.

Stolen Laptop - How to access it?

<<

Smythers00

Newbie
Newbie

Posts: 1

Joined: Mon May 23, 2011 11:54 am

Post Mon May 23, 2011 1:12 pm

Stolen Laptop - How to access it?

Hi All,

This is my first post on the forums so my apologies if I'm off topic or in the wrong forum. I'm also a newbie at ethical hacking - a complete virgin if you will, although I'd like to think I do my research before jumping into things like this.

About two weeks ago, my wife's laptop was stolen.  Of course we've called the police,  and I was surprised to see they're actually doing a pretty good job of investigating it, they got surveillance footage of the thief in action, along with a good picture shot.  We've reported the loss to all the appropriate peoples/companies, changed all our passwords, and all that prudent security junk.  Unfortunately I had no anti-theft software on it, so no real way to check in with it.  I do, however, have all the information like the mac# (which doesn't seem to do me any good as I don't have the ISP).  Personally, I'd written the laptop off and already replaced it and I thought I moved on.  It was a cheap laptop, bottom of the line, really. It sucks to have lost it, but I didn't lose too much sleep over it.

However, about a week before it was stolen, I set up Microsoft Windows 2010 Pro on it and the wife and I use Outlook calendar to set our schedules.  We've set it up to share our calendars with each other online.  Today I got an email showing me my wife's calendar for today - for the first time since the laptop was stolen.

So this got me wondering... is there a way to exploit this, to somehow get onto that laptop and install some kind of anti-theft software, or Log Me In, or something like that?

Any thoughts?

P.S>  Now using Prey: http://preyproject.com  on all of my machines.  I'd welcome your thoughts on it.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon May 23, 2011 2:49 pm

Re: Stolen Laptop - How to access it?

Everything I can come up with, more or less involves getting the user to click on something. Either to go to a website and log the ip address, or to install something.

If they're going through her outlook, that would indicate to me, they're looking at her mail. Maybe send an email, let them know they are using stolen goods.

If you're luck, you get the hardware back, or the data, or something.
OSWP, Sec+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon May 23, 2011 3:01 pm

Re: Stolen Laptop - How to access it?

I will respond to the prey portion of the question...

Prey works when a lowly thief with otherwise zero experience steals your laptop sure. But what can it really tell you? The reality is, nothing worthwhile. It will place them likely via a geolocated fixed address of what it interprets. Now... I live in CT, whenever I use cable @ home, I almost ALWAYS resolve to an IP address in Rhode Island. Whenever I connect from work, I get news.google.co.uk even though my IP space is in the US. So what do you think prey will do other than prey on your wallet?

So let's take a quick look at how prey would work: Windows starts up, application/service is started: "Hey look at me! Here is my IP" --> prey servers. So what? 1) Does nothing if someone formats the drive. 2) Does nothing if someone firewalls OUT preys connection. 3) Does nothing if someone goes through the start up services and turns it off.

About I don't know 5 years ago or something when a company named Absolute (LoJack for Laptops) touted the same thing. I systemically dissected their BS and publicly called them out on it (see link if you'd like). Doesn't work as much as they would like you to *think* it does. It will work against junkies who need a quick hit and petty thieves though. All it will do is say: "Look the petty thief who stole your machine logged in from an IP somewhere in the world"

What was funnier was when Core Security found even more issues 3 years after me (second link). Your best bet to secure your data is boot level encryption. (TrueCrypt). The likelihood of you retrieving a laptop is really low unless you live in a densely populated location.

http://cryptome.org/lojack-hack.pdf
http://www.zdnet.com/blog/security/rese ... ptops/3828

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software