The Story Of AppleScript & Timbukto Catching A Mac Thief

by , 12:00 PM EST, January 24th, 2002

This story comes to us by way of Slashdot.org and the good folks at MacSlash, who were the first to notice it at MacScripter.net. That roundabout path is worth it, however, as it deals with the story of how AppleScript and Timbuktu helped to catch someone who had stolen an iMac. It seems that an iMac was stolen from an AppleScripter's sister, and was quickly put into use by the thieves, or someone that knew the thieves. Since the machine had Timbuktu installed on it, the AppleScripter was able to tap into the machine whenever it went online. From there, he was able to install some AppleScripts that erased the drive, and also hexedited AOL to force it to call his own phone number so that he could have the thieve's phone number on his caller ID. Pretty smart, no? Some snippets from the article (note that the piece is quite long, and very well worth the read):

R.D. Bridges: My sister's iMac was stolen in a burglary. She had Timbuktu installed on the machine, so if the thieves ever get online I can send a file to it.

I was thinking I could send an Applescript to the stolen machine's Startup Items folder to have it execute at the next restart. Any ideas on a good Applescript I could send to erase the hard drive? National Security's not involved, but my sister is understandably creeped out that crooks are looking through her personal files.

<snip>

R. D. Bridges (A day or two later): Well, good news and bad news.

Good news is, I caught them online and was able to insert the Death Script, as I came to call it, into the Startup Items folder. Also, they had changed the owner name of the iMac to presumably one of their names (first and last). Also, another name (first and last) was on a folder on the Desktop. The final good thing is that I was able to trash some tax returns and other stuff that had personal info on it while they were apparently away from the keyboard (Timbuktu reports idle time when the mouse is not moved or a key pressed). The down side is that I didn't want to risk taking control of the stolen machine and telling it to empty the trash. Figured if they saw the cursor mousing around they'd panic and disconnect.

On the bad news side, I got to tinkering with the Death Script here on my machine and noticed that, if any of the items in the trash can are locked when the script executes an "Empty Trash" command, a dialog pops up saying the trash cannot be emptied because one or more items are locked. I can't say for sure that any items on the stolen machine were locked, but since it threw everything except the System Folder into the trash, the odds are good that at least one or two obscure items were locked. Silver lining: the Death Script's last command is to shut down the computer. So barring some keen insight into stopping the script before it finishes, it should be useless to the thieves as it will shut down almost immediately after starting up.

<snip>

R. D. Bridges: Good news today. The police called my sister and said they'd recovered both her stolen iMac and her printer. Don't know much else, will follow up with details if anyone's still interested.

You can find out what happened and how it happened by reading the full article, which we strongly recommend. It is entertaining, and tracing the events of all Mr. Bridges did to get the thief is a delight.

The Mac Observer Spin:

First up, AppleScript and Timbuktu rock. Second of all, be careful about playing with The Death Script, as Mr. Bridges calls it, lest you find your own Mac more barren than a young person after a three year stint on Accutane. In any event, there is something fascinating and satisfying in the story.