Following last night’s news story on “Laptops containing sensitive records belonging to thousands of Ontario teachers have been stolen”, on my local (Toronto) CBC News – now seems like the perfect time. So, let me mount my soapbox for just a moment.
What I found particularly offensive in this news story:
The Laptops were stolen December 3, 2009, and yet it took until January 27, 2010 to notify the affected parties. This, despite the fact, that stolen information of this type can be used to obtain false passports and fake credit cards, or for re-mortgaging a victim’s home.
As is often the case in this type of situation, the data on the Laptops was not encrypted.
Officials involved in this debacle were quoted as saying “but the computers were password-protected”. Officials, who obviously have no understanding, that readily available and legal, free software, can be downloaded from the Internet that can break, or reset passwords, in minutes.
This type of occurrence begs the question: is this just a “one off” or, is this type of occurrence a continuing problem?
If we are to be guided by recent survey results from the Ponemon Institute, which indicate that more than 10,000 laptops are lost, or stolen, each week at U.S. airports alone, coupled with statistics which indicate that a laptop is stolen, not lost but stolen, every 53 seconds, it would be hard to dismiss this as an isolated occurrence.
Reportedly, 65% of lost or stolen laptops are not reclaimed, despite the fact that half the laptops contain confidential corporate information, which, in most cases, is not encrypted.
One would assume, that encrypting sensitive data on enterprise or government laptops, or portable media, would be SOP. Instead, it seems that when we read news stories about a lost or stolen laptop, the pattern seems to be as follows; – “200,000 (insert your own number here), bank account numbers, Social Security Numbers, names, addresses and dates of birth were on an unencrypted laptop stolen/lost earlier this week”.
There are substantial hard costs incurred in the loss or thief of a Laptop, and again, statistics available from the Ponemon Institute “Cost of a Lost Laptop”, indicate that these hard costs can approach $50,000 per occurrence, for enterprise.
It’s not only business or government that should be concerned with the loss, or theft, of a Laptops – it’s every bit as likely to happen to individual Laptop owners.
If you are a Laptop owner, you should consider what can you do now, to increase the probability that should your laptop be lost or stolen, you can increase the chances that it will be returned to you.
One solution is offered by Prey, an open source application, that can enhance recovery chances. Stolen laptop recovery is always a hit and miss proposition, but without an application such as Prey on board, the chances of recovery, at least statistically, are virtually nil.
According to the developer:
Prey helps you locate your missing laptop by sending timed reports with a bunch of information of its whereabouts. This includes the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and – in case your laptop has an integrated webcam – a picture of the thief.
Prey uses a remote activation system which means the program sits silently in your computer until you actually want it to run. If so, it gathers all the information and sends it to your Prey web control panel or directly to your mailbox. The thief will never know his movements are being watched.
There is no guarantee that even with Prey on board that a stolen, or lost Laptop, will be recovered – but it seems sensible to make every effort to increase that likelihood. Prey, may be just the solution you’ve been looking for.
Wifi autoconnect – Prey checks if there’s an active internet connection to send the information.
Geo-location aware – Prey uses wifi hotspots to locate devices geographically. This not only includes lat/lng coordinates, but also an altitude indicator.
Lightweight – Prey is written in bash which means it has virtually no dependencies, only what it different modules need to work. This also means Prey is portable and should run in just about any computer.
Modular architecture – You can add, remove and configure the different parts of Prey as you wish. Prey is composed by modules, each one performing a specific task.
Powerful report system – Get the list of current running programs, the recently modified files, active connections, running uptime, take a screenshot of the running desktop or even a picture of the guy who’s using the computer.
Messaging/alert system – You can alert the thief he’s being chased at by sending messages which will appear on screen. You can also trigger alarms to make the message clear not only to him but also to whomever is nearby.
Module auto-installer – You don’t have to reinstall Prey to keep up with the latest and greatest modules. We keep a repository from where Prey will fetch what it needs to get the job done.
System requirements: Windows 2000, XP & Vista, Mac OS, Ubuntu Linux, Linux – other distributions.
Download at: The Prey Project
For a review and download links to free encryption software please read “Lose Your USB Stick and You Lose it All – Encrypt Now with Free Software!” on this site.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.