What Are the Best Laptop Theft Recovery Measures?

BarlowBrad writes "Yesterday my house was broken into and among other things two laptops were stolen. Getting past the feeling of violation, I am looking to the future and how to both prevent theft and recover computers should it happen again. I have found various services that claim to track and recover stolen laptops such as LoJack for Laptops, Computrace, GadgetTrak and Undercover, but I (obviously) have no experience with any of them. I also know that Intel will be coming out with a new anti-theft technology chip, but that isn't supposed to come out until the fourth quarter and I'll be replacing the laptops before then. Does Slashdot have a recommendation between these services or suggestions for another?" Read on for a related question about automating this process.

BarlowBrad continues: "I have also wondered if there is a 'home brew' solution that I could cook up myself. I'm not an elite programmer, but I am somewhat computer savvy and open to ideas. At least one of the replacement laptops will have to be a Windows machine, but the other may be a Mac or run Linux, so ideally I'd want a solution for multiple platforms. Perhaps a script that sends an email with the IP address every time the computer connects to the internet? Or is there already something out there like that in the Open Source community?"

Dynamic IP script

[mortonda]

Just look into one of the scripts to update a dynamic IP address with a dynamic DNS service, and set it up to be automatic. As soon as the computer connects, it will update the address.

Nonstandard Look might help

[gweihir]

I have a big self-printed Linux Sticker on top, with clear foil on top of it and 2cm over the edges. While it is possible to remove it without trace, any thief will not know that and there is a reasonable chance they will stay away. At least if they are competent thieves. People that break into flats typically are not.

DIY solution

[spazdor]

a) run an openSSH or VNC server, and
b) write a cronjob/Scheduled Task to shoot a ping at some IP address you control periodically whenever IP connectivity is present.

This will only work if your computer appears to be usable by a thief without wiping the OS. If the thief is dumb, he'll at least try and get on the Internet with it, and then you can swoop in and pwn him.

Recovery, Not. Denial, Maybe.

[icebike]

Forget recovery. If you had color glossy photos with circles and arrows the cops will STILL not bust into someone's home to recover your laptop.

You can't get them to stop crime in progress, let alone last week's crime.

Denial of use of stolen laptops is the best bet. Not only denial of access to the data, but denial of use of the hardware, or making it very expensive and suspect when trying to get a stolen box running.

This means encrypting drives, biometric readers, or any number of additional features, most of which are expensive, some of which do impose a hurdle for the thief.

Encrypted drives are becoming mainstream and easily affordable, and generally do work to keep your data safe.

But none of this will prevent you from losing the box to a thief. They will steal it anyway, even if they dump it in the trash because they can't make it work.

Sending an email with an IP does nothing. Installing dyndns.org IP updater software would work just a well. It leaves a record in a remote place, but savvy thief would know how to erase that, just as they would know how to prevent your email from going out.

Even if you find the IP of the stolen box, the ISP will need a court order to reveal the location to you. Good luck with that. Cops won't take action. They will tell you to file an insurance claim and move on.

Side note: Thieves are seldom savvy. If they had any brains they would get a less risky job. So chances of them disabling any counter measures are fairly slim.

Layers of security

[Dada Vinci]

The old standby goes -- there's no one security measure that's perfect, but you can make it a lot easier.

The first and most obvious layer is physical access. Don't leave your laptop visible in your car when you park. Lock your office doors. Don't leave it at a coffee house when you go to the bathroom.

The second is physical security. Invest in a laptop leash and chain it down if you work in a shared office space environment.

The third layer is physical deterrence. Customize the heck out of your computer. A big engraved security mark (be it your driver's license #, your name, your cell #, your email address, whatever) will turn off thieves. Same if you've got anything else that's obviously unique and can't easily be removed.

The fourth layer is electronic deterrence. A boot password and a screensaver password will deter unskilled theives. There are plenty of skilled thieves who plan to reformat the drives, but a few will be deterred by not being able to sell the laptop on the corner without a password. (If you don't believe me, hang out in midtown NYC long enough and you can get offers to sell hot laptops in the $100 range).

