A Tale of Two Thefts

A couple of days before last Christmas I noticed our front door was open as I came downstairs at 5:50AM. Odd, front doors aren’t supposed to be open in the night while you and your family sleep. Turns out our front door had been forced in the night and along with A MacBook Air thieves had taken an iPhone, iPad and a wallet.

Twenty minute later, police report having been filed, credit cards annihilated and phone provider alerted we logged in to Apple’s Find My iPhone service and located the phone in a carpark of a block of flats in Kwinana. A quarter hour passed and it moved to a corner of one of the units. After another quarter hour it left the flats and dropped into a small shopping complex for 5 minutes before heading north on the Kwinana Freeway. Not long after exiting west on South St the signal went dead and nothing further has been heard from that device. Our collective mood died too.

Two days later I got a little email from an @icloud.com address, subject line; “Kira’s MacBook Air has been found”. My Air had a new “owner”, Kira, and with it a new user account. Apple attaches a map showing where the device is located. iPhones use a combination of GPS and mobile phone tower triangulation to generate very accurate geolocation. Notebook computers are somewhat hamstrung in this regard and rely on known locations of wifi access points which can be a bit vague. This is supplemented by data from passing iPhones which are constantly “sniffing” wifi access points and reporting their locations to Apple’s database. The more densely populated an area around a stolen MacBook the more likely it is that there will be iPhones around refining the position of the computer.

My MacBook Air spent a bit of time in a very busy part of Fremantle for extended periods at odd hours for two days. Once Christmas was behind us I spent the better part a week watching it pop up all over SE Freo; I logged addresses from Hamilton Hill, Hilton, Success, Samson and Yangebup. It was never on long enough or at one address for long enough for the police to be able to do anything much, especially during the busy holiday period. By early January Kira was off the air.

Another week passed, another email from iCloud, subject line; “Tim’s MacBook Air has been found”. This time it stayed found, showing up day after day around the same address in Willagee. WA Police decided they had enough to search a particular house and in the middle of January Tim was charged with receiving stolen goods. Months later the computer was returned to us, with both Tim’s and Kira’s user accounts relatively intact.

Once we’d saved the thousand or so photos from the iPhoto libraries we pressed the little Air back into professional service and it started going home nights with Darren. This is where the story starts to get really weird… Darren’s house was broken into on May 9th 2013 and one of things nicked was the very same Air that just come home. And then…

Date: Sun, 12 May 2013 13:38:38 +0000 (GMT)

From: Find My iPhone <noreply@icloud.com>

To: robert@frith.net.au

Subject: Maddi’s MacBook Air has been found

Well Find My iPhone is great, but we’d discovered its limitations earlier in the year and after canvassing a couple of options had decided to subscribe to Orbicule’s Undercover for Mac. Undercover is Find My iPhone on steroids. Once installed it runs invisibly in the background on your Mac. If your Mac is stolen simply log in to your UndercoverHQ account and click “report stolen computer”. As soon as you Mac goes online  it recognises it’s new status and switches to spy mode. Every 8 minutes it takes a screenshot and a photo of the user and uploads them to your UndercoverHQ account. It also uploads keylogs of everything except passwords.

Within hours we had photographs of three occupants of a household in Charles St, West Perth, along with screenshots of bank accounts, pay advice, Gold Coast real estate browsing, a Skype session. On and on. Within 48 hours we had given the police enough information to pay a visit and recover the MacBook, however no charges were laid. This time it was returned to it’s rightful owner within a week of the theft. Orbicule’s comprehensive expansion on the Find My iPhone concept was undoubtedly responsible for the incredibly fast result.

The last thing that “maddishiz” typed in the Google search bar before recovery was effected? “how to wipe macbook air”.

Anyhoo, why don’t you enjoy a few screenshots from each episode?

Here’s the sort of communication you get from Find My iPhone;

Receivers of stolen goods are creative too. As much as I’d love to share the 1723 photos that Timmy left behind I’ll confine myself to a few screenshots of the sort of thing you can expect to see from Find My iPhone and Undercover.