A friend of mine just had her Macbook stolen. Her Dropbox account is still working on the Macbook, so she can see each time the Macbook comes online, and she can get its IP address.
She has given this information to the police, who say it may take up to a month to get the real location from the IP address. I was wondering if we could help find the laptop, as then the person with it could be arrested now for handling stolen goods (otherwise they might reinstall it before the police catch them).
Here are the facts about the stolen Macbook:
- It is running OS X, but I'm not sure exactly which version (I will find out though).
- There was only a single user account, with no password, and with admin privileges.
- The original owner's Dropbox is still synchronizing, which gives us the IP address each time it comes online.
- The original owner isn't a techie, so she's very unlikely to have turned on any of the remote control features like SSH, VNC etc (I've e-mailed her to ask).
- She does not use iCloud or the .Mac service.
I was considering pushing an enticing file into Dropbox to get the user to click on it. I'm guessing I'll only get one shot at this, so wanted some ideas on the best thing to do.
My ideas so far:
- Install some sort of key logger to send all the info back to the owner. Is there any way to do this without the user being made aware?
- Make the file a shell script to slurp up as much useful info as possible, e.g. browser history, look for iPhone backups, etc. I'm not sure of the best way to send this info back though. It sounds like I might be able to use the mail command (to a free e-mail account of course)?
- Maybe turn on remote management. Is there a way to do this without user accepting security popups?
Does anybody have any tips here? I've written plenty of shell scripts, but was wondering if other OS X options might be better, e.g. Applescript? Has anybody got any better ideas than pushing a Dropbox file to it?
I know this question is basically about writing a form of malware, but I'd love to be able to emulate my hero from the What Happens When You Steal a Hacker’s Computer DEF CON lecture.
We'll make sure to check with the police before we do anything to ensure we don't break any laws.