The fifth layer is tracking. Things like LoJack and all the other services. If they boot your laptop it'll contact the network and you can at least have a shot at getting it back. (Note, some of these are not compatible with a boot password). Of course, record your Windows serial # (if you run Windows) and your Dell quick service code (if you use a Dell) or the equivalent for your system. These are uploaded.

The sixth layer is luck. Sometimes people catch theives by webcam, sometimes by stupid emails, sometimes by pure random encouters. You gotta get lucky.

No one of these layers is sufficient and it's silly to talk about LoJack for Laptops if you leave your laptop sitting in the open for somebody to grab it. LoJack is most useful to break open crime rings, not to actually get your laptop back -- by the time the police get around to subpoenaing the ISPs your laptop is gone, but the thieves might not be. I run it, but I don't expect it to save my butt.

SETI

[satexas69]

Buddy of mine had a laptop stolen last week, they traced it when it booted up and started that SETI stuff. Absolutely funny.

Undercover (Orbicule)

[Iphtashu Fitz]

I have a Macbook Pro and decided to get Undercover for it. It's easy to set up and doesn't require a subscription, unlike some of the other programs out there. I'd read a bit about it before getting it, and the thing that really helped me in the end were the success stories that they have posted on their website [orbicule.com]. The fact that it makes use of the MacBook's built-in video camera to snap pictures of whoever is using it really impressed me.

Now why would I buy this?

[Progman2000]

I hadn't heard of Computrace / Absolute until about two weeks ago, when we found two computers at my office talking to "search.namequery.com" several times a second. What I find is interesting: A program that installs without my permission or knowledge, takes orders from a 3rd party (up to and including "wipe the hard drive"), and actively resists removal.

One computer was brand-new (MPC/Gateway M685), the other just over a year old (MPC/Gateway E475). The first one they claim was "accidentally" activated at the factory, the second got a motherboard replacement that had this little program "activated" from its prior owner.

The sales rep at MPC/Gateway got the Absolute/Computrace rep on the phone and they both claim that it isn't a virus. Okay, fine, it doesn't self-replicate. Seems to fit darn near every other part of the definition! Their tech-support guy ordered the two computers to disable their BIOS component and uninstall, which THEY DID! The files in C:\Windows\System32 vanished before my eyes.

They were back the next day.

Gateway/MPC doesn't seem to understand my frustration. We spend so much time and money securing our computers and making sure they run only the software we WANT them to run. Now you want me to feel safe with a BIOS-level program that copies itself to FAT32/NTFS partitions and tricks Windows OSes into executing it? This same program that calls a 3rd party and requests instructions? I know of only three instructions it can accept, but what if there are others? ("Stolen, check in every 15 minutes", "Stolen, wipe hard drive", "Disable and uninstall" we know of)

I asked how they secure the disk-wiping function and was not impressed with the answer. They use an RSA token to verify that the right customer called in. I said 'Ok, what about the link to the computer? Is it signed or encrypted?' No answer, they just went back to the RSA token.

Heck, we have BlackBerries that can wipe themselves on remote command but RIM makes a big deal of how the communications are encrypted between the BB and my server. I know that J. Random Cracker isn't going to trick my BB into nuking itself. But what if he spoofs "search.namequery.com" and returns the code for "Nuke HD"? Will their little 200kb program accept the order?

I read that someone found and disabled Computrace/Absolute's BIOS code in a firmware dump and then re-flashed his machine. If I can't pull that off with Gateway/MPC I will have to recommend that we find a vendor that does NOT pre-infect the computers we purchase.

*grumble*

Re:Computrace

[Lumpy]

My solution is better. I had a laptop stolen and the recovery service had a laptop in my hands, in fact a brand new upgraded one.

