A while ago, my house was broken into and my laptop got stolen, there was 5 years worth of personal projects, photos and just stuff that was worth more to me than the thief probably got from the ancient laptop itself.  As far as security goes - generally you're advised to take photos of your electronic goods, make note of the serial number and perhaps paint some identifying mark in UV paint.  On the non-physical side, it's recommended that you encrypt your hard drive to protect your information, but I've been thinking recently:

I'm not satisfied with just knowing that my data is safely encrypted and I'll get my insurance money back.  I want my damn laptop back, or at least I want to see the thief get prosecuted. 

So my thought is this:  Why should I not install a rootkit that mails me every X time-period that the computer is connected to the net with its IP address?  I'd encrypt anything valuable on my hd and I'd leave a guest account with limited privileges open so the thief would have a greater chance of logging in with it.  This way it would be comparatively trivial to track the thief physically if not be able to identify them directly through an ISP accout.

At this point in my line of reasoning though, I had this sinking feeling as I had a vision of the only conclusion of this line of thought: Security Companies that supply rootkits which dial home to their servers with identifying information.  They would sell this as a guaranteed way to ensure that either your computer hardware is recovered or the criminal prosecuted or both.  "get kitted" the slogans would scream, and it would be the latest thing to have a security rootkit addon installed.  Worse yet, what if the government encouraged this scheme and/or provided these tools to everyone for the same reason... Not that I'm anti-authoritarian, but I'm slightly paranoid about this sort of thing. 

Anyway: Thoughts?  Rootkits are not something I'm at all familiar with yet. Would a "white hat" root kit like this be feasible option? 

Thoughts, comments?

Nick.

Yeah, I'm going to go the same route as RR on this. I've thought about such an idea in the past as well, some sort of "phone home" thing to trace the laptop.

In most cases, as RR mentioned, they are either going to A) format your drive and reinstall the OS, B) replace the drive or C) sell it as-is so someone else can deal with it going about A or B.

If they want to look at the data (and this is what I would do), they probably won't boot the laptop. Instead, they'll just extract the drive and use something like an IDE/SATA-to-USB cable to hook it up a separate computer.

The best approach is to simply make use of backups. Then when something like you've encountered does happen you get the insurance money, get a new laptop, and reinstall your data

BillV

looks like there was a slashdot article about adeona also with some interesting comments from people.

I also found this thread just looking through this site.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1796.msg7055/topicseen,1/#msg7055

I think I'll investigate it anyway - if they steal a computer and re-image then it's no different from them not re-imaging and not having a piece of tracking software installed.

hmmm.... 

Not surprisingly you're not the first person to think of this. I do remember some products that would send an email out periodically but in reality this will have limited success.

• If your laptop requires a password to log in then the thief will be unable to log in in order to set it up on their network so no mails can be sent.
• If the laptop automatically tries to obtain a network connection using wifi for example there's a good chance that it will encounter a WEP/WPA secured network and be unable to connect. If it does find an open network there's no guarantee it will belong to the thief.
• Getting law enforcement to take seriously your claim that your stolen laptop emailed you and then having then request contact details from the ISP, conduct a search etc. could be difficult.

For high-value systems a fully working approach would have to have be self-contained and self-sufficient. A combination of a cell phone network card, GPS and a webcam could mean that a system could phone home, give it's GPS location and take a picture of it's surroundings if it is simply booted up. The price of this solution could be greater than buying a low-end laptop and less effective than good physical security.

There probably is a market for this in government departments for example. Being able to trace lost or stolen laptops could be useful. If the GPRS data system was keep powered up even then the laptop was shut down it could be possible to phone your laptop and get a status report. This of a laptop acting as a very large cell phone.

Jimbob

We use computrace at work. There are two ways that it can trace the location. 1. It reports in based solely on IP address. 2. It uses a built in 3g card, or GPS to send a location,

The best use for this tool however is not recovery, but automated destruction of data. If a laptop is stolen, you can configure the tool to be told to wipe the drive the next time it reports in.

If you ahve teh right model of laptop, for example Lenovo and some HP models, computrace is integrated into the BIOS and can wipe the drive even if the thief is running off of an external boot disk such as a livecd.

.

Lol, don't hold your breathe on that one, as long as data is worth money, it will never be secure.

I was just about to post the same thing.

I've actually been reading Reversing by Elad Eilam which has a chapter on reversing malware with an example of a bot that signs into an IRC channel to accept instructions.  I knew this was how botnets worked but I have never examined a trojan's code before.  I thought I might have a go at writing my own modified version for my laptop rather than paying for a licence for commercial software.

I wouldn't mind starting a sourceforge project (if there isn't one already) on it but it could easily be used maliciously I guess....