Slashdot Mirror
Laptop Lojack?
daninja asks: "Yet another laptop with classified information seems to be missing. It looks to me like there must be a good sized market for highly secure laptops with a built in Lojack tracking device (or simply a laptop with an integral handcuff, kind of like that briefcase full o' blues secured to the wrist of Elwood Blues). Such a device (the Lojack version, not the handcuff one) could be designed so that the tracking transmitter couldn't be separated or disabled without rendering the disk unreadable (by a small explosive charge, mildly corrosive gas, or whatever). It seems so obvious, why isn't there such a product? (Hey, maybe I could patent this idea!)"
I have to admit, I too have had ideas along these lines. This shouldn't be too hard to build, however the laptop would have to be always-on (which would be hell on the batteries) and a GPS unit would need to be added in some way shape or form. This isn't all that unlikely, there are handheld GPS units on the market. How difficult would it be to meld one into a laptop?
Update: 04/28 02:15 by C : The link to the picture of the Blues Brothers has vanished. It was there when I posted this article days ago, but it's gone now. Sorry about that.
You mean something like http://www.magellangps.com/wirele ss/a_vision2.htm?
--
Theoretically, this is almost correct usage, actually -- there's a sense of loose as a transitive verb meaning "to let free," although it's not in regular use.
And, of course, it implies willfilly letting go, not just accidentally leaving on the bus.
Just being even more pedantic for the sake of doing it; I'm with you, confusing lose/loose really annoying.
--
A Java Ring was a device that you wear on your finger, which contains a small Java chip and some tiny amount of non-volatile memory. You plug it into a receptacle and the receptacle would power it and exchange data. The reason for having processing power in the ring, rather than just memory, is so the ring can do things like MD5 hashes, which allow the private key to remain private inside the ring. Don't ask me for details, since I'm a neophyte when it comes to encryption.
--
A "freaking free-loading Canadian" stealing jobs from good honest hard working Americans since 1997.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
Use a Java Ring or other physical device to hold the decryption key. That way they might lose the laptop, but they won't lose the data.
--
A "freaking free-loading Canadian" stealing jobs from good honest hard working Americans since 1997.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
If the laptop is supposed to be at places A, B or C, then use the GPS co-ords for those places as part of your key.
The motherboard would contain a second part of the key (make some use of the P3's ID!)
Thirdly, have a revokable certificate. Have the decryption code supplied require a connection to a certificate validation server to be unlocked. If it has been revoked, it gets deleted. Otherwise, it's decrypted and becomes usable.
Lastly, require a pass phrase from the operator.
Combine these in such a way that there is one unique decryption key generated BUT that no one person or component knows that key.
If the laptop is stolen, sure you may discover the P3 ID. If you bribe/persuade the person responsible, you might even find the pass phrase. But the GPS is a bit tougher to crack, as you won't know the location of the room(s), and you're not going to get much further with the certificate validation system.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Alternatively, cut the James Bond stuff and stop having to worry so much about data theft.
Last, but not least, install a command-line OS. Your average Government Agency is so lacking in brain-power that anything without icons is going to be too obscure and arcane for them to extract anything useful from it.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
A lojack system is doable, but the problem is that laptops are always cramped for space. So yes, you could add it, but you would lose something else, and people are already cutting corners.
OTOH most of the elements of a lojack system make sense for other reasons. An embedded cell-phone allows the laptop to get online virtually anywhere. Add some sort of location capacity to that (a separate GPS or just something that uses feedback about where the cellphone is connecting) and you get useful mapping capabilities.
Now a theft-prevention device becomes a no-brainer. You don't even need to make it an explosive, just integrate the above parts with the laptop enough that to pull them out means breaking the laptop!
Cheers,
Ben
My usual seat in the cluetrain is at A HREF="http://pub4.ezboard.com/biwethey.ht
Not a terrible idea, but what would you be tracking? The motherboard? THe hard drive? Both?
Far more sensible for a laptop with classified information would be to use a filesystem that stores all data on the drivce with strong encryption, and requiring a revocable digital certificate to decrypt it.
I find it worrisome that any country's intelligence services would allow sensitive information to be carried around in cleartext. I don't know whatencrypted filesystem options there are for NT/Win2K.. maybe there is one. But I do know that there are readily available solutions for Linux and other Unix-style OSes.
CyberAngel already does this. It doesn't use radio that I know of (but that might be an interesting idea). It does use the modem (if the thief is dumb enough to hook it up, ANI will rat out his phone number). It can also be configured to wipe the hard drive if the unprompted password isn't entered within a certain time. And encrypted versions are also available.
More info right here and details over here.
Unfortunately, no BSD or Linux version. It's just for Windows. But I'm sure someone can put something like this together for BSD and Linux.
now we need to go OSS in diesel cars
Wait until GPS is available on a PCMCIA card. :) Peel the sticker off it and have your laptop quietly email you its location every 10 minutes.
