I watched an interesting video the other day, about a Mac OS/X user who had their Mac stolen, but after a few months managed to get it back, because the thief did not reformat the hard drive, but rather decided to use the Mac “as is”. The user with the stolen Mac was able to find the Mac because it was doing dyndns mapping of the ip-address, and so the user ssh’d into their Mac, setup VNC, setup a keylogger and was able to monitor everything the “new” user of the stolen Mac was doing. After a while by monitoring the use of the stolen Mac, the original owner managed to acquire enough information (new user’s name, birthdate, address, picture, etc … ) that they could provide it to the police, and the stolen Mac was returned to the rightful owner.
It has me thinking about security (as sort of a New Years Resolution), not only the obvious things, but also the less than obvious. I think there are a number of steps both desktop and laptop users could and should do …
I’ve listed below some ideas I am pondering, so as to solicite comments :
physical security
is very important. Lock one’s house/apartment doors. A double bolt lock or other door security is a good idea
Offsite record/proof-of-purchase of PC serial number
this is so one can eventually prove any PC that is found by the police, is indeed one’s PC
offsite
backups of one’s data (at the office, at a family member’s, or at a friend’s place) are very important, so that if the PC and all external drives are stolen, one still has their offsite backups to mitigate the damage (such as losing > 10 years of electronic photos). In my case, I scanned the family photographic albums, so I have over 100 years of images that could be lost in a theft
special software
install some software, such as “prey” not only on one’s laptop, but possibly on one’s desktop, the open source anti-theft software: Open source anti-theft solution for Mac, PCs & Phones – Prey . Prey has the advantage that I think it will work through a home LAN’s firewall.
dyndns mapping
consider dyndns mapping not only from one’s router, but also from one’s PC’s, so that the PC occasionally reports its location, and so that the PC’s IP address can always be found [but that still begs the question - if the stolen PC is on a home LAN, how can one get past that LAN’s router firewall ? ] ;
ssh access setup
keep the ssh dameon active on one’s PC so that it can be accessed by ssh if need be/possible;
tune the firewall
setup the firewall on one’s PC setup for remote access (with appropriate security) … ie maybe close port#22 on one’s PC’s, but open another port for remote ssh access, and record the information as to how one can access one’s PC off site (in a secure off site place);
vnc
setup and test vnc, confirming it works for remote display of what is actually taking place on the desktop of one’s home PC;
ready for keylogging
consider installing (but not activating) a key logger on one’s PC, such that if the PC is stolen, one can then easily remotely activate the key logger;
encrypt financial/personal info
keep one partition as an encrypted partition, that is accessed manually (not automatically) only after boot (via some script or password). Keep one’s financial/personal information in that encrypted partition (such as bank account statements, trading account statements, financial records, electronic tax records, family personal information, one’s personal information … ) etc ,
Note the above are only ideas. I’m not saying yet that these are things that must be done, although clearly some make a lot of sense.
Make desktop desireable to deter reformatting
Now more debateable is this concept: Do not overdo the security, but rather keep the PC in a desireable bootable state, so as to encourge the user who may steal the PC to NOT reformat the hard drive, but to rather boot the PC ‘as is’ and use the PC on the web. This of course would only be acceptable IF one has the important information encrypted elsewhere.
Some users prefer to simply encrypt the entire PC’s hard drives, or prefer to have a password access upon boot for all users. The problem with that is it encourages / reminds the thief that they must either replace or reformat the entire hard drive. Once the hard drive is reformatted, its not possible for most the ideas to work for finding the PC again. One needs to tempt the thief into not applying ‘common sense’.
While I suspect 90% of thiefs know that they must replace the operating system, there may still be 10% who are not so clever to realize the risk to them if they plug a regular user’s PC on to the Internet with out re-installing the Operating System.
Even 10% (if a valid number - I just made it up) is better than 0%.
Any other ideas on how to protect/recover one’s own PC by setting up things ‘in advance’ ?
Note also any/all of the above need to be done with appropriate security measures in place, so that they do NOT backfire and are in turn used against one.
For NNTP users, I edited my above post on the WEB side, but I may not have succeeded in time to include this important (to me) piece of information that should be also added:
This needs to be kept offsite, in case the original records are stolen also.
Yeah, quite interesting story and a nice list of counter measures…
My additional ideas:
Create a dummy user in the system and use the autologin feature for this user so the thief don’t have to enter any password. Of course, for normal work use another account with encrypted home directory.
Setup a private network using n2n (the traffic can go behind NAT and through firewalls) so you can connect to the machine even if it’s used inside a relatively secure network.
But will it work with Linux? I mean, Linux has roughly 1% share between desktop users, that means 99% users would replace the installed Linux OS by something else anyway. And the 1% users who are familiar with Linux are probably more experienced or “clever” and they would probably know that they should reformat the hard drive…
I’m not sure if having such backdoors is a good idea, you have to be very careful what you are doing otherwise it will be used agaist you…
I think you need to be careful if you don’t use full disk encryption because there’s always the potential that you’ll leave behind an unencrypted copy of the data you want to secure or the password.
But maybe that’s a trade-off you make. My guess is that most people who steal laptops are more interested in the laptop than any data that may be there and are unlikely to be bothered or have the skills/knowledge (even if the requirements are low) to try to bypass volume or file encryption.
