Stolen laptop – used on MSN?
My stolen laptop has been used. At least I think so.
Microsoft have been uncooperative in determining this point.
I was sitting at my desktop last Thursday night when I was logged off my MSN Messenger
session with a you have been logged out because you logged in on another computer
message. WHAT? OMG!
I was on the phone right away to the folks at MSN. I called four different departments. I spent 90 minutes
talking and waiting. Nothing. People were polite. Helpful. But at no time did I find someone who
could provide me with the information I wanted.
I emailed MSN. They answered my question, but did not address my request. What IP address did the login come
from? The following is a collection of my correspondence with MSN regarding this incident.
- A transcript of an online chat session with MSN. view
- An email I sent to MSN view
- Their reply to the above, which did not answer my question. view
- My response stating that they did not read my question view
- Their response which claims they cannot help me without a court document view
- My final emails to them, all of which have gone unanswered view
I have been speaking with the detective assigned to my case. She tells me
that most laptops stolen in the Ottawa area wind up in India. She also
thinks there is very little chance of recovering the laptop. Local police
have had little help from Microsoft. They must go through RCMP, and
INTERPOL in order to get anything from Microsoft. By the time this process
is completed, the logs have been purged.
The officer pointed out that Microsoft’s response to my query is surprising.
I am merely asking for the logs related to my own account. Why they cannot
provide this without a warrant/court order is confusing. It is my own
information. It is not like I’m asking to identify someone else. All I am
asking for are my logs.
Today I sent a sworn affidavit, witnessed by a local official, to Microsoft. I have sworn that I am
the owner of the account in question and that I request they send me all records pertaining to the
incident. It was sent via registered mail. I await their response.
Donations
I was quite surprised when the folks at NYCBUG
send me a donation last night. Details are in my blog.
George Rosamond tells me that it was Ike Levy who started this donation process
back when the laptop was stolen.
Thanks Ike.
In addition to their donations, other contributions have arrived unexpectedly. I’ve put together
a list on my blog.
I have been looking for a replacement laptop. Used ThinkPads are not easy to find. I would rather not buy one off eBay.
So I’m going through my original supplier of my T22. I keep calling several times a week to see if he has one. None has
shown up yet.
On a disappointing note, I have not heard a thing from my insurance company. My insurance broker has been useful though.
Dan, I used to work over at Hotmail, which also maintains the MSN/Windows Messenger network. I wish to remain anonymous, just because. 😛
What Microsoft tells you about getting your own logs is quite true. They don’t provide details to *anyone* without a court order. That includes the FBI and state or county police departments. The only exclusion applied (but still required a letterhead for verification purposes) was in the case of physical harm (suicide, death threats, rape, etc.), which resulted in a call to Legal regardless of the hour (day or night).
As far as what the Messenger network actually logs, none of us really know — yes, even those who maintained the servers and kept things flowing aren’t sure what was logged. Messenger is one of those "gray area" things, even inside of Microsoft. But, I can tell you that connection logs (but NOT conversational logs) are likely kept, due to some of the equipment used for the service.
I’ll be placing a small donation to you regardless. Hopefully enough members of the BSD community will come forth and help you get a replacement, if not something better.
Best of luck in the future!
anon wrote:
> What Microsoft tells you about getting your own logs is quite
> true. They don’t provide details to *anyone* without a court
> order.
The irony of this situation is that I’m asking for my own logs. My logs for my account.
I find it quite depressing and sad when I think that my laptop is out there being used and there’s information in a log at MSN which might help us catch the thief. That leaves me a sense of complete powerlessness.
Sure, here, take my laptop, there’s no way we can catch you….. Even if you do use my accounts without my permission. Go for it. You have MSN’s blessing.
—
The Man Behind The Curtain
what about setting up a email from batch to send it self once a week to your email to a server that you have some rights to with some logs of connection and or ping your connection batch or Task Scheduler as it static connection
What i would do is create another MSN account and use Miranda IM to connect to MSN instead of the Microsoft client. Then you would add the address the thief is using on your contact list and turn on protocol logging in Miranda. If he logs in again, you should immediately see his ip adress in the logs when the plugin downloads the avatar pic.
nrg
P.S. You can download the latest build of Miranda IM at: http://miranda-icq.sourceforge.net/alpha
Only the latest builds allow logging so be sure to install a nightly.
[%sig%]
P.S.S. Oh, be sure to enable Avatar support in the MSN plugin options once installed..
Hi Dan,
I wondered if you could tell me for how long MSN keeps logs of their last IP ?
Thanks,
Sofia
(please send a link to my email address with your reply..tahnk you.)
my email is soniared2002 .at. hotmail.com
[%sig%]
Dan,
I have been an avid reader of your site for quite some time now. I have followed your track record of misfortune – from losing your job to losing your laptop, to exploding NICs and nonfunctional parts. But this stubbornness from M$ has to be most annoying.
I don’t have any idea to share with you on how to proceed, other than to convey my best wishes.
Just so you know, I have learned much from your experiences with FreeBSD. I have lived through working with 2.2.7-release, then 3.5.1-release, then almost all the 4.x- and the 5.x-releases. It is encouraging to know that someone somewhere out there has at one point banged his head against the wall and lived through what I am living through right now.
Best wishes, and keep those entries coming.
Cybersoldier01
Really it can’t be that hard to get a court order. Ask, and you shall receive. Worth a try.
Don’t just think about the past logs, which may or may not get lost. The perpetrator will no doubt connect again and again.
Looking forward to hearing how it works out if you manage to get the IP addresses!
Hey, I was sitting here the other day at one of my machines, the *only* one that even has an MSN account setup on it, and I’m the ONLY one who knows the password. When… all of a sudden it kicks me off and says… ‘someone else has signed into this msn account’ — I tripped out, ran to hotmail.com or where ever and change my password…… anyway, long and short of the story, no-one actually signed into my account… I just got that message for some weird reason… that would’ve been in May of this year (05) — I’ve never seen that happen in my 6 or so years of having this account – just thought I’d let ya know.
You wrote that you don’t want to buy off ebay, but maybe if IBM is the seller?
http://stores.ebay.com/IBM-Authorized-Auctions_W0QQcolZ2QQdirZQ2d1QQsotimedisplayZ2QQtZkm
Anyway, good luck getting back the laptop or getting a new one!
\David
[%sig%]
Wishful thinking, but if you could use another account and attempt to ‘trick’ them into accepting a file, or video/voice connection, I *believe* that Messenger would create a direct connection to the other user. You would then be able to do a netstat and see the connected addresses. Unfortunately, this is not a very probable solution.
Best of luck in your recovery efforts.
[%sig%]
Many have noted this. Unfortunately, they were only on once. At least I think they were on. MSN refuses to confirm or deny whether or not my account was used from an IP other than my home (which has a static IP).
I have also not had a response to my registered letter.
—
The Man Behind The Curtain
Dan,
I empathise with your situation but wonder why you use M$N in the
first place (sorry if this is obvious elsewhere)
I personally avoid anything M$ unless I absolutley have to get involved
in my work as a support tech.
If it wasnt for that I would blacklist all their sites / services altogether,
particularly in light of your situ 🙁
I am sure there are others sharing my feelings.
Graham
Graham wrote:
>
> Dan,
>
> I empathise with your situation but wonder why you use M$N in
> the
> first place (sorry if this is obvious elsewhere)
I’m using MSN Messenger to communicate with people. I find it odd that I need to justify that.
ICQ, Yahoo Messenger, Yahoo Chat, Trillian, Internet Relay Chat . . . .
Email ?
Theres alot of alternatives – still its up to you 🙂
Graham wrote:
>
> ICQ, Yahoo Messenger, Yahoo Chat, Trillian, Internet Relay Chat
> . . . .
>
> Email ?
I use some of those as well. I think you are missing the point. I feel no need to justify this.
> Theres alot of alternatives – still its up to you 🙂
No, it’s also up to the people I wish to communicate with.
Dan,
You are right, you dont need to justify anything – you have a great site
and have enabled Phorum which is a great way of communicating too.
I try and convince people I want to communicate with to use a method
which I believe to be safer / more efficient etc.
As its a two way thing then yes, its up to both parties.
Your point : Lack of M$ action on your behalf
Mine : Stop using their software or accept the in-adequacy
Sorry about your laptop BTW – mine was removed from a college
classroom whilst I popped out to get some notes 🙁
Regards
Graham
Graham wrote:
> Your point : Lack of M$ action on your behalf
> Mine : Stop using their software or accept the in-adequacy
The above quoted statements are indicative of a strong anti-MS feeling. I do not share those views.
I use and have used MS software since Windows 2.11. I am a firm believer in using the right tool for the job, whatever that job may happen to be.
My frustration at being unable to extract information from MSN with regards to this incident could just as easily be directed at the owners of
"ICQ, Yahoo Messenger, Yahoo Chat, Trillian, Internet Relay Chat . . . .". Should that have been the case, I would not have abandoned that communication tool either.