:)
While you wait for that, try something a little more practical. Like keeping your car locked, and never letting your laptop out of your sight. Dont advertise the fact you have one, either. Its like carrying a camera bag with a big logo on the side--you're helping a theif do his shopping. But, if you want to go truly geek, have your laptop ping a known address you have access to, like your home box.
For me, I have a very discrete black shoulderbag for my Thinkpad. Then again, i'm 6'5" 250, so, if anyone tried to yank it off my arm and run with it, I would rip their spine and beat them to death with it. Us Thinkpad owners are a bit protective of our notebooks.
Bowie J. Poag
Bowie J. Poag
One laptop full of classified information I could understand.
But two (publicly disclosed!) laptops full of classified information vanishing within a year, from different countries? Only one group in the world has the power and influence to pull that kind of stunt.
C.H.A.O.S.!!!
You know who to send for.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Some utilities:
Scramdisk (my personal favorite)
BestCrypt
PGP Disk
E4M
And to ease day-to-day operation: SecureTray (Windows tray utility to manage encrypted partitions).
engineers never lie; we just approximate the truth.
I'm still waiting for the day when I can just say that a filesystem is encrypted, enter my password once, *until the next boot, or whatever*, then have access to it.. the problem with encryption is that it's a pain to use - I GPG some stuff, but when it comes down to it, it's too much of a pain to do on a file-by-file basis.
I was looking at cryptofs, but it'd be nice to have support for this in the kernel - yeah yeah I know - but all you people out there with terabytes of mp3's and downloaded pr0n and war3z might be interested. :)
The point of my arguement is that it's a lot easier to guarantee the data will be secure rather than the notebook, which anyone with a pair of paws can swipe and run off with. (Maybe pass a law to allow shooting such people in the back? *humor* :) Some companies that I've worked for (Intel) already have internal policies for encrypting sensitive information on laptops. Of course, since it's a pain.....
Kudos
..don't panic
Bit confused as to why the laptop would have to be on. The tracking device needs only to be an emitor. Fairly low power (just like the ones you can attach to cars). To add in GPS is again not a big deal, nice big area as an antenna (the laptop itself) and the calculations are fairly low power.
Gentlemen, we have a dongle. A fixed one on the actual motherboard maybe, but still a self powered dongle.
An Eye for an Eye will make the whole world blind - Gandhi
>from the never-loose-it-again dept.
ARRRRGH!
From the pet peeve department:
"Loose" rhymes with "goose" and "noose" and means the opposite of "tight".
What we want here is "lose", which rhymes with "booze", "news" and "schmooze" and means the opposite of "find" or "win".
Sorry, but I see this accursed mistake all over the Internet and I ABSOLUTELY CAN'T STAND IT!
Always keep a sapphire in your mind
You'd think that you guys would at least know how Lojak and GPS work.
First, Lojak does not use GPS. The Lojak device remains passive once its installed. The device has to be activated by a signal (transmitted via satellite) from Lojak's control center, and they won't do that without a police report being generated. Once the device is active, it emits a tracking signal which the police can use to find the car.
Second, GPS. GPS is a system by which you receive signals from a number of satellites with a timing signal. By knowing the locations of the satellites and the offsets of the timing signals, you can figure out where you are. The requires LINE OF SIGHT to the satellites. Too many buildings or too much heavy foliage, and GPS is useless.
So GPS would be useless in a laptop like this. One, you'd have to have an antenna on the outside of the case. Sure, you could blend that in the with case, but that's the least of your problems. Keep the laptop under cover, or in a box, and the GPS unit can't determine where it is at all. Plus, GPS has a built in error (for civillian purposes) of anywhere from 50 to a thousand feet (IIRC), depending on what mood the military is in that day.
OK, so Lojak. Lojak relies on the receipt of a signal from the satellites. Keep the Lojak device in a suitably shielded area, and it will never receive that signal, and even if it did, the transmitted signal would never breach your shielded perimeter. Now it's not a trivial matter to get a car shielded like that. However, a lead-lined laptop bag should work nicely.
Not that I don't agree that a tracking system for laptops would be a great idea. Actually, something that could be used in any sort of small electronic device would be good to have.
-Todd
---
"The details of my life are quite inconsequential..."
http://www.lojack.com
The idea behind lojack is this: You have this device in your car. It just sits there listening on a certain frequency. If you report your car stolen, the police signal it on that frequency, and it starts broadcasting its location. They can then find your car pretty easily.
The reason that it works is that they got the cops in most major American cities (they claim 65% coverage) to go for it (and do all the work).
By the way, I was wrong about the pricing. They no longer charge a yearly fee; it's just a $500-$1000 flat one-time expense.
