Luckily, the Computrace customer escaped with only minor scrapes and bruises after being attacked my two men on her walk home. However, her laptop wasn’t spared and was taken by the attackers.

The victim contacted police and Absolute immediately afterwards, spurring the Absolute Theft Recovery Team into action. Soon after, Absolute had identified the laptop’s location and provided police with the information necessary to serve a search warrant. The search resulted in the laptop’s recovery and a few additional clues.

The unauthorized user explained that she had recently purchased the laptop off the street, from a seller that she was able to positively identify. As said seller had a colorful criminal resume, the name rang a bell with police – enough motivation to bring the suspect into the station for further questioning. A quick line-up was all it took for the victim to connect the seller to the initial attack. Laptop returned, criminal charged, case closed.

 
Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

Over the past few days it’s come to light that one of our customers has been accused of using the legacy LANrev TheftTrack feature in a non-theft scenario.

When Absolute purchased LANrev in December 2009, it was for the product’s computer lifecycle management capabilities. Because Absolute believes both in protecting our customers and in our managed theft recovery approach, we do not actively promote the use of the TheftTrack feature. And we have slated the removal of the TheftTrack feature in an upcoming product update.

The TheftTrack feature allowed customers to track and manage lost client machines over the internet. By default this feature is off for each computer and the customer can completely disable the feature so that it can never be turned on by an IT administrator. After a theft or loss, a pre-authorized IT administrator must turn on TheftTrack for a specific computer. The actual tracking is not active until the next time the client machine calls into the server. When the feature is enabled, it takes screenshots every 15 minutes and does not give the IT administrator a live view.

There are a number of widely-available technologies that can be used in the same manner as the TheftTrack feature. But webcam pictures are not a useful tool in tracking down the location of a stolen computer. It’s one of the reasons why this feature is slated for removal from the product and why we fully support our managed theft recovery service.

The managed theft recovery services available with Computrace and LoJack for Laptops can be activated by a customer only after they have filed a criminal report with the police. Then, our Theft Recovery Team determines the location of the device through other forensic means and works with local law enforcement to get the stolen computer back. This helps protect both the customer and the unauthorized user from potential vigilantism or misuse that may occur with do-it-yourself solutions.

Ultimately, the responsibility for the use of these and all high-technology products lies with those who apply them in every day use.  The allegations against the school are just that, allegations, and it’s only through the court system now that we’ll find out the full story. In the meantime, Absolute is encouraging our LANrev legacy customers to permanently disable the TheftTrack feature in the LANrev solution.

It was happy ending to a home burglary that left a Computrace LoJack for Laptops customer without her laptop. Soon after the theft, Absolute was able to identify the laptop’s new user – a man who, thinking he was making a legitimate transaction, purchased the machine from an unknown male. The man had paid by check, allowing police to trace the transaction back to the original seller. The seller was then linked to the initial home burglary, as well as a violent robbery that had taken place just days prior. The laptop was recovered, and charges laid.

Upon hearing of the successful recovery, our customer relayed her experiences with the following kind words:

After the theft of my laptop, one thing is certain, “without Computrace LoJack for Laptops, I would have never seen my laptop again!” In the process of filing insurance which I thought initially would be my only restitution, I was surprised to find after my $500 deductible and one year’s worth depreciation I would receive approximately $76 to replace my new laptop.

While working with the Absolute Theft Recovery Team, from day one until my laptop was returned by the police, I was constantly informed of the status of the investigation and felt confident that my small case was important not only to Absolute but to the police as well.

When my laptop was returned, I was surprised to find the very suspect Absolute had identified had committed an armed robbery just 3 days prior to my recovery. He wouldn’t have been nabbed without the information Absolute provided, and thanks this added evidence, will be going to prison for up to 4 years.

Many, many thanks to Absolute for providing not only a computer theft recovery service but a restored a sense of security to me as well!

Susannah M.
Texas, USA
‘LoJack Client for Life’

Using a password manager program like can greatly help you keep your passwords safe and secure. Though no password or password program can guarantee that you will be 100% secure, you can definitely improve your security by a long shot.

One example is 1Password that comes from Agile Web Solutions. It provides password management as well as anti-phishing control using web form filling (including credit card info). 1Password creates strong unique passwords for all your web forms. And as we know, strong encryption helps keep your data safe. Once activated, you only need to remember a single password – your 1Password password. Not bad, hey?

If you’re an iPhone or iPod Touch user, they also have mobile solutions.

Image: Clipart

The U.S. House of Representatives has passed a new cybersecurity research bill that would enable the US government to better deal with cyberattacks.

The Cyber Security Research and Development Act of 2009 (HR 4061) would create new research and education programs at the National Science Foundation and the National Institute of Standards and Technology to promote research in cybersecurity and to attract more teachers and students to the field.

“This bill will help improve the security of cyberspace by ensuring federal investments in cybersecurity are better focused, more effective, and that research into innovative, transformative security technologies is fully supported,” said Symantec CTO Mark Bregman. “HR 4061 represents a major step forward towards defining a clear research agenda that is necessary to stimulate investment in both the private and academic worlds, resulting in the creation of jobs in a badly understaffed industry.”

Aside from the scholarly aspect, the new bill would develop an awareness program to help consumers, organizations and government bodies to keep their computers secure. The National Institute of Standards and Technology has been tasked with improving development of new identity management systems used to control access to buildings, networks and data.

If the bill becomes law, NIST would have one year to develop a plan for Congress about how it would participate in creating International cybersecurity standards and would have 90 days for a plan on its cybersecurity awareness program.

Via CNet & opencongress

Sophos has released its Security Threat Report: 2010. Following its last report, taken in mid-2009, this report looks at the entire 2009 year in terms of cybercrime and looks ahead to the trends that are emerging for 2010.

As we’ve seen highlighted in many other reports throughout the year, 2009 was known for the prominence of cybercrime through social media platforms such as Facebook and Twitter. The report indicates that social networks became one of the most significant vectors for data loss and identity theft.

Interesting data from the report:

- Firms reporting spam and malware attacks via social networks was up by 70%
- 72% of firms believe that employees’ behaviour on social networking sites could endanger their business’s security
- Social networking spam, phishing and malware reports all increased over the year. For example, spam reports were up 33% in April and 57% by December
- Legitimate sites compromised to host malware now rival sites specifically set up for malware distribution
- The US continues to lead as the top malware-hosting country (37.4%)

Businesses perceive Facebook and Twitter as the biggest risks to security (of all social networks). This perception is not only due to the highly publicized risks (particularly malware) but also due to the difficulties to control such sites.

Companies find it impractical to blanket block these sites, particularly as their use in corporate communications becomes more widespread. Therefore, methods to watch for data loss via these vectors becomes more difficult. Training takes the forefront in terms of prevention. Does your security policy state what information is safe to share online, and what not? Do you have data monitoring in effect to know where your sensitive data is and who is accessing it?

Download the report here [PDF].

The IT Policy Compliance Group (IT-PCG) has issued a new report (members only) on the “Best Practices for Managing Information Security.” The report shows a strong indication for the benefits of having someone senior managing IT security.

Specifically, the report indicates that a CISO or senior IT security employee who reports to a C-level manager has the best corporate outcomes in all terms. Those include customer retention, revenue / profit, least data loss, lowest cost as the result of data loss, lower IT failure downtime and lower audit costs.

Overall this report would seem to indicate a positive ROI for having someone manage IT security. The report also looks at the strategies for managing security that have been most successful for the organizations involved in the survey. It’s an interesting study into methods that may help improve customer retention and lower overall organizational costs.

Much of the time we talk simply of police or of technology but rarely do we touch on the importance of people to the IT security process (though we often consider the importance of training in the ‘people’ aspect).

