first to 'somebody who can write a web app', to now 'somebody who can install software'
"Updated: to quell the comments, I did not choose the title to imply downloading tracking software is hacking, I am a hacker by profession and have been all my life."
I think it is great that the average person can now do all those things from a web app. It is funny though that they still consider themselves to be hackers because they can use that web app. Another example of misuse of the term hack that I see all the time is when people use someone else's logged in Facebook session and then claim they "hacked their Facebook" because that person left their session logged in. Silly...
;0)>
Sorry couldn't resist.
Others take a pitchforks and torches approach. I recall people saying, “publish and let him sue if he doesn’t like it,” which is pretty much the same thing as saying “it might be wrong, but thanks to the difficulties of suing for libel, we can get away with it.”
I guess this is where we peel away all of our nobility and reveal the savages underneath. Some of us strongly believe in the justice system and the importance of treating the accused extremely fairly in theory, but in practice "we know the bastard did it, so there."
How about this: it's my laptop, and I reserve the right to use it to take pictures any time I see fit?
I'm okay with running the picture of the guy, and publishing the data, as long as there's a clear disclaimer that this is just information pulled from your own laptop, not presented as evidence in some kind of criminal proceeding. We do this all the time with videos on the news that show crimes in progress. Heck, we did it with the rioters. Local papers ran big pictures of them on the front page. Simply making public video and data that you have every right to have and use isn't the same as calling the guy a crook and demanding he be hanged.
Now yes, the mob will probably take over from there, but that's because the net is full of mobs, not because you've somehow made a mistake in publishing the data. I am very concerned about folks taking justice into their own hands, but I don't think that my concern somehow changes the right of this guy to publish his own data.
There's no "we know the bastard did it, so there" that has to be involved. I load my laptop up with whatever legal programs I like, and I choose to publish the data from those programs any time I feel like it.
As for his privacy, he surrendered that voluntarily when he stole the laptop; the government didn't impose that sentence on him.
http://www.guardian.co.uk/commentisfree/2011/aug/10/uk-riots...
Furthermore, I don't see how putting someone's information on the internet is comparable to physically depriving someone of their property. The latter has obvious effects, and the former may not even cause much harm. It would have never happened had the thief not stolen the laptop, so I'd say the ultimate blame rests on them anyway.
Why should I respect his privacy when he has absolutely abused mine?
I know from experience (not me of course, but that of some kids who stole some stuff from a neighbor) that juveniles who are caught and convicted of petty theft basically get a slap on the wrist, a stern warning about what will happen if they do it again, and sent home.
The story you have just heard is true. The names were changed to
protect the innocent.
On August 12th, trial was held in Department 98, Superior Court of the
State of __London, in and for the County of __London. In a moment the
results of that trial.
Shillip Herbert Keaver was tried and convicted of robbery in the first
degree - five counts - and received sentence as prescribed by
law. Robbery in the First Degree is punishable by imprisonment for a
period of not less than five years in the __London penitentiary. Because
of the viciousness of the suspect, it was decided that the terms would
run consecutively.
You have just heard "DragNet," a series of authentic cases
from official files. Technical advice comes from the
office of Chief Constable, Scotland Yard, __London.Or maybe it's just really useful.
we (the Prey team) don't have the time or the interest to pay people, thieves or whomever to build and publish these elaborate stories.
I spent almost all afternoon yesterday on Reddit -- where some guy published a similar story -- trying to make it clear that we had nothing to do with it (besides having developed the software).
I'd be happy to answer any questions regarding Prey, but please don't make me go repeating today the same thing all over again.
So why did he rely on luck instead of SSHing to the laptop and unlocking the machine?
>I cranked up the frequency of reports to one in every five minutes to try to get a screen capture of him using gmail or facebook so I could snag a name or login credentials.
Hmm, start a keylogger (and a sniffer) in the background and then scp the logs a couple hours later?
I don't know of a single person who directly connects their laptop to the internet. This would have been sitting behind a NAT device which, unless port 22 was explicitly forwarded to the IP address that his laptop happened to get via DHCP, would have stopped him from SSHing in :)
I mean, basically doing what Prey does, but without relying on a third-party service and having much more control over the machine.
* Reverse SSH: if wget http://myserver.com/sshreverse; then ssh -R 2900:localhost:22 User@myserver.com; fi
Stick this in a file, chmod +x, then add an entry in cron to run it every hour or so. After that, you just need to create a file in your web server called "sshreverse" and you'll have an SSH tunnel to your laptop.
It seemed perfectly clear to me that you meant that a hacker is going to have some means of finding his stolen laptop rather than that using Prey makes you some kind of hacker.
And to the criticism that you are running a product, that's ridiculous as well. Do we all solder our own motherboards? Devout Not-Invented-Hereism isn't a prerequisite for being a hacker, and in fact it probably makes you much less effective of one.
Make up your minds. Is it the inclusive, "explorers of technology" meaning where it's more about curiosity and open-mindedness than skill level, or is it your little l337 boys club badge of honor?
Personally, it's not so much using a product, but 1) giving access to a third-party (the Prey server admins) to his laptop and 2) being limited instead of having complete control.
Prey just seems a poor solution if you know what you're doing. For non-computer geeks is excellent, though.
PICK ONE, GUYS.
The issue is that the article is titled "Why you don't steal from a hacker". This is not actually an appropriate name for the article, because it's not the writer's status as a hacker that leads to the final result. It is the writer's position as an application user that leads to the final result. In that sense, this article be should called, "Why you don't steal from someone that knows how to use an application to track their stolen laptop". Hence, by replacing the the "application user" with "hacker" you are diluting the meaning of hacker that everyone here loves to use. I'm not trying to be critical, just explaining why people are stating this and that they are attempting to express a consistent stance. You may associate this type of activity with a hacker, but understandably, it is not what you'd come up with when you attempted to define a hacker.
I'm impressed that the police dust for prints in England. I've never heard of someone getting that kind of thoroughness for a domestic burglary where I live.
As far as I know, they never caught anybody, but at least they tried. I'm pretty sure it was my drug-dealing neighbors two houses down... especially since the guy three houses down claims the security cameras on his porch showed them taking stuff from our house to theirs. Oh well.
Thorough investigation, dusted for prints, and even took sample of nondescript, possibly bodily fluid (turned out to be non-organic).
Very professional; Though wouldn't get burglarised again.
Problem solved!
Nice story though. And I'm happy another rioting / looting is going to court to answer for there actions.
To me, the hacker/cracker thing is just a lost battle and thus a big waste of time.
That being said, I'd only use "hacker" in the original sense, i.e. the hacker philosophy about exploring, learning and teaching. To me, a person with no clue about cars that learns to fix it themselves is by definition a hacker.
You all too often see people pulling the e-peen thing on the net, which I find sad, as it's also just another waste of time. The "correct" use of the term hacker is just a pretense imho.
In the same vein of whining and bitching: has there been another influx from reddit lately or is the cooling effect (or what it's called) only gradually noticeable? I've noticed that I'm more disappointed with the content and comments on HN lately, even more so on reddit obviously.
>Updated: to quell the comments, I did not choose the title to imply downloading tracking software is hacking, I am a hacker by profession and have been most my life.
I think you under-estimate the speed and hassle of dealing with insurance.
Also most insurance has a deductible. You're still out typically hundreds of dollars.
I had a macbook pro of one of our employees stolen. We used prey to get it back, with assistance from the police. Yes we have corporate insurance, yes we backup our data; but we were still very pleased to receive our stolen property back.
Skip to 3:15 http://www.youtube.com/watch?v=OAI8S2houW4
I set it up so if this file ever disappears http://iamnotaprogrammer.com/prey.html it starts sending me alert messages like the one below:
Good news my friend, it seems we found it.
Here's the report from your computer:
######################################################## # geo ########################################################
:: lat=(deleted)
:: lng=(deleted)
:: accuracy=33.0
######################################################## # network ########################################################
:: public ip=(deleted)
:: internal ip=192.168.8.121
:: gateway ip=192.168.8.1
:: mac address=34:15:9e:07:af:86
######################################################## # session ########################################################
:: logged user=sudonim
:: uptime=14:21 up 3:12, 6 users, load averages: 2.12 1.91 2.06
Happy hunting!
-------
Then it attaches a picture taken with my camera and a screenshot. All in all, pretty handy to have running.
There's apparently a safari browser-only mode which can be activated from the login screen there.
This would create the ideal scenario for the stolen laptop: Thief without the knowledge or ability to reformat (particularly if you've slowed them down further with a firmware password) can only use the safari-browsing guest mode; can't get to your full encrypted drive, and Prey is recording and sending off everything they're doing.
In other words, they would probably just wipe the computer and install Windows, and I wouldn't hear about the machine. I guess I could have a Windows install ready with a guest account and sneaky tracking software just for the benefit of an hypothetical thief, but it doesn't seem worth the effort.
If someone steals my laptop I wouldn't care about the cost of lost hardware. Instead I'd care more about my private data that now is in the hands of someone else.
It's kind of a problem, if you have all your other data stored using something like 1Password.
I know for sure I have a tracker installed on my laptop, but since it's running in "stealth" mode, I have no clue what it is or where to find it. I guess I am not hacky enough.