Slashdot Mirror
Which Lost/Stolen Laptop Trackers Do You Like?
saudadelinux writes "I was held up at gunpoint in July, and my laptop was stolen. There are companies out there which, for a fee, install tracker software on your laptop. If it's stolen or lost, they track its whereabouts whenever it gets on the 'Net and work with local law enforcement and ISPs to find the machine. I'm wondering: has anyone used one of these services? Does anyone have a recommendation for which company to go with? My new laptop is a a dual-boot Ubuntu/XP machine, and the couple of companies I've looked at do Windows-only. Are there Linux options?"
It seems to me that you can always install some software like that yourself. Once I lost my laptop in my own house. Since I have ipcheck in a cron job, updating my laptop's IP address on DynDns, I just SSHed into it and made it play loud sounds until I found it under the bed. (I don't answer questions about what it was doing there)
find -name "*base*" -exec chown us {} \; ; ln -s
Just set up a cron job to periodically connect to any server that you have access to. Make it connect to an obscure port or just request a non-public file (not indexed nor linked and with a long obscure name to keep crawlers/bots off it). Check your logs and you have the IP address that your thief is using.
If you want top be super paranoid, install a keylogger and set up a cron job to periodically scp the files to an ssh account you own. You would have every password, url, word processor document, etc typed by your attacker.
------ Take away the right to say fuck and you take away the right to say fuck the government.
*ding ding ding ding ding*
I agree. See, I like this concept called "software freedom". That means I can do what I want, with my machine. That means I don't encumber it with DRM, which is, at root, what these so-called "Laptop Trackers" ultimately are. Yeah, it means I'll have a tougher time tracking down bad guys like Chuck Norris. That's why I have what some people call "insurance". New concept. Not as glamorous as kicking down someone's door, I'm sure, but it keeps me alive and gets me a new laptop.
And, can someone remind me what the hell the point of tracking down a thief like this is? So you can lock him up? Yeah, that'll do us a whole WORLD of good. These people need a place to sleep and a hot meal, not a shower surprise. You ever been down on your luck before? Then don't complain when someone needs a few hundred bucks, more than you need a PORTABLE INTERNET COMMUNICATIONS DEVICE!!!!!
I don't know of any Linux options, and frankly, I hope there never are. Laptop trackers are a betrayal of the Free Software philosophy.
Actually, there is something to be said for reducing the value of the stolen good. If you make it more dangerous to resell and purchase stolen laptops through identification techniques (engravings, serial ID marked stolen in the laptop vendor's customer service database etc.), you reduce the incentive for stealing them in the first place.
Just buying insurance does nothing to improve the situation, it just mitigates your own risk (which is good). Encryption and backups are good too, of course.
I suggest you read about Computrace and how they offered me money to hush and go away with their false claims. http://www.infiltrated.net/lojack.pdf
Infiltrated dot Net
1) The hardware. In which case, the data will likely be destroyed immediately. There is no guarantee the machine will be booted with your hoodwinked "locator" software in tow.
2) The data. In which case, the drive will be imaged or some other "offline" method will suck up the data without booting the OS's controls.
The reason why remote wipe/kill functions work on a small device like a blackberry is because the service provider's network is required for the device to be usable. And even then, there's still the option that the theft is hardware-only motivated, and the thing will get wiped anyway. The blackberry wipe wasn't ever really intended on being used for a physical recovery method.
Potentially, a system BIOS would be a good place to run a "phone home" program, except that it would require advanced components, like a TCP/IP stack, etc., to run properly, and it could still be easily wiped by replacing the firmware with boot media. Apple, for that matter, has an upper hand at such a tool since they "own" both the hardware and software. But either way, what you're attempting to do is no more possible than DRM (and Slashdotters know that DRM is nothing short of an attempt at perpetual motion).
So lesson #1 is protect your data and insure your hardware. And please remember, that "protect your data" really could mean not having a copy of your data on the laptop at all. After all, encrypted data in the hands of an adversary is still your data, just with a time-sensitive lock on it (the length of time needed for CPU power to increase where access is trivial, or the length of time a well-resourced adversary will need to destroy today's top crypto).
libertarian: (n) socially liberal, financially conservative; neither left, nor right.
Especially because they reformulated semtex to make it more detectable by bomb sniffing dogs. They'll be on you like you're smuggling milkbones.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
and believe what it tells them.
Just periodically have it pop up a dialog that says something like "To begin routine maintenance, please enter the password otherwise click cancel"
The if they fail to enter the password, it shoots you an email the contain a trace from it to google.com, or some other site that is unlikely to move. If it connects through a wireless device, be sure to have it email that info as well. Also turn on a key logger and get that information. It's actually pretty easy to do. Could probably be written in less then an hour.
Do it once a day until you can turn it off. This can get you a pretty good idea of it's location.
You could open up a shell and have it pop up a message that tells the person they had better return the laptop or you will go to the police. If it has a built in camera, take is picture and let him know.
You could hire someone to be an intermediary so the person never sees you. and as far as you tell him, ensures that you never see him. Probably get somebody to do it for 50 bucks. Hell, spend 200 bucks and ask a lawyer to be the intermediary at his office.
It might be handy to make it look like there is something valuable in the data so the thief doesn't want to wipe it. Most unprofessional thieves will want to snoop.
The Kruger Dunning explains most post on
You do not understand the vast majority of laptop thefts. Sure, if this was a targeted hit and the perp is after some confidential data on the drive, then yes, they're likely to know every trick in the book. Keep in mind the average laptop thief is not even very technically savvy - they may know enough to wipe your personal settings, or even enough to reinstall the OS, but the VAST VAST majority will never crack the case open.
I've crossed paths with a few people who were selling hot laptops in university, these people were not technically savvy at all, the only thing they're really good at is swiping it, not what comes after. Most knew enough to pop the restore disc in, but that's only to clean the machine of personal information, and not to defeat any tracking devices.
Also, the difficulty with trackers is that the require an internet connection. I suspect that most thefts involve stealing the hardware, not the software. Afterall, if you have a password on your machine, they aren't going to easily boot up the computer. So, I doubt those sorts of things will even work all that well. I could be wrong though.
That said, my friend has a little piece of software on her MacBook where if you try to unlock it without the remote, the iSight camera takes a picture of you then emails the picture to her and starts sounding an annoying alarm. I'm not sure if it would be effective, but it is a case where no one else is involved. In other words, it's not connecting to some tracking system.
4. Locate the IP address via DynDNS. Log into the stolen machine. 5. Stream the audio from mics (pipe it from raw device to mp3 and send compressed). Do the same with webcam if it works with Linux 6. Go then show up and stick that fucker up with a gun. See how he likes it. "I want my laptop back.."
7. Get arrested for assault with a deadly weapon
8. Go to jail
I'm not sure where people on slashdot get some of these retarded ideas from but I know someone personally who was held at gunpoint for his belongings when we were in college. The thief used his cellphone that very night and with the help of the cell company he was able to get all of the numbers the person called. A reverse directory lookup later he had the address of one of the thieves friend/female family member.
After waiting in his car for two days (no shower, no sleep) he finally saw the guy who robbed him walking to his girlfriends house and held him at gunpoint. The guy who had originally robbed him called the cops and told them HE was held at gunpoint and guess where this genius is at now? In a state prison doing his third year for assault with a deadly weapon. When he was sentenced the judge told him that he didn't see any difference between him and the guy who he was robbed by.
Before you start posting on slashdot advocating vigilante justice I suggest you think about the consequences of being a vigilante. You aren't dog the bounty hunter and this isn't A&E.
I think the invisible hand of the market has its middle finger extended
--A wise old fart named SC0RN
> I think it's a foregone conclusion that there's a reset jumper somewhere on the MacBook. You and
> I not knowing where it is doesn't make it any less so.
Or not. Laptop makers have become serious about security because so many customers demanded it. Not sure what Apple is doing exactly, but if a Thinkpad has a hard drive password set the only way to defeat it is to send the whole unit along with either documentation proving ownership or LEO creds to one of a select group of data recovery houses. The drive password is stored on a chip inside the drive bubble as well as in the CMOS memory. So pulling the backup battery only gives you a brick.
Pulling the drive and trying to read it from another computer also fails, again because of the drive password kept in the drive itself. So if you don't have a passwordless guest account and properly protect the boot sequence to prevent booting from alternate media you can lock a laptop down to the point it is only a few spare parts to a thief.
That said, I can still think of ways to defeat the security but none that a typical 'gangster' kiddie could attempt.
Democrat delenda est
No kidding. When I was young and wild and involved in a bunch of very minor infractions of the law, I couldn't get rid of the police.
Now that I'm approaching middle-age and actually have assets worth stealing, I can't get the police to do anything. I stopped reporting break-ins a long time ago. The few minutes I spent on the phone trying to convince someone to let me file a report were better spent cleaning up the mess.
Proud member of the Weirdo-American community.
One of the best self-made solutions I've heard of is a custom bootloader image (pretty easy to do in grub). It displays a picture of the owner, his or her name, and a phone number to contact if the laptop is found. It'll be the first thing the pawn-shop clerk sees when they turn it on to test it out.