I get the idea that you would not be making similar comments if the incident had occurred with ICQ. You do not like MS. Please do not use this forum to attempt to spread your philosophy.
Thank you
Sorry about your loss dude. But really you shouldn’t feel so left out in the cold by MSN. I say this having been robbed at knife point in Houston, had my car stolen in LA, my house broken into in Dallas, attacked in the subway in NYC and various other things that some of the more pleasant folks in our society have visited upon me.
In every one of these instances the police would only pay lip service to the crime. Even when I knew who the perp was and where they could be found. The police really have an attitude about this kind of stuff. I guess they see so much of it they just become jaded to it all.
It really is a pisser though when I’m stopped by the cops for going 50 MPH in a 45 MPH zone. They seem to be able to find out anything they want to here but ask them to go and arrest the guy who stole my refrigerator, well unless I produce a video tape showing the crime in progress and personally bring the perp into the station, the cops may as well not exist.
> In every one of these instances the police would only pay lip service to the crime.
> well unless I produce a video tape showing the crime in progress and personally bring the perp into the station, the cops may as well not exist.
How true. I was tazed (aka stun-gunned) at the gas station where I worked in a failed robbery attempt. I say failed because the guy paniced when I did not go down — I guess he didn’t expect someone who wouldn’t panic when electrocuted. We had video, finger-prints, and a license plate number. As well as visual confirmation on the color and make of the car from the police themselves… who saw the car before I was robbed and thought it looked suspicious.
They never arrested the guy. Never. They did fingerprint me and my company demanded a drug-test because I had been injured on the job. I have lost so much faith in the police.
Then, when there is a computer error and my license ACCIDENTALLY gets suspended without telling me… the pigs want to toss me in jail for a couple of days until I can get a judge to believe my insurance company.
ARG.
Hi
I have read about your laptop please have a look at our site we have a new product which is brilliant for protection and if you would have had this it would of not have gone missing in the first place …. please look at our site http://www.secureitsafe.com you can use this safe anywhere i promise also tell your boss you and your colleagues need one!!!!!!!!!! looking forward to your comments
Kind regards
Darren
Hi Dan,
Two comments I will make on your logging incident.
I work at an ISP. back in 1999, we got our first (and only, so far)
subpoena from the FBI asking for records. Unfortunately, at that
time we only were keeping detail records of dialup calls for 3 months and
the subpoena wanted them back 6 months previously so we couldn’t
help the FBI.
Immediately following that I changed log settings on everything
to hold detail records for a -minimum- of ONE YEAR. At that time this
was somewhat of a burden as large disk drives were still rather
expensive, not to mention you need a lot of CPU power to read
through a years worth of radius detail records, even if they are in a
mysql database as ours our. Fortunately today this isn’t an issue.
I think you should push the cops to get a subpoena for those
records. I’m sure your going to get a lot of bullcrap from people
claiming that they purged the records, etc. but the simple facts of
the matter are that with storage as cheap as it is, and people as
litigious as they are today, it’s obvious to me that MSN has
records that extend back for probably many years.
As you say you have a right to those records. Of course MSN is
going to try to stall you because the flappers that isolate you from
the people that do the real work, don’t want to spend the money on
the labor to get them. But, MSN has put an attractive nuis.. I mean public
service up on the Internet and they have a responsibility to the
public to assist in criminal investigations that involve that. I can
certainly tell you that if the ISP I work at was running Messenger
you would have had your records already. Not every company
views providing data to assist a criminal investigation as a
nuisance. For damn sure I would much rather be digging out old
logs to catch a thief than helping Grandma Moses yet once again
to figure out how to send e-mail in her weekly time-wasting
phone support call.
And as for my second comment I’m going to say it anyway even
though you don’t want to hear it – there’s a lot of alternatives to
MSN Messenger. I have never used it in the past and certainly
would not use it in the future, and I have never suffered from doing
so. Although I will admit I am biased – because MSN directly competes
against my employer who pays me and therefore enables me to
buy food. Paying money to competitors of your employer is pretty
self-defeating in my book. You might keep this in mind next time
you feel the need to make a comment along the lines of the
right tool for the job.
[%sig%]
As an aside, you might want to look into other applications that communicate with the internet in this case. In my case I’ve helped in a few cases with distributed.net where we’ve had PC’s and/or laptops get stolen and we’ve got the IP’s logged of the clients as they connect, and once the person had that information they could contact the ISP (etc. etc.)
I’ve been reading your site for years, so if I can help, it’s worth it. 🙂