If you have ever had a laptop or smartphone stolen, you probably found yourself fantasizing about capturing the thief red-handed. I know I did when I lost my smartphone last year.
I used the Lookout mobile security service to locate where the phone was on a map and made it "scream" a few times. But I didn't want to knock on a stranger's door all by myself and ask if they had my phone, and the battery had died by the time I could take someone with me. I just wasn't sure I was ready for a confrontation based on approximate GPS location tracking.
But some device recovery services let you spy on whoever snatched your laptop or phone. For instance, LoJack for Laptops allows investigators to watch what a thief might be doing with the device, checking e-mail, conducting Google searches, and so on -- activities that in most cases can lead police straight to the device. Apparently, even thieves can't resist the urge to log on to social-networking sites.
"When they get to a password prompt, to get through they reinstall Windows," said Geoff Glave, a senior product manager at Vancouver-based Absolute Software, which makes LoJack for Laptops. "But the app is there and turned on when they brag on Facebook about stealing a cool laptop."
Curious to see how the monitoring worked, we got a loaner Dell Latitude E6430 laptop from Absolute Software that has the program on it. I had a colleague hand it off to her brother to play thief with it. He used it for a short while one night and by the next morning Absolute had identified him, figured out where he lives, who his family members are, what school he attends, and other sensitive data that must have surprised him.
Though victims generally aren't privy to details about what a thief does with the stolen device, Absolute Software shared the report with me so I could see exactly how the program snoops and what investigators do to track down the thief. The first thing our fake thief did was connect to the Internet over a Wi-Fi hot spot and get on eBay. This revealed an e-mail address ending in ".edu," and it was easy to figure out which college he goes to based on that. He also accessed a Yahoo e-mail account, which revealed his first name.
The investigators cross-referenced the information using a database called Accurint. And based on Wi-Fi connections, they were able to see that our "thief" had taken the laptop from his home to another address about seven blocks away at one point. All in all it can be a couple of hours worth of work, if it even took that long, an investigator told CNET.
Our "thief" could have reformatted the device, but once he connected to the Internet a program hidden on the BIOS (Basic Input/Output System) called the "Computrace Persistent Module" would phone home to the servers at Absolute Software and the monitoring capabilities would be revived. A password on the laptop would force a thief to reboot the computer in Safe Mode or via a USB and reinstall Windows. But then the Persistent Module, which comes preloaded on certain Dell, Hewlett-Packard, and Lenovo notebooks, would still ultimately spring into action. Our "thief" tried to delete the Computrace software from the laptop but was not able to.
In a real-world scenario, the victim would need to file a police report before Absolute Software would kick into gear. The software can capture keystrokes and screens, as well as track a device via GPS (Global Positioning System), but it doesn't turn on the Web cam. "The Web cam doesn't tell us anything," Glave said. "It could be an innocent person at the other end, and there's no name" associated with a live image. Plus, the company wants to avoid anything that could be perceived as wiretapping, he added.
There's always the possibility that whomever is being monitored didn't actually steal the computer and is innocent. If investigators determine that to be the case, for instance the person being monitored appears to have purchased it on Craigslist, the company can display a message on the screen that warns that the computer is stolen and asks for it to be returned.
The use of surveillance software to snoop on people can pose problems in some cases. The Federal Trade Commission recently settled charges with some rent-to-own computer firms that were accused of spying on customers using software that captured keystrokes, screenshots, and photos. The software was designed to be used to track down the computer in the case that the customer got behind on payments, but the FTC accused the companies that used it of engaging in unfair business practices.
没有评论:
发表评论