Free Software Tracking a Stolen Computer? 137
JeffTL asks: "By necessity, I carry around an Apple iBook running OS X Panther. In the event of its theft, I would like to have the thing send me its IP address, not only for the benefit of law enforcement but also so I could SSH in and trash my personal data with srm, while doing an SFTP backup of anything I forgot to back up. I am not really wanting a subscription, so I am looking for a free-as-in-beer (and if anything beyond a shell script is involved, free-as-in-speech would be much preferred to make sure that no one else is getting anything). Currently, I have a bash script that can create a report, and I am thinking about sending it using either e-mail or FTP. I am considering setting it up to where it only starts barraging me if a specific code is posted to an HTML document of my choice. Is there already something like this in existence somewhere for free? If not, does anyone have any pointers on how this can be done?"
www.no-ip.com (Score:3, Interesting)
Re:www.no-ip.com (Score:2)
No-ip would, in fact, let them get the current IP.
But what if they're behind a NAT, with no port-forwarding?
Re:www.no-ip.com (Score:2)
A few suggestions... (Score:5, Insightful)
Another thing you might want to look at is using an IM protocol with the language of your choice, and allowing remote command execution (with certain precautions such as command signing with a private key). For example, grab the Perl AIM module, create a server, add some way to sign commands (i.e.: if ( md5($msg . 'someprivate') eq $msg_key ) { shell($msg); } or something like that -- that's just off the top of my head so it may not be perfect).
Re:A few suggestions... (Score:2, Informative)
Re:A few suggestions... (Score:3, Insightful)
Keep in my mind that this will give free access to the "secure ssh server" to the laptop's new "owner". (i.e. if he discovers your tunnel he then has access to the shell on your ssh server as well as your laptop).
Re:A few suggestions... (Score:1)
Re:A few suggestions... (Score:3, Insightful)
You can do a bunch of things. (Score:3, Insightful)
ssh user@somewhere.com "ssh `gethostip -d [machine name]`"
Set up your keys correctly, of course.
Of course, this can cause problems if the thief is clueful and bothers to poke around.
Netcat could also be very helpful here.
Re:A few suggestions... (Score:5, Informative)
Admittedly, this is slightly (only slightly) off topic, but how does one do that with the ssh tunnel, so you can go back in from outside the computer that started the ssh session?
Here's one way. I'll ssh from mercury to ceres so that ceres can ssh back to mercury.
First ssh from mercury to ceres:
The "-R 5555:127.0.0.1:22" switch means, "on the remote end (ceres), please make port 5555 connect to 127.0.0.1 (mercury), port 22 (ssh)."
Now, on ceres:
This says to ssh to port 5555 on ceres, which is really the ssh tunnel established by the ssh we did into ceres from mercury.
SSH tunneling is a many-splendered thing.
Re:A few suggestions... (Score:2)
Re:A few suggestions... (Score:2, Informative)
dyndns.org (Score:5, Interesting)
Re:dyndns.org (Score:1)
Re:dyndns.org (Score:3, Insightful)
Disable single user mode. You can also disable the ability to boot from CDs and Firewire disk mode; it's called "Firmware password."
Re:dyndns.org (Score:1)
and reset the PROM 3 times in a row (hold down Command+Option+P+F)
then password (and all other PROM settings) no longer exist.
Re:dyndns.org (Score:2)
Re:dyndns.org (Score:2)
So, I guess you have to weigh enhanced recovery chances (and the ability to trash your files) with security (that could be gotten around if they really wanted)
I used to do that! (Score:5, Interesting)
You can be SURE that if a laptop gets stolen, the kids that wiped it are going to take it straight to their local geek who will boot the machine off a CD and wipe the drive. Usually stolen goods go right into local low-level organized-crime units for 'laundering' and appraisal.
My advice is to not allow your iBook to get stolen in the first place. I tote my PBG4 AL with me everywhere I go, it's never out-of-sight, not even when I hit the bathroom at my local coffee joint. Do backups and get homeowners/renters insurance on it and encrypt your home folder.
Re:I used to do that! (Score:2)
Sorry, but according to what you say next you did.
Buying, storing and laundaring stolen goods is no different from actually going out and stealing.
Re:I used to do that! (Score:2)
Where you draw the line of responsibility is your own business, but providing a service to criminals is certainly very different than committing criminal acts.
*nix it (Score:1, Informative)
Re:*nix it (Score:3, Informative)
If they're behind a NAT, you'll get an email that says the IP address is something like 192.168.x.x or 10.x.x.x
That won't be very useful.
How about
perhaps?
Re:*nix it (Score:4, Informative)
If behind a NAT the heders will reveal the external IP of the originating network, *not* the internal IP of the client machine.