If you have any confidential work information on your “home PC” you probably need to be using FDE as my guess is that file or volume encryption probably won’t satisfy most compliance requirements.
Hi
The version of prey I have packed in Security has been modified to run
at even runlevel 3. The only thing you need to ensure as it’s running
dhcp rather than a static ip address.
I’m trying to ‘wrap my head’ around the concept of n2n. I note they state one needs to setup a ‘supernode’. I assume then that one should have at least one PC in the n2n network that is NOT one of one’s PC’s in one’s house, perhaps the PC of a relative. Hence if one’s PC’s are all stolen, one could then use one’s relative PC as the remaining PC that could connect to the other’s IF they should happen to be switched ON without the hard drive being wiped.
Exactly, this is the idea. The sort of encryption I am thinking of is the sort that will stop a thief who is not PC knowledgeable enough to reformat the hard drive and reinstall the OS (but who has no difficulty in climbing the fire escape and smashing a window to gain entry). Its not intended to stop serious hackers nor stop industrial spies, nor stop governments that have the resources to crack such a setup.
Indeed I have conceptual agreement there.
I am a strong believer that confidential office work should stay in the office and NOT be brought home. If it means working late at the office then “it means working late at the office”. Don’t bring confidential work home.
I have an early version of your packaged “Prey” running on our Dell Studio 1537 laptop (in both Linux and WinXP boot partitions) but it was the 1st version of Prey you packaged for Linux. I got that working and I never updated since ( ie it works - so why change ? ). But I don’t know if it provides run level 3 support, so I’m thinking I should probably update Prey.
…
Looks like I found my New Years Resolution :
Resolution : Improve the security of the oldcpu family home PCs
The advantage of this is also the problem. The advantage is the thief can not easily log in. They can boot to a liveCD and access data that way, but the OS install is next to useless to them. So as long as they do not know about liveCD or USB OS booting, one’s data should not fall into the wrong hands.
The disadvantage is that is not very safe. It does not take much knowledge to boot to a liveCD or boot to a liveUSB and access the data on a PC. Plus if one does not have the knowledge to use a liveCD/liveUSB, one might just pass the PC to a thief/friend and say reformat the hard drive and re-install the OS for me. Hence the disadvantage I see of turning off autologin is it offers no security for the data, and it almost guarantees the hard drive will be reformatted (after all data stolen) which practically ensures there can be no recovery of the PC.
I prefer to leave the login as a ‘temptation’, assuming I can still protect my data having let the thief in past the initial login barrier (for they still do NOT know the root password, nor do they know the user password). Of course a Linux knowledgeable thief would have no problem in creating a root password, once they have physical access to the PC.
Music to your CISO’s ears but I suspect most are panic stricken trying to secure telecommuters and an endlessly expanding universe of mobile devices over which they have limited control.
Indeed, its probably my being from the old school, where physical security if applied properly can still be the better security. At the office we have secure grounds, locked buildings, locked rooms, better firewalls, fully time security guards who do rounds/checks, better locked cabinets, dedicated IT people who have forgotten more about security than I will ever learn , … etc … Now I believe in today’s world, no place is perfectly secure, but our office (where I work) is likely much superior to anything I can easily come up with at home.
> I am a strong believer that confidential office work should stay in the
> office and NOT be brought home. If it means working late at the office
> then “it means working late at the office”. Don’t bring confidential
> work home.
That’s fairly difficult if, like me, you work from home most of the time.
Hmmmm … that has me thinking. I’m not in ‘that boat’, so for me, IF I can encrypt/protect the small amount of sensitive data that I have, I would be more interested in getting my PC back (and catching the crook) than denying access to my stolen PC (assuming that were to happen).
However, IF I were doing confidential work at home, it might be more important to simply deny access (ie who cares if hard drive is reformatted) and spend less effort trying to catch the perpetrator, … ergo … total encryption may be better in such a case.
i.e. different “home security” approaches dependant on one’s aim/goal.
On 2010-12-29 17:06, oldcpu wrote:
> Exactly, this is the idea. The sort of encryption I am thinking of is
> the sort that will stop a thief who is not PC knowledgeable enough to
> reformat the hard drive and reinstall the OS (but who has no difficulty
> in climbing the fire escape and smashing a window to gain entry).
Hardware encryption on the hard disk. With some types you can not reformat
them (or not easily), so the value of the disk is nil to the thief: it can
not be sold.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
> hendersj;2271529 Wrote:
>> That’s fairly difficult if, like me, you work from home most of the
>> time.
>
> Hmmmm … that has me thinking. I’m not in ‘that boat’, so for me, IF I
> can encrypt/protect the small amount of sensitive data that I have, I
> would be more interested in getting my PC back (and catching the crook)
> than denying access to my stolen PC (assuming that were to happen).
>
> However, IF I were doing confidential work at home, it might be more
> important to simply deny access (ie who cares if hard drive is
> reformatted) and spend less effort trying to catch the perpetrator, …
> ergo … total encryption may be better in such a case.
>
> i.e. different “home security” approaches dependant on one’s aim/goal.
My “solution” as it were is to use a combination of hardware-based BIOS
locks and encfs.
