Slashdot Mirror
The Khaki Bandit Strikes At IT - 130 Stolen Laptops
destinyland writes "'The khaki bandit' posed as an office worker at several corporations and successfully stole over 130 laptops which he later sold on eBay. The ease of theft from the corporate offices (including FedEx and Burger King) shows just how bad corporate security can be. In some cases, the career thief just walked into the office behind an employee with a security badge. Two million laptops were stolen just in 2004, and of those 97 percent were never recovered. Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet."
In fact, just a couple of weeks ago, one of our directors went on vacation and left his laptop and projector just sitting on the conference room where he had last used it (a large, wide-open conference room used by hundreds of outside people each week). They sat there for several days before anyone noticed.
SJW: Someone who has run out of real oppression, and has to fake it.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
My work here is dung.
For the bold and motivated thief, walking in and then out with a laptop is easy. Just look like you are supposed to be there. Slipping it into a briefcase helps with the illusion.
On the other hand, someone waltzed off with a 24" LCD monitor from the desk of a co-worker not long ago. His office was the furthest in from the door, so someone needed to be particularly bold to go all the way in, disconnect the monitor, and walk back out. No one saw him either, which is impressive considering the size of the load he was carrying. It's a lot harder to look and act natural about carrying a large monitor than a laptop.
...I work in a shop on occasion, and the number of stolen laptops that come through with people trying to sell them to us is simply mind-boggling. I'm not talking about pissy little Pentiums, either, these are the latest, greatest in portable number crunching. Some have passwords on them as their only real identifying feature (the serial numbers and Microsoft licenses are usually scratched off), which I tell the seller is not possible to circumvent (in some cases they're not, being on the BIOS rather than the OS). Other tricks they have is coming in claiming they've lost or wrecked the power adapter (how convenient) and need a cheapo universal one. Sure, I'll sell them the universal brick but they're not testing the thing in the store.
Net bugs are a good thing to have, I think (got one on here), particularly given the plentiful supply of open wireless points in most large cities now. Turn on machine, bug sends data burst, thief is cornered. Hell, he doesn't even need to physically connect to a network these days.
Operation Guillotine is in effect.
"If the theives guild invested in blue overalls with Al on them, they could get away with anything." Social engineering IS one of the easiest to exploit security holes. It isn't much of a surpise that laptops were stolen using this technique.
Oh dear. Who will lead the OLPC initiative now that Nicholas Negroponte is in jail?
They don't really go into details about it, but this might be something in the NIC chip or something else ingeniously specific to the hardware.
I doubt it. Most likely they got lazy and just cleaned XP without reinstalling leaving the rooted snitchkit to do it's thing. I guess if large access provider like T-Mobile's Hotspot had the MAC Address of a taken machine and a process to report to the right person it's presence on the network it could be traced. I also don't think MS is checking MAC addresses gathered from WGA against any criminal databases. Maybe an app on a separate, untouched partition and autorun but a simple drive wipe would've taken that out.
If you did devise a way for a MAC device to "call home" without user action then it would be easy to take the next step and turn it into a kick ass DDOS bot, something I don't think most device companies would risk.
I believe most tracking software creates a separate partition that would survive a standard reinstall, but not a complete reformatting of the disk.
What I think would be very effective would be a laptop, created explicitly for businesses, that would implement the tracking system in hardware. If you added it to the integrated wireless networking, you wouldn't be able to shut it off, and you could track it whenever you needed to. If you are concerned about battery life, you could allow someone to shut it off, but have it wake-up every few hours just to check in. When it checks in, if it's labeled as stolen, the networking stays on, allowing for constant tracking.
There are some privacy concerns with a tracking device that can't be turned off, but that's why I said it would be explicitly for businesses, (or people who want that feature explicitly). For many businesses, the loss of privacy is less important that the ability to track their assets.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
...are really not enough for security. I work at a building that I need keycard access to, but cards eventually become worn and some break so that they cannot be displayed anymore, and the company won't pay for a new one every time that happens. So there are two results: People don't wear them explicitly, and people don't question who they are letting into the front door behind them. I'm personally in favor of having a guard stationed at a single entry, at least for larger buildings; someone who can recognize people's faces and can be held responsible for stopping people he doesn't know. ...There's the danger of him being an asshole, but I'd be willing to take that chance.