It's call insurance, works great and runs under OSX, Windows and linux!

as for the data, If it's important why is it not encrypted? also why did you not set the bios password? 99% of the time that foils a thief hard and will even make the pawn shops refuse it.

the other thing I do is have engraved on the cover and under the battery.

"THIS LAPTOP IS STOLEN FROM LUMPY. THIS IS STOLEN PROPERTY AND YOU NEED TO CALL XXX-XXX-XXXX for a $200 reward"

Works great.

Re:It's too bad that Lojack for Laptops isn't

[Anonymous Coward]

In the article you linked to:

On 4-18-07, a 2006 Hummer H-2 was stolen from the City of Monrovia, CA. Within hours of entry, the vehicle was tracked and recovered however; all of its contents had been removed. Among the contents was a Dell Laptop that happened to be installed with Absolute/LoJack for Laptop protection. On 3-12-08, Absolute/LoJack for Laptop employees were alerted that the computer had been powered up. They contacted Monrovia PD detectives who obtained a search warrant for the IP address. After obtaining the address and identifying the individual who lived there, they made contact and confirmed the Laptop was at the location. The Laptop was seized and the suspect taken into custody without further incident. The investigation revealed that another person had purchased this Laptop at a swap meet for $50.00 and had taken it to her brother who in turn had given it to the suspect to fix. According to the Detective, the suspect cleaned it however, was not able to remove the LoJack information. The detective indicated that he wished all his cases were this easy to solve. The Laptop was returned to the victim/owner. Case referred to the DDA for review.

Maybe there's more of a link than you thought?

Avoid US Airports

[ad454]

I fully encrypt my laptop drive, since it carries lots of secret corporate data and IP, and fully back it up at the office, so I am not too worried about theft of the hardware.

I am however scared that at an US airport, or at the airport of some other repressive regime, I may be forced to hand over my laptop, and then detained for not providing the decryption password. Keep in mind that if I am forced to reveal the contents of my laptop, that I can be sued by shareholders (for leaking IP) and business partners (for breaking NDA), I can lose my business relationships and hence my income, and I potentially be charged for breaking EU (and other) directives on data protection.

The problem is that I work extensively with banks and I cannot allow banking data to be leaked, nor can I allow sensitive and very valuable corporate IP to be given to potential competitors of a country that I am visiting or passing through.

Unfortunately, I need to have all of the IP on the laptop, since I often work on the data-centers of various banks worldwide, behind all of the firewalls, and these data-centers do not typically allow any type of Internet access. In addition, I would not feel safe putting 100% of the corporate IP and banking data on a public Internet server in my office, just so I can remote download 200GB or so onto a blank laptop, using a slow and/or expensive hotel Internet connection, everytime I fly, just so I can work in a remote location.

It is bad enough that countries (US, UK, Japan, ...) are already fingerprinting foreigners. It looks like the days of international business travel will soon be over.

Re:Explosives...

[potat0man]

How about throwing a GPS receiver under the keyboard, then using a script to upload the coordinates somewhere automatically on a time interval whenever it's connected to the internet?

Again though, you're screwed if they wipe the drive first...

Re:Layers of security

[jd]

In England, the use of UV ink is popular as an addition for security marking. The theory is that a visible tag can be removed, but an invisible tag is tougher as thieves won't know it's there. The police are supposed to check items they believe are stolen for such tags, so that property can be returned to the lawful owner.

Although in total vioation of any nation's law, it seems to me a screecher should help. This is a simple one-shot transmitter that blasts a signal for as long as the power lasts at a clearly illegal frequency. The idea is to make the theft impossible to ignore and easy to trace, but have the offending signal impossible to pin on you.

Also legally dubious, booby-trap the laptop and require something only you know or have to disable it. The booby-trap would need to be non-destructive to the computer, but could include an embedded pepper spray, mace, or something equally nasty. To avoid the law getting upset, again it must be impossible to pin on you, so would need the used cylinder or cartridge to be ejected after use.

