Computer Theft and Recovery.     42     Contact me









Let's look at fundamentals:

What is important to you ?

What are you trying to protect or prevent ?

  1. Prevent your device from being stolen.

    Solution: physical security (locks, cables, lock-box, etc).


  2. Prevent your device from being damaged.

    Most likely threats:
    • Device gets dropped.
    • Spill water or soda on device.
    • Spike or surge through power line.
    • Snag a cable plugged into the device and damage connector.
    • Overheating.


  3. Prevent a thief from reading your data. (protecting "data at rest")

    Good solution: full-disk encryption (FDE), either via hardware (built into the hard drive) or software, such as:
    VeraCrypt
    FreeOTFE
    DiskCryptor

    Wikipedia's "Comparison of disk encryption software"
    Martin Brinkmann's "List of TrueCrypt encryption alternatives"
    Lifehacker's "How to Encrypt and Hide Your Entire Operating System from Prying Eyes"
    Micah Lee's "Encrypting Your Laptop Like You Mean It"
    Chris Hoffman's "Why a Windows Password Doesn't Protect Your Data"

    EFF's "What Should I Know About Encryption?"

    But from /u/jm9fw on reddit:
    Veracrypt: A note for those doing full disk encryption:

    I've said it here before many times but people just don't get it. I read the forums daily and constantly see people who either can't login to their OS anymore or they just lost everything. After seeing this guy yesterday who said his life was on an encrypted disk and now he can't open it, I decided to post again here. DON'T DO DISK ENCRYPTION. USE A CONTAINER. This poor guy explains what happened and it looks like Windows decided to initialize the drive because it had no standard signature. This isn't a Veracrypt issue, it's a Windows issue and Microsoft has been denying it for more than 10 years. It happened to me twice. There is no way to recover this by restoring a header or anything. There are people here who will say "blah blah you don't know what you are talking about, I don't have a problem." Sure, so go ahead and learn the hard way and ignore the pages of similar complaints in the Veracrypt forum. Of course the people who lost everything didn't have a backup either. It's a terrible thing to lose everything you have and I hate having to see it almost daily. Use containers.

    The software approach offers several alternatives and gets a bit confusing; hardware encryption may be the wave of the future (faster, OS-independent).

    But hardware encryption is not open-source, and see:
    Dan Goodin's "Western Digital self-encrypting hard drives riddled with security flaws"
    Joseph Cox's "Some Popular 'Self Encrypting' Hard Drives Have Really Bad Encryption"
    Bill Buchanan's "Doh! What, My Encrypted Drive Can Be Unlocked By Anyone?"
    Brendan Hesse's "How to Switch to Software Encryption on Your Vulnerable Solid-State Drive"

    Hardware-encrypted flash drives are available, but probably not cheap:
    FabatHome's "The 8 Best Encrypted Drives of 2018"

    Or keep your most critical data in an encrypted container / virtual disk (an encrypted file that looks like a disk drive to the OS), perhaps by using VeraCrypt or something similar.

    A more limited solution: keep your most critical data in an encrypted text file (perhaps by using NotepadCrypt or something similar). Bitlocker, 7-Zip, AxCrypt also can encrypt individual files or sets of files.

    Best solution: full-disk encryption (FDE) plus encrypted containers for specific data. Have each container open (decrypted, mounted) only when you are actually using that data.

    How-To Geek's "How to Encrypt Your Android Phone and Why You Might Want To"
    Eric Ravenscraft's "The Essential Android Security Features You Should Enable Right Now"
    I encrypted my Android 5 phone via Settings->Security, everything works fine, but it made me change from a 4-numeric PIN to a 6-8-alphanumeric passcode.
    On iPhone, just set a passcode and everything gets encrypted automatically ?
    Apparently, some smartphones must be jail-broken if you want to encrypt just specific folders, not encrypt or password-protect the whole phone.

    Password-lock your device, unless you're using a theft-recovery product that prevents this.

