Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking

[Allen <netsecurity@sound-by-design.com>]

Hi Rodney,

Yep, for the opportunistic thief, that is the way to go. If; 
however, you are an industrial spy..., of which there are more than 
one realizes, they just don't get the PR because companies don't 
want it spread around how much is being done.

I know of one small physical security firm, not specialists in 
computer forensics, that gets about a call a month from a law firm 
they are associated with. To my knowledge none of the cases have 
made it to the press or gone to court.

Best,

Allen

Rodney Wise wrote:
> 
> Reformat with Win 98, sell at pawn shop.
> Buy crack. Lost forever.
>  
> Rodney Wise
> 
>     ----- Original Message -----
>     *From:* Max Hozven <mailto:mhozven@tealeaf.com>
>     *To:* Brian Krebs <mailto:Brian.Krebs@washingtonpost.com> ; Allen
>     <mailto:netsecurity@sound-by-design.com> ; Arshad Noor
>     <mailto:arshad.noor@strongauth.com>
>     *Cc:* security curmudgeon <mailto:jericho@attrition.org> ;
>     ST-ISC@MAIL.ABANET.ORG <mailto:ST-ISC@MAIL.ABANET.ORG> ; ekmi
>     <mailto:ekmi@lists.oasis-open.org> ; dataloss@attrition.org
>     <mailto:dataloss@attrition.org>
>     *Sent:* Wednesday, July 16, 2008 11:40 PM
>     *Subject:* Re: [Dataloss] [ekmi] Re: fringe: Open source laptop tracking
> 
>     If you could narrow it down the person who own’s that IP address,
>     maybe you could file a police report, then sue the person in small
>     claims court.
> 
>     Presented with a court summons, maybe they’d just turn over the
>     laptop (saying they bought it used, not knowing it was stolen) and
> 
>     case dismissed….
> 
>      
> 
>     -Max
> 
>      
> 
>     * From: * dataloss-bounces@attrition.org
>     <mailto:dataloss-bounces@attrition.org>
>     [mailto:dataloss-bounces@attrition.org] *On Behalf Of *Brian Krebs
>     *Sent:* Wednesday, July 16, 2008 8:18 PM
>     *To:* Allen; Arshad Noor
>     *Cc:* security curmudgeon; dataloss@attrition.org
>     <mailto:dataloss@attrition.org>; ekmi; ST-ISC@MAIL.ABANET.ORG
>     <mailto:ST-ISC@MAIL.ABANET.ORG>
>     *Subject:* Re: [Dataloss] [ekmi] Re: fringe: Open source laptop
>     tracking
> 
>      
> 
>     My big question is, assuming for a minute you can actually zero in
>     on the person who stole your machine (what about crowded living
>     areas, like apartment buildings), what is the likelihood you'll be
>     able to get the police to knock on someone's door with that evidence?
> 
>      
> 
>     Doesn't seem all that bloodly likely to me. Seems like it increases
>     the chance that people running this software will confront the thief
>     on their own and possibly put themselves in a very compromising
>     situation.
> 
>      
> 
>     Brian Krebs
> 
>     www.washingtonpost.com/securityfix
>     <http://www.washingtonpost.com/securityfix>
> 
>     703-469-3162 (w)
> 
>     703-989-0727 (c)
> 
>      
> 
>      
> 
>     * From: * dataloss-bounces@attrition.org on behalf of Allen
>     *Sent:* Wed 7/16/2008 11:01 PM
>     *To:* Arshad Noor
>     *Cc:* security curmudgeon; ST-ISC@MAIL.ABANET.ORG; ekmi;
>     dataloss@attrition.org
>     *Subject:* Re: [Dataloss] [ekmi] Re: fringe: Open source laptop
>     tracking
> 
>     Arshad,
> 
>     I don't think you analysis, which I agree with, goes far enough.
> 
>     1) Steal laptop.
>     2) Remove battery.
>     3) Remove HD.
>     4) Use HD cloning software such as Apricorn - hardware and software
>     only $40 - and clone to any HD that is laying about
>     5) Mount clone as USB attached to a desktop
>     6) Attach old HD as USB attached and wipe old HD with DBAN or
>     similar tool
>     7) Use Aloha Bob or equivalent to selectively migrate OS and basic
>     productivity software such as Office from clone.
>     8) Remount HD in laptop
>     9) Sell the sucker.
> 
>     Best,
> 
>     Allen
> 
>     Arshad Noor wrote:
>     >  Am I the only one who believes that an attacker (who is after
>     >  the data) with half-a-brain is going to make sure that the first
>     >  time they boot up a stolen laptop, they're NOT going to put it on
>     >  the internet, and they're going to disable any radio for wireless
>     >  communications.  (Laptop companies have to provide an external
>     >  radio switch I imagine so that there is confirmation of the radio
