What Is the Best Way To Track Stolen Gadgets? 101
An anonymous reader writes "Now that gadgets can determine their location and phone home, many companies are creating tools for finding lost and stolen gadgets. It sounds like a simple process, but this NY Times article describes a number of wildly different approaches. Some report all of the information back to the owner while others deliberately keep the owner in the dark to avoid dangerous confrontations. Some start grabbing pictures from the web cameras and logging keystrokes. Others just record IP addresses. Some don't do anything but record serial numbers to make it easier for the police to do their job. Are sophisticated systems dangerous because the tracking mechanisms could be misused to violate the privacy of the owner? Are the stakes different when a company purchases the software and gives the IT manager the ability to track everyone in the company? What are the best practices that are emerging? What should I recommend if my boss reads this article and wants to track our laptops and Blackberries?"
Some gadget (Score:2, Funny)
You'd like to track.
What of that fur
Ever growing back?
Burma Shave
Re:Some gadget (Score:4, Funny)
Throughout the day?
Put it in a
Faraday cage! [wikipedia.org]
Burma Shave
Re: (Score:2)
The termitethingie (Score:2)
Re: (Score:1)
Re: (Score:2)
Re:The termitethingie (Score:4, Interesting)
Build it in... When for x time no 'special' password is given the termite gets an ignitionsource. It should be quite easy after that to spot the thief. Whoever smells like bacon most is the one you're after :)
In Italy a person got his car stereo stolen twice in 1 week, the 3rd time he mounted some sharp knifes as a defensive mechanism. Two days later he found 4 fingers in his car. The police was not happy. I'm not sure how the story ended in a court.
Re: (Score:1)
Re: (Score:2)
Perhaps you might believe so. Perhaps I might believe so. If the judge doesn't believe so, you're going to jail.
It's for precisely this reason that I would do my best to securely dispose of the fingers, and would never mention finding them to anyone - not my wife, not my priest, and certainly not the police.
Not that I would do such a thing to begin with.
Re: (Score:1)
Of the thousands of Police Forces around the world, can you identify one that has been successful at this? Believe me, you wouldn't want (not even in your happy little Utopia) to have a Police Force that has done everything necessary to guarantee you that absolutely no petty thieves are walking the streets.
Re: (Score:1)
Re: (Score:1)
Pardon me for not drawing that conclusion from your post I quoted (entirely) earlier.
Re: (Score:2)
I will quite simply explain it to you. You see the world has quite a few mercenary greedy folk ad no matter how much matter they are worth they still hate to pay taxes. They demand that the police force be kept small and cost efficient. So when your car stereo gets stolen twice in a row, there are quite simply not enough police officers to man a surveillance station on your car, cost of vehicle plus three shifts of two officers, plus rotation for weekends. You see those greedy folk have forced a simply cos
Re: (Score:1)
I also never said that an appropriate punishment would be to remove the fingers of a thief. I think an appropriate punishment would be jail time, where he can enjoy the company of "bubba" king of the cell block. Just for arguments sake, lets say the thief is a ten year old homeless child...what the fuck is this child doing on the street and not in the custody of Child and Fami
Re: (Score:1, Troll)
By your logic:
You break into my house and fall down the stairs.
Therefore: I believe that all thieves should be thrown down a flight of stairs.
Lucky "CSI: Italy" . . . (Score:4, Funny)
. . . they got more than just the suspect's fingerprints . . they got the whole fingers!
(Scene: A guy with a bandaged hand sitting in the police interrogation room. A detective walks in and tosses a package on the table.)
"Hey, Luigi, are these your fingers?"
"Never seen them before in my life, pal!"
Re: (Score:2)
Random person bleeding all over my car and damaging it more in a fit of rage vs stolen radio
BTW, that story sounds made up as I can't see why you'd have to put your fingers anywhere that would cut them off when stealing a stereo. Plus it would have been spring loaded to actually cut the fingers off.
Re: (Score:3, Informative)
Re: (Score:1)
[...]it would have been spring loaded to actually cut the fingers off.
