Can law enforcement track a criminal through dynamic IP address?

Question

I ask because a week ago my home was broken into and, among other things, my iMac computer was stolen. I am desperate to get it back because it has all the pictures of my daughters from the last several years (did not back up any where else).

I just learned of iCloud so did not have that on my Mac, however I did have Dropbox on my computer and learned that every time the computer is turned on Dropbox is activated and logs your IP address for which ever device is being used.

I was able to access my account and find the last IP address logged for my Mac, which was the day after it was stolen.

I've forwarded this info onto the local police. I was wondering if it possible to catch the person(s) who did this with this information alone.

Yes, they can. It is unlikely that the criminal tried to hide his source in this case. Unfortunately there may be a lot of red tape involved which takes time. So I am afraid, it is likely that your computer is deleted and sold before they act. — Hendrik Brummermann, Jan 21 '13 at 19:46
Bear in mind that IP addresses point to an ISP subscriber and that subscriber doesn't have to be your thief. If an IP address points to a Starbucks it may not be easy. — Sedat Kapanoglu, Jan 21 '13 at 21:46
I know the IP address leads to a residence since it was my large iMac computer that was stolen. I can't imagine them taking that to the local Starbucks. I just want to find them in hopes I can recover anything that was deleted and, since they also stole my husbands assault rifle (in the military), to hopefully prevent any harm to someone else. Also afraid they might come back because they took the spare keys to our vehicles, would like to catch them before/if they do since they are now armed, and the IP address is the only link I have to who they are. — Ruth Bravo, Jan 21 '13 at 22:48
It will require legal means. In the case of DSL or Cable ISPs, they will have logging that ties the dynamic IP to the modem HMAC which gets recorded during provisioning. From this, you can find the billed party and their home address. Good luck if it was WiFi through an open access point though. — Fiasco Labs, Jan 22 '13 at 02:00
I had exactly the same thing occur. Got the IP, had the ISP confirm that it was in town but not near my house, but they needed a subpoena. Gave the IP to the police, and the police didn't do a damn thing. I really tried, but long story short, I have lost all faith in the police. — GaTechThomas, Jan 24 '13 at 16:37
As far as I know the police are generally incompetent at comparing dynamic IPs with an ISPs logs of who they belonged to at the time. Depending on your configuration you may be able to wait for your computer to come online, then access its remotely — November, Jan 26 '13 at 03:24
It is unlikely that law enforcement will expend any effort on this. As important as your mac is to you, it isn't going to rank high on their priorities.It really isn't a matter of "can they" but "would they". — Thomas Carlisle, Dec 20 '17 at 19:30

David Stratton · Answer 1 · 2013-01-21T18:42:22.017

It depends on how smart the thief is. We work with police to catch criminals based on their IP address on a regular basis. We've got a high success rate, but we can't catch them all.

Usually, the IP address is enough to trace the connection back to the ISP (Internet Service Provider). Generally, ISPs will work with law enforcement in cased of known fraud or theft. They usually require a warrant, but that is usually not difficult for law enforcement to get. As long as the ISP knows who connected when, they can be of assistance.

Savvy criminals will, however, use anonymizers and other tools/approaches to mask themselves to make the process much more difficult. Also, if they are logging on from public locations, it becomes exceedingly difficult. At that point, you often need to enlist the aid of those locations to review surveillance footage. That takes time, and a trained eye. You've generally got to have enough login instances, and be able to review the video for multiple time frames to figure out who is in each of the videos and then try to identify the perpetrator. It is possible, but very, very time-consuming, and the amount of time spent isn't always justified, given limited resources.

We've met with limited success on enlisting other businesses to let us use their security camera footage. Some companies are willing to help because they are also victims of fraud, and view it as doing our part to protect each other. Others may not have surveillance video, or it may have been overwritten, or they may just not want to provide it.