Re:*nix it (Score:2)
The body of the message will still contain the output of ifconfig which will be the 192.168.x.x address, but I forgot about the mail headers.
Re:*nix it (Score:2)
Port 80 is one's best bet, the network connection could be behind a proxy rather than a NAT.
My laptop tries to connect home at boot, anyway, to mount it's remote file systems.
If one configured it to use your home net as a VPN or even just Web / Pop3 proxy you could also happily snoop at whatever activities they're getting up to. You might have more fun *not* getting it back!
Re:*nix it (Score:2)
That won't be very useful.
It could be, if you install some kind of port forwarder or VPN daemon onto your laptop, so you can login from anywhere. If it has been stolen and connected to some intranet, you can sniff their passwords, read their email and h4x0r their infrastructure into nirvana.
Just wait for Apple DirectProtect (Score:5, Funny)
Re:Just wait for Apple DirectProtect (Score:1)
Very simple possibility (Score:5, Insightful)
If this is a kid who plans to pawn it or sell it on eBay, or possibly just use it, they might plug it in to make sure the Internet works. What's the first thing they'll run? The web browser. It's just a web browser, that couldn't hurt right?
All you have to do is set the browser's home page to a page on your own site, not linked from anywhere else. If your laptop gets stolen, you could activate some PHP in that page to send you an email or SMS. The IP address will be logged, so you can (maybe) SSH in and do your dirty work. If the user has a firewall, that would be a problem.
But anyway, this is a pretty easy way to do it. You could even just start up the web browser on boot, and if they are on the Internet, they're nailed.
Re:Very simple possibility (Score:1)
Re:Very simple possibility (Score:1, Offtopic)
Re:Very simple possibility (Score:1)
Re:Very simple possibility (Score:2)
If it has been stolen for the possible value of *data* on it, then it is highly unlikely that it will ever be connected to the
Re:Very simple possibility (Score:3, Funny)
Re:Very simple possibility (Score:2)
If this is a kid who plans to pawn it or sell it on eBay...
At this point your laptop is pwned, maybe even pwnx0rd.
Easy way out (Score:1)
Re:Easy way out (Score:5, Funny)
ifconfig | mail -s YOUR LAPTOP WAS STOLEN email@isp.com
mutt
eth0 Link encap:Ethernet HWaddr DE:AD:BE:AF:00:00
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14883222 errors:0 dropped:0 overruns:0 frame:0
TX packets:6501247 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3309542786 (3.0 GiB) TX bytes:385138942 (367.2 MiB)
Base address:0xbc00 Memory:fc9e0000-fca00000
Whoo, now I can get my laptop back!
(of course, you could trace the email, but that's too easy
Re:Easy way out (Score:3, Interesting)
Re:Easy way out (Score:2)
eth0 Link encap:Ethernet HWaddr DE:AD:BA:BE:CA:FE
inet addr:143.195.110.18 Bcast:143.195.110.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:459457 errors:0 dropped:0 overruns:0 frame:0
TX packets:295450 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:506790219 (483.3 MiB) TX bytes:34725675 (33.1 MiB)
Interrupt:
Re:Easy way out (Score:1)
Isn't a custom BIOS needed? (Score:5, Interesting)
A quick search turned up this [crn.com] which seems like a good idea. Also this site [tuxmobil.org] discusses varies ideas to make theft and reselling more difficult.
Re:Isn't a custom BIOS needed? (Score:2)
No need to mess with the BIOS, your bootloader could do the work.
for x86 you could extend : http://btmgr.sourceforge.net
Re:Isn't a custom BIOS needed? (Score:3, Informative)
Not if the disk is whiped clean before boot.
Re:Isn't a custom BIOS needed? (Score:1)
Re:Isn't a custom BIOS needed? (Score:1)
Use a web page? (Score:4, Interesting)
My useless reply (Score:1)
Re:My useless reply (Score:4, Informative)
dyndns? (Score:2, Insightful)
Of course, this doesn't do anything to help you get into the machine if it's behind a NA
Re:dyndns? (Score:2)
Wouldn't be just as easy to have it VPN to your home network (or ssh with tunnels). This would allow access even when behind a NAT.
It should also send the results of a traceroute to help find the external address.
I think IPSEC is a much better idea then dyndns.
Why not... (Score:5, Interesting)
If that isn't good enough for you, and i don't see why it wouldn't be, have your web browser's home page(or an applescript that runs every time it verifies a network connection) to post to a 'secret' webpage you have on your site... have it post its information(ip, blah blah) and timestamp it... this way, you have a clear record every time the laptop has a connection, and you can just take note whenever it has an entry while NOT in your posession.
