How to catch a computer theif?

Some one broke into the school I work for and stole 3 computers. Since I'm the IT guy I have a list of all the computer's MAC addresses. Is there any way I can use this info track them down by asking the local internet provider if anyone is using the Internet with these addresses?

Part of the reason I wanted to try to catch them is because we suspect it was an inside job.

They climbed up on to a lower level roof and threw a rock through the computer lab window. That means they knew which room had computer in it.

The reason they only took 3 computers was because the rest of them are old PII or PIII machines. One of the 3 computer they took was mine. I had brought it in because this a poor catholic school that doesn't have the money. All the other computers were donated because they're obsolete. Thats why it pisses me off.

Anyways the school is now going to install an alarm and cover the windows wire mesh. Its going to look more like a prison but I guess thats what you have to do in the inner city.

As an information security professional my advice to you is that the best thing you can do for your organization is to implement policies that ensure all computer systems be locked down... ie, with a security cable and the cases locked so that the hard drives are secured. This way you will prevent future theft.

You could certainly contact your local ISP.. but how many are in your area?

You would have to file a police report and get a subpoena from a court of law before any ISP would release any information to you. Then you would have to somehow convince all of those ISPs to scan for those MAC addresses which would be a cost to them they probably will not be willing to incur. A lot to go through for 3 computers...

You could certainly try to scan for the MAC addresses yourself.. but again... quite a long shot.

You would serve your organization far better by getting an information security professional in there who can implement policies that protect the organization like security cables, cameras, etc..


Good Luck

You may have only one ISP but that doesn't mean the computer thief or thieves have to use that one. There are too many things that can be done to get online and avoid a specific ISP. It's worth a try, however.

They won't give you access to that info. Just give that info to the police, they would have to get that from ISP.

Good luck because your chances of ever getting the theifes caught are slim to none. Maybe they will just disasemble the comptuers and sell of the part like alot of auto theifs do.

all they would need to do is change the network card...then how would you catch them?
unless your computers are securely tagged?

Stick with ForensicGirl's reply...she's got it right.

Additionally, if you're physically locking down computer equipment always ask yourself about the placement of the cables and such...CAN A BOLT CLIPPER GET A HOLD OF THIS. If the answer's yes, then it's an inconvenience, but it won't stop the theif.

One other option is to goto the VMware site and research the Virtural Desktop solution. I've been taking training these past 2 weeks on this system and I'm sold. It would allow you to host the desktops centrally on a server, and use older equipment to launch remote sessions. This allows you to reuse older equipment that is less of a target to thieves and run the same desktops from either Windows, Linux, or Mac OS's.

It's worth your time to look into this as the potential in a school environment is great.

Michael McLaughlin @ IronOak IT, Calgary, AB

http://www.linkedin.com/in/michaeljmclau...
http://www.ironoakit.com