Finding A Laptop In The Street That's Rigged To Steal Your Info

OneWingedBird

Beloved of Ra
Joined
Aug 3, 2003
Messages
15,608
Likes
6,612
Points
284
#1
This story was told to me by a work colleague recently, I'm curious though if it's actually a thing.

Colleague reckons she found a laptop in the street under her car so se picked it up, took it inside and powered it up to see if she could find out who it belonged to so that she could return it.

There's a name set up on the computer so she searches it on Facebook and finds the person whose in her area, she asks him a few times where to return it to but he won;t say.

Then the bugger remotes into the computer and takes control of it and starts kicking off with her about her having his laptop. :O She shuts it down and promply changes her wifi password.

If accurate this sounds like some sort of scam, guessing the idea is to nick a laptop to use, set it up to accept remote access then leave it somewhere in the hope that someone takes it home and keeps it, then they harvest passwords, logins, credit card info and potentially blackmail material.

As I said to my colleague, I probably wouldn't take a found laptop home just in case there was something really nasty on it. Some people would though and might not realise to reformat it.

Has anyone else heard of something similar?
 
Joined
Aug 19, 2003
Messages
48,468
Likes
20,236
Points
284
Location
Eblana
#2
This story was told to me by a work colleague recently, I'm curious though if it's actually a thing.

Colleague reckons she found a laptop in the street under her car so se picked it up, took it inside and powered it up to see if she could find out who it belonged to so that she could return it.

There's a name set up on the computer so she searches it on Facebook and finds the person whose in her area, she asks him a few times where to return it to but he won;t say.

Then the bugger remotes into the computer and takes control of it and starts kicking off with her about her having his laptop. :O She shuts it down and promply changes her wifi password.

If accurate this sounds like some sort of scam, guessing the idea is to nick a laptop to use, set it up to accept remote access then leave it somewhere in the hope that someone takes it home and keeps it, then they harvest passwords, logins, credit card info and potentially blackmail material.

As I said to my colleague, I probably wouldn't take a found laptop home just in case there was something really nasty on it. Some people would though and might not realise to reformat it.

Has anyone else heard of something similar?
It sounds like the plot of a film I saw. Will try and track it down.
 

Mythopoeika

I am a meat popsicle
Joined
Sep 18, 2001
Messages
36,212
Likes
22,618
Points
309
Location
Inside a starship, watching puny humans from afar
#3
This story was told to me by a work colleague recently, I'm curious though if it's actually a thing.

Colleague reckons she found a laptop in the street under her car so se picked it up, took it inside and powered it up to see if she could find out who it belonged to so that she could return it.

There's a name set up on the computer so she searches it on Facebook and finds the person whose in her area, she asks him a few times where to return it to but he won;t say.

Then the bugger remotes into the computer and takes control of it and starts kicking off with her about her having his laptop. :O She shuts it down and promply changes her wifi password.

If accurate this sounds like some sort of scam, guessing the idea is to nick a laptop to use, set it up to accept remote access then leave it somewhere in the hope that someone takes it home and keeps it, then they harvest passwords, logins, credit card info and potentially blackmail material.

As I said to my colleague, I probably wouldn't take a found laptop home just in case there was something really nasty on it. Some people would though and might not realise to reformat it.

Has anyone else heard of something similar?
Never heard of it.
Not sure how it would steal logins, credit card info etc. if it was someone else's laptop... unless they're daft enough to enter all those details on another person's laptop.
 

escargot

Disciple of Marduk
Joined
Aug 24, 2001
Messages
25,753
Likes
21,931
Points
309
Location
HM The Tower of London
#4
Sounds vaguely like the 2018 fillum Unfriended: Dark Web, in that someone finds and uses a laptop which turns out have been planted for nefarious purposes.

Finding a laptop carefully placed under a car sounds a bit bomb-y to me. I'd've rung the police for advice. OK, nobody's going to blow ME up, but they may have the wrong car.
 

maximus otter

Recovering policeman
Joined
Aug 9, 2001
Messages
4,668
Likes
8,508
Points
234
#5
If this isn’t a foaftale, it sounds as though the potential scammer found the only person in the UK who’d behave in the desired way.

IMO there might be two potential responses from 99.9% of the public:

a) Hand laptop into local nick unopened, or;

b) Report laptop to police as a possible IED.

If it is a ruse, l’d enter it in the “Least likely to succeed” sweepstakes.

maximus otter
 

Yithian

Parish Watch
Staff member
Joined
Oct 29, 2002
Messages
26,287
Likes
26,659
Points
309
Location
East of Suez
#6
Details forgotten, but fairly recently some U.S. intelligence or enforcement agency tested security by leaving USB-sticks in the local park where many of the employees took breaks.

Again, figures lost, but a shocking number or staff gleefully picked them up and plugged them into their work computers on a supposedly secure network.

Will fish out details later if nobody gets there first.

Edit: 60%!
https://thenextweb.com/insider/2011...-security-study-60-of-subjects-take-the-bait/
 

escargot

Disciple of Marduk
Joined
Aug 24, 2001
Messages
25,753
Likes
21,931
Points
309
Location
HM The Tower of London
#8
There's no need to even provide the hardware. Someone at Techy's work logged his phone into what he thought was a genuine public wifi point at an airport.

It was actually a scam site set up to nick data. While he was on the plane his emails and address books were copied and used to scam the company. Caused no end of trouble and expense.
 

AlchoPwn

Public Service is my Motto.
Joined
Nov 2, 2017
Messages
1,662
Likes
2,287
Points
154
#9
The more common trick is to leave a USB drive dropped in the parking lot of a company a hacker wants to hit. Some employee will spot it, and put it into the network, auto-triggering a package of nasty code that then invades the company's software from within their firewall. Laptops by comparison are expensive unless they are very obsolete, and thus not cost effective, especially for identity theft. It would be far more sensible to use some sort of phishing software in an internet cafe computer if you want to steal identities, or any of the other various scams out there.
 

CarlosTheDJ

Antediluvian
Joined
Feb 1, 2007
Messages
5,821
Likes
5,337
Points
294
Location
Sussex
#10
It would be easy enough to leave remote access software on the computer, and then hope (as mentioned in the original post) that the finder just keeps it and cracks on without wiping the HDD. You'd have to rely on a fairly naive PC noob for this pwning to work but it's certainly possible.

As an aside, I think Max mentioned handing it in to the local nick - the Fuzz don't deal with lost property nowadays (national change in policy) so it's actually more likely to work now than a year or two ago.
 

kamalktk

Justified & Ancient
Joined
Feb 5, 2011
Messages
4,590
Likes
5,666
Points
209
#17
IT security testers have left infected USB drives in company parking lots before, with the idea people would plug them in to see what's on them. This almost sounds like a variation of that.

I imagine spies also do this.
 

Tribble

Killjoy Boffin
Joined
Apr 21, 2015
Messages
2,187
Likes
4,117
Points
154
#18
Under her car? Was it in a bag? How could it get there without being deliberately placed? Dumped by a thief?

I'd hand it in, primarily because I'm honest, but also because it could be crammed with the kind of stuff that would see a person before the courts on possession. I sure as hell wouldn't let it onto a home network. Apart from infiltration issues, what if it restarts a kiddyporn/Disney movie/terror manual torrent and our IP gets flagged? What if it belongs to an enemy intelligence agent cell that tracks it down and we have to go on the run, getting into action-packed gun battles and car chases and dramatic villainous monologues before finally clearing our names (until the sequel)?
 

CarlosTheDJ

Antediluvian
Joined
Feb 1, 2007
Messages
5,821
Likes
5,337
Points
294
Location
Sussex
#19
Under her car? Was it in a bag? How could it get there without being deliberately placed? Dumped by a thief?

I'd hand it in, primarily because I'm honest, but also because it could be crammed with the kind of stuff that would see a person before the courts on possession. I sure as hell wouldn't let it onto a home network. Apart from infiltration issues, what if it restarts a kiddyporn/Disney movie/terror manual torrent and our IP gets flagged? What if it belongs to an enemy intelligence agent cell that tracks it down and we have to go on the run, getting into action-packed gun battles and car chases and dramatic villainous monologues before finally clearing our names (until the sequel)?
Could be worse.

Could be running Vista.
 

Ermintruder

Delineated by a professional cryptozoologist
Joined
Jul 13, 2013
Messages
5,330
Likes
7,063
Points
284
#21
the Fuzz don't deal with lost property nowadays (national change in policy)
That may be so in the underdeveloped southern hinterlands of the island, but here in Scotland, the Polis currently continue to look after Lost&Found items, confiscations, seizures &etc.


but I thought I'd just hand it in here in Thurso station...
I beg your.... what?? Were/are you up in Caithness?

because of the potential for introducing rogue software.
Any organisation that possesses conventional networked computers yet does not enforce USB peripheral security and group policy control does not deserve to be in operation (unless of course they're so hip they permit BYOD and run everything via skinny client or browser frames. In which case it's barely an office....more a soup-kitchen)
 
Last edited:

Ermintruder

Delineated by a professional cryptozoologist
Joined
Jul 13, 2013
Messages
5,330
Likes
7,063
Points
284
#23
No, it was just the farthest from 'home' in Kent that I could think of for illustrative purposes.
Fair enough. Thurso is, odd though it may seem from the perspective of the south coast, actually 200miles closer to Stavanger than it is to Kent (bi thi corbie fligs)
 
Top