"La trappola e' una sorta di "ghigliottina a pressione" "
From my rudimentary Italian skills, sounds like exactly like it: "pressure activated guillotine"
Re: (Score:2)
Re: (Score:2)
Google Translation:
Usually crimes like these don't you have to have someone press charges?
A PORDENONE a trap as anti - theft Topo car loses two fingers PORDENONE - A "trap" against thieves with radios. Un artigiano di Pordenone, esasperato da tre furti consecutivi in un mese, ha teso un agguato ai malviventi costruendo un marchingegno che ha funzionato a dovere, forse troppo: dopo l'ennesimo scasso, al ritorno da una birreria l'uomo (25 - 30 anni) ha trovato dentro la macchina l'autoradio al suo posto, ma anche sangue e due falangi troncate. An artisan of Pordenone, exasperated by three consecutive robberies in a month, the gangsters ambushed by building a machine that has worked well, perhaps too much: after yet another break, returning from a beer man (25 - 30 years) found inside the car the radio in its place, but also blood and two phalanges truncated. La vittima di questo gesto di autodifesa si e' dileguata senza lasciare tracce, e nessun pronto soccorso della zona ha reso noto di aver medicato simili ferite da taglio. The victim of this act of self-defense and is' vanished without a trace, and no emergency room of the area has made it known that he had doctored such as cuts. La trappola e' una sorta di "ghigliottina a pressione": dietro l'autoradio il proprietario della macchina ha collocato un'affilatissima lama d'acciaio, appesantita con alcuni piombi. The trap is' a sort of "guillotine Pressure: behind the car radio the owner of the car placed un'affilatissima steel blade, weighed down with some weights. Quando il ladro ha tentato di staccare i fili dell'apparecchio, la lama gli e' piombata sulle dita. When the thief tried to pull the wires of the apparatus, the knife and 'fallen on his fingers. Ma ora il protagonista di questa clamorosa ribellione personale contro la microcriminalita' rischia grosso: le forze dell'ordine sono in allerta per il timore di una vendetta. But now the star of this sensational personal rebellion against the petty crime 'big danger: the police are on alert for fear of revenge. E dal punto di vista penale, l'uomo puo' essere condannato a oltre due anni di carcere per lesioni personali gravissime e permanenti. And from the penal point of view, man can 'be sentenced to more than two years in prison for serious and permanent injuries.
Re: (Score:2)
Half of the article is still in Italian and the rest is in English so broken I can't trust it. "A trap against thieves with radios"..... right.
No article is better than broken worthless article.
Re: (Score:2)
the cut off part sounds made up (actually more of a exaggeration at least about finding fingers.) The razor blades on the wires making a mess makes sense. Thiefs like dark and being quick, don't mind causing damage. So I would see them breaking out the dash to get the radio moving, reaching deep in the dark hole, to not damage the radio, then blindly ripping and cutting at the vehicle harness for speed, and to get the maximum re-usable wires for later use. anyone messing with cars wouldn't be too surpri
Re:The termitethingie (Score:4, Interesting)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1, Troll)
Re: (Score:2)
Hell, come to think of it I may just put a sticker like that on my car window - let the thieves wonder what the hell it means.
The problem with lawsuits is that you have to identify yourself, which no thief really wants to do (especially one so dumb that he not only didn't get what he was trying to steal, but injured himself badly in the pr
Re: (Score:2)
Hell, come to think of it I may just put a sticker like that on my car window - let the thieves wonder what the hell it means
A more effective one might be "Planning on breaking into this car? You will have 4 seconds to find the hidden grenade."
Re: (Score:2)
Re: (Score:3, Informative)
The story is over 10 years old, and I could not find any follow-up that indicated prosecution (yes I can read Italian). Anyway, as far as I know, one is not required to make his car a safe place for thieves; as long as detention of those knives was not illegal, the guy should not have had any trouble. You cannot be held responsible if someone breaks into your property and gets hurt; if you had invited him in, then that would be something.
Also, this man could simply have shut up: a car thief would probably n
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Isn't that similar to the guy that got tired of having his mailbox smashed with a baseball bat wielded by a teenager in a car driving by... He replaced the wooded pole with a concrete one that looked like wood and mounted a mailbox filled with concrete on top. The next day he found a shattered baseball bat next to a slightly dented mailbox and got sued by the teenager now in the hospital with a broken arm and a smashed shoulder...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
This would give a broken keyboard a truely pathological failure mode.
