can go stale very quickly.
Unless the records are 100% solid they won't be able to get a search or arrest warrant based on it.
My boyfriend's laptop was stolen from our living room while we were sleeping in the bedroom, after the thief climbed through a window. The police didn't do anything then either.
1) Report the serial number and your police case number to the genius bar. If this guy ever goes for service they'll call the cops. This isn't apple's policy but it seems to be an apple store thing. 2) Renters insurance.
Can you look at the original email message & get the IP - then run some GeoIP? If he was irresponsible enough to do it from some public place like a University Library then you could probably look the exact address up & have a lead to give the police.
Secondly, depending on if you have chrome & a "trusted" website that you provide your location to, then you can run that bit on this fool in a reply email with a link that says something like "Do me a favor & just upload my pictures folder to http://mysite.com/storage/index.html - the user is: johndoe & the pass is: FML123" then wait & obviously log the lat/long & go to the police.
Third, if you happen to know the serial number, report it to Apple, then to the police. I say this because he is considering buying a 160gig drive & backing your data up to it - there is a small chance he would go to the Apple store to do this.
Next time, consider using http://preyproject.com/
Other than that I guess try to get what you can from this guy without paying.
1. Read the advice on this page so that you've allowed yourself to see all possible angles. 2. Call the police and take it one step at a time with them.
Actually, how sure are you that they even have your laptop? Did you mention the theft someplace public, like on a blog or twitter? The only information they've demonstrated that they have is your email address, the fact that you've used Time Machine at least once (probably a pretty safe bet if they know your laptop was a Mac), and the approximate amount of data that you had stored (assuming you know that's correct and aren't just taking their word for it).