Slashdot Mirror
What Are the Best Laptop Theft Recovery Measures?
BarlowBrad writes "Yesterday my house was broken into and among other things two laptops were stolen. Getting past the feeling of violation, I am looking to the future and how to both prevent theft and recover computers should it happen again. I have found various services that claim to track and recover stolen laptops such as LoJack for Laptops, Computrace, GadgetTrak and Undercover, but I (obviously) have no experience with any of them. I also know that Intel will be coming out with a new anti-theft technology chip, but that isn't supposed to come out until the fourth quarter and I'll be replacing the laptops before then. Does Slashdot have a recommendation between these services or suggestions for another?" Read on for a related question about automating this process.
BarlowBrad continues: "I have also wondered if there is a 'home brew' solution that I could cook up myself. I'm not an elite programmer, but I am somewhat computer savvy and open to ideas. At least one of the replacement laptops will have to be a Windows machine, but the other may be a Mac or run Linux, so ideally I'd want a solution for multiple platforms. Perhaps a script that sends an email with the IP address every time the computer connects to the internet? Or is there already something out there like that in the Open Source community?"
For Your Eyes Only I think.
Mod down parentpost, & don't click the link.
do not click.
DRM: Terminator crops for your mind!
Just look into one of the scripts to update a dynamic IP address with a dynamic DNS service, and set it up to be automatic. As soon as the computer connects, it will update the address.
Perhaps a script that sends an email with the IP address every time the computer connects to the internet?
.mil and .gov addresses that reads like this:
Dude, the scumbag just stole your laptop. Get creative. Instead of just having the a bot or something send you an email so you can identify them, go this route. Have it send an email to a bunch of
ALLAH ALLAH!!! I want to NUCLEAR BOMB the white house!!! I have a sleeper cell that already has a plan in place to kidnap beautiful AMERICAN CHILDREN and teach them ISLAM!!! DEATH TO GEORGE BUSH!!!
You could add in whatever else you feel like. That stuff was just off the top of my head.
I got a catholic block.
I have a big self-printed Linux Sticker on top, with clear foil on top of it and 2cm over the edges. While it is possible to remove it without trace, any thief will not know that and there is a reasonable chance they will stay away. At least if they are competent thieves. People that break into flats typically are not.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Want to click, want to click! The link glitters in my monitor. Maybe there are diamonds or a goatse! Want to click, want to click!
Although laptops can be expensive, I think the real danger is the potential disclosure of personal and business data on the lost computer. There are several programs that will erase the drive remotely if the laptop is reported stolen by the owner. Here is a link to one as an example, but I haven't used it, so I can't vouch for it: http://www.sharewareplaza.com/Zapeze-download_39642.html http://backpackcomputing.com/
a) run an openSSH or VNC server, and
b) write a cronjob/Scheduled Task to shoot a ping at some IP address you control periodically whenever IP connectivity is present.
This will only work if your computer appears to be usable by a thief without wiping the OS. If the thief is dumb, he'll at least try and get on the Internet with it, and then you can swoop in and pwn him.
DRM: Terminator crops for your mind!
Glue your laptop to your desk. I won't guarantee that it will not get stolen, but it is a lot harder to steal an entire desk than a single laptop.
Forget recovery. If you had color glossy photos with circles and arrows the cops will STILL not bust into someone's home to recover your laptop.
You can't get them to stop crime in progress, let alone last week's crime.
Denial of use of stolen laptops is the best bet. Not only denial of access to the data, but denial of use of the hardware, or making it very expensive and suspect when trying to get a stolen box running.
This means encrypting drives, biometric readers, or any number of additional features, most of which are expensive, some of which do impose a hurdle for the thief.
Encrypted drives are becoming mainstream and easily affordable, and generally do work to keep your data safe.
But none of this will prevent you from losing the box to a thief. They will steal it anyway, even if they dump it in the trash because they can't make it work.
Sending an email with an IP does nothing. Installing dyndns.org IP updater software would work just a well. It leaves a record in a remote place, but savvy thief would know how to erase that, just as they would know how to prevent your email from going out.
Even if you find the IP of the stolen box, the ISP will need a court order to reveal the location to you. Good luck with that. Cops won't take action. They will tell you to file an insurance claim and move on.
Side note: Thieves are seldom savvy. If they had any brains they would get a less risky job. So chances of them disabling any counter measures are fairly slim.
Sig Battery depleted. Reverting to safe mode.
The old standby goes -- there's no one security measure that's perfect, but you can make it a lot easier.
The first and most obvious layer is physical access. Don't leave your laptop visible in your car when you park. Lock your office doors. Don't leave it at a coffee house when you go to the bathroom.