"Yes I have a sev 1 issue here: the keyboard is broken"
"Sir, sev 1 is reserved for site-wide outages that are user impacting"
"If you don't get a new keyboard here before the thermite goes off, I garauntee user impact"
-Steve
Termite, termite, termite?...... ah thermite!!! (Score:2)
Damnit! Do you have any idea how long it took me to figure out what you were talking about, why a termite would require an ignition source, and why anyone would want to reply to a post suggesting that somehow a termite might be useful?
It turns out spelling is important...
Slashdotters' spelling.... grumble, grumble, grumble,
Don't (Score:3, Funny)
If you love something, let it go.
If it doesn't come back, it never was yours.
Re:Don't (Score:5, Funny)
If it does come back, check for signs of demonic possession, including but not limited to:
* Bloodthirst
* Creeping veins of ichor
* Word-like sounds, as though chattered in a dead tongue older than space and time
* Moving under its own bloody power
Re: (Score:1)
If it doesn't come back, hunt it down and kill it.
There, fixed that for you.
making thievery more risky - good! (Score:5, Insightful)
No matter what you as an individual do, it's nice knowing that as a whole, it's becoming a lot more dangerous to steal expensive toys, it's providing a deterrent for everyone. Built-in cameras and GPS, internet connected, really, you'd have to be quite a gambler nowadays to steal things with these features. We keep reading articles about thieves getting their pictures emailed to the owners, gadgets can brick themselves with a remote command, as well as the clandestine remote back into the owner's server with their current IP etc. I'm all for it.
My laptop's practically got a mind of its own if it takes a walk. Doesn't make me feel like I can be any less cautious with it, but sure makes me a little more at peace when I hear someone else lost their gear and there's nothing they can do about it short of file an insurance claim.
Re:making thievery more risky - good! (Score:5, Informative)
In addition to Undercover [orbicule.com] on my Mac, I've made some home rolled solutions.
1) Installed AutoSSH and set it up ssh back to a Virtual Machine (sandboxed) on my home server. Also helps if I leave my machine on somewhere safe but forget (or aren't able) to forward ports. It has a reverse port forward to the ssh server on my Mac. Meaning anytime I can get to my home server and so can my Mac, I can get to my Mac.
autossh -M 9005 -D 1080 -R 2222:127.0.0.1:22 www.example.org
2) Another LaunchD (cron) process that curls a simple URL through the ssh socks proxy (ssh -D) that is a simple 1 or 0. (1 Stolen, 0 Not-Stolen). If it sees that it is stolen it'll just start taking pictures with the iSight (iSightCapture) and the desktop (screencapture) and uploading them to my host through scp. Literally in a while loop so as soon as it gets one photo, it gets another, and another, and another, etc...
3) I have logKext, a password keylogger, installed. Every hour (keyLog-00h.log) and then once per day (keyLog-20090824.log) it uploads a copy of the encrypted log to my host. If anyone steals my laptop and uses it to type anything personal (e-mail, passwords, phone numbers) I'll immediately get
Most thieves aren't what you see in Oceans 11 after all your money, they're low income thieves. When someone broke into my car and stole my wallet, both credit cards were immediately used at 2 Walmarts 10 minutes in either direction for $300-$500 repeatedly until I called to cancel. They're not going to wipe the drive, do an EFI wipe to ensure there are no 'bios' keyloggers.
I wouldn't be surprised if the first thing a thief around here did was check his or her facebook and myspace page and then send an e-mail to his or her friends using a hotmail account.
pushing theft into organized crime (Score:4, Insightful)
If you use a software tracking approach, thieves will learn to put tape over the webcam, and not use it until they ask someone in the black market to reinstall the operating system for a fee, or learn to reinstall operating system by themselves. This is just like how thieves learned to use the credit card immediately after they steal it before you have a chance to cancel the card.
Other approaches taken will lead to workarounds too. If you have a database of serial numbers and require legit second hand market to verify the serial number before going on sale, the thief will just keep the gadget for themselves, for their friends, or sell it in the black market. If you're able to remotely brick the device, the thief will still be able to use it for a while, and then just steal another one. I'm sure thieves don't mind using new gadgets all the times.
