Thursday, July 2, 2009

The Case for Remote Control: Theft Recovery

While many corporate laptops are encrypted and passworded, requiring would-be thieves to sell them as-is, to reinstall them after wiping the drive, or to part them out, personal laptops are far less frequently properly secured. In these cases, a remote control application can sometimes help with recovery of a stolen laptop even when they aren't GPS enabled devices.

One incident which I recently dealt with involved a personally owned laptop which the owner regularly accessed via a remote control application. In this case, the user apparently did not use a password for login, and conveniently, the thief or another person who ended up in possession of the laptop proceeded to use the laptop. The user was able to monitor the activity of the person using the laptop and gathered a variety of information, including personal information on the person, as well as their IP address, which they reported to the local police department.

This is where the user ran into a hurdle - the police department that was involved was not sure what to do with this information. This isn't horribly surprising - it is rare that stolen goods report information back about where they are. Fortunately, a little guidance and some cooperation with the ISP that the system was connected to got the right data into the right hands.

While there are a number of theft recovery applications on the market, this was done entirely using standard remote control software. Sadly, stolen laptop tracking applications and remote control applications are only helpful if the system is booted and allowed to contact the outside world, and technically sophisticated thieves, or those who are merely looking for a quick dollar are unlikely to put devices online.

The moral of the story? That's a tough one - first, a properly secured laptop would have likely been lost altogether, but the user's data was exposed when the laptop was stolen. Next, we face the issue of personally investigating crime. This could even prove to be dangerous if the user had been able to locate the thief's actual location. Add in the fact that the person using the laptop might not be the thief and appropriate action can be even more difficult to figure out - once stolen, a laptop is often quickly sold, and having information about an unsuspecting third party could create a difficult situation for user who takes more of a vigilante approach.

In the end, the lessons learned are twofold:

  1. Secure and insure your systems, so that the loss can be handled, and keep a backup so that that loss doesn't cause significant disruptions.
  2. Have a plan in place as a security professional so that you can properly assist with a stolen laptop incident. Knowing what questions to ask, and who your contacts are with local law enforcement, as well as any useful actions you can take in your environment can make a stressful situation far easier to deal with.

No comments: