Delete Data On Netbook If Stolen?

← Back to Stories (view on slashdot.org)

Delete Data On Netbook If Stolen?

Posted by kdawson on Monday July 20, 2009 @06:18PM from the grab-brick-smash-window dept.

An anonymous reader writes "I have just moved overseas on a 2-year working holiday visa and so I picked up a netbook for the interim, an MSI Wind U100 Plus running WinXP. I love it to bits. But as I am traveling around I am somewhat worried about theft. Most of my important stuff is in Gmail and Google Docs; however, I don't always have Net access and find it useful to gear up the offline versions for both. Ideally I would like to securely delete all the offline data from the hard drive if it were stolen. Since it is backed up in the cloud, and the netbook is so cheap I don't really care about recovery, a solution that bricks it would be fine — and indeed would give me a warm glow knowing a prospective thief would have wasted their time. But it's not good if they can extract the HD and get at the data some other way. All thief-foiling suggestions are welcome, be they software, hardware, or other."

41 of 459 comments (clear)

Whole Disk Encryption by seifried · 2009-07-20 18:20 · Score: 5, Insightful

The answer to your problem is whole disk encryption, not trying to delete the data.
1. Re:Whole Disk Encryption by Anonymous Coward · 2009-07-20 18:54 · Score: 4, Informative
  
  I know it doesn't help the OP, but on linux-based netbooks it's trivial to re-install linux with whole disk encryption if you want to upgrade to Ubuntu anyway. I've been running this way on my primary laptop for over a year and haven't really noticed any performance degradation.
2. Re:Whole Disk Encryption by grcumb · 2009-07-20 18:57 · Score: 5, Funny
  
  The answer to your problem is whole disk encryption, not trying to delete the data.
  Feh. Your so-called answer does not include the word 'thermite' or the phrase 'earth-shattering kaboom'. And you call yourself a geek?
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
3. Re:Whole Disk Encryption by mjwx · 2009-07-20 19:15 · Score: 5, Funny
  
  Feh. Your so-called answer does not include the word 'thermite' or the phrase 'earth-shattering kaboom'. And you call yourself a geek?
  Where's the ka-boom. There was supposed to be an earth shattering ka-boom.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
4. Re:Whole Disk Encryption by Anonymous Coward · 2009-07-20 19:34 · Score: 5, Funny
  
  the part where the original poster said "Running WinXP" may not have made it all the way in.
  I despise answers that randomly suggest competing products without really answering the question. It's like "My lawnmower won't start" and "Well, if you had goats, then you could feed them a different feed to make them more motivated." Try to advertise less and answer the frakking question more, MMkay?
5. Re:Whole Disk Encryption by someone1234 · 2009-07-20 19:39 · Score: 3, Funny
  
  If your lawnmower doesn't work, one answer would be: try goats.
  
  --
  Patents Drive Free Software as Hurricanes Drive Construction Industry
6. Re:Whole Disk Encryption by Anonymous Coward · 2009-07-20 21:33 · Score: 3, Funny
  
  Moot. The word is moot.
  If you make more mistakes of that magnitude, you may be muffled and mutilated with a maddened moose.
7. Re:Whole Disk Encryption by Krneki · 2009-07-20 21:41 · Score: 4, Funny
  
  Easy solution.
  
  Install a Sony battery.
  
  Ka-boom.
  http://geeksaresexy.blogspot.com/2006/11/lithium-ion-laptop-battery-explosion.html
  
  P.S: It was made by a Gnome, so it might explode before it gets stolen.
  
