Help! I’m Being Held Captive, and All I Have Is a Wi-Fi Network!
Two weeks ago, a remarkable Mac owner – a teenaged Apple Store employee – led police to her stolen Mac laptop through the clever use of a Leopard feature; see “Back to My Mac Leads to Recovery of Stolen Mac,” 2008-05-10. The recovery was so clever it was used as a question in the rapid-fire round at the end of NPR/Chicago Public Radio’s “Wait Wait… Don’t Tell Me!” show on 17-May-08.
This incident led several readers to ask via email how they could accomplish a similar feat; one person’s Mac had already been pilfered. Back to My Mac can be tricky to work without controlling all network circumstances, but it’s not a bad place to start. I found two other methods and offer some rumination on other ideas.
Get My Mac Back, Back to My Mac! If you’d like to be as smart as 19-year-old Kait Duplaga, you can enable Back to My Mac even if you have just a single Macintosh. The feature, built into Mac OS X 10.5 Leopard, requires a .Mac subscription – either a regular subscription or one that’s part of the five-user family pack. An email-only subscription available as a less-expensive extra won’t work.
In Leopard’s .Mac system preference pane, use the Account tab to log into .Mac, and then click the Back to My Mac tab to start up that service. Back to My Mac requires your .Mac user name and password to be accessible from another computer running Leopard. It automatically updates the .Mac servers with your computer’s information whenever network information changes.
If your computer is stolen, you could set up your .Mac account and Back to My Mac on another computer – Duplaga was tipped off because a friend saw her identity appear on iChat – and then access the remote machine. Your stolen computer will appear in the Shared list in a Finder window’s sidebar. Select it, click Share Screen or Connect As, and you’ll have access to the remote screen and remote files. Duplaga launched Photo Booth from the Applications folder, snapped some shots, and quickly copied those to her computer along with some other photos on the machine.
The thieves, if they’d been savvy enough, could have kept the computer off a network, logged out of .Mac, or even used Back to My Mac to share Duplaga’s screen.
Because Back to My Mac requires a networked router that uses one of two automated port mapping protocols to be enabled – Apple’s NAT-PMP or the more broadly used UPnP – it’s likely that a stolen computer won’t wind up accessible via Back to My Mac, even though it may appear in the Shared list in the sidebar.
Conceivably, you could pull the IP address that Back to My Mac registers with the .Mac service, and then give that to the police, who, if they had a cybercrime division, could use it to track down the appropriate ISP, and then ask or subpoena that ISP for details on the IP’s location (if static or assigned). I’ve tested different means of retrieving an IP address for Back to My Mac machines, but Apple wraps Back to My Mac inside IPv6 (next-generation Internet addressing) tunnels, and I’ve unable to figure out if the IPv4 (the current addressing scheme) address is also made available.
Going Deep Undercover — Orbicule’s Undercover software and service is a nifty little package designed to keep track of your computer with minimal resource usage. The $49 application, a universal binary updated for Leopard, must first be installed to generate a unique ID that you retain and keep private. Once installed, Undercover contacts the company’s servers every 6 minutes with a very lightweight request – 500 bytes – to check whether the computer is in Orbicule’s database of stolen machines. The company says no ID information is passed during this request.
If your computer is stolen, you use an online form to notify Orbicule using your private ID code. This updates their database, and the next time your computer comes online, the Undercover process – which runs at boot regardless of whether a user is logged in – discovers its host machine is stolen, and goes into a reporting mode.
Undercover then starts to take screenshots of the desktop and, if there’s a built-in or external iSight, snapshots through the camera. The software continually transmits this information to Orbicule. The company will contact the ISP through which the laptop thief has connected, as well as work with local law enforcement to deliver the information.
After a period of time you define, Undercover will pull a trick from the old handbook of Macintosh practical jokes and pranks: it starts gradually dimming the screen in an attempt to trick the thief into trying to get it repaired or sell it. (You might ask, Which book? I can’t recall if it’s “Stupid Mac Tricks” by Bob LeVitus, or “The Macintosh Joker” by Owen Linzmayer. Both came with floppies, and could perform such pranks as progressively shrinking the effective screen size by one pixel on each side after each restart.)
Orbicule has assembled a database of Apple Store and repair shop IP addresses: should the computer be powered up on one of those networks, your computer displays a full-screen message that, if dismissed, reappears with the fact that the computer has been stolen, offering a finder’s fee (paid by the company), and any custom text you provide.
Here’s perhaps the best part: Orbicule clearly has a sense of humor. Your computer will also use its text-to-speech capability to yell the same information, setting the volume level to its highest setting.
