SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    Aug 2004
    Location
    Central Illinois
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How can I hack a stolen computer to wipe it or gather info?

    My brother-in-law just had his laptop stolen. While little of the data would be useful to the thieves, it's of value to him and he'd like to get it back. I was wondering if there would be any way to initiate a social engineering / phishing attempt that has any chance of succeeding at allowing me to install remote access software, or otherwise wipe or transfer data? I'm not a hacker and don't know what tools I'm even looking for, but it would need to be something that would install fast, with minimal action required by the thieves.

    We have reason to believe they've accessed his Gmail account, and he has Skype installed, so there are conceivably ways to get messages through to the computer. The trick is to get some kind of payload through that we can then use to our advantage.

    Any ideas?

  2. #2
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,588
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    It's a good idea to password protect your computer (I always log in when I fire up the computer).

    I don't know about PCs, but Macs have a "find my mac" feature (that works for iPhone, iPads etc. too). You can go online and see where your device is, and wipe it, too. (Not sure if you can wipe the Mac, actually, but you can wipe the phone. But you can take a photo of the person sitting in front of the Mac and send it to the police, along with the thief's location.)

  3. #3
    SitePoint Enthusiast
    Join Date
    Aug 2004
    Location
    Central Illinois
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Password protection would have been a good idea. I always use one too. But this wasn't my computer.

    Interesting info about Apple products though. He had an iPod Touch that might have been taken as well. So that might be an angle to look at.

    Other suggestions will continue to be welcome!

  4. #4
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,588
    Mentioned
    411 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by MatthewHSE View Post
    He had an iPod Touch that might have been taken as well. So that might be an angle to look at.
    Initially, you need to set up an account with iCloud and enable "find my <device>". Not sure if iPods have that facility, but I would assume they do. But if it wasn't set up before being lost, he might be out of luck. If it was set up, though, he might be able to locate the robber. The iPod would have to be on an connected to the web, though.

  5. #5
    SitePoint Zealot Siick26's Avatar
    Join Date
    May 2013
    Location
    England
    Posts
    113
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I don't think there is a massive load of options you have available. If you had some remote software which wiped the computer then that would be good but you haven't. I'd advise him to make sure he changes all his passwords (i'm sure he's already done this) and just report it to the police. Not a lot you can do really.

  6. #6
    SitePoint Wizard webcosmo's Avatar
    Join Date
    Oct 2007
    Location
    Boston, MA
    Posts
    1,429
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You can just change all the passwords used on that computer Skype, mail, etc, and hope no personal information will be used by the thieves. And next time he better be careful with his stuff I don`t think you can find that computer, it`s pretty much lost for good.

  7. #7
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,042
    Mentioned
    16 Post(s)
    Tagged
    3 Thread(s)
    If they are monitoring emails and nosey you could try sending some type of email with software attached that would wipe the disk. However, they would have to be dumb enough/intrigued to even run the program. Beyond that the software would also have to have permissions to wipe the disk. It would be highly unlikely someone would run some random software sent in an email but stranger things have happened.
    The only code I hate more than my own is everyone else's.

  8. #8
    #titanic {float:none} silver trophy
    molona's Avatar
    Join Date
    Feb 2005
    Location
    from Madrid to Heaven
    Posts
    8,023
    Mentioned
    210 Post(s)
    Tagged
    1 Thread(s)
    The thing is that you normally don't you know who stole the computer... or their intentions. Normally, it would be someone that just want to sell it to someone else (second hard store) to get some cash. If that's the case, any social engineering tool that you may have to use will fail

    Social engineering is based in that you know which computer you want to attack, where it is (at least at a particular point) and who is using it... because to get the passwords and stuff you need to befriend this user, or get to know their friends, or get as much information about him as you can.

    You don't know the thieves, nor how to contact them (not even FB) so that's out the place.

    If you don't know him but want to install a remote control software, the only thing that you can do is to send something to that computer (as an example, an e-mail that's configured in it) that the thief can't resist to click on. If the laptop is modern though, or there's some kind of authorization process in place (like Linux has, you can't install or update anything new without writing the password) that will also fail.

    And, if the thief simply wants to sell the computer, he may not even bother to see what's installed or will not really use the computer (just to check that it works and that it can be sold).

    So for the goods that were stolen, you can't do much.

    In the case of the iPhone, if you have the IMEI of the mobile card, you can contact your phone provider and they can try to trace where the phone is (if the phone is on, of course)

    I think that iPhone also has a feature that Samsung phones have: a little option that can tell you where you mobile is. By using an account that you configure when you bought the phone, and through a special web page, you can active the remote location services and even manage certain options (such as taking pictures while the thief is using your phone but he will not know that you are doing so)

    These phones can also be encrypted (in the same way the laptop should have been encrypted and with password protection)

  9. #9
    Non-Member
    Join Date
    Apr 2013
    Location
    USA
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is always useful to use some security software for the data security. You never know when will you lose your USB flash drive or laptop.

  10. #10
    Just Blow It bronze trophy
    DaveMaxwell's Avatar
    Join Date
    Nov 1999
    Location
    Mechanicsburg, PA
    Posts
    7,200
    Mentioned
    104 Post(s)
    Tagged
    1 Thread(s)
    If they logged into gmail, you could use the details link at the bottom of the page to see the IP addresses they logged in from - if it's a fixed IP address, you'd have an outside chance to find them.....if it's a public location or a service which doesn't have fixed IP addresses, it's not much help, however.
    Dave Maxwell - Manage Your Site Team Leader
    My favorite YouTube Video! | Star Wars, Dr Suess Style


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •