When Greg Martin returned home last Wednesday morning after a night of intense rioting in London, his West End apartment had been ransacked.
Martin, 29, an IT security consultant with the HP-owned security company ArcSight, had spent the previous evening with his girlfriend in southwest London after the two had encountered riot-related trouble and decided to hunker down for the night.
But when he arrived at his apartment in West Kensington in the morning, he found the bars on a window had been pried open with a scaffolding pole. Inside it was a mess: drawers had been rifled through, money and small electronics had been taken and gone was his MacBook Pro laptop.
“They just totally turned the place upside down,” said Martin, who has lived in London for two months.
Martin was concerned since he used the laptop for work. The laptop was password protected and the hard disk was encrypted, but it contained sensitive work-related information and personal material.
Location tracking
Martin remembered he’d installed Prey, an open source application that can track the location of a device once it has connected to the Internet. The application, from a company called Fork with offices in Santiago and Hong Kong, is one of many tracking applications on the market. Fork offers a free version of Prey that allows users to track up to three devices.
Prey’s tracking feature is activated through a web-based portal by users when they’ve noticed their device is missing. Prey will send periodic reports plotting the location of the device on a Google map using Google’s index of Wi-Fi hotspots collected through its Street View imagery cars. Google assigns a GPS geo-location marker to a wireless access point. The frequency with reports are sent can be adjusted and the webcam be turned on as well with Prey.
Although the laptop had a password, Martin suspects that the intruder used Mac OS X installation software to create a new account on the computer, which eventually allowed him to connect to the Internet, but also activating Prey.
Martin was having dinner in Luxembourg on a business trip when the first report came in. “It was a really incredible feeling,” he said. “I nearly fell out of my chair. I see this guy staring back at me, and I have his address.”
He ran back to his hotel and upgraded his Prey account to receive more frequent reports, an advanced feature of the paid version.
Information gathering
He watched for two hours as the 18 year old cruised the Internet on his computer, visiting Muslim religious sites, shopping for a car on AutoTrader and even trying to apply for a Tesco gas card using someone else’s identity.
Prey also takes a screenshot when it compiles its reports. It was only a matter of time before the young man logged into Facebook.
Martin quickly had his name, where he graduated from high school and his address. The man was just two blocks away, and Martin actually recognised a building that appeared in the background of a photograph taken by the webcam. He was even able to give police an estimate of what floor the suspect lives on.
The police had trouble getting a search warrant immediately, but when Martin returned from his trip, they sent him an email asking the location of the suspect. “I almost gave them [the police] an entire dossier on the guy,” said Martin, whose laptop was returned to him by police. “They had no problems picking him up.”
The teenager has been charged with handling stolen goods and is expected to appear in court on Friday, Martin said.
View full post on National Cyber Security » Computer Hacking