The second is physical security. Invest in a laptop leash and chain it down if you work in a shared office space environment.
The third layer is physical deterrence. Customize the heck out of your computer. A big engraved security mark (be it your driver's license #, your name, your cell #, your email address, whatever) will turn off thieves. Same if you've got anything else that's obviously unique and can't easily be removed.
The fourth layer is electronic deterrence. A boot password and a screensaver password will deter unskilled theives. There are plenty of skilled thieves who plan to reformat the drives, but a few will be deterred by not being able to sell the laptop on the corner without a password. (If you don't believe me, hang out in midtown NYC long enough and you can get offers to sell hot laptops in the $100 range).
The fifth layer is tracking. Things like LoJack and all the other services. If they boot your laptop it'll contact the network and you can at least have a shot at getting it back. (Note, some of these are not compatible with a boot password). Of course, record your Windows serial # (if you run Windows) and your Dell quick service code (if you use a Dell) or the equivalent for your system. These are uploaded.
The sixth layer is luck. Sometimes people catch theives by webcam, sometimes by stupid emails, sometimes by pure random encouters. You gotta get lucky.
No one of these layers is sufficient and it's silly to talk about LoJack for Laptops if you leave your laptop sitting in the open for somebody to grab it. LoJack is most useful to break open crime rings, not to actually get your laptop back -- by the time the police get around to subpoenaing the ISPs your laptop is gone, but the thieves might not be. I run it, but I don't expect it to save my butt.
At my school, all students are provided with a laptop. All computers come loaded with Computrace, and it has never failed to recover a stolen laptop...even ones that have ended up overseas after being wiped and sold on eBay. The only time Computrace fails is if a) the CMOS is physically replaced or b) the laptop never sees an internet connection again.
Buddy of mine had a laptop stolen last week, they traced it when it booted up and started that SETI stuff. Absolutely funny.
I have a Macbook Pro and decided to get Undercover for it. It's easy to set up and doesn't require a subscription, unlike some of the other programs out there. I'd read a bit about it before getting it, and the thing that really helped me in the end were the success stories that they have posted on their website. The fact that it makes use of the MacBook's built-in video camera to snap pictures of whoever is using it really impressed me.
NorthWest Airlines DOES have a web address where you can get your luggage back:
http://www.ebay.com/
I hadn't heard of Computrace / Absolute until about two weeks ago, when we found two computers at my office talking to "search.namequery.com" several times a second. What I find is interesting: A program that installs without my permission or knowledge, takes orders from a 3rd party (up to and including "wipe the hard drive"), and actively resists removal.
One computer was brand-new (MPC/Gateway M685), the other just over a year old (MPC/Gateway E475). The first one they claim was "accidentally" activated at the factory, the second got a motherboard replacement that had this little program "activated" from its prior owner.
The sales rep at MPC/Gateway got the Absolute/Computrace rep on the phone and they both claim that it isn't a virus. Okay, fine, it doesn't self-replicate. Seems to fit darn near every other part of the definition! Their tech-support guy ordered the two computers to disable their BIOS component and uninstall, which THEY DID! The files in C:\Windows\System32 vanished before my eyes.
They were back the next day.
Gateway/MPC doesn't seem to understand my frustration. We spend so much time and money securing our computers and making sure they run only the software we WANT them to run. Now you want me to feel safe with a BIOS-level program that copies itself to FAT32/NTFS partitions and tricks Windows OSes into executing it? This same program that calls a 3rd party and requests instructions? I know of only three instructions it can accept, but what if there are others? ("Stolen, check in every 15 minutes", "Stolen, wipe hard drive", "Disable and uninstall" we know of)
I asked how they secure the disk-wiping function and was not impressed with the answer. They use an RSA token to verify that the right customer called in. I said 'Ok, what about the link to the computer? Is it signed or encrypted?' No answer, they just went back to the RSA token.
Heck, we have BlackBerries that can wipe themselves on remote command but RIM makes a big deal of how the communications are encrypted between the BB and my server. I know that J. Random Cracker isn't going to trick my BB into nuking itself. But what if he spoofs "search.namequery.com" and returns the code for "Nuke HD"? Will their little 200kb program accept the order?
I read that someone found and disabled Computrace/Absolute's BIOS code in a firmware dump and then re-flashed his machine. If I can't pull that off with Gateway/MPC I will have to recommend that we find a vendor that does NOT pre-infect the computers we purchase.
*grumble*
Comment removed based on user account deletion
Unless you're talking about a casual theft by somebody who intends to sell the laptop on the street, or for their own use, this won't work. If the laptop is fenced, the first thing the fence will do is wipe the hard drive. They do this to remove any trace of the original owner, though it also prevents any phone-home scenario.