    Most of the theft-recovery products listed on this web page give you a "delete" or "shred" capability: when the thief connects to the internet, a command comes from the central site and all data on the hard disk is deleted. This prevents the thief from reading your data. But it works only if the thief connects to internet before trying to read your data, and if they haven't disabled the theft-recovery software somehow.

    Whitson Gordon's "How to Break Into a Windows PC (and Prevent It from Happening to You)"


  4. Avoid losing your data.

    Best solution: back up your data frequently, and don't keep the backups next to the laptop.

    Also back up your paper data and copies of credit cards and paper photos, by taking digital photos of them or copying the data into files.

    Some data you might forget to back up: bookmarks in your browser (or your entire browser "profile").

    /r/techsupport's "backuptools wiki"


  5. Avoid post-theft losses.

    If your device contains account and password info, identity info, info about your family and friends, then after a theft you'd have to take steps to avoid further damage. You'd have to change passwords, put out monitoring or alerts to prevent identity theft, contact other people at risk, etc. What else is on the stolen device ? Apps with registration codes or passwords stored in them, email in-box with account and password data, bookmarks ditto, cookies, any data files you use to record accounts and passwords, any BAT or CMD files with account/password in them.

    Perhaps now, before any theft, you should evaluate your device. Does it contain sensitive data that really doesn't need to be on there ? Or should that data be encrypted ? Does the browser contain cookies that will give instant access to your email and Facebook accounts ?

    After a phone or smart-phone is stolen, if you don't want to try theft-recovery, immediately report the theft to your carrier, to avoid huge call charges. Do it immediately; you are liable for calls made until the time you report the theft, and some gangs will make thousands of dollars of calls as quickly as they can after stealing the phone. Double-check with your carrier to make sure they received and recorded the report of the theft; probably a good idea to call them again and confirm it (article). Maybe report it online, and then call to confirm ? Ask them to send an email confirmation to you. A handset PIN doesn't protect you if the thief moves the SIM to another device.


  6. Get your device back.

    Solutions: etch your contact info onto the case of the device, inside and outside. Use the theft-recovery software listed on this web page. Keep a record of make, model, color, and serial numbers. Probably a good idea to have digital pictures of the device, front and back, to give to police.

    Display your contact info on the lock screen or login screen or physical label, so if a Good Samaritan finds your device, they can return it to you.

    After a theft, report the theft to police, and report the theft to the manufacturer or carrier (they'll probably require a copy of the police report). Maybe report it to online databases, such as Stolen-property.com. Put up fliers in the area where it was stolen, offering a reward for return ? Look for it on Craigslist or EBay, maybe in the section for your local area.


Also: the "devices" you need to protect include your computers, tablets, phones and any backup media (external disks, tapes, flash drives, hard copies).



Mobile phone security:

[Do I have this right ?]

Three things to protect: your data, your device, and access to the service (ability of thief to make calls and run up bills on your account).
  1. Data:

    • If your data is stored on SD card, there's no protection, thief just pops it out and reads it on another device.
      [Except some OS versions allow full encryption of data, which would prevent this.
      Patrick Nelson's "How to turn on Android encryption today"
      Cyrus Farivar's "Apple expands data encryption under iOS 8" ]

    • If your data is stored in phone's internal memory, having a passcode/PIN set will prevent thief from accessing your data.
      [Except there are tools that can unlock a phone and extract data via USB cable ? But some OS versions allow full encryption of data, which would prevent this ?]

  2. Device:

    Having a passcode/PIN set prevents thief from using your phone, even with another SIM inserted.
    [But is there a hardware reset that wipes everything and sets back to defaults ?]

  3. Service:

    • If phone has a SIM card, disabling service after the theft is your only protection on access to the service. Having a passcode/PIN set on the device doesn't stop thief from popping out the SIM card and using it in another phone.
      But: some SIM cards do have a separate PIN for the card itself.

    • If phone has no SIM card, having a passcode/PIN set will prevent thief from using the service.



Maybe adapt some practices from the business world:















Products:

All of these products work by your computer sending "here I am" messages over the internet to a central site. But if the thief breaks up your computer to sell for parts, or uses it but never connects to the internet, the product won't work.