Re: (Score:2)
I agree under 2 conditions. A) the thief is more of a professional thief, not some high schooler who saw you leave your device and thought it looks pricey. B) the method is widespread enough for the thieves to hear about work arounds. I am guessing that at most 5 thieves in the world have been exposed to getting caught by such measures, so why bother learning a work around, when so few gadgets currently have any counter measure. C) your not likely catching the pro thief anyway, they care nothing for us
Re: (Score:2, Interesting)
Re: (Score:2)
The percentage of laptop owners who have any sort of anti-theft software on their laptops is so small that the average thief prob
Re: (Score:1)
Re: (Score:1, Interesting)
I've seen some really nasty stuff people have done with custom ROMS on their cellphones, if a thief yanks out their SIM card and puts in their own. Some of those include:
Setting a password on the thief's SIM card, then doing a bunch of false guesses on it to lock it, then a bunch of attempts against the PUC (unblocking code that the SIM card provider has) to permanently render the SIM card unusable.
Dialing numbers in the thief's SIM card and playing messages at random to the people on the address book day
Re: (Score:2)
I've seen some really nasty stuff people have done with custom ROMS on their cellphones
no 900 numbers constantly from 2-6am? amateurs...
Re: (Score:2)
Computers are getting smaller, with chips decreasing in size everyday and the price for components dropping like crazy...you could have the equiv of a small pentium1 with internet and gps built into a small device like a digital camera, to be able to next time it links up with a computer (the thieves pc) it looks for an internet connection and sends the info to someone (cops by preference) so as to make a bust.
The size keeps getting smaller, and I am sure in the near future, we will have chips implanted in
Secure vs trackable (Score:3, Interesting)
Short of a hardware based tracker, all the software methods seam to give up any hope of securing a system.
*To get a picture on a webcam you need to let the thief login,
*To connect to an encrypted AP you need to let the thief login,
*To get the gadget turned on for sustained amounts of time you need to let the thief login...
There are some potential exceptions,
*you could have bios periodically turn on, boot to a custom kernel,scan for APs and report its position (could use something like wesside-ng to report its location even if only WEP APs are available),
*you could have fake passwords (idiot words?) log you into a fake login/partition, but 1) this raises huge security issues 2) AFAIK this has not been implemented by any OS yet.
Re: (Score:3, Interesting)
*you could have fake passwords (idiot words?) log you into a fake login/partition, but 1) this raises huge security issues 2) AFAIK this has not been implemented by any OS yet.
Not a problem. Dual boot windows and linux. Set grub to default to boot windows and hide the menu. Encrypt your entire linux partition. Problem solved. No security issues, and no OS support needed. You should have a dummy partition set up anyway, if you ever want to cross the border with your laptop.
Re: (Score:2)
Easier still, just have a non-admin guest account without a password, all ready for the thief to use. As long as the thief can login to Facebook, use webmail, login to Skype, etc., he'll probably do it. And th
Re: (Score:2)
Easier still, just have a non-admin guest account without a password
Which opens you up to local exploits, boot disks, etc. If you have any valuable information on your laptop, you damn well better be using whole disc encryption.
Re: (Score:1)
Easier still, just have a non-admin guest account without a password
Which opens you up to local exploits, boot disks, etc. If you have any valuable information on your laptop, you damn well better be using whole disc encryption.
Since they already have physical possession of the machine, they can already boot from whatever media they want as well as access any unencrypted data on your disk, The point in the unprotected account is to lure them into turning it on, connecting to a wireless network, and using it while your tracking software reports home, logs the thief's activity, records their face/voice, etc.
Re: (Score:2)
Since they already have physical possession of the machine, they can already boot from whatever media they want as well as access any unencrypted data on your disk,
Exactly my point. There should be no important unencrypted data on your disc. Encrypt your entire linux partition, always. Set up a dummy unencrypted OS for thieves (and customs) to use. I don't see what's so hard to understand about that.
Re: (Score:1)
Re: (Score:2)
4. You could have an obvious, non-passworded login which does not allow the theif to have root access, but which does run your desired scripts.
