You’ve heard the tales who manage to recover their laptops throughidentifying those responsible, but have you ever wondered how the professionals do it?
We spoke to the head of the investigation team that spends its time recovering stolen laptops for clients ranging from large corporates with crucial data at stake to individuals trying to get back their family photos.
The clients in question are uses of Absolute Software’s LoJack for Laptops – a subscription service for Mac and PC.
The protection includes software at the firmware level, but also includes the services of a specialist recovery team who investigate a theft on your behalf after you report it.
We spoke to Derek Skinner, Head of Recovery for Absolute in Europe. He leads a squad of ex-Police
Globally, there are over 40 investigators. “We’re all ex law enforcement,” says Skinner “so we all speak the language and have a skill for investigation. It’s a unique service.”
“We’ve a thousand years of policing experience between us. A lot of the police services use our product and know who we are. We then create our evidence packs and supply them to the investigating officer.”
What’s the success rate? “It’s three out of four, 23,000 total recoveries. It’s a huge amount.”
How the tracking happens
So how does it work? “What happens is say your laptop is covered by us and gets stolen or lost. You report it stolen Via the internet portal or helpline.” Local law enforcement is involved straight away. “We can’t do anything at all until there’s a police investigation in place,” explains Skinner.
“We are basically the agent for our customer, we’ll contact the agency involved – we’ve got 6,500 law enforcement contacts globally. A huge database.”
In terms of the software involved, the laptop has a tracking agent hich changes its state. “It calls back to us and says ‘am I OK?’ and we say ‘no you’re stolen, call back in 15 minutes’.
“It starts to call back across any internet connection, could be GSM, could be Wi-Fi. It’s all covert, you can’t see this kind of chatter. Then we actually force a couple of other tools onto the device – our forensic tools basically – so we start collecting much more information from the machine than we did in its normal state.
We were intrigued how the software avoids detection. “The software bodyguard sits in the firmware, so you could take out the hard drive or format it or do what you like – as soon as the laptop is switched on again the firmware agent will check with the software agent, see it’s been compromised and install a new version; the persistence level is very high.”
So what happens next? “The case is assigned to an investigator and there’s a personal contact then between the aggrieved individual and the investigator. On the technical side, as soon as the extra software is installed, it starts to send back screen captures, key captures, file retrieval, Wi-Fi triangulation or GPS points.”
The investigators are key at this stage. “All the bits of information are worth nothing if you can’t compile them correctly to supply them to law enforcement.”
People are pinpointed through what they do with the system. “Facebook is a big help,” says Skinner. “Obviously people order things online, eBay is a big one. All these [are] pockets of information we can pull together and validate using investigative tools that a police officer would use every day and looking at photos and triangulation maps.
Should you do anything yourself?
We also asked Skinner what he thought of vigilante action to recover stolen devices, such as the recent UK case of a man filming someone on a trainwhen he stole a phone.
“No. There’s some real horror stories our there, certainly in the US there was a fatal shooting in Dallas over a laptop with tracking software and there have been numerous issues with Find My iPhone. Obviously one iPhone is identical to another iPhone – what good is a map?
“Go to Paddington Station and see how many iPhones you can find there. Evidentially it’s so weak and that’s the problem with a lot of the DIY solutions; the evidence is not presented correctly, it’s not interpreted correctly.
“And it’s a folly to believe that people that steal laptops are just laptop thieves. We’ve uncovered drug rings, stolen cars, huge handling organisations where they handle tech to go out to Pakistan and Eastern Europe. You’re hardly going to knock on the door and say ‘can I have my laptop back please?’
“The idea may be good – 70 per cent of people say they would go themselves but it’s a horrific thought. We deal with some pretty top-end criminals. A lot of these other software apps are actually downright illegal and have no certifications.
A global problem
If laptops can’t be recovered, the device can be completely wiped and, in some cases, bricked. “The data can be wiped to FBI standard – seven times overpass – so the data is safe,” says Skinner.
“Obviously we always want to recover the device as well, but it also adds the ability to get some closure – it potentially becomes a paperweight, nobody gains from the theft. On the other hand the device is clean and unusable.”
So where do laptops end up? Everywhere it seems. “We get devices that travel around the world in days, faster than FedEx.”
With people? “Yes. Obviously if it ends up in a warzone we’re limited with what we can do, but we can still lock the device at the firmware level with a notice – we can write what we like. Often we can make it very personal and point out that individual.
“You’d be amazed, we’ve had recoveries from Nigeria, Uganda, Northern Pakistan, unstable parts of the world, just by putting enough pressure on them. We had a device go to Pakistan from the UK and back and he was picked up entering the country illegally. We see a very big picture