Recent products like Computrace/LoJack (same product, different brands) can be installed in the BIOS so a disk wipe doesn't affect them. The catch is that it has to be installed at the factory, so you have to buy the security software (and an annual subscription) when you buy a new laptop. Also, it isn't that hard to reflash a BIOS....
I shouldn't need to point out that you should also have a bare-metal recovery backup. In fact, that's probably more important than any anti-theft measure: paying $1K for a new laptop hurts, but not as much as losing all the work that's on your laptop. A bare-metal solution spares you the hassle of re-installing all your applications and re-applying all the customizations we geeks love to do.
It could be a good idea to hide a little DYNDNS update routine on each of one's computers (and thankfully DYNDNS will even give you multiple IDs that you can update, so you can have a different one for each computer). But I'll want to see a lot more positive feedback by people who did this or similar things before I will think it's very likely to be helpful. Now if you had a GPS in that laptop and sent out it's coordinates when updating, you might be able to do yourself a lot more good (unfortunately, GPS doesn't work well indoors).
I'm an American. I love this country and the freedoms that we used to have.
The real Lojack system, for cars, predates the Internet and GPS. It's pretty good. About 90% of Lojack-equipped cars are recovered when stolen. When you buy Lojack, an installer comes out and installs a little box somewhere on your car. You don't know where, and they have many alternative locations. It gets power from the car, so it keeps itself charged.
The unit finds an FM broadcast station with the Lojack subcarrier and listens for a message with its serial number. If your car is stolen in an area with Lojack coverage (which includes most major US cities), a police stolen car report is copied to Lojack's computers, which then tell the subcarrier transmitter at the broadcast stations to start broadcasting messages with the unit's serial number. The unit in the car then starts emitting a beacon signal.
Lojack has good integration with big-city police departments. They equip police cars with Lojack receivers at Lojack's expense. Any Lojack receiver that's emitting turns on indicators in police cars, showing direction and approximate range. When you see a police car with four antennas in a square on the roof, that car has a Lojack receiver.
In Los Angeles, the LAPD's air force, both rotary and fixed-wing, has Lojack receivers. This has resulted in some dramatic stolen car recoveries. Cops like the system, because not only do they get cars back, they often find someone they want driving the stolen car.
But "Lojack for Laptops" doesn't use that system. It just reports IP addresses when the unit connects to the Internet. A company called Absolute Software seems to have just licensed the Lojack name; it's apparently not part of Lojack Corporation at all.
http://ask.slashdot.org/article.pl?sid=07/09/18/1819239
It may be too late now, but if something is missing from your bag file a claim before you leave the airport. NWA actually requires you to file the claim at the airport, per http://www.nwa.com/travel/luggage/delayed.html#property (nice option for international travelers who may not have web access to read that until they're home). For what it's worth their baggage contact information is: Central Luggage Service c/o Northwest Airlines, Inc. Department C-5260 7500 Airline Drive Minneapolis, MN 55450-1101 Domestic (toll-free): 1-800-648-4897 (Monday - Friday, 8:00 a.m. - 4:00 p.m. CT) International: (612) 725-5450 Fax: (612) 727-4639 Sorry about the laptop.
I fully encrypt my laptop drive, since it carries lots of secret corporate data and IP, and fully back it up at the office, so I am not too worried about theft of the hardware.
...) are already fingerprinting foreigners. It looks like the days of international business travel will soon be over.
I am however scared that at an US airport, or at the airport of some other repressive regime, I may be forced to hand over my laptop, and then detained for not providing the decryption password. Keep in mind that if I am forced to reveal the contents of my laptop, that I can be sued by shareholders (for leaking IP) and business partners (for breaking NDA), I can lose my business relationships and hence my income, and I potentially be charged for breaking EU (and other) directives on data protection.
The problem is that I work extensively with banks and I cannot allow banking data to be leaked, nor can I allow sensitive and very valuable corporate IP to be given to potential competitors of a country that I am visiting or passing through.
Unfortunately, I need to have all of the IP on the laptop, since I often work on the data-centers of various banks worldwide, behind all of the firewalls, and these data-centers do not typically allow any type of Internet access. In addition, I would not feel safe putting 100% of the corporate IP and banking data on a public Internet server in my office, just so I can remote download 200GB or so onto a blank laptop, using a slow and/or expensive hotel Internet connection, everytime I fly, just so I can work in a remote location.
It is bad enough that countries (US, UK, Japan,
Can't help you with getting your laptops back, but I can give you a suggestion on how to force lowlife scum to pick your neighbor's house next time:
Dogs.
