Theft & Loss Protection for Laptops, Notebooks, PDAs with Linux

Here are some links to databases listing stolen laptops, notebooks, PDAs, handhelds, mobile (cellular) phones and other mobile computers. As well as tips and tricks for theft protection and data loss prevention of mobile Linux computers. See also Debian Linux Laptop for Road Warriors [PDF] a highly recommended HOWTO to secure Debian and some more tips and tricks for mobile security.

Databases

• Stolen Computer Registry.
• "Corporations, government agencies, and individuals use CompuTrace(R) to deter theft and recover missing PCs. CompuTrace tracks the status and location of any Windows-based PC with no effort from the user. If the PC is lost or stolen, the user or system administrator notifies the CompuTrace Monitoring Center and the CompuTrace Recovery Service assumes the responsibility for finding and retrieving that PC."
• CompuTrace .
• E.R.E.S.C Euregio.net Register European Stolen Computers

Theft Protection

Prerequisites

• Don't buy a second hand laptop, without a receipt of the original purchase.
• Don't pay in cash, when buying a second hand laptop, use a cheque instead.
• Use a lock to save your machine. Most modern laptops are prepared already to connect to a lock.
• Use an engravement to mark your equipment with an unremovable sign.
• When using a special laptop bag for transport, be aware everybody knows what precious equipment you have.
• Encrypt your harddisk.
• Use BIOS password protection.
• Use devices such as "proximity" alarms.
• Just in case have the data of your machine stored in a save place, e.g. full model name and number, serial number.

Theft Behaviour

The following travel alert is reprinted courtesy of the US Federal Aviation Authority (FAA).

The FAA recently learned of a hustle that's being employed at airports all across the country to steal laptop computers. It involves two persons who look for a victim carrying a laptop and approaching a metal detector. They position themselves in front of the unsuspecting passenger. They stall until the mark puts the laptop computer on the conveyor belt. Then the first subject moves through the metal detector easily. The second subject sets off the detector and begins a slow process of emptying pockets, removing jewelry, etc. While this is happening, the first subject takes the laptop as soon as it appears on the conveyor belt and moves away quickly. When the passenger finally gets through the metal detector, the laptop is gone. The subject that picks it up heads into the gate area and disappears among the crowd.

Sometimes a third subject will take a hand-off from the first subject and the computer is out of the restricted area before the mark even knows that it is gone.

This is becoming a widely practiced problem and is happening at airports everywhere. When traveling with a laptop computer, try to avoid lines to enter a metal detector when possible. When you can't do that, delay putting your luggage and laptop on the conveyor belt until you are sure that you will be the next person through the metal detector. As you move through the metal detector, keep your eyes on the conveyor belt and watch for your luggage and laptop to come through as well as watching for what those in front of you are picking up.

Hard Disk Encryption

This Encrypted dual boot single hard drive system HOWTO, explains how to secure your system using nothing but Free Software. It was primarily written for people with a dual boot laptop, describing free tools to encrypt Microsoft Windows as well as Linux partitions.

Phoenix BIOS

TheftGuard is the first theft deterrent application that cannot be removed or replaced merely by installing another hard drive. The solution is digitally registered and installed in the Phoenix cME FirstBIOS and Host Protected Area (HPA), which is a secure environment independent of the operating system. If a registered machine is reported as stolen on the TheftGuard website, the next time the machine is connected to the Internet it will automatically send a signal which will verify it as stolen. The machine can then immediately be disabled, the IP address can be captured for tracking purposes and the data on the hard drive can even be deleted. Since TheftGuard is enabled through Phoenix cME FirstBIOS, the application will still be able to check for integrity of the application components even if a new hard drive is placed in the system. Also it does not depend on the operating system installed.

Homing Pigeon

Homing Pigeon runs fully autonomously, it can get out of networks where browsing is blocked, it can get out of very hostile network situations, it can run periodically if desired, and report a myriad of information about the machine and thief. Also it includes format blocking and format recovery. Best of all, Homing Pigeon has no subscription fee. You buy it once for $39.95, and it will function for life.