  --
  Love many, trust a few, do harm to none.
8. Re:Whole Disk Encryption by hairyfeet · 2009-07-20 23:29 · Score: 5, Funny
  
  The correct answer is truecrypt for Windows XP then simply encrypt the drive and voila! No password no data. But I can't think of any other way to totally brick it and still have it legal to travel with. After all customs tends to frown on C4, even if all you are doing is trying to teach thieves a valuable lesson in respecting peoples property.
  Of course if you really wanted to make them suffer you could keep a small DOS partition and have it set to load in case of incorrect password and then use a batch file to play slides of Goatse and Tubgirl and maybe a few choice selections from 2 girls one cup, while playing a wav file of that damned annoying frog full blast on endless loop, but I think you may risk getting arrested for crimes against humanity. But I'm sure after the thief was done throwing up and washing out his eyes with bleach a valuable lesson would be learned.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
9. Re:Whole Disk Encryption by KronosReaver · 2009-07-20 23:50 · Score: 3, Interesting
  
  Dependent on the total size of the data you want to store local copies of...
  .
  Buy a good flash drive and keep it on your key chain. Preferably an Ironkey ( www.ironkey.com ) or something similar that offers some serious hardware encryption along with other anti-theft features.
  .
  Use something like XMarks for Firefox so you can access all of your bookmarks, and even stored passwords if desired, without storing any of it on the netbook. Now simply treat the netbook as a public access PC. If it gets lost or stolen there isn't anything on it to worry about in the first place.
  Bonus for international travel is that you don't have anything on the PC for customs to nose around in, and no software making you look ""Suspicious"" just because you value privacy. Or better yet, you can just leave the netbook at home and use your flash drive on a PC at your destination.
  .
  Potential deal breakers - 1. If you need to carry around more than 8 or 16GB you'll have trouble finding a really good secure drive. Sure more than one drive would work but at some point multiple drives become silly. 2. If your one of those people who can never find their keys or is constantly losing flash drives this is probably a really bad idea.
10. Re:Whole Disk Encryption by silent_artichoke · 2009-07-21 02:17 · Score: 3, Funny
  
  Billie Mays took it with him.
Encryption by pyite · 2009-07-20 18:21 · Score: 5, Informative

Encrypt the entire drive with TrueCrypt or something. Use a strong cipher and a very strong passphrase. The laptop is as good as bricked to anyone who gets it.

--
"Nature doesn't care how smart you are. You can still be wrong." - Richard Feynman
1. Re:Encryption by man_ls · 2009-07-20 18:24 · Score: 5, Insightful
  
  Whole-Disk AES via TrueCrypt is only BARELY above the "acceptable" threshold on a Core Solo. I cringe to think what it'd be like on an Atom. A better bet would be to use a container-hosted TrueCrypt volume, and set your My Documents folder into that volume.
2. Re:Encryption by MichaelSmith · 2009-07-20 18:32 · Score: 3, Informative
  
  Your average thief will spend five seconds looking for porn to keep, then reinstall the lot. The crummiest possible encryption would satisfy 99% of cases.
  
  --
  http://michaelsmith.id.au
3. Re:Encryption by wvmarle · 2009-07-20 18:44 · Score: 4, Informative
  
  Your average thief will try to resell it as soon as he can. Most thieves are not interested in the loot as such but in the money they can get for it.
4. Re:Encryption by Sodakar · 2009-07-20 18:54 · Score: 5, Interesting
  
  On N270 Atoms, whole-disk AES encryption works perfectly fine, and the only time I notice a slow-down is when I'm running a benchmark program side-by-side with a model that has an unencrypted drive. For regular browsing and e-mail (which is what the person asking the question listed as a qualification), it's a non-issue.
  As some others have posted, and what my local police have told me, the laptop will likely have been sold for cash in less than 24 hours. Unless you are being targeted specifically for something of significant value such as corporate IP, it's unlikely that anyone is going to spend the time to try to unencrypt your drive.
  But other threats still loom...
  If you plan on connecting to any network, you will expose your machine to any network-based threat, so you ought to harden your machine accordingly.
  Make sure you still have a strong password for your account login. If your machine is in hibernate, the crypto authentication prompt will stop them, but if your machine was sleeping, it'll return to the OS prompt.
  The one scenario where you're not protected at all is if the machine is powered on, logged in, and someone grabs it by force. I realize there are proximity-based USB dongles that will lock the screen when the remote adapter is beyond range, but this may be far too impractical to use. A USB security dongle sticking out the side is a quick recipe for a broken USB port...
5. Re:Encryption by Wrath0fb0b · 2009-07-20 20:11 · Score: 5, Informative
  