Re:Why not... (Score:2)
Pack it with thermite! (Score:5, Funny)
Or you could just use a crypto filesystem to protect your data, and claim the stolen laptop on your household insurance..
Re:Pack it with thermite! (Score:2)
Re:Pack it with thermite! (Score:1)
Re:Pack it with thermite! (Score:2, Funny)
Do it like this, for example (Score:5, Informative)
crontab -e
0 * * * *
The file
#!/usr/bin/bash
wget http://your.host.name/stolenweb.html
if grep "It is stolen" stolenweb.html ; then
[generatereports and send it off]
fi
rm stolenweb.html
It's a really rather simple setup that checks the webpage once each hour. If the webpage contains "It is stolen", then you do the reports-generating and whatever.
Re:Do it like this, for example (Score:2)
one can also do this on windows, if one downloads wget.exe
Re:Do it like this, for example (Score:2)
Re:Do it like this, for example (Score:2)
Give me a break (Score:5, Insightful)
Expecting that whomever steals it will merrily go home and plug it into an ethernet jack is a bit too much, I think.
Re:Give me a break (Score:2)
why bother, make it a paper weight. (Score:2)
So does this mean that your laptop is set to auto log-in?
Anyone who get's their hands on your laptop can just access your info with no safeguards? If so, then keep nothing on your laptop.
OR,
You could go into Open Firmware, set a password so as the machine can not be booted from a CD or firewire drive (without the pw of course), set a decent password for your log in, and the forget about worrying whether your laptop gets stolen. Because the only way that some form of script is going to work for yo
Re:why bother, make it a paper weight. (Score:5, Interesting)
lol, if you think some lame BIOS password you could well have a stiff surprise waiting the day they take the HD out!
Without encryption
Physical access == data access
Re:why bother, make it a paper weight. (Score:3, Informative)
At home and away, keep your valuable documents safe with powerful AES-128 encryption. FileVault automatically encrypts and decrypts the contents of your home directory on the fly. [apple.com]
Re:why bother, make it a paper weight. (Score:2)
Re:why bother, make it a paper weight. (Score:2)
My Point was that any way you look at it, you are not getting your laptop back with some silly script. If they take out the hard drive, they are taking out where the script resides.
crap, crap, crappity crap crap (Score:2)
Don't forget.... (Score:2)
If the thief reads the email s/he can delete it from the server. Not to mention all the other stuff they can do to cause you problems.
Re:Don't forget.... (Score:2)
In that case, you are a loser. You should not to that. Never. Ever. If you do, you're one of the wankers that causes insecurity.
Re:Don't forget.... (Score:1)
You mean 'one of the wankers' like RMS [omnipotent.net]??
You should talk to a therapist about your feelings of insecurity.
cronjob for dynamic IP address reporting (Score:2, Interesting)
This scheme should work fine for stolen computer unless they disable this cronjob (or whatever in other OSes) or reinstall software completely.
Re:cronjob for dynamic IP address reporting (Score:1)
fsck (Score:2)
If, on the other hand, I am interested in the data it contains, I'd remove the hard driver and dd it somewhere else.
Re:fsck (Score:2)
Re:fsck (Score:2)
Re:fsck (Score:2)
i dunno... (Score:1)
Re:i dunno... (Score:2)
There are a lot of stupid thieves, though, who'd turn my computer on in a WiFi network, and if I stuck something in the init scripts, by the time they'd be to login their IP would be divulged.
As for smarter thieves who erase, well, then my business is done, I hand the serial over to the cops and the insurance company, stick the iPod in another computer, and hit
Re:i dunno... (Score:2)
Good ideas above, but review... (Score:5, Informative)
Start by checking the apple.com website and see what options you should begin with. One observation above is to use File Vault to secure your personal data. This is all well and good, but it makes it tough to take one of the later steps.
In the event of its theft, I would like to have the thing send me its IP address
As has been noted this is not difficult. Set up a cron job, or even a boot job to find out the laptop's IP address (ifconfig |grep inet |mail me@myisp.com -s 'iBook's IP") and you get the ip on the lan in the body of the e-mail, and the external IP in the headers. Presuming smtp is not blocked. If you install the perl libraries for Jabber, you could even send a jabber message via a similar process.
Note that if you have been rsync on a regular basis to backup your personal data, which can be done across an ssh session, you may not need to do any sftp backups, and you could have a cron job take care of this so you are covered.
Several of the posters above have noted that you could use wget to pull down a "hidden" page on your personal web server with instructions. For that matter you could build a script that would be posted to that page, perhaps with a marker character before each line, (such ah $) that you grep out of the downloaded page, cut the first character out of the line, then save it with a random name, chmod the file to executable, then execute it. At that point the script could be doing anything you ask of such a script. Including downloading executables, and even running 'dd -if=/dev/null -of=/dev/disk0' to wipe the hd yourself.
