“They kicked the front door in, so I would invest that $50. It’s an investment well worth it,” said Kari Hardre.

Stealthy Laptop Software Captures Photos & Location of Laptop Thief - Springfield, Oregon from Ken Westin on Vimeo.

Full Story

The laptop exchanged hands a few times with a full audit trail left thanks to  GadgetTrak’s software, which has had a number of successful recoveries over the past few months including one in Brooklyn, New York and another in Oakland, California all of which unveiled larger crimes and theft rings.

The “Computrace” software, made by Vancouver-based Absolute Software Corp., is part of a subscription service that’s used to find lost or stolen computers. Many people don’t know it’s on their machines, but it’s included in computers from the biggest PC makers.

The software is built into computers at the factory because that embeds it so deeply that even the extreme act of uninstalling the operating software won’t delete it. The software is included in a part of the computer known as the BIOS, which refers to programs used to boot the computer.

The service Absolute sells can be valuable because sensitive data can be purged remotely from a stolen machine. The computer is still able to reach out to a specially designated Web site for instructions even if a criminal is tampering with the machine.

But research by Alfredo Ortega and Anibal Sacco with Boston-based Core Security Technologies, and presented Thursday at the Black Hat security conference here, shows it can cut two ways.

If a criminal has infected a computer that has the Computrace technology, he can take deep control of a machine.

That’s because he’s able to modify the computer’s settings to maintain a connection with that machine even if the operating software is uninstalled then reinstalled — an extreme way, but sometimes the only way, to make sure a computer is cleaned of viruses.

“You have something that’s pre-installed, and considered non-malicious, that you can manipulate and turn into a malicious program — that’s pretty unique,” said Ivan Arce, Core Security’s chief technology officer.

Arce said Absolute can fix the problem with an update to the software that is then pushed out to affected computers. He added that users can disable the software’s ability to be a problem on their own, too. It takes some technical know-how, though.

“It’s not hard to block once you know what to look for,” Arce said.

Absolute spokesman Craig Clark said the company would comment after Core’s presentation Thursday, but then did not make anyone available. He said Absolute’s technical team “needs to understand the concerns Core has raised before they can speak to it accurately.”

Roel Schouwenberg, a senior antivirus researcher with Kaspersky Lab, said the vulnerabilities Core Security found could be a “pretty big challenge for the security community” if they’re exploited. But he added that the special access a hacker can get is undermined somewhat by the fact malicious programs they try to download still have to come into the computer the same way they always do, and can be protected against.

Any files that download “will not be stealth, they will not be hiding, they will be visible on the system,” Schouwenberg said. “Anti-malware (software) will be able to scan them. It could have been a whole lot worse.”

Pricing starts at $24.95 for a 1 year subscription, or $59.95 for a lifetime license that can be transfered to a new device twice. PC-Trak supports both Windows XP and Vista and MacTrak for OS X has the exact same functionality.

The theft at the Chateau Office Building in Woodland Hills left accountants, a talent agent, property management companies, attorneys and other businesses in the three-story structure scrambling to assess their losses as police scoured the premises.

Deputy Chief Michel Moore of the Los Angeles Police Department said that computers, some files and other items were taken from the 60 businesses.

The theft appears to be targeting data, as it was only computers that were stolen and the thieves left behind other valuable equipment, including monitors, faxes, copiers and printers. Several business owners and law enforcement concluded that the thieves’ target must have been the information contained on their hard drives, not property.

One business owner said the credit card numbers of 7,000 clients were stolen. Accountant Richard Levy said his stolen computer held the tax documents of 800 clients. Attorney Marshall Bitkower said only three computers were taken from his office, but “they had all kinds of stuff. Everything: people’s names, credit cards, clients, e-mails back and forth — who knows what.”

Source: L.A. Times

Desktop sales have slumped dramatically, in favor of notebook computers as well as the newer and smaller netbooks, as a result laptop and mobile device theft and loss related data breaches are expected to sky rocket this year.

It is not yet known exactly what aspect of the Iraq War the documents relate to. Eversheds has carried out public-private partnership work for the Ministry of Defence in the past, including advising on the Combined Aerial Target Service project, which awarded a £300 million contract to provide targeting services for the military.

A spokesman for the Attorney General’s Office said: “Legal papers in the possession of a lawyer for a firm of private solicitors working for the Treasury Solicitor’s Department were taken from a train on February 16. The possible theft is under investigation by British Transport Police. Action is under way in an attempt to recover the papers

No mention of encryption or other security software that could have mitigated the risk posed by this data breach.