In Kuala Lumpur, leaving your notebook inside your car is a huge mistake. You think leaving them in your trunk or hidden somewhere in your car is safe but in fact it’s not. You see, every notebook/computer has a battery to keep the CMOS settings. That’s why even if your notebook battery is totally flat, the time is still current. It seems that these laptop thieves possess some kind of device which is used to scan for live battery. When they got a signal of a live battery, they’d take the chance of breaking in your car and look for the laptop or mobile phone. Everyone knows it’s either under the seat or at the back of the trunk.
Here are some of laptop theft facts:
Here are some ideas which you try to use to recover, track and locate your stolen notebook.
There are popular software such as LoJack for Laptops and Stealth Shield Computrace which claims to be the leading theft protection service that tracks, locates and recovers stolen laptop and desktop computers.
From what I see, it’s not as high tech as car recovery system using GPS. Here’s how Lojack and Computrace track and locate stolen laptop. Software installed on your computer works behind the scenes to silently and securely contact the software provider Monitoring Center, and if stolen, reports its location using any Internet connection.
The Recovery Team then tracks the stolen laptop’s location and partners with local law enforcement to get your computer back. They even guarantee that if your stolen computer is not recovered in 30 days, you’ll receive a full refund for the purchase price of the software. The most important factor here is the local law enforcement and Internet Service Provider. To track a person’s location, all they need is the exact time and IP address. They report it to local police, and the police will hand over the IP address and time to Internet service provider to track the phone line that’s being used.
In my opinion, the software works pretty much like Trojan with reverse-connection except it is a legitimate software and used for non-malicious purposes. I will explain a little on how reverse connection trojan works. The hacker will run the client and build a server first. The hacker enters his own IP address and port that the server will connect to. There might be other features such as plugins and etc. The server is sent to the victim. Once the victim run the server, it will start connecting to the hacker’s IP address. All the hacker need to do is run the client program and listen to the specified incoming port. When it’s connected, file manager, webcam capture, screen capture, keylogger and many other feature can be used on the victim.
Let’s say my laptop has got a built-in webcam and I infected myself with a remote administration trojan. If my laptop gets stolen, I immediately run the client on other computer and wait for my stolen laptop to go online. Once it’s online, it will automatically connect to my computer. I launch webcam capture, and I can get a snapshot of the thief’s face. With the IP address, time and picture, there’s no running away! Seems like a pretty good idea to me! However, please be advised not to simply use any trojan because some might be backdoored.
Here are my suggestion on what you can do.
1. Subscribe to LoJack or Computrace service.
2. Use LocatePC
- LocatePC is a free software, and runs unobtrusively on your computer, with no icons, popups or saved emails. If your computer is stolen then the thief will not even know that LocatePC is running, and as soon as they connect to the internet a secret email is sent to you containing the details that you need to track your hardware. It is totally hidden and the only way to bring up LocatePC window after installation is by pressing the default key ALT+SHIFT+HOME. This key combination can be changed.
3. Use Reverse Connect Trojan
- If you’re experienced in these kind of tools, then you can infect yourself with trojan and set it to connect to a host. If not, please don’t try it as you might accidentally get backdoored. When your laptop is stolen, just update your IP in dynamic DNS service, run the client and wait for your laptop to get connected to you. When it’s connected to you, immediately log down the time and IP address. If your laptop has a built-in webcam, quickly capture the thieves face.
NOTE: To track down laptop thieves using the above method, the laptop thief must be logged in to the PC, and the PC connected to the Internet. Logically, if a thief stolen a laptop, they would surely turn it on and check what’s in the PC. Most probably they’ll even connect to Internet. Problem is if you’ve set a password for your user account, they wouldn’t be able to log in, and the tools above won’t work. Would you remove your user account password for a chance to locate your laptop if it is stolen?
Related posts:
Hi this download link of locate pc s not working.After dowload it is asking for password for installation and then it vanishes.Please raymond tell me Whats the issue??Is it acting something like trojan i believe
hello sir,
I have lost my laptop,Actually somebodt theft my laptop and did not install any theft protection software in that. So now is there any chances to get it back because i have very confidential data in that.
i am very upset.
Please Reply
Very interesting to see how you guys using all the available technology for tracking stolen notebook..
I am still thinking, the best is to have an embedded GPS and GSM capabilities built-in the notebook. As long as any of this two signals are available, tracking it should not be a problem.
I am using a small tracking device to track my wife car as well as for my wife to track my car, but this small device is not small enough to be built into a notebook. Perhaps, if it can be miniatured someday, all this tracking would be easily configured.
Anyway, i found this blog very informative, and would use some of the recommended tool to track my kids notebook as well…
Starksy Lee
Kuching
HarpGuy, nice use of opendns. Thanks for the insight.
Just FYI, LocatePC has had a lot of problems on Vista. I don’t know, at this writing (7 July 2009), if they’ve been fixed. I suspect not, but since it has been over a year since I last checked, I probably should when I finish this posting.
Also, as for the reverse-connect trojan thing, there’s a much simpler, safer way, to wit: Use the OpenDNS updater utility and run it as a service, not a process running in the system tray (this stealths it); and then have it auto-update the DNS-0-Matic web site with the laptop’s IP address every 15 minutes. You’ll have to create OpenDNS and DNS-O-Matic accounts, of course, but those are harmless.
