Forgot your password?
typodupeerror

Comment: Re:Mine was stolen and I got it back, here's how: (Score 1) 765

by Zanth_ (#32888780) Attached to: Retrieving a Stolen Laptop By IP Address Alone?

They were insured. That wasn't the point. The point was the access to the office without damage to get in. The point was finding out who could do this with such ease. The point was tracking this person down not only to further prevent such thefts but also to leverage this info to get better security around labs and high profile offices. All of this is now successful because of what we did.

Also, thankfully as a well-pair scientist and lawyer I know the difference between petty theft and grand theft unlike you. The person now implicated in the theft stands to serve a minimum of 7 years because this isn't his first felony. The others get 18-24 months for possession of stolen goods at a minimum, one other looks like they will get 5+ because of a criminal record that is quite lengthy. People may not like lawyers but they sure as hell love what they can do to get folks out of a pickle.

Comment: Re:Mine was stolen and I got it back, here's how: (Score 1) 765

by Zanth_ (#32888706) Attached to: Retrieving a Stolen Laptop By IP Address Alone?

Have to agree AC. With encryption and a good hardware level password, the stolen laptop would be almost useless to the thieves, even making it hard to sell it. The process would become more like/

1) Purchase new replacement from insurance process

2) Restore from a backup and move on!

If you _REALLY_ wanted to see "vigilante" style justice served in the case of such thefts, partition the drive as follows. One partition is a securely encrypted OS that you use. The other is Windows. Set the default to automatically boot Windows and load it up with backdoors, keyloggers, automatic webcam capture to web etc like people have already described.

Petty theft is under $5000 in Ontario. This is grand theft and the problem was more serious as the theft involved absolutely no damage to the premises. Someone had access to a master or sub-master key. Secondly, there is some back-story to the break-in wherein we had a suspect in mind but couldn't prove it (past break-ins, vendetta etc).

Encrypting the hdd was a non-starter because of performance with a VM we must use. That's an internal IT decision not ours. This was a work system and therefore needed to be on the intranet. The filesystem encryption was dramatically slowing down the VM we would use on a daily basis. Truecrypt was used for the sensitive data. We weren't paranoid about data loss. We had plenty of backups as I mentioned (mirrored systems, back-up to the university servers which are themselves backed up regularly).

The key was tracking down the perp and getting some answers. Which we did and this has forced the hand of the university to install cameras outside the major labs (something they resisted), increased security around the master keys. Decreased the number of people who have access to those keys regularly etc. etc.

In the end, it worked out and with not too much effort. The upside is that a whole lot of other people got their computers back, along with some other pricey items stolen from offices, labs and other places off campus.

Comment: Mine was stolen and I got it back, here's how: (Score 4, Interesting) 765

by Zanth_ (#32883732) Attached to: Retrieving a Stolen Laptop By IP Address Alone?

I actually just went through this exact situation a week ago. Here's my story and how I was able to get the computer back with the cops' help. My country (Canada) works very similar to most US states so hopefully this will help you.

Our outfit is into tech in a big way. We are all scientists of some sort and up and up on O/S, security and the latest tech gizmos. When my boss wanted to upgrade his systems to dual Macbook Pros, we immediately setup s mirroring system where he could be perpetually synchronized between his office and home with automated backups to the university servers. We had a script I had written to do much of this along with posting an IP address every hour in 24 blocks. We also were using Log Me In so that he could remote control his systems. The server ran on startup and wasn't viewable in the taskbar as my boss hates clutter.

Anyhow, we had two separate systems that were capable of posting IP addresses when online.

Three days after the theft we started getting IP writes in the logs.

The first and major things we both had to do was 1) restrain ourselves from doing absolutely anything to jeopardize the comp from going offline 2) contact the police immediately with the IP information.

Before we contacted the police again, I had determined where the IP was coming from (a home account from a major ISP). We waited another three days, consistently getting the same IP posting. We then went back to the police. Like the OP, they view a computer theft as insignificant given their work load. They saw a wealthy scientist ($500k/year) who had lost out on a $5000 laptop (Macbook Pro 17" with all the fixins) containing $30k of specialized software (and we had the discs of course to reload) a digital project worth $1.5k and a few other smaller items. Even though this was over $5000 (which is like a felony in Canada), they simply weren't able to provide us with much help. They knew what a computer was and even an IP but after that they were deers in headlights. I requested to speak with someone in their cyber-crimes division and I was told that because of the G8 and G20, I was out of luck there.

