The Khaki Bandit Strikes At IT - 130 Stolen Laptops

destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."

Re:if he was so smart

[eldavojohn]

why did he not blow away the HDD and reload before putting the thing on the internet? Well, I believe he was doing that, from the article:

Later, at his $1,800-a-month apartment along Miami Beach, the burglar erased the laptops' hard drives and began selling them via services like eBay, where he had earned a 99.4 percent customer-satisfaction rating and tens of thousands of dollars in profit. And then later:

Thanks in part to the company's use of a clever antitheft device... They don't really go into details about it, but this might be something in the NIC chip or something else ingeniously specific to the hardware. They probably don't want to give out details as this was the only way to catch and stop this kind of outfit.

Re:if he was so smart

[wangmaster]

The article states that outback used computrace lojack, which is software based antitheft. You connect online, it provides computrace with a bunch of info about your network connection and if you're stupid, they eventually trace you. i.e. the guy may have been good at social engineering to get the laptops, but definitely no good at the technical details.

Re:absolute crap

Brick the device? Oh please. A Dell laptop I once serviced had this aforementioned "modern BIOS password" security feature. I couldn't enter the laptop's setup utility because of it. There was no battery on the motherboard to remove and I read on many forums that the only solution was to call Dell support and ask them for a "master code" to unlock the laptop. A quick check on Google brought up the BIOS password remover utility. -1 for Dell security. It could even null the asset tag and serial numbers and replace them with my own. The only problem with this procedure: my BIOS settings had to go back to default. Considering that I can only change the time and boot priority of devices, this wasn't a big deal to begin with (not like I have to write down the block, sector and cylinders of the hard drive, and whether it's in LBA mode or not).

Finding online videos on metacafe.com telling me how to bypass finger print security modules found on the latest laptops isn't that promising either. Best laptop security: keep the damn thing with you AT ALL TIMES. Never leave it in the car, even if you're running in and out of someplace for two minutes. It takes a thief five seconds to smash your car windows, grab the bag with your laptop and drive off in his car. I've witnessed it and it's horrifying.

Re:Laptops are easy

[Bee1zebub]

That has been reported in England with roofing slates. The thief simply drives up with a van painted as a roofing contractor, sets up a ladder and some scaffolding, and removes the tiles (this was some years ago, when health and safety regulations were less strict). When a home owner caught them, they simply presented fake documents for the house net door, put up a tarpaulin, and drove off.

People have also stolen the granite setts of of public roads with a digger, lorry, and a few cones.

LoJack for laptops

[Fezmid]

The article says it's Computrace's LoJack for Laptops. We looked into the corporate version awhile ago due to the remote-wipe feature.

If the laptop has the proper version of TPM, it will even automatically re-install itself if the thief reinstalls Windows. Not sure if that's a good thing or a bad thing, having the BIOS infecting the machine... If it's stolen though, it's a good thing.

And here's how he was caught:

[farker+haiku]

I couldn't find the post asking how the guy was caught (i.e. what software), but here you go.
FTA:
Larry Brass, the Tampa Police detective who arrested Eric Almly this spring, says he's not permitted to endorse a particular product. But he says if Outback's laptops were not outfitted with software called Computrace LoJack for Laptops, made by Absolute Software, there is "no question" Almly would be walking free today.

Here is how it works: after a computer is stolen, the victim notifies Absolute's recovery team. When the thief accesses the Internet via that computer, the Computrace software on his computer silently broadcasts information that allows the team to determine his physical location.

With a street address in hand, police can make an arrest. The corporate version of the software gives subscribers the ability to remotely delete sensitive information from a computer.

Re:And here's how he was caught:

[madigan82]

We have Computrace installed on over 5,000 laptops in the field. It is installed in the BIOS so a simple format won't get rid of it. In fact, if they format it, the BIOS agent actually reinstalls the OS agent. One thing they don't mention is that you need to file a police report on the stolen laptop first before you can track it. But it works nice. We've had several that were "stolen" to wind up at the user's house or a friend's house. Not sure if any were actually ever stolen though since I don't handle that stuff.

