Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Stolen MacBook Pro 16” 2021
- Thread starter Luked1994
- Start date
- Sort by reaction score
After all this, I'd also like to hear about this "amazing twist of fate" too. So it travelled from Hamburg to the Ukraine, to a friend somewhere and back to you in Australia. But how did you end up locating, and getting it back from the Ukraine?
Was stolen in Hamburg, went missing for a week on Find My then appeared in Ukraine. So I hired people on the ground there to try and negotiate at the stores to no avail, got connected to every criminal syndicate there on telegram to try and wait for its sale which never came. Then monitored every platform hours a day since my post and then it finally was listed.
Quite some misinformation here. Filevault that secures access to the personal data stored on the device is not enabled in MacOS by default, by default anyone can boot recovery and reset the admin password to gain access and copy off all data. Once iCloud is connected with Find My to reset the admin password an iCloud login is then required. The device can still be booted up since the preboot filevault auth is not on, but then they are stuck at the logon screen. If your Mac was set to boot to a login screen where you first have to enter your Mac's user password then unless that password was set to 1234 it is unlikely anyone was able to access your personal data stored on the Mac.
But if you had it boot to the desktop directly without entering a password, which is entirely possible to select on MacOS with Filevault off, then they could have done that and copied all data. That would have been the only way where they would have had guaranteed access.
Furthermore, the Mac was likely wiped as it is sitting on the activation screen. Wiping is always possible with how the Mac security is designed. The device still remains useless and can't be activated, but deleting all your data is not something that Find My or Filevault protect against.
There is no recovery possible after such a wipe. It might have been cheaper purchasing another Macbook at your destination and theoretically you can't be 100% certain the device wasn't infected with some persistent Thunderbolt firmware exploit. At least Intel Macs in the past were susceptible to it, but of course with thiefs who just want to sell stolen wares they won't concern themselves with it. I am honestly just surprised they didn't smash the screen out of anger when they realized they won't be able to use it. Personally I still wouldn't trust the device as it could theoretically have had its hardware modified or some persistent malware installed and would replace it just as a precaution.
But if you had it boot to the desktop directly without entering a password, which is entirely possible to select on MacOS with Filevault off, then they could have done that and copied all data. That would have been the only way where they would have had guaranteed access.
Furthermore, the Mac was likely wiped as it is sitting on the activation screen. Wiping is always possible with how the Mac security is designed. The device still remains useless and can't be activated, but deleting all your data is not something that Find My or Filevault protect against.
There is no recovery possible after such a wipe. It might have been cheaper purchasing another Macbook at your destination and theoretically you can't be 100% certain the device wasn't infected with some persistent Thunderbolt firmware exploit. At least Intel Macs in the past were susceptible to it, but of course with thiefs who just want to sell stolen wares they won't concern themselves with it. I am honestly just surprised they didn't smash the screen out of anger when they realized they won't be able to use it. Personally I still wouldn't trust the device as it could theoretically have had its hardware modified or some persistent malware installed and would replace it just as a precaution.
You must realise you’re asking a lot of your reader to believe all of that without more context. For instance, what could there possibly have been to negotiate at stores?
And you omitted what happened after you allegedly found it listed for sale. The most interesting bit. Is that when you sent in your hit squad? Did they deliver it to you in Australia on a Learjet?
I’m really not sure why anybody would have the time to be making up stories for the sake of it? Not that it matters but just a small trail of the dealings
Attachments
Instead of posting screenshots you could give us a quick summay of the process - I mean how does an Australian working in Denmark retrieve a laptop that had been stolen and shipped to the Ukraine?
I don’t doubt there’s a surfeit of Telegram users in war-torn Ukraine willing to take PayPal cash to act like they’re retrieving a laptop for you. That doesn’t mean any of those guys have stepped away from their keyboard.
How about filling in a few blanks in this story:
What’s on this laptop that would justify such extreme measures to retrieve it but not be worth deliberately locking down and backing up?
What did your guys in Ukraine “negotiate at the stores”?
Where is this laptop now?
How about filling in a few blanks in this story:
What’s on this laptop that would justify such extreme measures to retrieve it but not be worth deliberately locking down and backing up?
What did your guys in Ukraine “negotiate at the stores”?
Where is this laptop now?
What is not clear about what I said? I was in Europe for the last 8 weeks working. The laptop was stolen two weeks in, whilst in Copenhagen it randomly showed up on FindMy that pin pointed it to a specific location that was a notorious market. I organised someone to try and buy it back for me there which was unsuccessful as nobody would present it (per screenshots). I did a complete investigation into the market there to understand the platforms of where products are sold, along with eBay etc globally every day - nothing appeared for the last few weeks. During this routine process last week I finally came across a match on the Ukranian platform that matched the serial. So I was able to organise someone to purchase it back for me… Hopefully that is more insightful.
Again, as I mentioned in my initial post. I am a photographer. I work with high profile talent, clients etc. and, due to the circumstances of the job I was on. I was traveling with all of my equipment and luggage, changing cities every day. Due to my own mistakes and inconsistent wifi, my usual cloud backups weren’t functioning as normal and my physical drives were on me. I was working on the train minutes before the robbery off an external hard drive that I put back into the case with my laptop, expecting to continue on the next stopover. What justifies extreme measures is the nature of clients, monetary losses with productions, privacy, the list goes on. With a situation of this severity I was going to do anything possible to do my best to try and get it back.
They negotiated to try to purchase the computer? From what I have learned they don’t sell such obvious stolen goods so openly on display. No PayPal payments had to be exchanged - they actually have a process in Ukraine where goods can be sold and verified through a postage carrier before payment is made to the seller.
The laptop is on a courier back to me in Australia.
Ok, that's quite the story and it's great you got it back. Just as a hobby photog I couldn't begin imagining losing all, let alone on a professional basis.
Incidentally I'm from Melbs but live in DE now.
How funny! Small world. Yes - really not an ideal situation that is for sure.
Grateful to be getting it back regardless and praying for a miracle on the data front.