Not unlike research institutes and universities world-wide, this police department fought for funds internally and also internally, departments would "pay" other departments for work. In this case, because it would be a "special favour," during an immensely chaotic time for our police forces because of the heads of states well, they simply said no to all those requests.

Here is where things got both fun and tricky but I think could work for the OP.

A consistent IP can easily be traced to the ISP. If the IP is consistent over a select period of time, a motion can be filed before a judge and a warrant issued to get the personal information of the person owning said account. I happen to be a trained lawyer, so the detectives were really open to what I was suggesting, and since I also happen to be a computer scientist who does research into security as well as other things, they viewed me as an expert in the field. The first warrant was sought and granted within two days of us suggesting this avenue. This is your first MAJOR task and one that will be the most fruitful.

Legally, I was able to log into the stolen computer without comprising any investigation because I was about to be "contracted" by the police department to do what their cyber-crime division wouldn't do but could: gain network access and collect as much data as possible.

I did this and eventually worked around the router (a joke given the default settings that existed) and then the grey area began where we required another warrant: checking out the other comps on the network. While the search warrant was being issued for this, a SECOND warrant (and really the only other one we needed) was being issued to search the premises the cops received via the ISP. The IP had been consistently posting with the same address over 10 days and staying online for 6-10 hours at a time. I could have taken video of the thief/thieves or recorded their audio, taking pics, whatever the cops wanted, but ultimately the KEY was the personal info from the ISP.

In the end, I was able to gain access to 6 other computers on the network, only one belonged officially to the group of guys and the others were all stolen. The day after they had authorized me to do all that, the same detectives had gone out and busted the punks. A nice little arrest of a medium sized theft/drug ring. The cops were completely unaware about these guys, so they got a nice little kudos to their case cracking quota for the year. Regardless, despite all the fancy leveraging I did to get access to the computers the ONLY really important info was the ISP user account info which again was all the ocnfirmation the cops needed to get a search warrant. The tiny print indicated that the comp had to have been online within 12 hours from the time of issuing to the time of the search. Not a problem if the cops are motivated enough to go through with this. With a warrant in hand, they certainly were.

The guys who were busted in my case weren't necessarily the guys who broke into the office. I'm now doing some forensics on the stolen computer and providing info to the cops which again, I couldn't do without authorization from the department. So our case in ongoing, the guys are now out on bail but the best part is that we have the hardware back and the very trivial method of retrieving the IP and finding the ISP lead to the search and ultimately the arrest. With the extra info I've now gathered, they won't simply be charged with possession but will now be charged with grand theft.

So a quick recap:

1) log the IP addresses over days
2) supply this information to the cops in the nicest way possible
3) request a warrant to confirm via the ISP
4) keep logging the IP!
5) get a search warrant
6) get your kit back

Data Storage

A Yottabyte of Storage Per Year by 2013 246

Posted by CmdrTaco
from the more-bits-please dept.
Lucas123 writes "David Roberson, general manager of Hewlett-Packard's StorageWorks division, predicts that by 2013 the storage industry will be shipping a yottabyte (a billion gigabytes) of storage capacity annually. Roberson made the comment in conjunction with HP introducing a new rack system that clusters together four blade servers and three storage arrays with 820TB of capacity. Many vendors are moving toward this kind of platform, including IBM, with its recent acquisition of Israeli startup XIV, according to Enterprise Strategy Group analyst Mark Peters."
Microsoft

+ - Vista DRM: Longest Suicide Note in History

Submitted by enos
enos (627034) writes "Peter Gutmann describes the consequences of Vista's DRM including the intentional crippling of functionality, unnecessary burdens on hardware manufacturers as well as unintended side effects. For example, Vista automatically and silently reduces the quality of audio and video on untrusted devices when "premium" content is present. This can have life threatening consequences when used in medical imaging where the compression artifacts can be misinterpreted."
Christmas Cheer

+ - Santa Claus and Solar Flares

Submitted by Jerry Rivers
Jerry Rivers (881171) writes "As Christmas approaches, The Bearded One is preparing for his annual World Tour by making sure communications with his elves won't be interrupted by an unexpected solar flare. Enter Andrew Yau, Department of Physics and Astronomy at the University of Calgary and Santa's own solar watchman, who has calculated not only if there will be any radio interference as Jolly ol' Saint Nick circles the globe, but also how all this gift giving to over a billion children is even possible. The National Sciences and Engineering Research Council of Canada explains http://www.nserc.gc.ca/news/features/2006_12_22_e. htm."

"No problem is so formidable that you can't walk away from it." -- C. Schulz

Working...