Slashdot Mirror
The Khaki Bandit Strikes At IT - 130 Stolen Laptops
destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."
In fact, just a couple of weeks ago, one of our directors went on vacation and left his laptop and projector just sitting on the conference room where he had last used it (a large, wide-open conference room used by hundreds of outside people each week). They sat there for several days before anyone noticed.
SJW: Someone who has run out of real oppression, and has to fake it.
From the article "Over the years he'd pocketed at least $20,000", which comes to a mere $153.85.
No wonder eBay shoppers were happy with the deals they got.
God: An invisible friend for grown-ups.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
My work here is dung.
For the bold and motivated thief, walking in and then out with a laptop is easy. Just look like you are supposed to be there. Slipping it into a briefcase helps with the illusion.
On the other hand, someone waltzed off with a 24" LCD monitor from the desk of a co-worker not long ago. His office was the furthest in from the door, so someone needed to be particularly bold to go all the way in, disconnect the monitor, and walk back out. No one saw him either, which is impressive considering the size of the load he was carrying. It's a lot harder to look and act natural about carrying a large monitor than a laptop.
...I work in a shop on occasion, and the number of stolen laptops that come through with people trying to sell them to us is simply mind-boggling. I'm not talking about pissy little Pentiums, either, these are the latest, greatest in portable number crunching. Some have passwords on them as their only real identifying feature (the serial numbers and Microsoft licenses are usually scratched off), which I tell the seller is not possible to circumvent (in some cases they're not, being on the BIOS rather than the OS). Other tricks they have is coming in claiming they've lost or wrecked the power adapter (how convenient) and need a cheapo universal one. Sure, I'll sell them the universal brick but they're not testing the thing in the store.
Net bugs are a good thing to have, I think (got one on here), particularly given the plentiful supply of open wireless points in most large cities now. Turn on machine, bug sends data burst, thief is cornered. Hell, he doesn't even need to physically connect to a network these days.
Operation Guillotine is in effect.
"If the theives guild invested in blue overalls with Al on them, they could get away with anything." Social engineering IS one of the easiest to exploit security holes. It isn't much of a surpise that laptops were stolen using this technique.
This sounds like something Ricky and Julian, er, I mean Cory and Trevor would pull
They don't really go into details about it, but this might be something in the NIC chip or something else ingeniously specific to the hardware.
I doubt it. Most likely they got lazy and just cleaned XP without reinstalling leaving the rooted snitchkit to do it's thing. I guess if large access provider like T-Mobile's Hotspot had the MAC Address of a taken machine and a process to report to the right person it's presence on the network it could be traced. I also don't think MS is checking MAC addresses gathered from WGA against any criminal databases. Maybe an app on a separate, untouched partition and autorun but a simple drive wipe would've taken that out.
If you did devise a way for a MAC device to "call home" without user action then it would be easy to take the next step and turn it into a kick ass DDOS bot, something I don't think most device companies would risk.
The article states that outback used computrace lojack, which is software based antitheft. You connect online, it provides computrace with a bunch of info about your network connection and if you're stupid, they eventually trace you. i.e. the guy may have been good at social engineering to get the laptops, but definitely no good at the technical details.
Brick the device? Oh please. A Dell laptop I once serviced had this aforementioned "modern BIOS password" security feature. I couldn't enter the laptop's setup utility because of it. There was no battery on the motherboard to remove and I read on many forums that the only solution was to call Dell support and ask them for a "master code" to unlock the laptop. A quick check on Google brought up the BIOS password remover utility. -1 for Dell security. It could even null the asset tag and serial numbers and replace them with my own. The only problem with this procedure: my BIOS settings had to go back to default. Considering that I can only change the time and boot priority of devices, this wasn't a big deal to begin with (not like I have to write down the block, sector and cylinders of the hard drive, and whether it's in LBA mode or not).
Finding online videos on metacafe.com telling me how to bypass finger print security modules found on the latest laptops isn't that promising either. Best laptop security: keep the damn thing with you AT ALL TIMES. Never leave it in the car, even if you're running in and out of someplace for two minutes. It takes a thief five seconds to smash your car windows, grab the bag with your laptop and drive off in his car. I've witnessed it and it's horrifying.