RC5DES

From Jon Anderson <jon_at_locust.co.uk>:

"Use the power of the laptop! I read recently that several laptops were recovered as they were running the RC5DES distributed computing client Distributed.Net this exchanged http requests on a regular basis and was used to trap the thief after they went on the net with their new toy!

Perhaps a more targeted system would be if someone (maybe me if anyone is interested) could set up a host on the net and then you just add a ping to that host into your ppp-on script (dial on demand etc) with the -p option to pass data in the packet with a unique reference number. That way if the laptop is ever stolen you could enter in the unique number and get tracking information as to where the laptop was last registered as connecting to the net from etc?"

iSpy

"iSpy, from Lexent, is a product that's well suited to the mobile professional who may need to leave his luggage and laptop for a period of time, say while in the restroom or in line for a snack. iSpy uses "PC Radar," a hybrid of motion and proximity sensing with 2-way wireless notification system to protect a computer (and its data). You attach iSpy to your laptop computer or carrying case, arm it using the 2-way key chain remote, and you will be discretely alerted on your key chain when someone moves your computer and you are outside of its immediate proximity of about ten feet. You can then choose to remotely sound a 110 decibel alarm if the situation calls for it.

While we found the key chain remote didn't always have enough transmitting power to sound the alarm, when it did it was effective. This product definitely deserves a look, especially if you have one of the old "proximity alarms" that goes off automatically. Nothing is more embarrassing than forgetting to turn off one of these things and then having your luggage start blaring as it rounds the corner on the conveyor belt at the ticket window, or when you get up from your airplane seat to go to the restroom and the laptop bag in the overhead starts squawking. iSpy is available direct from the Lexent ."

Transponders/RFID

Transponders are small devices, which don't need a battery. They can be used for identification purposes: Trovan Transponders The rfid library is a set of C functions to communicate with RFID devices. A RFID transponder is a wireless memory area made of a chip and an antenna. A RFID reader creates a magnetic field that is used as a power source by RFID transponders and as a carrier for communication. A program can use the rfid library to be notified when a RFID transponder enters or leaves the range of a RFID reader. When a RFID transponder is in range, data can be read from its memory or written into it.

vp-usb-lock

vp-usb-lock is a Linux kernel driver and PAM module that utilizes the PC wireless USB lock and makes it possible to use it as authentication method for your Linux box. It is easy to install, but needs access to the sources of the kernel and PAM to build correctly. It has been tested under Fedora Core 2 with a custom made 2.6.7-1.494.2.2 kernel, but it should also work with other kernel versions and distributions.

The CD/DVD Trick

Using your laptop in a public library you may rely on their theft protection mechanisms. Just put one of their CDs or DVDs with these litte magnetic tags into the drive. Mounting the media will prevent it from removal. Now imagine the thief leaving the library security gate! Nasty, isn't it? Note: make sure _you_ remove the media before passing the gate.

LAN or WLAN

Just an idea and not yet worked out. But I suppose it is somehow possible to use WLAN and/or LAN capabilities of a Linux laptop either as a warning method if a machine is moved or as a method to trace it.

WLAN and GPS

Just another idea and not yet worked out. But I suppose it is somehow possible to use WLAN and GPS capabilities of a Linux laptop either as a warning method if a machine is moved or as a method to trace it.

BIOS Inscription

From Lionel, trollhunter Bouchpan-Lerust-Juery: "With a friend we are installing OpenBSD on a friend's computer and there is an interesting feature in his BIOS: the BIOS was flashed and the computer shop's appears on the screen qt boot up with the BIOS #. I guess they took an hexadecimal editor and edited the BIOS image replacing ABIT by the vendor's references. Such an idea, I guess could improve the overall safety of laptops acting as a deterant on amateur thief while displaying the owner's name at boot up: harder to sell if you see what I mean."

How to change the BIOS bootsplash screen for IBM/Lenovo Thinkpad T4x series

Here is a tip on how to customize the OS splash screen, thus enabling someone to display a logo with owner's information.

You may also consider to implement a nice Linux BootSplash screen.

Distributed Clients

In a SlashDot discussion I have found an interesting experience: " Were you running dnetc on the laptop? We've recovered a few pieces of stolen computer equipment over the years when the thieves plugged the boxes back in to the net and the installed client software sent back completed work."

