Stolen Lenovo laptop

[agabrielson1-Wuw85uim5zDR7s880joybQ at public.gmane.org (Anthony Gabrielson)]

On Nov 18, 2010, at 4:27 PM, Tom Metro wrote:

> James Kramer wrote:
>> A friend of mine had his laptop stolen.  
>> Can he locate this computer over the internet?
> 
> Like Eric said, unless he got lucky by having some existing application
> - email, IM, ssh - setup to automatically connect to some server where
> you can inspect the logs, *and* that application starts up when the OS
> boots without having to login (unless there is no login prompt), then he
> is out of luck.
> 
> To do this reliably requires some planning. You'd want a process that
> runs on boot, before X starts, that gathers some information about the
> local environment such as:
> -a scan of visible WiFi networks (can be used to determine location
> with the aid of a database, like Skyhook[1]);
> -the machine's IP address, of course. Perhaps other information about
> any LAN it attaches to;
> -perhaps grabbing a still frame from the built-in web cam;
> -perhaps recording 30 seconds of audio;
> ...
> All this effort is pointless if the thief just boots from a CD or
> reformats the hard drive, which they are likely to do if they can't login.
> 
> Still, I'm surprised someone hasn't created a Debian/Ubuntu package for
> a utility that does this. It would have a shot at working at least some
> of the time.

That sounds remarkably similar to a root kit with just a few tweaks.  It could run in the background with a few tweaks to ls, ps, and netstat - so the thief can't tell they are running.

Anthony