I believe most tracking software creates a separate partition that would survive a standard reinstall, but not a complete reformatting of the disk.
What I think would be very effective would be a laptop, created explicitly for businesses, that would implement the tracking system in hardware. If you added it to the integrated wireless networking, you wouldn't be able to shut it off, and you could track it whenever you needed to. If you are concerned about battery life, you could allow someone to shut it off, but have it wake-up every few hours just to check in. When it checks in, if it's labeled as stolen, the networking stays on, allowing for constant tracking.
There are some privacy concerns with a tracking device that can't be turned off, but that's why I said it would be explicitly for businesses, (or people who want that feature explicitly). For many businesses, the loss of privacy is less important that the ability to track their assets.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
...are really not enough for security. I work at a building that I need keycard access to, but cards eventually become worn and some break so that they cannot be displayed anymore, and the company won't pay for a new one every time that happens. So there are two results: People don't wear them explicitly, and people don't question who they are letting into the front door behind them. I'm personally in favor of having a guard stationed at a single entry, at least for larger buildings; someone who can recognize people's faces and can be held responsible for stopping people he doesn't know. ...There's the danger of him being an asshole, but I'd be willing to take that chance.
The article says it's Computrace's LoJack for Laptops. We looked into the corporate version awhile ago due to the remote-wipe feature.
If the laptop has the proper version of TPM, it will even automatically re-install itself if the thief reinstalls Windows. Not sure if that's a good thing or a bad thing, having the BIOS infecting the machine... If it's stolen though, it's a good thing.
I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.
Or rather, where your key card has been.
You guess what happened? Exactly. One of those cards was stolen, one of the high level IT cards to boot, and the thief just waltzed in and went out with 2 servers. Nobody bothered to ask him what he's doing there. He has access to highly sensitive areas, so why bother asking why he's hauling around servers. That's his job, you know?
When nobody is supposed to do something, nobody expects anything's wrong when someone does what isn't supposed to be done. Especially in a high rotation hire and fire environment. Do you think anyone would question it when you put on a uniform and a trainee button and just go behind the counter of some fast food restaurant? Just tell everyone you're the new guy and avoid the manager.
It works.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I couldn't find the post asking how the guy was caught (i.e. what software), but here you go.
FTA:
Larry Brass, the Tampa Police detective who arrested Eric Almly this spring, says he's not permitted to endorse a particular product. But he says if Outback's laptops were not outfitted with software called Computrace LoJack for Laptops, made by Absolute Software, there is "no question" Almly would be walking free today.
Here is how it works: after a computer is stolen, the victim notifies Absolute's recovery team. When the thief accesses the Internet via that computer, the Computrace software on his computer silently broadcasts information that allows the team to determine his physical location.
With a street address in hand, police can make an arrest. The corporate version of the software gives subscribers the ability to remotely delete sensitive information from a computer.
Your sig(k) has been stolen. There is a puff of smoke!
Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet.
Which is funny as hell, because I've read several times on Slashdot (sorry, no time to search) about people who have their laptops set to do just that, but when they inform the police that their laptop is in use by a customer of this ISP with that IP address, they're told to go pound sand, that the police don't have time to go catch criminals that you can lead them to. It's trivial--especially with MacBooks--to have it send you not only the IP address but a picture of the theif if you want--but it seems to do no good.
Maybe the thing to do would be to get laptop insurance and then have the info emailed to the insurance company.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Or you could set your wallpaper to the goatse man, get a custom goatse case mod, goatse keyboard...Nobody will want to touch that laptop!
Monstar L
It consists of never buying new equipment unless it is absolutely necessary, and then buying second-hand if at all possible.
If a thief made it into the building and walked out with all the computers here, he might make $150 on ebay if lucky.
But he'd be more likely to just get a hernia.