The only fault I can find in Orbicule’s software, which I have not yet installed nor tested, is that if your computer isn’t connected to the Internet for 60 days, this second phase (“Plan B”) is automatically invoked. So if you go on vacation for three months, leaving your computer behind – heaven forfend! – when you return, it will start yelling at you about being stolen. You have to contact the company with your private ID code to disable Plan B; the company is looking into ways to allow the interval to be changed.
Orbicule has a variety of prices for its software, which requires no annual fee. A single-user commercial license is $49, a household license (up to 5 Macs) is $59, and a site license for up to 25 Macs is $249. Full-time students pay $10 less for a single-user license and $5 less for a household license. Educational institutions pay $8 per Mac for 100 copies or more.
Get Back to Where You Once Belonged — BAK2u makes theft-tracking software for a variety of platforms and devices; its Mac offering, Verey I for Mac, is somewhat simpler and comes with no recovery service. The software costs $39.90, is a universal binary, works with Leopard, and has no recurring fees.
Verey I requires that you enter a password whenever it connects to a network. If the password is entered incorrectly, Verey I starts recording audio and video with a built-in iSight, if available, and sends you alerts that include network information and a scan of nearby Wi-Fi networks through a variety of services (via instant messaging, email, Twitter, and on a Web page).
Verey I doesn’t use or require any corporate intervention in recovery, instead letting you handle everything. That may or may not be a plus, depending on your situation and preferences.
There’s also the cleverly name-checked Computrace LoJack for Laptops, which has nothing to do with the car theft-prevention and recovery service except a name licensed by its maker Absolute Software. As far as I can tell from the minimal information on the company’s Web site, the software regularly contacts the company’s servers, and when you alert Absolute Software that your computer is stolen, they work with you and law enforcement to track it down via network access. It’s a subscription package, and costs either $49 per year or $99 for 3 years.
Distributed, Decentralized Identification — I learned about a very low-tech solution used by many police departments around the United States and Canada from Cornell University’s Oliver Habicht (pictured here with a super-cool laptop etching), a friend of the Engsts. Called Operation ID, the program lets individuals, academic institutions, and companies engrave or etch a unique identifier in some indelible fashion onto objects that need to be protected. (This Operation ID is not to be confused with programs of the same name in North America used to educate retailers about under-age alcohol and cigarette sales.)
The ID is a left-to-right, geographically largest-to-smallest human-readable code. It starts with the state or province abbreviation or a corresponding number (like MN or NY), followed by numbers that identify the county and then police department. The final digits are a unique number assigned by the police department that can be assigned to an individual or to an organization. In some places, police prefer that the ID is the simpler formula of the state or province’s two-letter postal abbreviation followed by a driver’s license number.
Oliver researched the program before committing laptops purchased by Cornell to be labeled with Operation ID numbers, but neither of us could find any centralized authority, Web site, or canonical information about it. I’ve come to the conclusion that Operation ID is a meme – a kind of mind virus – rather than an actual program.
Visiting dozens of local Web sites that describe the program, there’s no reference to any official centralized source or even references to how the program started. On one site, it’s described as being 30 years old. I expect that it’s a combination of useful bureaucracy, in which police departments are used to being assigned numbers within state hierarchies, and someone’s bright idea in the 1970s that was simply passed along, almost as a form of oral history crossed with procedure – police myth!
The relatively standardized form in which the ID is used means that it’s perpetuated itself, and means that many officers and precincts should be familiar with it. If you pair a Google search of “Operation ID” with your town or college, you can typically find out if your local law enforcement system offers the loan of an engraving pen or help with engraving, and whether they register your ID. Minnesota State University has a good explanation of their rendition of the program. Some departments will hand out Operation ID stickers that you put in your window, ostensibly to deter thieves.
Oliver noted that Cornell’s Operation ID policy says property can be traced “by computer back to the university.” He contrasts this with the fact that the number assigned to him was written on a piece of paper and placed in a filing cabinet.
In Recovery — Clearly, there’s room to provide more association of stolen gear with those who own it. Given that Macs, like most electronics of any kind, have unique serial numbers, and, unlike most electronics, can read those serial numbers within the operating system means that there should be a way to connect a uniquely numbered Mac, its owner, and the computer’s location.
I would think that there’s room for a Mac developer to work on a theft-recovery service with Skyhook Wireless, which can compute a set of location coordinates using a scan of nearby Wi-Fi networks and their signal strengths. Skyhook already has an API that allows external access to their systems via a Web page, and partners with companies like Apple on the iPhone (alongside a Google cell-triangulation system) to provide GPS-like results. Skyhook already has a deal in place with The CyberAngel for Windows-based theft-recovery services with Wi-Fi positioning.
It seems like a short step for a stolen Mac to phone home and say, “Help! I’ve been stolen, and I’m being held in a warehouse in Santa Rosacrucia!” Then it’s just a matter of convincing the police that no psychics were involved in determining the system’s whereabouts.