Spying on a stolen laptop

Saturday, November 7, 2009

Imagine your laptop gets stolen. Wouldn't it be great to remotely spy on the machine and get it back?

Clair Fleener, chief executive of IT outsourcer InertLogic, got that chance after a laptop belonging to a customer was stolen.

Fleener was instrumental in the investigation that led to the recovery of the laptop, monitoring the activities of the laptop user for two weeks using remote software and sharing the information with law enforcement in Omaha, Neb.

The story starts back in mid-May, right around Mother's Day, Fleener recounted this week. Someone broke into the car of an employee working for an InertLogic customer and stole the laptop, which had work and personal information on it.

Months went by before anyone realized that technology InertLogic uses to help manage equipment remotely was sitting on the laptop and could be flipped on to monitor it. The technology, from Kaseya, captures screenshots from remote machines and can be used to install keyloggers, as well as record audio and images from a Webcam.

Fleener relied only on the screenshots that were taken captured every 5 or 10 seconds to see what the user of the laptop was up to. Within a short time, he learned the name, address, and other sensitive information about the man using the laptop. (Fleener is careful not to accuse the individual of being the thief because there is no proof of that.)

The man visited Facebook, MySpace, and other social networks, according to Fleener. He used Google to search for auto parts and did queries on how to remove security tags from merchandise. He looked at porn and made pirate copies of DVDs, including "Harry Potter and the Half-Blood Prince." Every time the laptop went online, typically on weekend nights and never on Tuesday, Fleener and others got paged.

Benjamin Lavalley, a senior engineer at Kaseya, figured out that by looking at the nearby Wi-Fi access points and doing an online map search, they could try to find out the exact location of the laptop.

The list of Wi-Fi access points indicated that an AT&T store, a Burger King, and a Cubbies restaurant were all nearby. Lavalley searched Google Maps for a location with those merchants in close proximity and narrowed the location down to a spot about 20 miles away from where the laptop was stolen. A drive-by confirmed it--the laptop appeared to be in an automotive shop and gas station where the man using it happened to work.

On Wednesday night, about two weeks after the sleuthing began, sheriff's agents went to the auto shop and caught the man using the laptop.

"He had a cover story and it was pretty well thought out," Fleener said, explaining why no arrest was made. The man claimed he had bought the laptop from a customer of his for $500 and didn't know it was stolen. Despite losing the money, he handed the machine over with no objections, Fleener said.

"It's like every movie or TV program where there's a mystery involved," Fleener said of the investigation. "You find yourself getting involved in the story. It was very exciting."

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.