[ISN] Setting a trap for laptop thieves

From: InfoSec News (isnat_private)
Date: Fri Aug 23 2002 - 00:32:18 PDT

  • Next message: InfoSec News: "[ISN] The Seven Deadly Security Sins"

    http://news.com.com/2100-1040-954931.html?tag=fd_top
    
    By Sandeep Junnarkar 
    Staff Writer, CNET News.com
    August 22, 2002, 2:03 PM PT
    
    Notebook computers are small, powerful, increasingly affordable--and
    easily stolen. Now, new services being offered by major PC makers
    could help track down pilfered systems.
    
    A spate of publicity in recent months over misplaced laptops at
    government agencies, such as those missing from the FBI, the Internal
    Revenue Service and the Pentagon, has drawn attention to the problem
    of notebook computer theft.
    
    "At one time, people stole televisions; then they stole VCRs. Now,
    laptops are the most stolen article of property in San Francisco,"  
    said Richard Leon, an inspector in the San Francisco Police Department
    burglary detail. "We get reports of hundreds of laptops stolen each
    month."
    
    Looking to stem that problem--and to gain some badly needed
    revenue--leading notebook makers IBM, Hewlett-Packard and Dell
    Computer are offering software with their new notebooks that's the PC
    industry's equivalent of the LoJack stolen car tracking system.
    
    But instead of using a hidden transmitter--as LoJack does--software
    from companies like Absolute Software and zTrace Technologies is
    embedded on notebook hard drives, allowing systems to be tracked as
    soon as they are connected to the Internet.
    
    IBM, which offers Absolute's ComputracePlus, said it is seeing growing
    demand from laptop buyers in the education and enterprise markets.  
    Vancouver, British Columbia-based Absolute said it saw a nine percent
    growth in sales in 2001 but expects growth of between 35 percent and
    50 percent this year.
    
    IBM has a variety of packages for the tracking service, ranging from a
    $49, 12-month agreement for one license, to site licenses that cover
    20 notebook systems for $2,999 for 48 months.
    
    zTrace, which is available on HP laptops, is priced similarly. A
    one-year contract for a single notebook costs $49.95. A 20-user
    license is $2,499 for 48 months.
    
    A call to action
    
    When a laptop is loaded with Absolute's ComputracePlus application,
    tracking-agent software silently connects with the company's
    monitoring center whenever the device is connected to the Internet. If
    that notebook is reported stolen or lost, its location is tracked and
    local law enforcement is called in to recover the stolen property.
    
    Leon said the software is very effective. "One time we were tracking a
    laptop broadcast as we approached an apartment to serve a warrant," he
    said. "When we knocked on the door, this guy answers and over his
    shoulder we could see the laptop all lit up and connected to the phone
    line."
    
    The technology works over analog phone lines, as well as digital
    broadband connections. If the laptop is calling over a phone line, the
    software uses technology that allows Absolute to identify the phone
    number. If the device connects to the Internet over a T1 line, a cable
    modem or DSL, the location is traced using the IP (Internet protocol)  
    address.
    
    "We take the address to the ISP (Internet service provider)--AOL or
    whoever it happens to be--and get the account information associated
    with that IP address," said John Livingston, Absolute's chief
    executive.
    
    But like most computer security products and services, analysts warn,
    these tracking systems have vulnerabilities.
    
    "A lot of people steal laptops for commercial espionage--to get the
    data that resides on them," said Alan Promisel, a portable computer
    analyst at research firm IDC. "Those people will steal them without
    ever intending to go online."
    
    SFPD's Leon agrees, noting that businesses users are often less
    interested in retrieving the laptop and more worried about the
    confidentiality of the data on their systems. A benefit to these
    tracking systems is that a customer can request a signal be sent to
    the notebook that would delete all the information on the hard drive.
    
    Another weakness of the tracking systems is that in some cases a thief
    could reformat and configure the hard drive in a way that bypasses the
    tracking agent.
    
    "We'll survive a reformat of the hard drive, but where it gets tricky
    is when people reinstall operating systems on top of each other. It
    also depends on what OS is being loaded," Absolute's Livingston said.
    
    Specifically, the software will survive a reformat and reinstallation
    of any Windows 9X operating system. Installing Windows XP or 2000 can
    create problems, depending on how the system is configured.
    
    "Someone can wipe the drive everywhere except where we are loaded,
    because we're working at such a low level in the system--that is,
    below the Windows operating system at the hardware level," Livingston
    said.
    
    Experts say this type of tracking security would work best if it is
    part of a larger theft-prevention strategy. Other devices, such as
    cable locks, can prevent the theft from occurring in the first place,
    as can motion detectors that sound an alarm if the notebook is removed
    beyond a certain perimeter.
    
    Some information technology managers said that in certain situations,
    such as in a business setting or on a college campus, warning notices
    posted in conspicuous places can also serve as a deterrent.
    
    "Before we got the service, we had two or three laptops disappear from
    each campus," said Richard Scaletti, director of networks and
    telecommunications for North Shore Community College's three campuses
    in Massachusetts. "We installed the software and put up signs--not one
    has disappeared yet."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 02:57:06 PDT