Review: Track your stolen laptop for free with Prey (and other Open Source tools)

For the budget conscious, there are in fact a few free, open-source options for tracking a stolen notebook. Aside from the price tag, one reason you might want to use an open-source tracker over a commercial product is that you can examine the code to ensure it isn't doing anything shady with your private data, and compile it yourself.

Protection Devices

There are many offers for locks, alarms, transponders and other means of computer security at:

• Targus
• Kensington
• This anti-theft device for laptops comes in two parts - one that is attached to your laptop and the other that you hold in your hand. Step away from your laptop and the palm-held end of the device notifies you if your laptop is being moved. You then have five seconds to either disarm a siren on the other end of the device before it goes off, or let it blare out the news to the whole world that something is wrong. This approach allows the laptop owner to be mobile, which is, after all, the whole idea of laptops. There are few false alarms because of the deactivating device and the distance required between the laptop and its owner (about 15 feet) before the gizmo works.
• CompuCage
• CAVEO offers a PCMCIA card, which includes a motion detector. Don't know whether this works with Linux.

Plates

STOP Security Tracking of Office Property: "STOP's patented, permanent bar coded security plate actively deters laptop theft at the source as well as eliminates the reason for most theft: resale value. Equipment and laptop recovery is more likely when tagged with a STOP Security Plate."

Using External Storage

Foiling laptop data thieves. Storing personal data on an external storage devices like USB sticks, memory sticks or portable hard disks will make it easier to take your data with you. Also it seems easier to encrypt these data.

theft-alarm.sh

The theft-alarm.sh script provides some theft protection plugins for laptops (especially for IBM/Lenovo ThinkPads). These plugins check for example power state, ethernet state, lid state and movement.

Insurances

As an alternative you may subscribe an insurance. Here are some insurance companies, which are specialised in this field. Also some laptop and PDA manufacturers offer insurance solutions.

• Marshall and Sterling (U.S.) had developed an insurance program specifically designed for laptops. Please feel free to write to Lorraine Emerick (Commercial Lines Manager) to get further information.
• SafeWare Inc. (U.S.)

Theft Reports

Second British Spy Laptop Lost

From Cryptome: "A second spy lost a security services laptop after drinking too much and losing track of it. The £2,000 computer was reported last night to contain details of British secret agents working abroad. It is an embarrassing sequel to the March 4 theft at Paddington that cost an MI5 officer his laptop and the secrets of the Ulster peace process that it contained. In this case, the agent had spent the March 3 evening drinking at Rebato's tapas bar, about a mile from the MI6 headquarters beside the Thames at Vauxhall, London. He then lost track of it, but thought it might have been left in a taxi. MI6's efforts to recover the laptop, using an anonymous newspaper advert, will further embarrass the Government. The advert placed by MI6 begged return of the laptop with 'vital research notes' to the 'academic' that lost it, in return for a reward. The computer was recovered on March 16."

British government reports 67 lost laptops

"LONDON (June 5, 2000 4:29 p.m. EDT NandoTimes) - Britain's Ministry of Defense, embarrassed by several recent computer thefts from military and security personnel, disclosed Monday it has lost 67 laptop computers in the last three years."

Laptop Thief Caught via AOL Login

From SlashDot: Mundocani writes " Yahoo (Reuters) is [0] reporting that the FBI has caught the guy who stole computers from Wells Fargo. The interesting part is that 'Investigators traced the computer to Krastof when he logged onto his own America Online account at home through one of the stolen computers.' Makes you wonder what sort of hooks the FBI has into AOL or other ISPs and what hardware identification is being transmitted at login."

Timbuktu Used to Recover Stolen iMac

See this story about using Timbuktu to recover a stolen Apple iMac.

Loss Statistics

Loss Statistics Charts by SafeWare Inc.

Resources

Here are the slides of my presentation Theft and Loss Protection for Linux Laptops and Notebooks.

Credits

Thanks to

• Jon Anderson <jon_at_locust.co.uk>.
• Michael Hilsdale <michael.hilsdale_at_jhu.edu>.