Slashdot Mirror
Free Software Tracking a Stolen Computer?
JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"
If you are going to roll your own, I would suggest setting up a script on the laptop so that if it detects it has been stolen (i.e.: by checking if a website has a special message from you), and if so, connect to a secure ssh server as a client (using public key authentication so it can connect without a password), making sure you use the options to set a TCP tunnel going back to your laptop (to port 22, or perhaps VNC port, or multiple ones). In other words, have the laptop automatically ssh to a stationary server, and establish a tunnel back the other way that you can then use to get in. This way if someone runs it behind a nat device, or even installs a firewall, you can still get in.
Another thing you might want to look at is using an IM protocol with the language of your choice, and allowing remote command execution (with certain precautions such as command signing with a private key). For example, grab the Perl AIM module, create a server, add some way to sign commands (i.e.: if ( md5($msg . 'someprivate') eq $msg_key ) { shell($msg); } or something like that -- that's just off the top of my head so it may not be perfect).
_______
2B1ASK1
The odds are maybe 50/50 that a person stealing your laptop would have a clue to avoid something like this. If they do consider this, they'll wipe your disk clean at the earliest possibility, in the absence of a network connection. Get rid of the evidence.
If this is a kid who plans to pawn it or sell it on eBay, or possibly just use it, they might plug it in to make sure the Internet works. What's the first thing they'll run? The web browser. It's just a web browser, that couldn't hurt right?
All you have to do is set the browser's home page to a page on your own site, not linked from anywhere else. If your laptop gets stolen, you could activate some PHP in that page to send you an email or SMS. The IP address will be logged, so you can (maybe) SSH in and do your dirty work. If the user has a firewall, that would be a problem.
But anyway, this is a pretty easy way to do it. You could even just start up the web browser on boot, and if they are on the Internet, they're nailed.
...
You may consider using something like ddclient and dyndns.org. You can setup ddclient to check the state of the machine's IP address at any interval you want. When the IP address changes ddclient notifies dyndns.org to update DNS records. It runs as a daemon so it shouldn't be too hard to make it start up everytime your machine boots. When running you can monitor the machine's IP address from the dyndns.org website.
Of course, this doesn't do anything to help you get into the machine if it's behind a NAT or other barrier. It could help with spotting the IP, though.
Expecting that whomever steals it will merrily go home and plug it into an ethernet jack is a bit too much, I think.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
ssh user@somewhere.com "ssh `gethostip -d [machine name]`"
Set up your keys correctly, of course.
Of course, this can cause problems if the thief is clueful and bothers to poke around.
Netcat could also be very helpful here.
I forget what 8 was for.
Disable single user mode. You can also disable the ability to boot from CDs and Firewire disk mode; it's called "Firmware password."
--
$tar -xvf
I don't think it's realistic to assume you will get your machine back.
:)
1. Perform regular backups. You'll have all your data, so you don't care about getting that back.
2. Use filsystem encryption software. Built-in, aftermarket, whatever. Ensures they can't put your hard drive in another machine. If you're that worried about it, use VNC or remote desktop to control a system at your office/house and never store any information on your local machine.
3. Have insurance on it. Homeowners, business, whatever, just so you don't have to pay to buy another one.
Otherwise, I say they can keep it and I'll just get another one. I wouldn't mind having a faster laptop anyway.
One question for everyone out there, do you know the serial number of your laptop? I can't imagine anyone has that written down somewhere safe. How can the police prove the laptop is yours if you only know it's your because it has a SuSE sticker on the lid?
It doesn't hurt to have BIOS and power-on passwords either. The casual theif will not be able to get past them and will probably dump the unit somewhere or possibly try to return it saying "they found it" somewhere. Never use auto-login and use good passwords on your account.
IBM has some good laptop security features out there now. I believe part of it is some sort of hardware encryption for your hard drive. Not sure what Apple has, but IBM has definately stepped up to the plate.
Good luck.
-m
http://www.invisik.com