Author Topic: Use of TeamViewer to identify user of stolen computer  (Read 15773 times)

redrocks

  • Newbie
  • *
  • Posts: 3
Use of TeamViewer to identify user of stolen computer
« on: June 14, 2015, 12:52:35 AM »
My Lenovo laptop was recently stolen.  After purchasing a new computer I found my stolen laptop had updated from DropBox so I thought they might be using my computer without wiping it clean.  I loaded TeamViewer on my new laptop and discovered that my stolen laptop shows up as online and ready to connect to it.  I don't want to scare the user of my stolen laptop into thinking they need to strip it so I am very leery of connecting using the standard protocol of TeamViewer.  Any of you power users aware of a way to connect with my stolen laptop without having a window pop up on it - I want to gain the ability to view some screen content and possibly learn their name and address.  I have their IP address and have shared it with the police but they won't even assign the case to a detective for at least 5 days.  Hoping for someone to assist in zeroing in on the whereabouts of my computer and who has it now.
thanks

Admin

  • Administrator
  • Sr. Member
  • *****
  • Posts: 456
Re: Use of TeamViewer to identify user of stolen computer
« Reply #1 on: June 14, 2015, 11:41:21 AM »
wow, this will be interesting to watch the conclusion. Not sure about preventing a pop up, but keep in mind that if they were dumb enough to steal a laptop and not wipe it, they probably wont recognize what teamviewer is or why its running. you can probably start it and then not touch the mouse, and just watch, not disconnect until they shut down the computer, that way the end of session popup wont occur OR force the reboot yourself, they will never understand why.( banking on they are stupid).

but if you have a web cam on the lenovo, take a chance and start it so it show on the remote screen...you will see that on your screen and take aphoto of your screen with a camera or screen shot your screen .


matt

  • Hero Member
  • *****
  • Posts: 904
Re: Use of TeamViewer to identify user of stolen computer
« Reply #2 on: June 14, 2015, 04:50:30 PM »
I'd go to the police

Let them contact Teamviewer (the company) and establish the IP used by this computer.
IP's can be traced to the ISP using 'Whois' tools, the ISP can be contacted to find out who has the IP address.

Meanwhile I'd make a copy of the ID number for reference.

You can contact teamviewer directly, but I'd expect that the police will have much more success in getting the detail of the IP address from teamviewer than you will personally.
It would be awesome to catch someone live with your laptop - although you may lose it as 'evidence' for a while.

redrocks

  • Newbie
  • *
  • Posts: 3
Re: Use of TeamViewer to identify user of stolen computer
« Reply #3 on: June 14, 2015, 11:17:44 PM »
Admin and Matt:
I have the police involved.  I have called TeamViewer and been successful in getting the IP address for the stolen laptop when it is online.  I have witnessed that it is staying in one place using a Quest IP address.  I fully expect the police to acquire the requisite warrants to get the physical address from the Quest service provider but not for another week or so - they have too many cases to even get mine assigned to a detective. 
I don't even recall whether I created my set up originally to allow remote access but I do have the TeamViewer ID number and when I say connect and then cancel out before I enter the password the resulting logfile reveals the IP address that the remote computer is linked to the internet via.  Currently the stolen laptop has been online several times and each time from the same IP address.
Maybe there is no way to access the laptop via TeamViewer without popping up a window on the stolen laptop.
Thanks for your thoughts.

matt

  • Hero Member
  • *****
  • Posts: 904
Re: Use of TeamViewer to identify user of stolen computer
« Reply #4 on: June 16, 2015, 12:07:00 AM »
Maybe there is no way to access the laptop via TeamViewer without popping up a window on the stolen laptop.
Not to my knowledge

You could black screen it within a couple of minutes though, if you happen to notice it left on overnight...and while it it still connected change the passwords, use the web cam to take some images.

almost sounds like fun (except that you have lost your laptop :/ )

Admin

  • Administrator
  • Sr. Member
  • *****
  • Posts: 456
Re: Use of TeamViewer to identify user of stolen computer
« Reply #5 on: June 16, 2015, 10:28:43 AM »
Admin and Matt:
I have the police involved.  I have called TeamViewer and been successful in getting the IP address for the stolen laptop when it is online.  I have witnessed that it is staying in one place using a Quest IP address.  I fully expect the police to acquire the requisite warrants to get the physical address from the Quest service provider but not for another week or so - they have too many cases to even get mine assigned to a detective. 
I don't even recall whether I created my set up originally to allow remote access but I do have the TeamViewer ID number and when I say connect and then cancel out before I enter the password the resulting logfile reveals the IP address that the remote computer is linked to the internet via.  Currently the stolen laptop has been online several times and each time from the same IP address.
Maybe there is no way to access the laptop via TeamViewer without popping up a window on the stolen laptop.
Thanks for your thoughts.

Hopefully they will get to it sooner than later.  Id really like to hear the outcome or any progress that is made.

Admin

  • Administrator
  • Sr. Member
  • *****
  • Posts: 456
Re: Use of TeamViewer to identify user of stolen computer
« Reply #6 on: June 22, 2015, 02:44:30 PM »
any luck locating the stolen laptop?

leohmoraes

  • Newbie
  • *
  • Posts: 1
Re: Use of TeamViewer to identify user of stolen computer
« Reply #7 on: June 23, 2015, 01:50:50 PM »
Hi,

Installed in your teamviewer a friend (possibly as User guest), the notebook was stolen and the computer is online.

I can enter the teamviewer panel with the stolen ID (https://login.teamviewer.com/LogOn) and activate the ITBrain, but the panel password does not enter the remote access.

I will send the police report (translated into English) to a company email and wait for help (or need to reset the password or IP address)

----------------
Instalei o teamviewer na maquina de um amigo (possivelmente como usuario guest), o notebook foi roubado e o computador está online.

Eu consigo entrar no painel do teamviewer com o ID roubado, (https://login.teamviewer.com/LogOn) e ativar o ITBrain, mas a senha do painel não entra no acesso remoto.

Vou enviar o boletim de ocorrência da polícia (traduzido para o inglês) para um email da empresa e aguardar ajuda (preciso ou do reset da senha ou do endereço IP)

redrocks

  • Newbie
  • *
  • Posts: 3
Re: Use of TeamViewer to identify user of stolen computer
« Reply #8 on: June 25, 2015, 07:03:59 AM »
The police are supposed to get a search warrant today and then see if they can get the ISP provider to respond to the search warrant to provide the physical address of the IP address.  Maybe I will get my computer back yet.  The computer is logged onto the internet nearly every day still at the same IP address.

The way I was able to get the IP address on my stolen computer was to download the teamviewer program and install it on my new computer.  Then open the teamviewer up and enter the partner ID of my stolen computer - which I was able to get when I ran the online version of teamviewer and saw that my stolen computer was online.  From the computer based program of teamviewer I entered the partner ID of my stolen computer then clicked on the button to "connect to partner".  When it showed me the screen to enter the password, I canceled the action and then opened the "Extras" option to "open log files".  Inside the logfile go to the end of the logfile and look for the line toward the end of the file that shows "GWT.CmdUDPPing.PunchReceived, a=xx.xxx.xxx.xx"  The a= reveals the IP address of the computer you were about to attempt to log into.

At least this worked for me.



 

anything