Slashdot Mirror
What Are the Best Laptop Theft Recovery Measures?
BarlowBrad writes "Yesterday my house was broken into and among other things two laptops were stolen. Getting past the feeling of violation, I am looking to the future and how to both prevent theft and recover computers should it happen again. I have found various services that claim to track and recover stolen laptops such as LoJack for Laptops, Computrace, GadgetTrak and Undercover, but I (obviously) have no experience with any of them. I also know that Intel will be coming out with a new anti-theft technology chip, but that isn't supposed to come out until the fourth quarter and I'll be replacing the laptops before then. Does Slashdot have a recommendation between these services or suggestions for another?" Read on for a related question about automating this process.
BarlowBrad continues: "I have also wondered if there is a 'home brew' solution that I could cook up myself. I'm not an elite programmer, but I am somewhat computer savvy and open to ideas. At least one of the replacement laptops will have to be a Windows machine, but the other may be a Mac or run Linux, so ideally I'd want a solution for multiple platforms. Perhaps a script that sends an email with the IP address every time the computer connects to the internet? Or is there already something out there like that in the Open Source community?"
Perhaps a script that sends an email with the IP address every time the computer connects to the internet?
.mil and .gov addresses that reads like this:
Dude, the scumbag just stole your laptop. Get creative. Instead of just having the a bot or something send you an email so you can identify them, go this route. Have it send an email to a bunch of
ALLAH ALLAH!!! I want to NUCLEAR BOMB the white house!!! I have a sleeper cell that already has a plan in place to kidnap beautiful AMERICAN CHILDREN and teach them ISLAM!!! DEATH TO GEORGE BUSH!!!
You could add in whatever else you feel like. That stuff was just off the top of my head.
I got a catholic block.
Glue your laptop to your desk. I won't guarantee that it will not get stolen, but it is a lot harder to steal an entire desk than a single laptop.
Forget recovery. If you had color glossy photos with circles and arrows the cops will STILL not bust into someone's home to recover your laptop.
You can't get them to stop crime in progress, let alone last week's crime.
Denial of use of stolen laptops is the best bet. Not only denial of access to the data, but denial of use of the hardware, or making it very expensive and suspect when trying to get a stolen box running.
This means encrypting drives, biometric readers, or any number of additional features, most of which are expensive, some of which do impose a hurdle for the thief.
Encrypted drives are becoming mainstream and easily affordable, and generally do work to keep your data safe.
But none of this will prevent you from losing the box to a thief. They will steal it anyway, even if they dump it in the trash because they can't make it work.
Sending an email with an IP does nothing. Installing dyndns.org IP updater software would work just a well. It leaves a record in a remote place, but savvy thief would know how to erase that, just as they would know how to prevent your email from going out.
Even if you find the IP of the stolen box, the ISP will need a court order to reveal the location to you. Good luck with that. Cops won't take action. They will tell you to file an insurance claim and move on.
Side note: Thieves are seldom savvy. If they had any brains they would get a less risky job. So chances of them disabling any counter measures are fairly slim.
Sig Battery depleted. Reverting to safe mode.
The old standby goes -- there's no one security measure that's perfect, but you can make it a lot easier.
The first and most obvious layer is physical access. Don't leave your laptop visible in your car when you park. Lock your office doors. Don't leave it at a coffee house when you go to the bathroom.
The second is physical security. Invest in a laptop leash and chain it down if you work in a shared office space environment.
The third layer is physical deterrence. Customize the heck out of your computer. A big engraved security mark (be it your driver's license #, your name, your cell #, your email address, whatever) will turn off thieves. Same if you've got anything else that's obviously unique and can't easily be removed.
The fourth layer is electronic deterrence. A boot password and a screensaver password will deter unskilled theives. There are plenty of skilled thieves who plan to reformat the drives, but a few will be deterred by not being able to sell the laptop on the corner without a password. (If you don't believe me, hang out in midtown NYC long enough and you can get offers to sell hot laptops in the $100 range).
The fifth layer is tracking. Things like LoJack and all the other services. If they boot your laptop it'll contact the network and you can at least have a shot at getting it back. (Note, some of these are not compatible with a boot password). Of course, record your Windows serial # (if you run Windows) and your Dell quick service code (if you use a Dell) or the equivalent for your system. These are uploaded.
The sixth layer is luck. Sometimes people catch theives by webcam, sometimes by stupid emails, sometimes by pure random encouters. You gotta get lucky.
No one of these layers is sufficient and it's silly to talk about LoJack for Laptops if you leave your laptop sitting in the open for somebody to grab it. LoJack is most useful to break open crime rings, not to actually get your laptop back -- by the time the police get around to subpoenaing the ISPs your laptop is gone, but the thieves might not be. I run it, but I don't expect it to save my butt.
At my school, all students are provided with a laptop. All computers come loaded with Computrace, and it has never failed to recover a stolen laptop...even ones that have ended up overseas after being wiped and sold on eBay. The only time Computrace fails is if a) the CMOS is physically replaced or b) the laptop never sees an internet connection again.
NorthWest Airlines DOES have a web address where you can get your luggage back:
http://www.ebay.com/
I hadn't heard of Computrace / Absolute until about two weeks ago, when we found two computers at my office talking to "search.namequery.com" several times a second. What I find is interesting: A program that installs without my permission or knowledge, takes orders from a 3rd party (up to and including "wipe the hard drive"), and actively resists removal.
One computer was brand-new (MPC/Gateway M685), the other just over a year old (MPC/Gateway E475). The first one they claim was "accidentally" activated at the factory, the second got a motherboard replacement that had this little program "activated" from its prior owner.
The sales rep at MPC/Gateway got the Absolute/Computrace rep on the phone and they both claim that it isn't a virus. Okay, fine, it doesn't self-replicate. Seems to fit darn near every other part of the definition! Their tech-support guy ordered the two computers to disable their BIOS component and uninstall, which THEY DID! The files in C:\Windows\System32 vanished before my eyes.
They were back the next day.
Gateway/MPC doesn't seem to understand my frustration. We spend so much time and money securing our computers and making sure they run only the software we WANT them to run. Now you want me to feel safe with a BIOS-level program that copies itself to FAT32/NTFS partitions and tricks Windows OSes into executing it? This same program that calls a 3rd party and requests instructions? I know of only three instructions it can accept, but what if there are others? ("Stolen, check in every 15 minutes", "Stolen, wipe hard drive", "Disable and uninstall" we know of)
I asked how they secure the disk-wiping function and was not impressed with the answer. They use an RSA token to verify that the right customer called in. I said 'Ok, what about the link to the computer? Is it signed or encrypted?' No answer, they just went back to the RSA token.
Heck, we have BlackBerries that can wipe themselves on remote command but RIM makes a big deal of how the communications are encrypted between the BB and my server. I know that J. Random Cracker isn't going to trick my BB into nuking itself. But what if he spoofs "search.namequery.com" and returns the code for "Nuke HD"? Will their little 200kb program accept the order?
I read that someone found and disabled Computrace/Absolute's BIOS code in a firmware dump and then re-flashed his machine. If I can't pull that off with Gateway/MPC I will have to recommend that we find a vendor that does NOT pre-infect the computers we purchase.
*grumble*
The real Lojack system, for cars, predates the Internet and GPS. It's pretty good. About 90% of Lojack-equipped cars are recovered when stolen. When you buy Lojack, an installer comes out and installs a little box somewhere on your car. You don't know where, and they have many alternative locations. It gets power from the car, so it keeps itself charged.
The unit finds an FM broadcast station with the Lojack subcarrier and listens for a message with its serial number. If your car is stolen in an area with Lojack coverage (which includes most major US cities), a police stolen car report is copied to Lojack's computers, which then tell the subcarrier transmitter at the broadcast stations to start broadcasting messages with the unit's serial number. The unit in the car then starts emitting a beacon signal.
Lojack has good integration with big-city police departments. They equip police cars with Lojack receivers at Lojack's expense. Any Lojack receiver that's emitting turns on indicators in police cars, showing direction and approximate range. When you see a police car with four antennas in a square on the roof, that car has a Lojack receiver.
In Los Angeles, the LAPD's air force, both rotary and fixed-wing, has Lojack receivers. This has resulted in some dramatic stolen car recoveries. Cops like the system, because not only do they get cars back, they often find someone they want driving the stolen car.
But "Lojack for Laptops" doesn't use that system. It just reports IP addresses when the unit connects to the Internet. A company called Absolute Software seems to have just licensed the Lojack name; it's apparently not part of Lojack Corporation at all.
One thing we found out from experience is you want to followup with Absolute and make sure the machine is calling in daily, or whenever it's on (it tries once a day). If the machine is stolen but it hasn't been called in for 30 days or more, the recovery guarantee is not in place. They'll still try and recover it, but they won't give you the $1000 or whatever if it's not found. Also, you have the option to void the recovery guarantee and instead have a "data delete" option, so that any sensitive data on the machine is wiped with the hard drive.
I've never seen a statistic on wiping the BIOS, but I'd be willing to be it'd be more difficult than beneficial. Besides, if someone's going to be so thorough to wipe the BIOS, they know the software is on there, and will be taking steps to avoid it getting it's beacon out to the net.
Disclaimer: I have no relationship with Absolute (Computrace) other than I am a paying customer.