[Dataloss] [ekmi] Re: fringe: Open source laptop tracking

lyger lyger at attrition.org
Thu Jul 17 03:46:42 UTC 2008 

My 0.76 cents (adjusted for inflation):

For the most part, I think any type of "tracking device" that relies on 
internet access is a sham.  To assume that every stolen laptop will be 
connected to the internet, either by wire or wireless, is just that... an 
assumption.  Certain companies are banking on this assumption, and it 
wouldn't hurt my feelings at all to see them fail.  

With that said, I'm also under the impression that most jerks who steal a 
laptop probably fall into at least one of the following categories:

1.  They don't know (or care) what data is on the laptop
2.  They don't know what Apricorn, Knoppix, or F.I.R.E. are, let alone 
know how to boot to a Linux CD or even know what "ls -al" means
3.  If they need to steal a laptop, they probably can't afford internet 
access (OK, that's probably a trolling point...)
4.  Even if they watched Mission Impossible 3, see #1 and #2.

Realistically, laptop tracking seems to be a "nothing" industry as far as 
data loss is concerned.  Is your average thief able to access the data if 
the hard drive isn't encrypted?  Sure.  Is it very likely?  Not so much.  
It seems to be more about hardware recovery than "is data at risk?".


On Wed, 16 Jul 2008, Brian Krebs wrote:

": " My big question is, assuming for a minute you can actually zero in on the person who stole your machine (what about crowded living areas, like apartment buildings), what is the likelihood you'll be able to get the police to knock on someone's door with that evidence?
": "  
": " Doesn't seem all that bloodly likely to me. Seems like it increases the chance that people running this software will confront the thief on their own and possibly put themselves in a very compromising situation.
": "  
": " Brian Krebs
": " www.washingtonpost.com/securityfix
": " 703-469-3162 (w)
": " 703-989-0727 (c)
": "  
": " 
": " ________________________________
": " 
": " From: dataloss-bounces at attrition.org on behalf of Allen
": " Sent: Wed 7/16/2008 11:01 PM
": " To: Arshad Noor
": " Cc: security curmudgeon; ST-ISC at MAIL.ABANET.ORG; ekmi; dataloss at attrition.org
": " Subject: Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking
": " 
": " 
": " 
": " Arshad,
": " 
": " I don't think you analysis, which I agree with, goes far enough.
": " 
": " 1) Steal laptop.
": " 2) Remove battery.
": " 3) Remove HD.
": " 4) Use HD cloning software such as Apricorn - hardware and software
": " only $40 - and clone to any HD that is laying about
": " 5) Mount clone as USB attached to a desktop
": " 6) Attach old HD as USB attached and wipe old HD with DBAN or
": " similar tool
": " 7) Use Aloha Bob or equivalent to selectively migrate OS and basic
": " productivity software such as Office from clone.
": " 8) Remount HD in laptop
": " 9) Sell the sucker.
": " 
": " Best,
": " 
": " Allen
": " 
": " Arshad Noor wrote:
": " > Am I the only one who believes that an attacker (who is after
": " > the data) with half-a-brain is going to make sure that the first
": " > time they boot up a stolen laptop, they're NOT going to put it on
": " > the internet, and they're going to disable any radio for wireless
": " > communications.  (Laptop companies have to provide an external
": " > radio switch I imagine so that there is confirmation of the radio
": " > being OFF inside an airplane - I'm not sure how the iPhone gets
": " > away with a software switch since we all know software can be
": " > buggy and the radio may not go off despite a visible indication
": " > that it is off - but that's another discussion.
": " >
": " > Alternatively, the attacker could boot off of a Linux CD and then
": " > copy the entire hard-disk contents (or what was most interesting)
": " > and then blow away everything on the hard-disk to reclaim the HW.
": " >
": " > In both cases, they have the HW and the data without anything
": " > "calling home" to give away GPS positions or IP addresses of the
": " > machine.  So, why do people think that this is an effective
": " > counter-measure against data-theft?  How long do they anticipate
": " > this to work? And with which type of attacker?  I've read examples
": " > of attacks that go beyond anything most IT developers - or even
": " > security developers - are capable of in the marketplace today, so
": " > who is this expected to deter?  The guy who broke into your car
": " > to get the hub-caps and radio, but got the laptop instead?
": " >
": " > Very puzzled.....
": " >
": " > Arshad Noor

More information about the Dataloss mailing list