Remarkably, it might be far more legal to steal DNA samples of the marcupial tiger and get it cloned in south korea. This stops thieves from breaking in, but given their ferocious jaws, also stops them lodging a formal complaint.

Re:Laptop Stolen by Baggage Handlers

[Anonymous Coward]

If more people actually took the time to verify the history of what they buy it would remove the market these guys feed on. A few years ago I bought a laptop off eBay that should have still been under warranty. Working with Dell I contacted the rightful owner and the jerk at least got arrested. Doubt he ever saw any jail time but at least he has a record now... and he didn't get my money or any for the other dozen or so laptops he had in his possession when they arrested him...

Re:Get Creative

[tftp]

I think most of thieves won't even turn the laptop on, mostly because they don't need to, and in part because they may not know what to do next. A typical install of any OS these days is protected with a user name and a password; they may be weak, but what's the upside for the thief to waste time trying to get to that user's typically useless data?

If the thief is any good in his trade, instead of leaving his fingerprints all over the notebook he should place it in a bag and deliver directly to a reseller of such goods. The said reseller knows what to do - to immediately format the HDD, for example. Or, if the reseller is smart, to boot from a CD and make a backup, then explore the contents using a different OS. In either case, none of owner's scripts will run.

The best practice I could think of is to set up a full disk encryption, and a BIOS password, just to make those guys work hard (and in vain) if they want to get to your data or even to resell the laptop. But once they have your hardware, they will keep it or trash it if it's too much trouble; the owner won't be getting it back.

Re:Recovery, Not. Denial, Maybe.

[Belial6]

No kidding, there are consenting adults out there having sex... FOR MONEY! That is far more important use of our law enforcements time than trying to stop people from being burgled.

Re:Dynamic IP script

[HillBilly]

A lot of monitors have a webcam built in, use this to take a snap shot periodically and send it to an email account.

Re:There are a few solutions

[47Ronin]

holy f*cking sh*t ... thank goodness I clicked that on my Mac and not on my Windows box.

I have the most recently patched Safari 3.1.x build and it spawned a couple of blank windows (adblocked?) but I was unable to close anything so I forced-quit it. It also populated a Mail.app message window but did not send. It tried to launch Skype but since I had recently updated it the launch did not succeed (the OS stopped me with a dialog of "Skype is an application downloaded from the Internet. Do you..." so I clicked no)

I think I noticed a java applet launching initially in the browser before the madness started. I thought the applet was supposed to ask to be sandboxed and trusted before running?

Can't imagine the sort of insanity that this would have wrought on a Windows system!

Re:Undercover (Orbicule)

[ratmash]

So they have a whole 2 success stories, 10 months apart, going back to 2006. Admittedly there may well be plenty that are not published because the owners did not want any publicity. But my question is, compared to the number of licenses they sell, how many thefts get reported, and how many of those get recovered, or at least tracked down?

Re:Laptop Stolen by Baggage Handlers

[Original Replica]

Why not use a TSA lock?

Because then he can't tell that his bags have been searched. The very idea of the TSA lock is laughable, it's the TSA baggage handlers that we need to protect our luggage from. They have the same trustworthiness as the police. Most of them do their jobs well enough. There are a few who abuse their positions in big or small ways and the rest look the other way because they "have to watch out for their own" or they don't want to "snitch".

Re:And then what?

[loraksus]

Yup, there are many ways to learn the IP address/addresses of your computer once it has been stolen. Thing is, what can you do about it then?>

Before it gets stolen, set it up so it maps a port w/ upnp by default to give you remote access. Get access to it late one night, fire up an email client and send a few emails, such as

To: president@whitehouse.gov, chiefofpolice@city.state.us, someone@localfbifieldoffice.gov
Subject: time to die motherfucker!
data: I'm using a stolen laptop and a router so you can't track me, but you will see me before you die [etc, etc, more mad rantings, throw some shit from milita pages and mention the constitution a bunch of times]

Then start wiping user folders.

Pretty sure that will get it taken care of. If you don't get it back, at least nobody else will be using it ;)