A clever Mac user who had her laptop stolen led the police to the alleged burglars using Back to My Mac. Three roommates in White Plains, N.Y., had about $5,000 worth of computer and entertainment equipment stolen 27-Apr-08. Then this last Tuesday, one victim who works at an Apple Store, Kait Duplaga, received a text message from a friend, who, spotting her on iChat, thought she’d recovered her computer.
She said no, and used Back to My Mac’s remote screen sharing feature to monitor her laptop’s built-in iSight camera to grab a photo of one of the alleged thieves. She then used remote file sharing to find pictures of another person stored on the laptop. She turned this information over to the police, who arrested the two men in the picture, finding them in their apartment with the stolen equipment all over; those charged are reportedly friends of a friend of the roommates who had their stuff stolen.
Fortunately for Duplaga, the alleged malefactors had a router with UPnP (Universal Plug and Play) or NAT-PMP (Network Address Translation-Port Mapping Protocol) turned on, without which Back to My Mac rarely works. And they left the victim’s laptop signed into .Mac.
I’m finishing up a book on Back to My Mac, and one thing I’ve discovered is that the service can both be hard to get up and running and hard to eliminate from your system. (I address both in the book.)
While I’ve heard of people using tools like iAlertU to capture images of someone in the process of using your computer without permission, this is the first remote sleuthing I’ve heard of with Back to My Mac.
A commenter on this story at BoingBoing wondered if the Back to My Mac access goes both ways – and that’s a supremely valid and freaky concern. Back to My Mac assumes that you control the .Mac account in question and any computers on which you’ve logged into .Mac. The alleged thieves could just as easily have monitored Duplaga, had she logged in to .Mac and enabled Back to My Mac on another Mac, just as she monitored them.
If you want to forestall this problem, use the .Mac preference pane to log out of your .Mac account, and then run Keychain Access in Applications > Utilities. Find all the .Mac referenced certificates and passwords attached to your login identity and delete them.