The article says it's Computrace's LoJack for Laptops. We looked into the corporate version awhile ago due to the remote-wipe feature.
If the laptop has the proper version of TPM, it will even automatically re-install itself if the thief reinstalls Windows. Not sure if that's a good thing or a bad thing, having the BIOS infecting the machine... If it's stolen though, it's a good thing.
I was working in a high security environment. You know, the whole thing with magnetic cards, guards sitting there and watching people going in and out of the building, timestamps everywhere, in short, the company knew down to a second where you've been all day.
Or rather, where your key card has been.
You guess what happened? Exactly. One of those cards was stolen, one of the high level IT cards to boot, and the thief just waltzed in and went out with 2 servers. Nobody bothered to ask him what he's doing there. He has access to highly sensitive areas, so why bother asking why he's hauling around servers. That's his job, you know?
When nobody is supposed to do something, nobody expects anything's wrong when someone does what isn't supposed to be done. Especially in a high rotation hire and fire environment. Do you think anyone would question it when you put on a uniform and a trainee button and just go behind the counter of some fast food restaurant? Just tell everyone you're the new guy and avoid the manager.
It works.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I couldn't find the post asking how the guy was caught (i.e. what software), but here you go.
FTA:
Larry Brass, the Tampa Police detective who arrested Eric Almly this spring, says he's not permitted to endorse a particular product. But he says if Outback's laptops were not outfitted with software called Computrace LoJack for Laptops, made by Absolute Software, there is "no question" Almly would be walking free today.
Here is how it works: after a computer is stolen, the victim notifies Absolute's recovery team. When the thief accesses the Internet via that computer, the Computrace software on his computer silently broadcasts information that allows the team to determine his physical location.
With a street address in hand, police can make an arrest. The corporate version of the software gives subscribers the ability to remotely delete sensitive information from a computer.
Your sig(k) has been stolen. There is a puff of smoke!
Ultimately it was the corporate headquarters of Outback Steakhouse who caught the thief with a bugged laptop that notified them when he re-connected it to the internet.
Which is funny as hell, because I've read several times on Slashdot (sorry, no time to search) about people who have their laptops set to do just that, but when they inform the police that their laptop is in use by a customer of this ISP with that IP address, they're told to go pound sand, that the police don't have time to go catch criminals that you can lead them to. It's trivial--especially with MacBooks--to have it send you not only the IP address but a picture of the theif if you want--but it seems to do no good.
Maybe the thing to do would be to get laptop insurance and then have the info emailed to the insurance company.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
It consists of never buying new equipment unless it is absolutely necessary, and then buying second-hand if at all possible.
If a thief made it into the building and walked out with all the computers here, he might make $150 on ebay if lucky.
But he'd be more likely to just get a hernia.
The brazen airport computer theft that has Australia's anti-terror fighters up in arms
--
Simon
VANCOUVER, Dec. 13 /PRNewswire-FirstCall/ -- Absolute(R) Software ("Absolute") (TSX: ABT), the leading provider of computer theft protection and secure asset tracking solutions, today announced a milestone in the company's efforts to drive the standard for PC theft recovery and Secure Asset Tracking(TM) - the availability of Computrace support in the BIOS across all four of the top tier PC manufacturers' commercial notebook lines.
Absolute first announced BIOS support for its theft protection technology with IBM/Lenovo on February 1, 2005; followed by announcements with Gateway on August 9th and HP on October 4th. Today, Dell announced a set of customer solutions that leverages Dell's embedded BIOS support for Computrace allowing customers to address issues of regulatory compliance, data protection and PC theft recovery.
We don't use it here, but I believe once you enable it in the BIOS, it can't be disabled. Obviously, there's always a way to disable everything, but it's not a matter of formatting a drive or changing a BIOS setting. It comes down to hex-editing the BIOS data or replacing the BIOS chip or something.
I like it: "Stealization". Let's spredulate this meme.
Who is John Cabal?
This is another case of an illegal wiretap of American citizens! They did not get a warrent from the FISA court before installing the software on his laptop, making it completely illegal. This is an abuse of private citizens by an overzealous government! This poor fellow should be immediately freed, his criminal history cleared, and an apology with monetary reimbursements for his trouble! The owners of the Outback Steakhouse should immediately be imprisoned for casuing this travesty of justice!
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.