And yes, I think it's nice that I was able to get a real post in reasonably close to the top. Gosh, wouldn't it be terrible if you could actually read slashdot and find useful information?
no
No, it wouldn't have to be perfectly reliable. Lojack doesn't require that the stolen car be trackable all the time, just that it be trackable at some point.
So if the thief brings the laptop to his secret underground lead-shielded lab and keeps it there, a Lojack-style system would never work. But if he brings it out into the streets, it'll be found.
Some numbers: Lojack claims that their 65% coverage is enough to recover 90% of all Lojack-equipped cars as long as the theft is reported within 48 hours. (As opposed to somewhere under 25% of non-Lojack-equipped cars).
So this isn't 100% effective. It's still better than what we have now (i.e., nothing).
For laptops with really important data, you probably want to lojack the drive(s), encrypt the data (and use gigantic keys that would take even the NSA years to crack), booby-trap the device, and do everything else that's been suggested here. If the data is really worth millions of times the cost of protecting it, then as long as there's a one in a million chance of it being stolen, protect it. Simple cost/benefit.
no
Aren't they supposed to handcuff the briefcases with the top secret data to themselves. And have them padlocked with exploding cyanide gas or something if someone tries to force them open? What kind of security-impared morons do they have working in the state department these days? Maybe they should give me a job. For a suitably exhorbitant fee, I'd be willing to outline some security policies for them. Feh.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Wouldn't it be more fun to just have a system that
simply destroys the hardware? For example....
Have a device that can be armed or disarmed with
a secret RF transmitted code. If you open the
case, without disarming...or a destruct code is
sent (via RF) then.,...say... a small canister of
thermite, mounted over the hard drive, suddenly
ignites.
Should easily destroy the hard drive, and most of
the rest of the laptop, pretty quickly.....
Hell...a version of this for home computers could
be made for probably under $100
The only real problem is deciding how much
thermite to use...Afterall...its good to destroy
the hard drive....burning a hole through the floor
and the next floor down is usually considered to
be fairly inconsiderate, at the least. (unless you
own your own house)
"I opened my eyes, and everything went dark again"
pft! I posted this same story two weeks ago. Oh well.
It's probably just Bill Gates. The State Department didn't have a license for their copy of Win95 (someone probably brought it in from home, and they all shared the disc) and so Microsoft took it.
is to just teach the agents not to leave the laptops lying around. I mean who would leave a laptop just sitting around? geez if i had a laptop i'd be guarding it with my life (most likely sitting up till all hours of the morning with a rifle expecting ppl to come in and steal it) i wouldnt leaving it lying around namby pamby in some strip joint (not that they were there, but who knows huh?) by now some guy has toasted what was on there, and put on windows 95/98 and is playing quake or what have you at this moment... (frag away my friend) perhaps i should start hanging around agents, might score myself a nice laptop. perhaps you might see it on an auction site... second hand laptop, previous owner had information vital to the security of the nation, great color lcd display, cdrom. $2000 ono.
Be you Admins? nay, we are but lusers!
(a) whenever the device was in a tunnel, out of signal, or whatever, you'd lose all your data!
(b) if you allow it to lose signal without a problem, then the person who steals it merely has to block it from the signal and they can run off with it.
How easy is it to block the signal from a GPS satellite? I heard the new units are more reliable (smaller wavelength) but I bet it still wouldn't work in the Tube :-) BY THE WAY, abusing style sheets can be fun...
Why would the laptop have to be on, and not just the 'LoJack' unit - whatever that may be?
Here's a neat idea (yes, I'm bored - and no, I did not sleep last night). Make a GPS receiver/position broadcaster only activate when a 'daughter' unit was not within a predifined range. That way, the LoJack system would be merely sipping at its own battery on standby, but would start transmitting its location as soon as the daughter hardware was out of range. How does that sound? Sure it requires its own battery, but it's entirely internal (Don't ask how you change the battery. I don't know. Lift up the keyboard? okay - LOCKED under the keyboard?)
[first meaningful post?]
FYI - At least in MY home state (MA) things are
just a "tiny bit" different. See...the police in
MA REFUSED to use lojack, unless certain changes
were made to the system.
What did they want? The police wanted the ability
to activate any lojack at any time, for any
reason. Guess what? they got it. If you have
lojack in MA, the police could turn it on at any
time, without you knowing a thing about it.
(I am assuming by this that there are protections
in place in other states, like its not the policebut the lojack people who transmit the code
and need some password or mothers maiden name
or some such to do it)
"I opened my eyes, and everything went dark again"
As an added bonus, it would probably start someone's car or suitcase or something on fire when it triggered, which would certainly draw some attention. On that idea, booby trap them to mark anyone who tampers with them somehow maybe? Kind of like the red dye used in banks, but less obvious.
Their isn't they're or there; just as a burrow isn't a burro... know your ass from a hole in the ground