Image: xenia / morguefile

Apparently, chocolates, flowers and jewelry are just too cliché for some…Absolute recounts some of it most ‘romantic’ recovery stories – laptops stolen in the name of love: 

Couples that Steal Together Stay Together – Absolute Cracks Down on Criminal Couple
A small town was the target of a string of computer thefts; the most recent, a LoJack-equipped laptop that was heisted from the back of a car. Absolute was quick on the case, and by that afternoon, had identified a love-struck female as the unauthorized user and suspected thief.

This information was passed over to a local officer, who paid the suspect a visit. As it turns out, our lady larcenist was desperate to check up on her boyfriend, and had stolen the computer so she could get online and keep an eye on his status – his inmate status at the county jail, that is. The officer found this particularly amusing, as just a few weeks prior, he himself had arrested said boyfriend; the guy was caught in a laptop theft ring.

Our story does have a happy ending, however. After all, the stolen laptop was recovered, and better yet, the two lovers will be reunited…at the county jail.

Absolute Recovers Stolen Laptop, Uncovers Bad Boyfriend
A recovery tale that Absolute hears much too often – The Absolute Theft Recovery Team recently tracked a customer’s stolen laptop to an Arizona residence, which housed the unauthorized female user that the Team had identified. Police visited the home, looking to recover the laptop and reveal further details into the theft. 

The female user answered the door and confirmed that the laptop was is her possession. When confronted with details of the theft, however, the surprised woman alleged that she had never suspected that the laptop was a stolen item as she had received it from a reliable source.

As it turns out, the woman’s boyfriend had given her the laptop a few weeks after the theft had occurred – as a Valentines Day present. And you though your boyfriend was cheap…

The laptop has been returned to its owner, and the less-than-romantic boyfriend remains under investigation.

Absolute Foils Love-sick Larcenist
Sometimes payback is the only cure for a broken heart…so after his amorous advances were denied by his crush, this lovely fellow stole her laptop!

Absolute was able to confirm that the perpetrator of a recent laptop theft was in fact a spurned lover – he was using the machine to email his friend details of the spiteful act. This was just the evidence police needed to serve a search warrant and catch our love-sick larcenist red-handed. The laptop was recovered from his apartment, and our suspect led away with cuffs. 

Our thief better hope the victim likes the bad-boy archetype…

Please note that indictments and criminal complaints are merely unproven accusations and the accused, in all cases, are presumed innocent until proven guilty.

McAfee has a great article this week on wireless device control. The article touches on wireless security and many areas where there are risks:

- Your internal wireless access points being infiltrated
- Laptops infected when connecting to unknown wireless accounts, then used as back doors on the company network
- Unauthorized wireless access points on the network

The article outlines how each of these points poses a risk and how you can prevent unauthorized access to your network. The article highlights the importance of a well-planned and frequently updated wireless policy as a part of your overall security policy.

A well thought-out policy that includes a complete inventory of authorized devices, version of firmware, approved software, approved and tested encryption algorithm, and method of key rotation should be developed before implementing a wireless solution.

For more tips, read here.

image: mconnors @morguefile

Austin Police have charged a 17 year old with theft after he was found to be using a stolen laptop. How was he found? Police and Absolute used Computrace LoJack for Laptops to trace the location of the stolen laptop!

The laptop was allegedly stolen from the home of an AISD employee in December by the teen’s older brother, already incarcerated for the burglary. Though the burglar was caught, the location of the laptop remained a mystery.

Using the Absolute Software’s tracking and forensic service, police were able to pinpoint the location of the laptop when it was being used by the teen to check his email and to browse the web. Absolute’s tracking solution became a valuable tool to the police to locate the missing laptop.

When a laptop goes missing, particularly a corporate one that may have sensitive information, our corporate Computrace series of products can not only help in the search process but can be a valuable asset to keeping data safe. Using our remote wipe system, any lost computer that goes ‘online’ can be remotely triggered to clear the system, wiping any sensitive information that may be online. To learn more, read here.