Badass Resumes
In what way are you a satisfied customer? Did your laptop ever get stolen and then recovered? If not, what you say is worth nothing.
Does somebody here think that jail rehabilitates people?
Just set up a cron job on your laptop to run traceroute to some arbitrary place (say google) and email you the output twice a day.
Have the spam filter on your inbox just toss the email away until the day you need it.
It does rely on the thief not knowing enough to fire up linux in sngle-user mode and kill your crontab entry, which is probably a safe bet.
Or (more likely) to just blow away your whole linux partition with a fresh windows install, but that would even affect a commercial product the same, unless it was hardware-based.
disconnecting the battery for a few days to take care of any CMOS passwords.
Decent laptops don't use battery-backed CMOS to store the password etc. You can leave the battery unplugged for a year and the password will still be there.
The function of the police institution is not to stop crime. The function is to convince the populace that an authority that enforces social norms simply exists. That impression is better conveyed by harassing everybody about the more absurd norms that everybody is likely to break at some point than by focusing the energy on a couple of criminals who already know that they are breaking the law. I think it's called a panopticon. It's not important to watch everything, it's important to convey a sense of being watched.
This article is replete with comments which assume that people who take items at gunpoint are desperate drug addicts of low intelligence. The association of force or the threat of force with paucity of wit is probably a manifestation of the poster's insecurity: a man stealing a laptop is likely the grunt input end of an organised fence->reburb->resell operation, just as the average programmer is the grunt input end of some business process.
Except that, as you imply, the highwayman is going to have to "become an expert pretty quickly" to avoid not just being caught, but the lethal force of retaliation; the worst a cubicle dweller has to fear is an embarrassing bug uncovered in testing. It's the kind of epic misunderstanding that leads to calling a suicide bomber "cowardly" - of all criticisms you could possibly bestow on a man who has decided that the best way to tackle some problem involves sacrificing his own life, cowardice is the least accurate.
I was originally hesitant to believe that linux made that big a difference, but it might work that way for mine. It has a fingerprint scanner, which worked nicely at first with vista installed, but I got so frustrated with Vista I tried installing xp - just to remember about that annoying "you have 30 days to register xp before it can no longer work" bit.
I installed fedora on it, and much to my surprise, suddenly my computer asked for my fingerprint BEFORE giving me the opportunity to change the BIOS settings. I was impressed. Now, not only do you have to have my fingerprint (or accompanying password) to get into my computer, but if you take longer than 10 seconds to do so, the computer beeps LOUDLY for a long time before shutting down.
I'd consider the data very secure. the most a common thief could do is say that he stole it, it's little more than a brick to him. For a more sophisticated hacker thief, I could at least consider my data reasonably secure. it shouldn't be hard for the police to track down the stolen laptop before they could remove the hard drive and apply vicious hardware hacking utilities to get to the data enclosed. At least I hope so.
I'd at least make it look like I was rich enough to reward the police if they can track down the stolen laptop in time. And if I couldn't pay them, I'd at least offer them some real security advice that they'd find a lot more valuable than a cash reward.
Perhaps I've thought things through a bit too far ahead. But you can never be too paranoid until it's too late.
If you can read this, I forgot to post anonymously.
> That said, while Truecrypt exists for Linux, I'm sure there is a native way to do encryption
> without additional software.
The question of what constitutes "additional software" is a bit less straightforward in the open-source world. Linux technically is the kernel, but to my knowledge nobody runs just the Linux kernel on a laptop with no other software. A typical distribution, on the other hand (Ubuntu, for instance) includes a great deal more software than the pitiful little collection of accessories that comes with Windows out of the box. But the details of precisely what's included vary a bit from distro to distro (although of course there are a number of things that all the major distros include).
Anyway, the usual way to encrypt an entire filesystem on Linux is to use a loop device for the filesystem. See for instance encryptionhowto.sourceforge.net
Cut that out, or I will ship you to Norilsk in a box.
Absolute Software might have what you want:
Absolute BIOS-Level Protection
(Disclaimer: Not involved with these guys at all -- did a training session with some of their developers several years ago, and was impressed by their pitch)
What does it mean to wake out of a dream
and be wearing someone else's shorts?
BNL, Born on a Pirate Ship (1998)
To me, tracking down the thief is all about getting the chance to stick a gun in *his* face. But revenge, as they say, is a dish best served cold. Ideally, cold enough that the desire to beat the living daylights out of the ass who stole my stuff has long since waned.
A missing laptop is simply another machine I have to replace. I've dropped them, had them fried by lightning, I've even had them stolen (by light fingered people taking advantage of a lapse in attention, not by muggers). So losing property isn't such an emotional thing to me anymore.