Re:if he was so smart

[arpwatch]

Right.
We use Computrace here at work. We have x amount of licenses. The company gives us a custom build executable that latches itself into the BIOS along with setting up shop in the OS applications/programs. The only way to remove it is by using the custom executable to contact the local webserver that starts up on the machine. I guess you could reflash the BIOS as well. I haven't bothered trying to break it.
Supposedly all you have to do is "hit a button" and Computrace will take care of everything.(Contacting local and state authorities, ISPs, telling them approximate location based on IP address when computrace phones home, etc)

And yes, all the techs are itching for someone to steal one of our laptops so we can try the system out.

-arp

Re:It's in the BIOS

[InvisiBill]

http://news.thomasnet.com/companystory/471725

VANCOUVER, Dec. 13 /PRNewswire-FirstCall/ -- Absolute(R) Software ("Absolute") (TSX: ABT), the leading provider of computer theft protection and secure asset tracking solutions, today announced a milestone in the company's efforts to drive the standard for PC theft recovery and Secure Asset Tracking(TM) - the availability of Computrace support in the BIOS across all four of the top tier PC manufacturers' commercial notebook lines.

Absolute first announced BIOS support for its theft protection technology with IBM/Lenovo on February 1, 2005; followed by announcements with Gateway on August 9th and HP on October 4th. Today, Dell announced a set of customer solutions that leverages Dell's embedded BIOS support for Computrace allowing customers to address issues of regulatory compliance, data protection and PC theft recovery.

We don't use it here, but I believe once you enable it in the BIOS, it can't be disabled. Obviously, there's always a way to disable everything, but it's not a matter of formatting a drive or changing a BIOS setting. It comes down to hex-editing the BIOS data or replacing the BIOS chip or something.

Re:Look at the way many people treat their laptops

[vivian]

Mabey you want to consider changing the powerdown options n your laptop's BIOS.

Re:Look at the way many people treat their laptops

Don't they do that in Windows? I know my laptop and desktop do, in both OSs.

You can disable it somewhere (in both), I can't remember where (in either).

Re:Look at the way many people treat their laptops

[beef+curtains]

He did fix the problem in a way that was suitable to him. And he's the guy who uses the laptop and must've been happy with his cheap fix.

In this scenario, it doesn't matter that his solution was "suitable to him", or that "he's the guy who uses the laptop"...the fact of the matter is that he doesn't OWN the laptop, the university does. So basically he borrowed the laptop and broke it to suit his whims. That's generally not acceptable.

If you lent your laptop to a friend, and he brought it back with buttons crudely torn out because they were getting in his way, would you commend him on his clever workaround? Likely not (unless you have very little regard for your valuable belongings).

I'm sure that in whatever field he's a professor in, he probably doesn't make fun of you for not understanding something.

It sounds like the GP understands quite clearly: this professor damaged university property. If I was a student in this professor's class, and decided one day to demolish his overhead projector because it was blocking my view of the whiteboard (assuming professors still use overhead projectors & whiteboards...if not, substitute your own analogy ;) ), would he be wrong to be upset with me? Or would his displeasure merely demonstrate his lack of understanding?

He probably wouldn't even make fun of your poor choice of words with "Gods know".

Ah, the ad hominem attack...I now feel that I might be feeding a troll. Oh well, I've typed too much to delete it all, so I soldier on....

Yours is a problem that many people have. Once you understand something, you can't understand how someone else doesn't understand that problem. Different strokes for different folks.

Once again, I fail to see the GP's "problem"...he's stating that this professor damaged university property. Are either one of us missing something? "Different strokes for different folks" is completely invalid in this situation; the professor's "strokes" violated the ownership rights (and probably the terms of use) of the "folks" who owned the laptop.