  My personal experience with a Inspiron 1520 is that whole disk encryption significantly reduces battery life, which is a real usability problem.
  Most likely, when I get back to the states (I only encrypted for some overseas travel anyway), I will decrypt it and move back to an encrypted truecrypt container for the small number of documents that are really sensitive.
6. Re:Encryption by dnaumov · 2009-07-20 20:34 · Score: 3, Interesting
  
  Full-disk truecrypt AES encryption is absolutely above acceptable on an Atom 330, the CPU is a hyperthreaded dualcore one, so the OS sees 4 CPUs and truecrypt operates on all 4. I get ~55 MB/s in the AES truecrypt benchmark and I am using it to fully encrypt several partitions. It works just fine.
a hack by binford2k · 2009-07-20 18:21 · Score: 5, Funny

set up a scheduled task to wipe the drive unless you cancel it. Then don't forget to cancel it.
1. Re:a hack by RsG · 2009-07-20 18:35 · Score: 4, Funny
  
  That's a TERRIBLE idea... Like, HOLY SHIT terrible.
  Then your threshold for terrible needs adjusting. I'm sure I can think of something worse than what the AC suggested :-P
  For example: a small thermite charge, proximate to the hard drive platter. It's fused to go off if a particular peripheral isn't detected upon boot-up; you keep the peripheral "key" with you, perhaps attached to your regular key-chain. A thief tries to boot, and BOOM (okay, thermite doesn't "boom", but you get the idea) - no more HDD. Or netbook. Or whatever it happened to be on top of. Bonus points if the thief happens to have it on their lap at the time.
  Now that, ladies and gentlemen, is how you propose a terrible idea. Compared to this, a full disk wipe sounds positively safe and reasonable.
  (IMPORTANT: If anyone out there is stupid enough to take this suggestion seriously and implement this obvious deathtrap, I cannot be held accountable for any loss of property, organic damage or Darwin award nominations that result.)
  
  --
  Erotic is when you use a feather. Exotic is when you use the whole chicken.
2. Re:a hack by petes_PoV · 2009-07-20 20:07 · Score: 3, Interesting
  
  OK, you want a TERRIBLE idea - how about trying to take your booby-trapped netbook through airport security?
  The OP says he's moved "overseas" so presumably some day he'll be travelling back to which ever country he came from, and I would guess that includes flying.
  
  --
  politicians are like babies' nappies: they should both be changed regularly and for the same reasons
3. Re:a hack by YourExperiment · 2009-07-20 20:52 · Score: 5, Funny
  
  The OP says he's moved "overseas" so presumably some day he'll be travelling back to which ever country he came from
  Not necessarily, he might have moved out of the U.K.
  (No flames please, I'm British :)
Identity Theft or Physical Theft by MountainMan101 · 2009-07-20 18:23 · Score: 4, Insightful

If it's physical theft I would think they would bin the HDD or sell it "as is" without even looking at what's on it. Bricking it doesn't do a lot, you'd probably just replace the HDD anyway.
Identity theft is more worrying. Why not encrypt the HDD with something like Fedora / Ubuntu offers - ie an encrypted /home or MyDocuments. That way the laptop won't log on for the thief.
1. Re:Identity Theft or Physical Theft by Anonymous Coward · 2009-07-20 18:44 · Score: 4, Insightful
  
  If a thief grabs it, they would inevitably tuck it under their arm (walking around with an open netbook would slow them down and make them easier to spot). So set the netbook to shutdown when the lid is closed.
Lojack for Laptops by zhiwenchong · 2009-07-20 18:28 · Score: 3, Informative

Website: http://www.absolute.com/products/lojack
FAQ: http://www.absolute.com/resources/public/FAQ/L4L-FAQ-E.pdf
Costs $59.95/year for the premium package which supports Remote Wipe. Embeds itself in the BIOS/EFI. Supports XP and OS X.
Truecrypt + fake account by dargaud · 2009-07-20 18:30 · Score: 5, Insightful

As others will have already said: use truecrypt. In addition, use two account: yours with a password, and another one (visible from the login shell) without password. Put a script in it that wipes the disk if anybody logs in it.