Re: (Score:1, Interesting)
I use Orbicule's Undercover. Most laptop thieves are greedier than they are smart. I leave a guest account on my MacBook Pro, with no password. If they log into it, they can play with the system and log it into the network themselves.
Getting a thief to log in is simple. They are going to want to see that the thing they just stole works, or prove it to someone when they hawk/sell it. The guest account on the Mac is a perfect "honeypot" for this type of endeavor.
Your mileage may vary with Windows. Not sure h
Summary Execution for laptop thieves (Score:2, Funny)
Re: (Score:2)
Sort of like how summary execution for murderers has stopped all killings here in Texas?
Don't get mad; get even (Score:2, Funny)
The webcam thing is okay and so is the tracking by IP. I like the getting even approach. Use GoToMyPC and mess with them. I live in a college town so the thief might be a student. I can log in and delete their term papers, or better yet edit them by inserting misspellings, incorrect facts, and lifting quotes from wikipedia and pasting them into the term paper unattributed. The term paper will have the name, the class, and the instructor listed on the upper righthand corner and I can visit the student b
Don't bother (Score:3, Interesting)
Re: (Score:2)
The idea of tracking is to increase those odds of getting it back. If my craziPhone whatever tracks its location after its stolen and sends me GPS co-ordinates of its location constantly, whats to stop me from going to the police and saying: Here is the perpetrator. Go get them.
May take a while for the police to jump on it, but if you're still getting those GPS coordinates, they can still go catch the guy.
Re:Don't bother (Score:5, Funny)
Re: (Score:2)
Remote? No really. My disable option is local (to the laptop) and not very complicated. My laptops always have a power on password set. If it is stolen, that means there's probably no chance that I'll ever get it back, but it also means that the thief won't get much use out of it. Parts maybe, but that's about it.
Anybody else old enough... (Score:2)
Re: (Score:2)
Re: (Score:2)
Today, it's the email address. I put that on anything valuable. If there is room, I also add a phone number (in case it's found by a pre-digital old person). Most people in the wealthy (globally speaking) world don't think twice about returning lost items, even lost cash. If I travel to the third world, though, I try to leave anything valuable behind. When you are struggling to stay out of poverty, I'm sure it's a lot harder to decide whether or not you should return a cell phone or camera you found lying a
Re: (Score:1)
When you are struggling to stay out of poverty, I'm sure it's a lot harder to decide whether or not you should return a cell phone or camera you found lying around.
Actually, I'd imagine it makes that decision much easier...
You Can't (Score:2)
Keep all the data on your portable devices backed up.
Keep all sensitive data on your portable devices encrypted.
Buy insurance.
One word... (Score:3, Funny)
Ninjas
ebay (Score:2)
nuf sed
Simple do-it-yourself solution (Score:2)
There's a simple do-it-yourself solution for almost any modern phone that uses WiFi when available. Most slashdotters here probably can set up a POP or IMAP server so what you can do, is configure the phone to retrieve the mail from a dummy account on the POP3/IMAP server and at least you'll have an IP address when the thief walks into WiFi range.
Of course, having an IP address is hardly any use. However, most of the solutions offered by companies are hardly any use so you might as well save money and do it
The best way to track stolen gadgets (Score:2)
is to be the person that steals them.
Hooray for another helpfully unhelpful slashdot comment.
Scorched Earth, US style (Score:3, Funny)
Have a program on it hit a server on your site for instructions, automatically. If it's ever stolen, report it stolen, then instruct it to hit known FBI child porn honeypots after erasing the program which contacts your own website. You won't get the gadget back, but you'll get to know the thief got punished way out of proportion to his crime.
Re: (Score:2)
Re: (Score:1)
eBay (Score:2)
Is your data imortant? (Score:2, Informative)
You can choose to wipe the entire system remotely if you are using the right software and yes, we all know the best approach is to encrypt the data in the first place.