This; however, unless the person who stole a computer the police are trying to track is also a POI in a murder, Amber Alert, or a federal case such as RICO or terrorism, you'd be hard-pressed to have enough leverage on the police to get them to spend the man-hours working with the ISP and any local Wi-Fi provider to follow this lead. Subpoenas/warrants take a lot of paperwork, you have to get a judge to sign off, and even if it leads to an arrest, the prosecutor has to get someone on the stand who can explain how they tracked him down to twelve people who have nothing better to do that day. — KeithS, Jan 21 '13 at 20:19
That's right. In our case, we've usually got people using stolen credit card numbers to purchase gift cards from us, and it's usually orgainzed criminals getting thousands or hundreds of thousands of dollars from multiple businesses (not jsut us). For a single stolen laptop, I think it would be very difficult to justify the necessary man-hours. It's just not something that a computer can easily do for you. — David Stratton, Jan 21 '13 at 20:32
I'm curious, what sort of technology do you/the police have access to that the average techie doesn't? Would it be possible for OP to track the person himself if he had that technology? Or do the police simply request the physical address of an IP from the ISP... in which case, where do you/your company come in here? — Hashim Aziz, Aug 29 '17 at 00:46

noktec · Answer 2 · 2013-01-21T21:44:44.290

Usually local police have dedicated team to do that, however from the story I have read so far, many users had to track their computer themselves once stolen, because the police is usually overwhelmed with all the cases they have and by the time they look yours the computer has already been formated and sold to someone else.

But they general answer is "yes, they can". Once the IP has been logged (on one of your services such as dropbox) and transmitted to the police, the local police will be able to contact your ISP and obtain the address (with a warrant).

I hope you'll get it back and next time, you could register and enable the location service on iCloud, or install some similar software to be able to track it.

score 0 · Answer 3 · answered Jan 25 '13 at 04:04

The ability to provide an IP address to law enforcement might be able to help in tracking down the computer, but no guarantees. At the very least, it will likely involve a lot of red tape. Many companies and ISPs will only provide subscriber information when instructed to by a court etc. This can become tricky if there are state/country boarders involved. IP addresses are frequently allocated dynamically and being able to track who was using a specific IP at a specific time depends on how good/reliable (and possibly how far back) log records are maintained. In some countries, organisations don't retain log records for long to prevent the costs and complications that can arise from court discovery orders etc.

Of course, this all assumes the people who are using the computer are not smart enough to hide their real IP or even that those who used the computer are the same people who stole it. It may already have been passed/sold on.

The other issue you are likely to run into is lack of resources within the law enforcement area. Computers, especially laptops, are items regularly stolen. Police usually don't have the resources to track down each and every case. In most cases, when you ahve been burgled, the most you can hope for is that everything is covered by insurance.

Something which I think is very important to mention is that apart from your photos, have you given thought to what other important information someone could get from you computer? Did you ever use that computer for internet banking, on-line shopping with a credit card etc? If so, it is very likely that there is lots of very valuable information on that computer relating to your finances. I would be changing all my passwords, notifying my credit card company to cancel/re-issue my credit cards and watching all my statements very carefully.

A typical sequenc of events with a stolen computer is

Thief steals computer
Thief sells computer to someone who is more computer literate/interested than they are.
New owner, who is likely a bit more rehearsed and knowledgable about computers and computer crime, connects the computer to the internet in a secure way (i.e. spoofs IP addresses etc). Uses the computer and the data on it (browser history, saved passwords, data caches etc) to gather information about the victim, either to assist in an ID theft process, make purchases using stolen credit card information or possibly try to access internet banking services etc.
After data mining the stolen computer, they wipe it clean and either sell it on or dispose of it.

Sadly, I suspect your photos are gone for good. Unfortunately, this may not be the end of your problems. Think about what other personal/sensitive data may be on that computer and what it may be used for. If you think there is even the slightest possibility that your bank accounts, credit cards etc may be compromised, contact the necessary authorities and get accounts/cards changed. Play it safe - a lot of work, but a lot less hassle than trying to get things fixed after the damage is done.

maybe because they *also* stole a military assault rifle that could get the state and/or feds involved. — Skaperen, Jun 17 '15 at 10:45

Can law enforcement track a criminal through dynamic IP address?

3 Answers3