One note: if someone (a hacker or ex-spouse) finds out your theft-recovery password, they might be able to tell the software to delete all of your data, even though your device hasn't been stolen !



Password / login issues:

All of these theft-recovery products work by your computer sending "here I am" messages over the internet to a central site. But a computer running Windows 7 Home can't access the internet until the user has logged in to Windows. So the thief has to be able to get past the BIOS/firmware password prompt and the Windows password prompt.

There are three ways this could happen:
1- you always use your laptop with no passwords set, or
2- you have passwords set, but the thief resets the BIOS password and OS password (it can be done), and then logs in, or
3- you have passwords set, but the thief resets the BIOS password (it can be done), reformats the hard disk, installs a new OS, and then logs in.

In case (1) or (2), obviously a thief or casual snoop can log in right away, and read all of your files. Unacceptable.

Under Windows 7 Home Premium, there is no way to have a Guest account that can log in but then be unable to read files.

In case (3), a few of these theft-recovery products can survive the reformat/re-install and be capable of reporting their location when the thief eventually logs in and connects to the internet.

Case (2) or (3) represents a sophisticated thief; they could just pull out the hard disk and attach it to another PC, so they could read your files that way. Unless you're using some special full-disk-encryption product.

And case (2) or (3), the sophisticated thief, probably would be aware of the existence of theft-recovery products.

So it seems to me that this is a Catch-22 situation: these theft-recovery products work best in case (1), but that's the case where you've left your data most vulnerable to a naive thief or casual snoop. And in case (2) or (3), nothing protects you very much from a sophisticated thief.

I believe Linux and Mac systems are slightly better than Windows in that: once the OS password prompt is displayed, the machine can connect to the internet, even though the thief hasn't logged in to the OS. The thief would still have to get past the BIOS password to get to this point. So for Linux and Mac, if you set no BIOS password but do have an OS password, the laptop might report its location while the thief is sitting there trying to guess your OS password.



Recovery issues:

What "location" information do you get once the thief has logged in and connected to the internet ?

You'd get the IP address. Maybe also the Wi-Fi or Ethernet network name ? If your stolen device had a GPS in it, you could get latitude/longitude. If your stolen device connects via cellular data-modem, you could get approximate latitude/longitude. Software could use the list of visible Wi-Fi networks to calculate approximate latitude/longitude.

From the IP address, you could find the ISP's info, and contact them.

If the IP address is specific to a person or house, the identity of the thief is fairly clear.

But if the IP address maps to a public Wi-Fi spot (such as provided by a school or library or McDonald's or Starbucks), or a private house that's running an open Wi-Fi signal, the identity of the thief is unclear.

Most products can use the laptop's webcam to take a picture of the thief, which helps.

The companies selling the commercial theft-recovery products may assist in the tracking and recovery process, helping you follow the IP address, contact law-enforcement, etc.

Some users who had devices stolen report great cooperation from law-enforcement in recovering their property; others report that police were uninterested in helping them. Probably varies from town to town and country to country, and also depends on how much info you can give to the police.

Whitson Gordon's "Can I Track My Laptop or Smartphone After It's Been Stolen?"
Lincoln Spector's "Protect your Android phone from loss or theft"



Fabian Nunez's "How to avoid buying a stolen laptop"
Stolen Phone Checker
Stolen-property.com
Max Eddy's "What To Do When Your iPhone is Stolen"

Neil J. Rubenking's "What to Do When You've Been Hacked"
Lincoln Spector's "You've fallen for a scam! Now what?"
Patrick Allan's "What to Do When Someone Gets Unauthorized Access to Your Computer"
NCCIC's "So You Think You've Been Compromised ..." (PDF)

Nicholas Tufnell's "Naked selfies extracted from 'factory reset' phones"

Melanie Pinola's "What Should I Do If My Credit Card Gets Hacked?"
Alan Henry's "What To Do If Your Social Security Number Has Been Stolen in a Hack"
FTC's "IdentityTheft.gov" (what to do in case of identity theft)



My "Computer Security and Privacy" page





This page updated: March 2018

Home     Site Map

Privacy policy