You can choose to use tools to recover it if the laptop doesn't get immediately formatted by the thief. Webcam screenshot capture, video capture, desktop snapshot collection, browser history collection, audio to mp3 recording, key loggers etc can all be done silently in the background and their dat
Re: (Score:2)
Encrypt your devices and don't worry about it; just get a new device. What's with the desire to catch the thief for a device that's probably not worth more than a few hundred dollars? Besides, you were dumb enough to put your device in a position to be stolen in the first place.
Yeah, I was "dumb enough" to leave my (daughter's) laptop in the house with the doors locked.
And "a few hundred dollars" is a few hundred more than we were really hoping to spend, especially one MONTH after spending "a few hundred do
Screw Absolute Software (Score:2)
We will purposefully never reveal a location to a consumer customer," said John Livingston, chief executive of Absolute Software. The company's Computrace package ($14 to $53 a year) is marketed as "Lojack for Laptops," and is available as a preinstalled option on computers from Lenovo, Dell, HP and other manufacturers. "We won't do it. Once you declare that it's lost or stolen, we take control over the location at that point. We purposely keep some safe distance between the end user and the thief."
Let me
Re: (Score:2)
Ah the sound and fury of an internet tough guy, signifying nothing.
GadgetTrak - Privacy Safe Tracking (Score:3, Informative)
Hello,
My name is Ken Westin, I am the founder of GadgetTrak ( www.gadgettrak.com ) one of the companies mentioned in the article and we provide tracking software for a range of devices including Mac, Windows, Blackberry, Windows Mobile and others. The privacy component was a critical factor in our design, looking at other solutions we saw that a lot of data including location, photos etc were being sent to the companies server, some even provide a monitoring center with a backdoor into the system. When we designed our software we did so in a way that would respect user privacy.
For example with our laptop software MacTrak and PC-Trak the only data we have is if the device tracking is active or not, the location and photos captured goes to the device owner's email address as well as Flickr account, so it goes to accounts that the owner controls and never to us. When a device is stolen we ask the customer to friend us on Flickr and share the photo and data, or they can just forward it to us. There is no reason to have this type of data come to our servers if we can avoid it. In the future we may have an option for the user to CHOOSE to upload this data to a server, but we will always provide the device owner with the control of how this data is managed.
You can read more about our philosophy here:
http://www.gadgettrak.com/products/mac/privacy/ [gadgettrak.com]
Our mobile phone software also has the capability to remotely wipe data from the device as well as track it. The mobile phone software is triggered by SMS messages. The software has a password with it as well, so if the device is stolen the user sends and SMS message with a command and the software password to activate various functions including tracking, data wipe, trigger an alarm, lock device and others. Again this data does not go through a server, it is done between the device owner and the device itself.
We also pioneered the USB software for iPods, flash drives and other devices that was mentioned in the store and have a patent for it, all data is encrypted and transmitted securely.
We come from a security background and are extremely paranoid about privacy ourselves, this is why we made sure that no photo or location data ever touches our servers. The best way to ensure privacy of this type of information is to build the software so there is no way it can transmit it to you, remove the man in the middle altogether. We also believe that this data should be provided to you, after all it is your device you should be given the data and be able to decide what to do with it. We assist in the recovery process and work with law enforcement, however the data goes to you first. It is very much backwards from the traditional approach where the data is sent to a monitoring center where they have a back door into your system and they only share that data with law enforcement, some will refuse to provide you with this data even though it is your device.
Let me know if you have any questions, or suggestions.
Thank you
Ken Westin
GadgetTrak Founder
Re: (Score:1)
Rig it with explosives (Score:1)
Easy (Score:2)
Simply make the device itself expendable to the owner. Create a setup where any storage media on the device can be quickly removed when not in use and implement it in a way that forces the user to practice it regularly. For example, make removing the storage itself the "on/off" switch for the device.
MobileMe (Score:3, Interesting)
I like how Apple lets me track my iPhone (and even laptops to some extent) via MobileMe. The iPhone (or iPod touch) shows up on a google map on the MobileMe website, and updates live with location. /. posted a story about a man who recovered his iPhone (though he acted arguably foolishly by showing up unarmed to collect). Also noteworthy was a woman who used the Back to my Mac feature to login to her stolen laptop, access the webcam and snap and email a photo. OS X Snow Leopard is said to have location services built into the OS, we may see an expansion of the tracking services in a few months