The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
The Story Of AppleScript & Timbukto Catching A Mac Thief

The Story Of AppleScript & Timbukto Catching A Mac Thief

by , 12:00 PM EST, January 24th, 2002

This story comes to us by way of and the good folks at MacSlash, who were the first to notice it at That roundabout path is worth it, however, as it deals with the story of how AppleScript and Timbuktu helped to catch someone who had stolen an iMac. It seems that an iMac was stolen from an AppleScripter's sister, and was quickly put into use by the thieves, or someone that knew the thieves. Since the machine had Timbuktu installed on it, the AppleScripter was able to tap into the machine whenever it went online. From there, he was able to install some AppleScripts that erased the drive, and also hexedited AOL to force it to call his own phone number so that he could have the thieve's phone number on his caller ID. Pretty smart, no? Some snippets from the article (note that the piece is quite long, and very well worth the read):

R.D. Bridges: My sister's iMac was stolen in a burglary. She had Timbuktu installed on the machine, so if the thieves ever get online I can send a file to it.

I was thinking I could send an Applescript to the stolen machine's Startup Items folder to have it execute at the next restart. Any ideas on a good Applescript I could send to erase the hard drive? National Security's not involved, but my sister is understandably creeped out that crooks are looking through her personal files.


R. D. Bridges (A day or two later): Well, good news and bad news.

Good news is, I caught them online and was able to insert the Death Script, as I came to call it, into the Startup Items folder. Also, they had changed the owner name of the iMac to presumably one of their names (first and last). Also, another name (first and last) was on a folder on the Desktop. The final good thing is that I was able to trash some tax returns and other stuff that had personal info on it while they were apparently away from the keyboard (Timbuktu reports idle time when the mouse is not moved or a key pressed). The down side is that I didn't want to risk taking control of the stolen machine and telling it to empty the trash. Figured if they saw the cursor mousing around they'd panic and disconnect.

On the bad news side, I got to tinkering with the Death Script here on my machine and noticed that, if any of the items in the trash can are locked when the script executes an "Empty Trash" command, a dialog pops up saying the trash cannot be emptied because one or more items are locked. I can't say for sure that any items on the stolen machine were locked, but since it threw everything except the System Folder into the trash, the odds are good that at least one or two obscure items were locked. Silver lining: the Death Script's last command is to shut down the computer. So barring some keen insight into stopping the script before it finishes, it should be useless to the thieves as it will shut down almost immediately after starting up.


R. D. Bridges: Good news today. The police called my sister and said they'd recovered both her stolen iMac and her printer. Don't know much else, will follow up with details if anyone's still interested.

You can find out what happened and how it happened by reading the full article, which we strongly recommend. It is entertaining, and tracing the events of all Mr. Bridges did to get the thief is a delight.

The Mac Observer Spin:

First up, AppleScript and Timbuktu rock. Second of all, be careful about playing with The Death Script, as Mr. Bridges calls it, lest you find your own Mac more barren than a young person after a three year stint on Accutane. In any event, there is something fascinating and satisfying in the story.

Recent TMO Headlines - Updated October 25th

Tue, 5:51 PM
macOS Sierra 10.12.1 Leaks New MacBook Pro Images
Tue, 5:02 PM
Apple Beats Guidance with Q4 Earnings, Guides Q4 Above Consensus
Tue, 2:20 PM
Existing Home Routers Could Be Used to Stop DDoS Botnet Attacks
Tue, 1:06 PM
TMO Daily Observations 2016-10-25: iMessage Wish List, Original iPod Music Collection
Tue, 11:55 AM
MyScript Nebo iPad Pro Note Taking App Temporarily a Free Download
Tue, 10:52 AM
tvOS 10.0.1 Update Improves Security, Skips Single Sign-on
Tue, 9:46 AM
AAPL Q4 2016 Earnings Report Coverage this Afternoon
Tue, 9:00 AM
Last Chance for The Award-Winning Mac Bundle
Tue, 8:00 AM
The 20 CDs Steve Jobs Gave Journalists with the First iPod
Mon, 6:43 PM
Apple Fixes Two-Factor Authentication Setup Bug
Mon, 6:22 PM
Anticipation and Joy: Abusing Autonomous Cars For Fun
Mon, 6:10 PM
Dyn DDoS Attack Shows IoT's Inherent Security Weakness
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!