Elsewhere others have noted that if the thief wipes your hard drive before they re-boot it, none of this works. That's as good of a reason as any to schedule backups of your personal data. It won't help you recover the laptop, or tell the police where the laptop is, but at least you have your personal data.
This also won't help if your laptop is not connected to a network of some sort. If they pull your HD and toss it into a second computer as a secondary drive, then you will want to have all of your data in a 'file vault' to restrict access. Sure with enough time they can break the encryption, and ultimately start performing identity theft on you, but the time involved is unlikely to be worth it to such a person. It's far more likely that they will wipe the drive, pawn the laptop, and hunt for another laptop that is not going to take so much effort to access the user information on.
Then again, these are just my opinions. I have been known to be wrong, so I do wish you good luck.
-Rusty
Re:Good ideas above, but review... (Score:2)
From the Windows world of yore... (Score:2)
I wrote a little app that first checked for an active network connection (we can't assume they are using ethernet. They might be using dial-up and we don't want to trigger a dial-up connection prompt if they aren't expecting it by trying to send data). If the machine was connected to the network it then visited a specific web page where I could post commands. The HTML documen
I am no expert. (Score:2)
Assume you'll never get it back (Score:4, Insightful)
1. Perform regular backups. You'll have all your data, so you don't care about getting that back.
2. Use filsystem encryption software. Built-in, aftermarket, whatever. Ensures they can't put your hard drive in another machine. If you're that worried about it, use VNC or remote desktop to control a system at your office/house and never store any information on your local machine.
3. Have insurance on it. Homeowners, business, whatever, just so you don't have to pay to buy another one.
Otherwise, I say they can keep it and I'll just get another one. I wouldn't mind having a faster laptop anyway.
One question for everyone out there, do you know the serial number of your laptop? I can't imagine anyone has that written down somewhere safe. How can the police prove the laptop is yours if you only know it's your because it has a SuSE sticker on the lid?
It doesn't hurt to have BIOS and power-on passwords either. The casual theif will not be able to get past them and will probably dump the unit somewhere or possibly try to return it saying "they found it" somewhere. Never use auto-login and use good passwords on your account.
IBM has some good laptop security features out there now. I believe part of it is some sort of hardware encryption for your hard drive. Not sure what Apple has, but IBM has definately stepped up to the plate.
Good luck.
-m
Re:Assume you'll never get it back (Score:2)
It's easier than that (Score:2)
write a simple script in bash, using wget, to fetch the document (wget can supply the password)
the password keeps anyone else from hitting the url
Any other information you want sent, have wget stuff into the referer header
Have init run the script (don't put it in your profile, cause then a login will be necessary to run the script)
Now, if your laptop gets stolen, just check the logs!
who wouldn't format a stolen computer? (Score:1)
cron job. (Score:2)
I've done that for just keeping track of computers with static ips.
Serial Number (Score:4, Informative)
Make it send you the serial number
Check out this link on macosxhints: http://www.macosxhints.com/article.php?story=2004
It describes how to write a bash script to get your machine serial number! Very, very cool.
BOL
Bard
Don't forget to add a prayer to the list (Score:2)
In the archives? (Score:2)
Did anyone find out exactly what happened out of that? (or was it FOAF/UL?)
NTP? (Score:2)
Just like an alarm sticker on a car (Score:2, Funny)
What if there's a firewall? (Score:2)
A better solution would be to create a server in a fixed location (with a fixed IP address) which a script on the laptop periodically polls.
If your laptop is stolen, you flag the server with some message. When the script on the laptop polls the server, if it sees the flag, the script knows to start trashing stuff.
As for backing up stuff, well, you should be doing that before the
FileVault question (Score:2)
I gather there's no data loss any longer -- however, I still hear reports of periodic loss of app settings and the like.
Can anybody tell me their experiences? Is it worth taking the plunge? I like the idea -- if anything because it would make homedir backups to my iPod quite painless.
I don't think most people would wipe (Score:2)
Curiosity will kill the cat. Who can't resist seeing what's on there. ID Theft freaks would have a feild day! Maybe something of value to your competition? It's a treasure trove of intelectual property.
The easiest thing to do is to boot it up. Bingo. if they plugged into net or wifi or dialup you can get SOME information. Dialup is hard to do, since most things don't get a phone line. But someone intrested in pulling
if only it was a windows laptop (Score:2)
Re:erm (Score:1)
Food for thought though: Wouldn't it be more easy for them to hack it in the first place the stolen computers when they know there is only one security feature triggered in the BIOS? Then they would whipe out the whole hardisk, case done. It would still be advisable to use a cron job or dynamic dns addressing.