--
Non-Linux Penguins ?
Are you evil enough? by saynt · 2009-07-20 18:34 · Score: 5, Interesting

First, get truecrypt, that takes care of your data.
Now then, If you have the spark of evil in you, here's the plan.
1. Set up multi-boot config.
2. Create a bootable partition that has enough OS on it to run the drive and network, name it something interesting like 'Confidential'.
3. Get the BIOS flash utils for your netbook, create a corrupt bios image that will still pass muster enough to install.
4. Set up a boot time process on the netbook that does a 'wget' from a web site that you control. If it gets a file, quietly flash the BIOS with what it downloads.
If you ever get ripped off, move the nasty BIOS image to the file location on your web site and bask in the glow of pure wickedness...
You can test this with a valid BIOS image, but don't look at me if something terrible happens, you're playing with fire here.
Quick'n'easy by nick_davison · 2009-07-20 18:41 · Score: 4, Interesting

1) Set up two accounts. Your actual one behind a password and an unprotected one.
2) In the unprotected one's startup, set it to delete all of your personal data.
You'll never log on via the unprotected account. Therefore you'll never accidentally delete everything. Even if you do manage to, as soon as you're next near a net connection it sounds like you can pull it back anyway.
Most casual thieves (sorry, your life isn't actually important enough that crack teams of ninja espionage winged monkeys will track you down and deliberately steal your data) will be perfectly happy to log on via the one account they can get on via and won't notice a suitably disguised process quietly cleaning everything sensitive off the machine.
It's not perfect, it's not infallible but, honestly, your data really isn't worth the hassle of defeating it for the average opportunistic thief.
You want to have more fun with them...
Set a scheduled task on that account to open Firefox 3.5 every 15 minutes and go to an address on your own server where it promptly gives its geolocation info before more obviously redirecting itself to some apparent malware site. They'll assume your machine's just infected with malware while you and the cops are given constant updates on their location.
Again, it's not perfect and most of /. could easily defeat it... But the average thief isn't a /. reader, they're just an opportunist who thinks they're getting something for free.
1. Re:Quick'n'easy by Mistlefoot · 2009-07-20 22:21 · Score: 3, Insightful
  
  And while at Custom's, have the border guard try to log in to your computer. Have him "access" the second account, delete all the data and then discover that you find yourself in some foreign court charged with destroying whatever it is they claim you destroy.
  
  I do believe there have been cases in the US where people have been compelled by the courts to produce encryption keys for data on laptops they have tried to carry past customs. The poster does want to do this for protection while traveling "overseas". I wouldn't suggest entering some countries and claiming you just had a script delete everything on your harddrive - when their customs tried to log - but "you have nothing to hide - honest".
Re:Encryption and BIOS settings by JSBiff · 2009-07-20 18:42 · Score: 4, Interesting

"Yes, the thief could remove the BIOS battery, but he would have to tear the case open. If he knew how to open a laptop without breaking it, he has more skill than I would associate with a petty thief."
Did it ever occur to you that the thief might be part of a larger crime organization, which organization might have a few people with pretty advanced technical skills? Or, even if they aren't, it's entirely possible/probable that after the thief fences the stolen computer, it will end up in the hands of someone both unscrupulous, and technically saavy?
On a netbook? by Chuck+Chunder · 2009-07-20 18:43 · Score: 4, Funny

The laptop is as good as bricked to anyone who gets it.
Including the owner!