Still, if someone stuck a gun in my face and took my stuff, the desire to track them down would have nothing to do with recovery of property.
It would probably mean they would nuke the install and boot loader and reload some other operating system.
I had a note book stolen from my van once. The guy who stole it did exactly this after someone told them I have a script that checks into a website and leaves IP information as well as the location it was accessed the web from. He was having trouble getting rid of it because they didn't know the passwords. Anyways, he had issues getting some drivers installed and took it to my shop to get help with it. This is about 3 months after it was stolen and I guess the ass wipe didn't know he stole it from me. Fortunately, I recognized the product code I had to use to get drivers from dell and after a quick double check, the cops cops agreed. When we called to inform him to pick it up, the cops arrested him.
Of course this was a cluster fuck too, the cops wanted to keep it as evidence, then they wanted me to show my original receipt to prove ownership of it, and then it was lost in their evidence locker for year. I had started to sue the city when they found it and returned it. All in all, I was without it for a little under 2 years (20 months) because of the ordeal. In the end, I wish I just had better insurance and could have just forgot about it.
My advice, don't keep anything personal on it, make sure you have backups of everything, and enough insurance to cover it as a loss no matter how or where it is stolen from. By the time you get it back, you might have already moved on and nothing guarantees they will connect to the internet (and allow you to bust them) before they get anything personal from it. It would be nice if there was something built into the power supply or maybe the Ethernet card so it could be tracked without and OS installed like when charging or when and after reloading the OS. But absent something on a level like that, I don't think anything would be muhc help.
A thief isn't even going to notice an engraving unless it's in 30 point type on the laptop cover. And even then, he'd probably grab it anyway. People who make their living that way tend not to be complicated thinkers. There are professional thieves who discretely inspect the item and surroundings from before moving in. Not professional like you see in the movies, although I wouldn't be surprised if that's where they get some of their ideas. In a cafe, that'd be as simple as going in there and getting a cup of coffee, using a public terminal to check the news, etc...
I remember one time in college when our drain was backed up and the basement flooded, there was a plumber that stopped by to work on it. After he had left, my roommate noticed that her lockbox with all of her valuables was missing. Turns out, the landlords never sent a plumber. Fortunately, someone in their group was drunk and trying to sell some of the jewelry to someone who knew of our loss, so word got back around. They heard about our flooding problem from someone who knew one of my roommate's friends. Then they sent in someone who was very charismatic and appeared clean-cut, that none of us had ever seen before, to pretend to be a plumber and scope out the house. At some point he saw the safe in my roommate's bedroom through her open door, and slipped it into the bathroom with him. Then he slit the window screen, and slipped the lockbox out the window. We weren't sure if he had someone waiting out there, or he just grabbed it after he left. Although, they were mainly just scoping out the place. They were planning on sending this giant methed out black dude back in the middle of the night, at a later date, to get the rest of the stuff they wanted.
So while an engraving might not deter a thief who sees an quick opportunity and takes it without looking at what he's stealing, it could at least help to deter theft from the serious thief who'd rather steal the most valuable thing in sight. Also, if you use a lock with your laptop, that should significantly deter the opportunity thief.
If you install only linux on the laptop, the thief will be so confused, he'll return you your computer. Now that's what I call sneaky.
Even if the thief doesn't know how to log-in, if there is a net connection a simple cron job to sync with your server would provide IP addresses as it phoned home as part of the daily routine. Trace the route and get a court order to find the subscriber of the ISP.
Part of the cron job could be to look for tasks to run. When the laptop is gone, have cron start the keylogger and collect the keystrokes on the guest account you left open for him. Then send him an e-mail from himself requesting it back. If that doesn't work, make a withdrawl from his bank account to cover the cost of your loss. Watch the fireworks..
The truth shall set you free!
I don't know. The fingerprint scanner probably isn't fool proof. And if you leave your fingerprints on the computer somewhere, you are likely leaving anything the thief needs to access the stuff.
When I got my first inkjet printer, I noticed that it printed differently then the dot matrix it replace. Soon, we were using the scanner to scan finger prints into the computer and printing them on to paper. We even played around with painting latex on the paper to see if we could wrap it around someone else's finger and leave a print behind that looked natural.
The bottom line was yes we could. I have seen tests on biometric security devices in the past that show they could be easily defeated much in the same way. So if your going to rely on the finger print scanner, then make sure you keep your finger prints off the computer when your not using it. You could be giving the thief the key to your super safe locks.
If I were really thinking
Ah, there's the rub! Most criminals are lazy and/or stupid. The few who aren't tend to be engaged in pursuits far more profitable than mugging.