Of course, that said, by creating a free account at OpenDNS, one would then be able to avail oneself of it; and I heartily recommend that everyone use OpenDNS instead of their ISP’s DNS servers. Even if one doesn’t actually configure any of the filters, OpenDNS’s default phishing web site blocking ALONE makes it work using. And it’s free, of course.
At any rate, once you’ve created the OpenDNS and DNS-O-Matic accounts; and once you’ve downloaded and configured the OpenDNS updating client to run at Windows startup, and to run as a service (so that it’s stealthed), you can simply login to either of them (preferably the DNS-O-Matic account) at any time and see what IP address your stolen laptop is using.
By doing it that way, you avoid having to fiddle around with potentially dangerous trojans which you probably have no business trying to tame to work for you instead of against you. Why even bother when you can accomplish the same thing so easily and with no risk to your machine?
Just thought I’d try to help!
=another site says not work on vista and needs SMTP and port for mail server for it to work.. can you let me know when vers for vista is out and how to find SMTP and port. thanks for helpful articles.
Hi Raymond,
which Reverse Connect Trojan software did you use?
I wouldn’t mind installing it in my laptop but it’s hard to find a good one w/o sifting through all the hardly legal sites.
Thanks, TJ
thanks for sharing your knowledge. I know it would be a great help.
A tracking system does exist here in South Africa. However its prettty crude. It is called Computrace and appears in several countries. A routine resides in the BIOS, so it still there even if the thief formats the hard drive. every few seconds the laptop checks into the Computrace site. If stolen the Computrace people watch for it and if it checks in they trace the IP address.
Only problem, if the bad guy is using a wireless connection then its a temporary IP address and getting the cellphone people to co-operate is very difficult.
May be Intel / Microsoft / Modem chip maker may be a help. Every electronic device which communicates has a built in MAC Id which is unique. So as soon you buy a Laptop / Computer you have to note down the MAC Id and in case of theft, request the people in the business (Intel/MS/Chip makers) to track computer whenever it is online.
Hi does anyone know how you could find a laptop computer if you didnt previously have any special tracking or trojans installed ?
Chein beat me to it. :-P I was thinking the same thing. I wonder if there is a way to diable the RFID tag if a laptop has one, and how do one goes about finding it?
..one of my friend showed me the scanner before..
This mysterious device have been in Malaysian folklore for quite sometime. Its like bigfoot, some people have seen it, but theres no solid proof of its existence.
Although the CMOS battery emits EMF signals, it is too minute to be detected by a scanner from outside the car. Other EMF that littered our airwaves will simply drown any detectable signal from the battery.
If you ask me, the only way is to scan for those RFID stickers/tags that the manufacturer/importer/dealers stick to our notebook for identification and inventory tracking.
Any basic RFID scanner rigged to bypass it\’s protocol can clearly detect interference created by those stickers. There are even Universal RFID Scanner that can scan across multiple RFID protocols.
And theres no Faraday Cage effect if the thief scan the car boot by firing through the window and backseat cushion.
So Im very sure they are using an RFID scanner/reader. Thanks to the manufacturers, importers, dealerss, our notebooks can now be easily stolen =)
That’s TM Net in Malaysia….
KL is not unique in having a high laptop theft rate, so your information is worth considering wherever you are.
However, considering that my Malaysian ISP Streamyx took 7 days to even return my 15 phone calls that my DSL connection was down, I don’t hold out a lot of hope for getting them to respond to a request to match IP / time / phone line. And I won’t comment on getting law enforcement action.
Very interesting article Raymond.
good share thanks raymond.
Thanks for the information, Raymond.
Good share Tim. TheLaptopLock looks good!
Raymond,
I found this other software which will play any sound file you want when the thief turns it on. You can log on to the site from any computer and report it stolen. It can also be tracked to the IP address and you can also set it to erase whatever you want or everything! At least it would do them no good. It is free too. Just thought I would let you know about it. Here is the URL:
thelaptoplock.com/
Koray, one of my friend showed me the scanner before and it will make a very low beep sound when a laptop is in the car. If it doesn’t scan the CMOS battery, then may I know what made the scanner know that there’s a laptop nearby?
CMOS battery is not enough powerful for detection in a metal structure (like cars). A car itself consumes much more energy on stand-by.
If you want protection, Adjust a CMOS Password. So they can never install a clean new operation system on the stolen computer. To do this they have to reset the CMOS password by removing the thin, little battery in the laptop using screwdriver or they have to wait a couple years for battery to be death.
Either way, when anyone buys this stolen laptop, he must bring it to a service. And most brands’s service personel knows which laptop belongs who..
Very interesting article Raymond.
I feel it’s the kind of stuff that works well as long as it’s not broadly known. Once it becomes popular, it will stop working; thieves will find a way to prevent the trojan from connecting to the server, eg. disable the modem and the likes.
If I am going to install a reverse connect trojan on my own computer, I can add it to AV exclusion list.
That’s cool idea…
Maybe Reverse Connect Trojan detected by AV…
U have that software…???
It can be modified… Perhaps…
I bet most of the thieves will be curious to know what is on the laptop and will definitely turn it on… Maybe a chip that can track the location will be the best solution but the person would need to pay monthly fees for it. Just like car tracking system.
Great research Raymond,
But if the thief steals the PC and formats the whole hard disk, the above method is not as useful. I feel that if the Laptop company can put a small chip inside would be great!
Regards
I heard about the device but never seen before. How about you?