--
Boffoonery - downloadable Comedy Benefit for Bletchley Park
What do they want to steal? by 1s44c · 2009-07-20 18:52 · Score: 4, Informative

Most casual thieves want the hardware to use, resell, or simply because it's pretty. They don't give a toss about your data unless they can get easy cash out of it.
Encrypt the disk to protect your data. It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it. You can save CPU cycles by only encrypting data that really needs to be kept personal.
Personally I'd be tempted to have some kind of low trick on there just to fuck with their minds. Add a script like
echo "GPS location tracking started..."
sleep 13
echo "Device location found and reported."
read x
There is absolutely no security in this but casual thieves are normally not too smart so might shit their pants.
1. Re:What do they want to steal? by subreality · 2009-07-20 20:38 · Score: 4, Informative
  
  It doesn't even have to be very strong encryption but obviously good encryption is better if your CPU can handle it.
  AES is quite fast on 32-bit CPUs. There's no excuse for bad crypto.
Take to it with a hammer! by syousef · 2009-07-20 18:56 · Score: 4, Funny

Right now! No thief will ever get your data if you destroy it right now!
Oh you wanted to use it in the meantime. Well that's different...

--
These posts express my own personal views, not those of my employer
Slow News Day - WTF? by mcrbids · 2009-07-20 19:30 · Score: 4, Insightful

Google: windows encrypted drive + "I'm feeling lucky".
Here's what I got:
http://www.truecrypt.org/
I'm OK with "Ask Slashdot" being used to gather the collective experience of the techies that like to hang out off-hours here at /. - but.. this?!?
Something that could be addressed by a moment or two spent at Google or even (god's sake) Bing is a WASTE OF HITS. But maybe that's the plan - get droves of angry techies to bitch about the lameness of the stories, delivering ad impressions?
Crazy like a fox?
I'm on to you, Cmdr Taco, if that is your real name!

--
I have no problem with your religion until you decide it's reason to deprive others of the truth.
1. Re:Slow News Day - WTF? by elrous0 · 2009-07-21 01:20 · Score: 3, Funny
  
  I have it on good authority that neither one of them is actually a real cowboy or a taco. They built this house on LIES!
  
  --
  SJW: Someone who has run out of real oppression, and has to fake it.
Maybe I don't understand something... by jalet · 2009-07-20 19:49 · Score: 3, Insightful

but if you care about confidentiality of your datas once your laptop is stolen, and at the same time you store most of your datas on servers owned and administered by someone who is not you (the Google company in this case), then maybe you should think twice about what you do.

--
Votez ecolo : Chiez dans l'urne !
fencing by reiisi · 2009-07-20 19:55 · Score: 5, Insightful

All the more reason to use a Linux or BSD based OS.
To the average thief or receiver of stolen goods, a netbook running an alternate OS is as good as bricked.

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
fencing (repost) by reiisi · 2009-07-20 19:58 · Score: 3, Insightful

To the average thief, and to the average receiver of a stolen netbook, if the netbook boots an alternative OS, it might as well be bricked.

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
1. Re:fencing (repost) by robthebloke · 2009-07-20 21:31 · Score: 3, Funny
  
  nah... they'll just think it's windows 7 :p
paint a STOLEN FROM ... message on the front by petes_PoV · 2009-07-20 20:13 · Score: 3, Interesting

Use indelible paint, or burn it into the surface of the netbook's plastic case. However you decide to do it, make sure that it's obvious and can be seen by the user and everyone around them (incl. airport security people when they inspect the device). Have a message something like:
THIS COMPUTER WAS STOLEN FROM <your name/phone number>
In large, contrasting letters - for extra points write it in the language(s) of the countries to be visited. Not only will it draw unwanted attention to whoever tries to use it, but it will make the stolen item impossible to sell on errr, auction sites, where most of this stuff ends up.

--
politicians are like babies' nappies: they should both be changed regularly and for the same reasons