>     >  being OFF inside an airplane - I'm not sure how the iPhone gets
>     >  away with a software switch since we all know software can be
>     >  buggy and the radio may not go off despite a visible indication
>     >  that it is off - but that's another discussion.
>     >
>     >  Alternatively, the attacker could boot off of a Linux CD and then
>     >  copy the entire hard-disk contents (or what was most interesting)
>     >  and then blow away everything on the hard-disk to reclaim the HW.
>     >
>     >  In both cases, they have the HW and the data without anything
>     >  "calling home" to give away GPS positions or IP addresses of the
>     >  machine.  So, why do people think that this is an effective
>     >  counter-measure against data-theft?  How long do they anticipate
>     >  this to work? And with which type of attacker?  I've read examples
>     >  of attacks that go beyond anything most IT developers - or even
>     >  security developers - are capable of in the marketplace today, so
>     >  who is this expected to deter?  The guy who broke into your car
>     >  to get the hub-caps and radio, but got the laptop instead?
>     >
>     >  Very puzzled.....
>     >
>     >  Arshad Noor
>     >  StrongAuth, Inc.
>     >
>     >  security curmudgeon wrote:
>     > >
>     > >
>     > > ---------- Forwarded message ----------
>     > > From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
>     <rMslade@shaw.ca>
>     > >
>     > > I know some people who are going to be really upset by this, but
>     > > personally, I'm delighted:
>     > >
>     > > Researchers at the University of Washington and the University of
>     > > California , San Diego , launched a new laptop tracking service,
>     called
>     > > Adeona, that is free and private. Once downloaded onto a laptop, the
>     > > software starts anonymously sending encrypted notes about the
>     > > computer’s whereabouts to servers on the Internet. If the laptop ever
>     > > goes missing, the user downloads another program, enters a username
>     > > and password, and then picks up this information from the servers, a
>     > > free storage service called OpenDHT.  (The Mac version of Adeona even
>     > > uses a freeware program called isightcapture to take a snapshot of
>     > > whomever is using the computer.) Adeona provides the IP address that
>     > > it last used as well as data on nearby routers. Armed with that
>     > > information, law enforcement could track down the criminal. Because
>     > > Adeona ships with an open-source license, anyone can take the
>     code and
>     > > improve it or even sell it. The researchers say they’re hoping that
>     > > software developers will build all kinds of new features such as
>     > > Global Positioning System-aware tracking systems for new platforms
>     > > such as the iPhone. Later this month, the Adeona team will give a
>     > > technical presentation at the Usenix Security Symposium in San Jose .
>     > >
>     > >
>     http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top
>     <http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9110128&taxonomyId=17&intsrc=kc_top>
>     > >
>     > >
>     > > http://adeona.cs.washington.edu/
>     >
>     >  ---------------------------------------------------------------------
>     >  To unsubscribe from this mail list, you must leave the OASIS TC that
>     >  generates this mail.  Follow this link to all your TCs in OASIS at:
>     >  https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>     >
>     _______________________________________________
>     Dataloss Mailing List (dataloss@attrition.org)
>     http://attrition.org/dataloss
> 
>     Tenable Network Security offers data leakage and compliance monitoring
>     solutions for large and small networks. Scan your network and
>     monitor your
>     traffic to find the data needing protection before it leaks out!
>     http://www.tenablesecurity.com/products/compliance.shtml
> 
>     _______________________________________________
>     Dataloss Mailing List (dataloss@attrition.org)
>     http://attrition.org/dataloss
> 
>     Tenable Network Security offers data leakage and compliance monitoring
>     solutions for large and small networks. Scan your network and
>     monitor your
>     traffic to find the data needing protection before it leaks out!
>     http://www.tenablesecurity.com/products/compliance.shtml