Not necessarily big, but loud. Most fucksticks who want your stuff don't want to deal with dogs, as there are far easier pickings right down the road. We have three. Homes have been broken into on either side of me, multiple times. I don't believe it's luck. Two border collies and a lab are simply a wrench in the works of a simple-minded shithead.
Believe me, someone wants in your house badly enough, no number of dogs, alarms, etc. will stop them. But the chances of someone wanting your stuff that badly are probably nil, and if they are willing to kill your dogs to get your stuff, they'll probably kill you too.
Dogs are the ticket. Think about it.
"Cellular GPS LoJack Id: 81231982
;-)
If found contact: 123-456-7890"
If you are savy enough, hack BIOS to display the same message at boot time (some BIOSes allow you to add your own images - thats one way, or add message to MBR)
Better yet, on boot print "GPS position is acquired and transmitted."
Probably won't get your laptop back, but may mess with their heads and make them wonder if they are being tracked by hardware.
-Em
RelevantElephants: A Somatic WebComic...
If more people actually took the time to verify the history of what they buy it would remove the market these guys feed on. A few years ago I bought a laptop off eBay that should have still been under warranty. Working with Dell I contacted the rightful owner and the jerk at least got arrested. Doubt he ever saw any jail time but at least he has a record now... and he didn't get my money or any for the other dozen or so laptops he had in his possession when they arrested him...
I use a lightweight lock or plastic zip tie to tell if someone has been in my bags. TSA cuts them off 1 in 4 times, but at least I know to check. A few times I've had them ask me to remove it before I checked my bags in, but that seems to be the exception. If I checked in expensive items regularly I'd research insurance options. I don't trust the airlines, but the sooner you find something missing the more likely it is you'll get some compensation.
Keep your good computers at home. Get some old clunker to take on the road. Scuff it up and make it look bad. Keep your data on a USB key on your keychain so you know you won't lose that. Your fast machines at home are available to you wherever you can find some bandwidth. A savvy thief may pass over your laptop when he sees how old it is. Instead of one nice laptop, get two or even three used ones for the same price and you'll have one for backup and one to scavenge for parts.
1. Don't put social security numbers on your laptop. Remember, the more social security numbers that are left on your laptop, the higher chance it will get stolen and make the front page news!
I've had zero SSNs on my laptops, and they have never been stolen out of my car nor home.
Just a little tip from your uncle 'der!
Maybe I'm missing something, but that makes no sense at all to me.
Wireless seems to have nothing to do with it, any time that you connect through a wired or wireless router connection you get a local NAT IP address. But the DYNDNS updating that was discussed in the post that I responded to is still valid; it registers the public IP address of the connection, not some private address. Traceroute will not give any additional information; once one has the IP address of where the computer connected from one should be able (with law enforcement and ISP cooperation) to find the point of connection.
Of course, if the thief only connect from public wifi hot spots, then one needs to catch them in that act. Same if they connect through a neighbor's router that doesn't have encryption enabled, although that likely pins down the thief to a very small geographic area. If they connect through their own router, wired or wireless, then DYNDNS gets their public IP address. So any home address connection would be a good target for a warrant. If people insist on running home systems without encryption they should expect such little surprise visits.
Why you think a traceroute to the IP address matters at all is completely unclear.
I'm an American. I love this country and the freedoms that we used to have.
If you aren't running firefox with noscript and addblock then you deserve to get griefed. The solutions are there. Don't use IE or barebones firefox and then complain that every link on the internet isn't safe.
Its an initiation thing for a retarded trolling group. "You, too, can be a part of GNAA if you join today! Why not? It's quick and easy - only 3 simple steps! * First, you have to obtain a copy of GAYNIGGERS FROM OUTER SPACE THE MOVIE and watch it. You can download the movie (~130mb) using BitTorrent. * Second, you need to succeed in posting a GNAA First Post on slashdot.org, a popular "news for trolls" website. * Third, you need to join the official GNAA irc channel #GNAA on irc.gnaa.us, and apply for membership. "
1) safeguard your data. /home partition on my laptop is encrypted, so my data is inaccessible to others.
The
2) make the laptop unattractive to thieves
Have your name and address engraved on several parts of the housing and lid. Or have some metal or plastic tags engraved and bond them securely to case and lid (or even to the screen). This will make the tags impossible to remove without replacing the case (or the lcd). This will make the laptop harder to resell.
Never ascribe to malice that which is adequately explained by incompetence.
Why not use a TSA lock?
Because then he can't tell that his bags have been searched. The very idea of the TSA lock is laughable, it's the TSA baggage handlers that we need to protect our luggage from. They have the same trustworthiness as the police. Most of them do their jobs well enough. There are a few who abuse their positions in big or small ways and the rest look the other way because they "have to watch out for their own" or they don't want to "snitch".
We are all just people.