Friday, August 7, 2009

Anti Theft


Welcome to my 2nd post, and for this post I already would like to introduce a guest, so please welcome him with cheers and rise your cups of Grog for The Raven Shkol.
All Ideas and stories for this entry are credited to both me and Shkol all the same.

So, it all started not so long ago, when I got to become a victim to a crime activity. Someone broken to my apartment, while I was away, and stole my work's laptop. Actually he also took my lock-picking kit (Look at the Irony, my lock-picking kit got stolen)
Luckily me, I had backups of everything, and the laptop was not an expensive piece of hardware.
But, this incidence got me thinking on what could I do better to make sure this would never happen again.
Soon enough I called Shkol to the rescue, because he got quite a wide experience in getting robbed, mugged or strangled to death.
We found out that there are many really cheap and simple solutions, to make it much harder for someone to break to your flat.
But, this is not what we would like to discuss here. What we really would like to go over is the ideas we had gathered for protecting either computers or the information on them form physical thefts.

Some of the ideas we got were simple and wired at the same time such as:
Example (For desktop computers only) Buying heavy weights at the local sports store, I got me about 10kg. Put the weights inside the computer case. Make sure the weights are well tied to the case and invisible from out side. Hope, no one would be determined enough to steal such a heavy piece of metal.

While other ideas were as trivial as locking the computer to something with a chain or so, for most computers cases got a place to put a lock on. Although, these locks are so easy to overcome for the trained ninja, in my case a burglar would find the lock-picking tools in the drawer next to the computer (and if that is not enough, there is a beginners lock picking guide next to it).

Some solutions were involving software solutions to make sure no one can access your information even if he get to put his hands on your precious hardware.
Either by encryption, Yes, I know it's quite a dull one. Anyway here are some links to good implementations we found:
Another approach to the problem would be using a data bomb. Its seems like there are programs to erase all the information on the disk once someone is giving a wrong password 3 times or so.
Or a better way to get the same effect would be to change your login account to be hidden, and create a "honey-pot" user with no passwords and a startup script which makes a fresh new brick out of your box.

The clothing store solution; using a two small devices that starts an alarm once the distance between the two is more then an apartment length (which is very small, in my case). I would recommend putting one of the devices inside the computer case and the other buried under the tiles. Very good and cheap such devices could be bought from DealExtreme:
If we are looking for some sensors to monitor any move of the computer, one common device that is packed with sensors would be a cell phone. Even the simplest phone with camera has an accelerometer in it. The accelerometer could be used to identifying the computer is pulled up. And once the situation is recognized sending an SMS or performing a call to 911 with pre-recorded message could be nice (But try not calling 911 on false positives, ok).

But, lets just say that we deal with quite a determined scum, which was able to pass all of our defense systems (And was strong enough to carry 15kg computer, down the road). Is there a way now, to find the new location of our precious? Well in case you thought about it in advance, there are some. One can buy some kind of a GPS device to send in a Beacon once in a while, just hope the signal would be strong enough, and that it wont be pointing to location in the middle of the ocean.
I tend to think that a solution using an IPhone with the "Find My IPhone" app could give out good results, quick and simple.
The thing is that these days I tend to think it's possible to achieve same results using just WiFi. Cell phones with WiFi and GPS became very popular lately, and if someone would establish a project for volunteers to map the locations of most WiFi hotspots / home routers, it would be possible to identify the location of devices with just identifying which WiFis are around it. Unfortunately, someone told me http://www.wefi.com/ thought about it before me.

And now for a bit less practical solutions:
A really awsome project could be, to write a new BIOS firmware to hold a true password protection, one that is not as simple to overcome as removing the battery from the mother-board. Most of the complicated work has already done in projects such as OpenBios, and this could be really nice extra feature to add to it. Of course, it won't protect the information found on the disk (unless you add some kind of encryption to it), but it sure could make an untrained ninja to think he just stole a 10+ kg brick.

You can train your computer to remember which WiFis are found around it, and to ask for password to approve any work in a new WiFis environment.

Finnaly, here are some links to relevant websites, that are worth a better page rank:
http://www.bzeek.com/
http://www.loki.com/
http://www.wigle.net/

So, that's what we had to say on the subject, I would love to hear any new solutions to the problem, so feel free to drop me a message.
Assaf Nativ
(and The Raven Shkol)