I was dropping off some Mark Zuckerturds in the pool at BSides SF and, after wiping my ass, I did not pick my phone back up. I just left it in there, like a dumpster baby. Well, actually, with dumpster babies there's intent to leave them there, so that comparison wasn't all that great.
I went back for my phone after 10 mins, it was gone. Ask to use someone's phone to find mine, it's off. It had 23% battery. That son of a bitch shut off my phone. I get on the mic:
"Look, I left my phone in the bathroom, it'd be really great if I got it back, it's a Nexus 6. I know only liek 10% of you could hack it, it's got full disk encryption and it's the current version of android"
(10% was a generous number, but, given my weak passphrase choice, a determined attacker could probably bruteforce it in a week or 2. Or one of those fucks could know how to flash a new rom and bypass the activation lock since my dumbass left the bootloader unlocked)
Someone asked what my name was from the audience, and how to return it.
"Chauncey Davenport, I'm from New York, just give the phone to security"
Someone asked what my social security number was and I heard a few other infosec first date questions. I got back on the mic:
"My first pet's name was Chauncey Davenport as well"
It made things easy when I was a kid, albeit confusing when my mom asked who shit on the floor.
I moped around the DNA lounge for the rest of the day, laundering drink tickets for redbulls to try to make myself feel better.
That night I open up craigslist with the intent of finding a new phone. I look for a Nexus 6 and low and behold:
That's my phone... that's my fucking phone you piece of shit. Same location, same color, same capacity, posted 2 hours or so after BSides ended. No contact info in the ad, screen isn't on in the picture. This piece of living human fucking garbage hasn't even gotten past my fucking FDE, that's why the screen isn't on. Look at the lint around the camera where the case was, he didn't even wipe the phone down before listing it, he wanted his fucking meth that badly. WHERE'S THE CASE YOU FUCK, LET ME SEE IT, PUT IT IN YOUR AD, I KNOW IT'S MINE. Only 200$ for that phone? My phone was in great condition and you disrespect me like that?
Send him a few emails from some fake accounts that night, no reply. Email him from my normie account (fucking terrible opsec), no reply, girlfriend emails him... we get a reply. Trying not to sound too eager we take it slow and tell him we're interested in the phone. My girlfriend manages to get his number.
Money
So I plug his phone number into facebook, bam! I got him.
Well, maybe this guy stole the phone he's using for craigslist. Ummm think again, sweetie;
See that pinky ring in the reflection of the phone photo? Oh yea, same pinky ring in his profile picture. I got him, I fucking got him. Found rando tax records online, found his regular email on his github. Found friends, found family, linkedin, all his social media. Even his home address through familytreenow.com. fuckinPreOwned.jpg
(cept the address wasn't current, which I later found out)
I'd tried to do this the legal way, the cops told me they didn't have time for my shit. Time for vigilante justice. I'm Batman and my cause is just. Imma get you, in a year or so, when you've forgotten, Imma spearfish you and ruin your life in all of the most hilarious and mean spirited ways.
The guy keeps flaking (probably can't get past my shitty password or past google's activation lock). 1 week of him canceling and all sorts of shit and it's come down. I'm finally gonna meet him. What do I do? At this point I really don't care if I get my phone back, I just want proof. Just matching IMEIs. I walk into safeway, my girlfriend watches what car he pulls up in, takes a photo of his license plate. I meet him inside.
Guy hands my the phone. It isn't mine, the case is different. He could have changed the case but still hopeful. Looks like he's been using it, it's got more than just default apps. Shit, it probably isn't my phone. Check the IMEI, it's different. This isn't my phone. All of the planning, all of the sleepless nights aggregating this dudes digital life for nothing.
I explain to the guy that it was supposed to be a craigslist sting, and that I was sorry for wasting his time. He was actually a pretty cool dude.
Look, I know you can change IMEIs and fake user apps, and change a case, but this dude's opsec wasn't that strong if he was giving out his real number. If he did take the phone, changed the IMEI, got a different case, and populated it with random apps, I can't even be mad. That would just be impressive, I'd be proud and he could keep the fucking phone.
And that's why circumstantial evidence is garbage and why our judicial system is garbage, blah blah blah, prison industrial complex, terrorists, blah blah, innocent people suffer blah blah, human rights blah justice. Blah blah constitution, bill of rights blah blah blah.
"Inspirational quote"
- Chauncey Davenport