The brazen airport computer theft that has Australia's anti-terror fighters up in arms
--
Simon
Somehow I have a hard time believing 2,000,000 laptops were stolen in a single year. That's nearly 5,500 per DAY. I don't think Dell even move than many laptops in a day. And I don't know a single person, personally, who had their laptop stolen. Ever. Where do these numbers come from? Are people just reporting stolen laptops for insurance claims? And now they have two laptops?
No sig for you. YOU GET NO SIG!
Right.
We use Computrace here at work. We have x amount of licenses. The company gives us a custom build executable that latches itself into the BIOS along with setting up shop in the OS applications/programs. The only way to remove it is by using the custom executable to contact the local webserver that starts up on the machine. I guess you could reflash the BIOS as well. I haven't bothered trying to break it.
Supposedly all you have to do is "hit a button" and Computrace will take care of everything.(Contacting local and state authorities, ISPs, telling them approximate location based on IP address when computrace phones home, etc)
And yes, all the techs are itching for someone to steal one of our laptops so we can try the system out.
-arp
VANCOUVER, Dec. 13 /PRNewswire-FirstCall/ -- Absolute(R) Software ("Absolute") (TSX: ABT), the leading provider of computer theft protection and secure asset tracking solutions, today announced a milestone in the company's efforts to drive the standard for PC theft recovery and Secure Asset Tracking(TM) - the availability of Computrace support in the BIOS across all four of the top tier PC manufacturers' commercial notebook lines.
Absolute first announced BIOS support for its theft protection technology with IBM/Lenovo on February 1, 2005; followed by announcements with Gateway on August 9th and HP on October 4th. Today, Dell announced a set of customer solutions that leverages Dell's embedded BIOS support for Computrace allowing customers to address issues of regulatory compliance, data protection and PC theft recovery.
We don't use it here, but I believe once you enable it in the BIOS, it can't be disabled. Obviously, there's always a way to disable everything, but it's not a matter of formatting a drive or changing a BIOS setting. It comes down to hex-editing the BIOS data or replacing the BIOS chip or something.
What this guy did I've done many times. Sure I didn't steal anything but using this tactic to get the advantage over others is dead easy. for example... long line in front of a store selling the new Wii "sorry, passing trough - sorry i work here." and 5 minutes later I walked out with my wii while others spend hours waiting. It just takes a certain aura really when people see you walk by they have to think "he belongs here" you'd be surprised how easily I can cut a line in a attraction park wearing a old repair company jacket I got for a spare time job. Why wait a hour or more if you can just walk past everyone... I'm pretty sure I could walk in most large companies take almost anything I want and walk out without anyone questioning it. As mentioned above just stick a big sticker "RMA" or "repair" on a 30" monitor and walk outlike you're just doing your job. I wonder if this falls under social engineering.. I mean you're basically (ab)using the people around you to believe you're someone else.
This is another case of an illegal wiretap of American citizens! They did not get a warrent from the FISA court before installing the software on his laptop, making it completely illegal. This is an abuse of private citizens by an overzealous government! This poor fellow should be immediately freed, his criminal history cleared, and an apology with monetary reimbursements for his trouble! The owners of the Outback Steakhouse should immediately be imprisoned for casuing this travesty of justice!
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
I knew a woman who was a researcher at MIT in a biochem lab. Before MIT refurbished its biochem labs they were wide open. Anyone could walk into almost any room. Grad students were notorious for being lax about security. The local bums and thieves also knew this and would wander in and steal student's purses, wallets, laptops, etc. One day she came in and found that someone had rifled through a fridge full of bacteria in liquid media. Good thing for them they didn't think it was free Hi-C and guzzle it down or they would've spent the next week or so clutching thier stomachs on the toilet. If they'd played with the enzymes for running the electrophoresis gels they wouldn't have lasted much longer.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
The university I work for requires that all devices used on campus have their MAC addresses registered. If a device is reported stolen we can then find out which switch port or AP the thing is connected to. I've recovered several notebooks this way for users who had been ripped off by someone on campus.
I'd rather have a full bottle in front of me than a full frontal lobotomy.