Setting a trap for laptop thieves

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1040-954931.html?tag=fd_top

By Sandeep Junnarkar 
Staff Writer, CNET News.com
August 22, 2002, 2:03 PM PT

Notebook computers are small, powerful, increasingly affordable--and
easily stolen. Now, new services being offered by major PC makers
could help track down pilfered systems.

A spate of publicity in recent months over misplaced laptops at
government agencies, such as those missing from the FBI, the Internal
Revenue Service and the Pentagon, has drawn attention to the problem
of notebook computer theft.

"At one time, people stole televisions; then they stole VCRs. Now,
laptops are the most stolen article of property in San Francisco,"  
said Richard Leon, an inspector in the San Francisco Police Department
burglary detail. "We get reports of hundreds of laptops stolen each
month."

Looking to stem that problem--and to gain some badly needed
revenue--leading notebook makers IBM, Hewlett-Packard and Dell
Computer are offering software with their new notebooks that's the PC
industry's equivalent of the LoJack stolen car tracking system.

But instead of using a hidden transmitter--as LoJack does--software
from companies like Absolute Software and zTrace Technologies is
embedded on notebook hard drives, allowing systems to be tracked as
soon as they are connected to the Internet.

IBM, which offers Absolute's ComputracePlus, said it is seeing growing
demand from laptop buyers in the education and enterprise markets.  
Vancouver, British Columbia-based Absolute said it saw a nine percent
growth in sales in 2001 but expects growth of between 35 percent and
50 percent this year.

IBM has a variety of packages for the tracking service, ranging from a
$49, 12-month agreement for one license, to site licenses that cover
20 notebook systems for $2,999 for 48 months.

zTrace, which is available on HP laptops, is priced similarly. A
one-year contract for a single notebook costs $49.95. A 20-user
license is $2,499 for 48 months.

A call to action

When a laptop is loaded with Absolute's ComputracePlus application,
tracking-agent software silently connects with the company's
monitoring center whenever the device is connected to the Internet. If
that notebook is reported stolen or lost, its location is tracked and
local law enforcement is called in to recover the stolen property.

Leon said the software is very effective. "One time we were tracking a
laptop broadcast as we approached an apartment to serve a warrant," he
said. "When we knocked on the door, this guy answers and over his
shoulder we could see the laptop all lit up and connected to the phone
line."

The technology works over analog phone lines, as well as digital
broadband connections. If the laptop is calling over a phone line, the
software uses technology that allows Absolute to identify the phone
number. If the device connects to the Internet over a T1 line, a cable
modem or DSL, the location is traced using the IP (Internet protocol)  
address.

"We take the address to the ISP (Internet service provider)--AOL or
whoever it happens to be--and get the account information associated
with that IP address," said John Livingston, Absolute's chief
executive.

But like most computer security products and services, analysts warn,
these tracking systems have vulnerabilities.

"A lot of people steal laptops for commercial espionage--to get the
data that resides on them," said Alan Promisel, a portable computer
analyst at research firm IDC. "Those people will steal them without
ever intending to go online."

SFPD's Leon agrees, noting that businesses users are often less
interested in retrieving the laptop and more worried about the
confidentiality of the data on their systems. A benefit to these
tracking systems is that a customer can request a signal be sent to
the notebook that would delete all the information on the hard drive.

Another weakness of the tracking systems is that in some cases a thief
could reformat and configure the hard drive in a way that bypasses the
tracking agent.

"We'll survive a reformat of the hard drive, but where it gets tricky
is when people reinstall operating systems on top of each other. It
also depends on what OS is being loaded," Absolute's Livingston said.

Specifically, the software will survive a reformat and reinstallation
of any Windows 9X operating system. Installing Windows XP or 2000 can
create problems, depending on how the system is configured.

"Someone can wipe the drive everywhere except where we are loaded,
because we're working at such a low level in the system--that is,
below the Windows operating system at the hardware level," Livingston
said.

Experts say this type of tracking security would work best if it is
part of a larger theft-prevention strategy. Other devices, such as
cable locks, can prevent the theft from occurring in the first place,
as can motion detectors that sound an alarm if the notebook is removed
beyond a certain perimeter.

Some information technology managers said that in certain situations,
such as in a business setting or on a college campus, warning notices
posted in conspicuous places can also serve as a deterrent.

"Before we got the service, we had two or three laptops disappear from
each campus," said Richard Scaletti, director of networks and
telecommunications for North Shore Community College's three campuses
in Massachusetts. "We installed the software and put up signs--not one
has disappeared yet."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.