Well, this is pretty cool. We’ve retrieved our second stolen computer using BigFix. In both cases, the computers were reportedly purchased on CraigsList.
When a computer is stolen we deploy a task that tags it with a client setting in case the computer ever checks in again. We have two policy actions that act when a client has the setting. The first funs a tracert back to us and dumps the output to a file. The second displays a message that the computer is stolen telling the user to contact us by phone to avoid prosecution then it kicks off a 5 minutes restart. Finally, we have an analysis that brings back the contents of the tracert in case we need to provide IP’s to law enforcement.
That’s awesome! How far away did your stolen computer get?
I just listened to a podcast a few weeks ago about a company that makes software to do something similar with mobile devices (smart phones, tablets, etc.). One thing they mentioned is that Craigslist is heavily used to move stolen equipment. In one of their cases, they uncovered an organized crime ring where individuals would take stolen equipment from Oregon and then sell it on Craigslist several states away to throw off law enforcement.
It would be really cool if you could also retrieve GPS coordinates and name of any connected access point, assuming the required hardware was on the device. I’ve heard that the subpoena process for IP addresses can be lengthy…
Well, this is pretty cool. We’ve retrieved our second stolen computer using BigFix. In both cases, the computers were reportedly purchased on CraigsList.
When a computer is stolen we deploy a task that tags it with a client setting in case the computer ever checks in again. We have two policy actions that act when a client has the setting. The first funs a tracert back to us and dumps the output to a file. The second displays a message that the computer is stolen telling the user to contact us by phone to avoid prosecution then it kicks off a 5 minutes restart. Finally, we have an analysis that brings back the contents of the tracert in case we need to provide IP’s to law enforcement.
that is good news. So the purchaser called in to report it, was there any follow up with the user reporting who sold it to them?
I do not know if there was a follow up with law enforcement in either case (the information was handed off to the district that experienced the theft) and both were less than 30 miles away.
I think the above sufficiently adds computer recovery to BigFix/TEM. I’d like to be able to query the location of the device and other Prey reporting and have that go directly to a BigFix/TEM analysis. This should be possible, especially since it is open source.
I think the above sufficiently adds computer recovery to BigFix/TEM. I’d like to be able to query the location of the device and other Prey reporting and have that go directly to a BigFix/TEM analysis. This should be possible, especially since it is open source.
very cool that it actually works. I created a similar task that grabbed the computers external IP, then downloaded a standalone app and if wmic found a camera present it took some pics, then uploaded those files via Upload Manager. It then started to delete system/user files. But I never got a chance to try it out because the targets never reported in after being stolen.