Feeds

How to find stolen laptops

The legal eye

Beginner's guide to SSL certificates

Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.

Bad things happen online. Trade secrets are lost or stolen. Personal information is compromised. Copyrights and trademarks are infringed. Bloggers post confidential, defamatory, or just annoying information. Websites host stolen credit cards, hacking tools and techniques, or other things that you might not want.

In the course of investigating these things, companies or law enforcement agencies frequently need to rely on information in the hands of third parties. An example of this is the various companies that offer data or computer locator services. A sort of "LoJack(tm) for stolen computers.

If a corporate computer is reported lost or stolen, these services use various means to identify the computer, or the data on it. When the target computer is then used - generally to get online - the computer essentially "phones home" with its location.

Here's the problem with this approach. The computer doesn't really give its location. At best, it can reveal the Internet Protocol (IP) address of the network it is on. While this information is helpful to the true owner of the computer, it is not sufficient to locate and/or recover the stolen hardware.

Imagine that your "On-Star(tm)" equipped car is stolen. OnStar is one of the various services that provides motorist assistance, including Global Positioning Satellite location data. If you report the car stolen, they can remotely turn the GPS on, track the car, and even turn the telephone inside the car on and listen into the thieves' conversations. All of this occurs on the network the real owners own and it reveals information about your vehicle. So, no problem, right?

Finding subscriber information

When it comes to network based investigations however, we cannot easily track where the computer went. Once we have the IP address, we would look up the network that was assigned that block of IP addresses. It might be an internet café in Riga, Latvia, or a giant Internet Service Provider in Dulles, Virginia.

What we really want is subscriber identification information. That is, what subscriber was assigned that particular IP address at that particular instant. Now of course, a lot of this information may be spoofed, and it is usually less than trivial to piggyback on a legitimate network (such as, a hacker using an open or insufficiently secured WiFi network). Nonetheless, tracking down physical location data or subscriber data from a raw IP addresses is the ultimate goal of the investigator.

This is where technology and the law intersect - and not in a good way for either of them. While you can do a traceroute or a WHOIS search in a couple of seconds, in order to get subscriber data from an ISP requires some form of legal process (usually). ISP privacy policies legitimately protect this data, but they generally contain a provision (and one would be implied by law even if it wasn't in the policy) that the information may be disclosed if there is a "valid legal order."

In the case of law enforcement agencies, there are many legal avenues for obtaining this information from ISP's. First, they can just ask for it - obtain consent. In extreme situations (imminent threat to health and safety) the promise of a later subpoena may be sufficient. In the United States, for example, they can also use various legal processes - a grand jury subpoena, a formal investigative demand, an administrative subpoena, a discovery order, a search warrant, a Title III wiretap order, an order issued by the Foreign Intelligence Surveillance Court. Or, as recently revealed in the New York Times, various agencies including the Department of Defense and the Central Intelligence Agency (and of course the FBI) can issue what is called a National Security Letter (NSL) on their own authority to get this information.

Remote control for virtualized desktops

Next page: Building a subpoena

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Seattle children’s accelerates Citrix login times by 500% with cross-tier insight
Seattle Children’s is a leading research hospital with a large and growing Citrix XenDesktop deployment. See how they used ExtraHop to accelerate launch times.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.