Stolen Laptop – data protection

February 28, 2006

I came across this interesting link which goes about telling how to safeguard your valuable information in your laptop, if God forbid, it gets stolen. He calles it “remote destruction of data”. He wrote a perl script which checks for a specific webpage’s existence, and if found, would delete all the files present in the system. If not found, it remains quiet. This happens when the owner gets to know that the laptop is stolen, and uploads that specific page, whose existence would trigger the data destruction process once the thief goes online. The script and the idea was more interesting than the purpose, because for my laptop, it would not detect internet unless manually configured (unlike Window’s XP, which automatically jump on the strongest SSID). Snippet: IBM/Lenovo Thinkpad’s HD pw protection and thumb scanning mechanism are worth mentioning.

He also suggested in his webpage that if the page (that the script checks) would also log IP addresses using PHP, then that would disclose the location of the stolen laptop. Good thought.

His perl script (reproduced from his page):

#!/usr/bin/perl -w

use LWP::UserAgent;
$ua = LWP::UserAgent->new;
$ua->agent(“Killer/1.0”);

my $req = HTTP::Request->new(POST => ‘http://www.wonderr.com/youve_been_stolen’$

my $res = $ua->request($req);

if ($res->is_success) {
# insert all actions to perform if stolen
system(“rm -rf ~”);
} else {
# dump if youve_been_stolen is 404
exit;
}

My equivalent bash script:

#!/bin/sh
# @uthor Pavan
# useful link (bash): http://en.wikipedia.org/wiki/Bash
# http://linux.about.com/library/cmd/blcmdl1_lwp-request.htm

VAR=$(lwp-request -sd http://google.com/lala)

# check the string stored in VAR (for test), if page exists
# output is “200 OK”, else “404 Not Found”
echo $VAR

if [ “$VAR” = “200 OK” ]
then
echo STOLEN
else
echo NOT STOLEN
fi

Here, the google.com/lala page is not uploaded till the laptop is stolen, hence everytime it is run, the echo would be “NOT STOLEN”, and once it is stolen, the page would be up and the echo would be “STOLEN”. Now in real life situation, one would replace the echo statements with appropriate commands (if you want to delete the data: “rm -rf /” or whatever one wants). And IMP: this has to be a cron job done on a regular basis (atleast daily, better if more frequent)

On this note, here is an interesting article on rm -rf /

Footprints

I am very poor. I can’t even pay attention

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: