InfoTECH Helps Catch Thief

Tracking stolen laptops is not a service that we typically advertise. Once a laptop is lost or stolen, being able to track and recover it requires several important pieces to fall in place at once: The laptop must have already been loaded with software capable of reporting its location, the thief must connect to the internet without tampering with the operating system (where the tracking software would reside), and you’ll still need to go through the proper channels to report the crime. This is why, for clients who have sensitive data, we also recommend encrypting the hard drive using one of the excellent proprietary oropen-source tools available. However, sometimes a mobile device is stolen and all those pieces fall in to place. That’s what happened for Aerion Rental Services, an oilfield equipment rental company based in Lafayette, LA, when a remote employee reported his company laptop had been stolen.

Sometime during the night of October 3rd, a thief broke in to the vehicle of a Wyoming-based employee and took any valuable electronics he found. “My initial reaction was frustration over having an important asset stolen. This type of thing happens from time to time in business and it is always inconvenient.” says Luke Sonnier, Controller for Aerion Rental Services, who was informed of the theft at 6am the following morning. “I reported the laptop theft to Corey Landry and Paul Hite at InfoTECH Solutions in order to ask what our options were.”

Once alerted to the theft, InfoTECH analysts and engineers took immediate action. “Our first concern is privacy and data protection” says Paul Hite, CTO of InfoTECH Solutions. “For Aerion, the laptop contained potentially sensitive information. We knew there may only be a small window in which to act.” Luckily, this laptop was being monitored using IT/365. Although normally reserved for administrative tasks, such as monitoring for hardware failures, IT/365 can also be leveraged to deploy corporate software.

First, InfoTECH staff constructed a very simple application that would purge all sensitive documents and e-mails from the computer and report back some basic details about its status. The application was scheduled to run the next time the device checked in to InfoTECH’s control servers. “We anticipated the device would be left offline and inaccessible for a long period before it was sold to an unsuspecting buyer.” says Paul. “I was very surprised to get an alert that same evening indicating it was online – and being actively used.”

Once technicians were certain that the data had been wiped, they moved to the second phase – attempting to track the laptop. A series of open-source applications were pushed down to the laptop, the most important of which was an anti-theft tool called Prey.  InfoTECH could then perform a variety of actions: Monitoring the screen, activating the webcam, and gathering data about nearby WiFi hotspots. Over the next week, InfoTECH worked with local authorities to track down the suspect. Through the user’s Facebook activity, the suspect’s name and acquaintances were easily learned. The webcam also silently snapped photos for evidence. But most important was the WiFi data, which could be coupled with a service from Google to provide an approximate (and in this case, exact) location of the laptop.

Each wireless device has a unique code called a MAC address which is embedded on the device. This address is used in networking protocols when broadcasting a WiFi signal. One important function that Prey provided was the ability to force the laptop to scan for local WiFi networks, gather their MAC addresses, and compare that to a geospatial database of MAC addresses from Google Location Services. Because of the high number of WiFi hotspots in the small residential neighborhood the thief operated from, the coordinates provided matched exactly to a specific address. The address provided was matched to a known acquaintance that InfoTECH had identified based on the suspect’s Facebook profile.

“Everyone in my organization was elated to see that details of the thief were available to us.” says Luke. “We were thrilled to have something useful to turn over to the police.”

Once the information was passed to authorities and a warrant was obtained, the local police department acted swiftly. They searched the home and found not only the laptop, but many other stolen items as well. When the dust had settled, 5 suspects were in custody and believed responsible for more than 40 burglaries and the theft of over $30,000 worth of property over an eight week period.

“Eventually, the stolen device will be turned over to Aerion and reintroduced to our computer inventory. For the time being the unit is being held by the local police department as evidence in the case against the laptop thief.” says Luke. “We are more than happy to live without that particular computer for a while if it means a common thief will be prosecuted and will hopefully be encouraged not to commit further crimes of this nature.”

Read more about the bust in the Wyoming Tribune Eagle:
http://www.wyomingnews.com/articles/2012/10/11/news/19local_10-11-12.txt