London Looter Robs the Wrong Computer Geek, Gets Caught by Ill-Gotten Macbook


When the London riots broke out, Greg Martin—a self-styled information security evangelist and computer security contractor—didn’t expect that he’d become the victim of a theft. According to his blog, he had returned to his London abode to discover his living space broken into, ransacked, and his Macbook Pro missing.

To many, the personal violation of a break-in and burglary can be a chilling event, leaving people feeling vulnerable, helpless, and without recourse against the attackers who breached their sanctuary. For a computer security expert and hacker like Martin, however, he went directly to the police about the crime involving his physical security—who arrived to take statements, photographs, and dust for fingerprints—but when it comes to geeks, we’re much more concerned about our cyber security and our equipment.

Unbeknownst to the burglars, they had taken a laptop equipped with a sort of cyber-Lojack: in preparation for exactly this sort of situation, Martin had installed a tracking program called Prey on his laptop. Software like this has been obscure by persistent over the past few years and it works less as a deterrent (much as physical security locks, biometrics, BIOS passwords, etc.) and more as a recovery agent by allowing the remote control and tracking of a mobile device that had been stolen.

Sensing his opportunity to strike back, Martin went to work.

He activated the software and waited.

It took until the next day for the first ping to come off his pilfered laptop. The thief had turned it on, and although he was smart enough to bypass the password security, he hadn’t noticed the tracking program. Needless to say, the tracking program noticed him. Most modern laptops have integrated webcams and, in an attempt to help position themselves and often identify the crook, send snapshots taken while AWOL.

“Next thing I did was buy a pack of smokes and run back to my apartment so the games could begin…” writes Grey Martin about his reaction once the first alert came in. “I cranked up the frequency of reports to one in every five minutes to try to get a screen capture of him using gmail or facebook so I could snag a name or login credentials.”

It didn’t take long for the thief to start using the laptop to surf the Internet and he did eventually visit Facebook. At which point the tracking software managed to get more than enough screenshots of his activity online that Martin was able to identify him by comparing his face to his Facebook page.

The entire saga ended after he delivered all this information to the authorities, including lots of personal information on the current holder of the laptop, and London Metro police swung into action and recovered the laptop.

Social media and the riots meet again, tangentially

The riots in London have done a lot to speak to how people use social networking—and this happens to be an unexpected success story involving it in an oblique way. As we’ve discovered today’s youth can be extremely reckless with their social media use when it comes to criminal activity and although London bureaucrats fear future riots and the role of social media in orchestrating them it has also been instrumental in understanding what happened from the street level. People caught up in the riots have taken their experience into their own hands and delivered citizen journalism at an unprecedented level.

During the aftermath, Scotland Yard will probably recover a lot of stolen items by scouring social media for foolish people bragging about their exploits. They might even employ facial recognition on photographs and video of the looting (not just from CCTV but citizen video uploaded.)

Out of all the different types of computer and network security, physical security and recovery is the most difficult. In most cases, once an attacker has physical access to your equipment your goose is cooked. However, security is about the big picture and that means thinking about the entire lifecycle of a security breach (from malware, getting hacked, or getting burgled.)

Martin’s story tells a tale about an expert; but there’s something to learn here for even security laymen.

The moral of this story: Don’t steal from a security expert.