Collaboration

Security agents help track pilfered PCs, lower internal theft rates

Heres a look at how software security agents can help track down stolen equipment, especially laptops.

In the past, if a computer was stolen from an individual or corporation, there was little that could be done to recover it. The Stolen Computer Registry is one avenue that was used to help with recovery. The company, based in Tivoli, NY, registers a stolen computer’s serial number in its database. There is no charge to the owners of the stolen computers to have the serial number listed there. If the computer is recovered by a law enforcement agency, the serial number can be checked and tracked back to the original owner.

The downfall with the system is that it relies on some actions that may or may not be taken. The first is that the serial number of the missing computer will be reported. The second is that the computer will actually be recovered, and if it is, that the law enforcement agency will check the Stolen Computer Registry’s listings. In many cases, recovery never happens, which means that while it can be useful to have such a service available, it’s not always a practical solution.

So what options are available today to help you track down stolen computer equipment? First and foremost, you must use old-fashioned protection measures, such as keeping an up-to-date inventory of equipment within your organization. But there are also some advances in technology that just might help you get your PCs back should they be pilfered.

Security agents
When the General Services Administration (GSA) in Atlanta had two laptops stolen from its office, the agency was happy not to have to rely on the police and the Stolen Computer Registry alone.

“Laptops walk away very easily,” said Karen Greenhow, regional systems chief at the GSA. “We needed to make sure our assets were always protected.”

“Generally speaking [stolen computers] will eventually connect to the Internet,” said John Livingston, CEO of Canadian company Absolute Software, which helped to recover GSA’s computers.

Absolute's Computrace agent was installed on each of the GSA’s computers. About two weeks after the laptops were stolen, the thief used one of them to connect to the Internet. The software program then silently checked in with Absolute’s data center, and the computer was traced to a physical address. Within 48 hours, the thief was apprehended in College Park, GA, and he led authorities to the location of the second machine.

The Computrace Agent software sits undetectably on a hard drive and silently calls into a data center every time the computer connects to the Internet. It's nearly undetectable because it is so small. It is used by other system processes, so its size can vary, but when idle, the software occupies approximately 2.2 MB of memory. When active, it uses between 4.0 and 4.5 MB of memory. When a stolen computer with this software installed connects to the Internet, the network administrator is alerted and an alarm goes off the next time the machine “calls home.”

From that call, technicians at the data center can trace the computer back through the ISP to the address where it is located. Data center personnel then work closely with law enforcement agencies, which inform the ISP of the situation. The ISP will provide the physical address of the Internet service account holder and, once a search warrant has been issued, that address will be searched. However, Alexander Kesler, founder and president of zTrace Technologies, which sells a product similar to Absolute Software’s, noted that it’s difficult to get the address if the Internet connection is wireless.

No guarantees
Livingston said security agents are very successful in aiding the recovery of stolen computers. But Kesler admits that they are not a cure-all. “There is no solution that is a 100 percent guarantee,” he said about his own line of products.

Another issue to consider is what happens to the data when a machine is stolen. Neither of the security agents mentioned in this article will protect the data alone. However, depending on what vendor you chose, there are add-on options for data protection and erasure.

For example, zTrace provides the basic zTrace Gold, which is the security agent that checks in with each connection to the Internet. Additional modules can be added that allow administrators to set passwords for which there are no prompts. The user is trained to type a certain combination of words when the computer boots up before any programs are accessed. If a machine is booted up and the word combinations are not entered before a program is started, the computer will execute a set of predefined commands that can erase or encrypt data and lock out the current computer user. However, the most effective security methods are the tried and true.

“The best solution is a very tight internal security policy that is closely executed,” said Kesler. “Also, the old protection methods such as security cables and trackable tags should be used.”

Protection from the inside out
Unfortunately, most computer theft is the result of internal loss rather than outside theft. It’s more likely that computers disappear due to disgruntled employees or “equipment drift,” said Livingston.

According to the FBI, about 70 percent of the computers that businesses report stolen each year can be attributed to internal theft. Either an employee decides that he or she deserves a computer, or a theft ring within an organization funnels computer equipment back out for resale before it ever reaches the employees for whom it is intended.

However, security agents can help curb such equipment drift. Equipment drift is more significant than outright theft, and it’s much harder to track, Livingston said. Computers often get shuffled in the routine of day-to-day business. After a few moves, the computer just falls off the radar screen and then it’s very easy for it to disappear without anyone noticing.

But once a tracking agent is installed, Livingston said, it’s very hard for anyone to remove the agent from the computer. Even wiping the hard drive clean will not remove it if the software has been properly installed. And once that agent reports to the data center, he added, “the electronic clues such as ISP and location that come in are very important in identifying how machines are stolen. Security agents are setting new standards for corporate security.”

With a security agent in place, Kesler said, those machines can be tracked. The theft level will then drop, he said, because employees know that something is there, even if they don’t know what it is.

So, while security agents aren't the only method to keeping computers from disappearing, they are perhaps the best means of tracking stolen computers. These agents are expected to become the industry standard.

“For now, the best solution is a very tight, internal tagging and tracking security policy that is very closely monitored, combined with some type of security agent,” Kesler said.

How do you keep your equipment inventory up to date?
How do you avoid “equipment drift” within your organization? How do you track who’s using what equipment? Send us an e-mail or post to the discussion below.

 
0 comments