iJacking

The San Francisco Bay Guardian is reporting on a new crime: people who grab laptops out of their owners' hands and then run away. It's called "iJacking," and there seems to be a wave of this type of crime at Internet cafes in San Francisco:

In 2004 the SFPD Robbery Division recorded 17 strong-arm laptop robberies citywide. This increased to 30 cases in 2005, a total that doesn't even include thefts that fall under the category of "burglary," when a victim isn't present. (SFPD could not provide statistics on the number of laptop burglaries.)

In the past three months alone, Park Station, the police precinct that includes the Western Addition, has reported 11 strong-arm laptop robberies, a statistic that suggests this one district may exceed last year's citywide total by the end of 2006.

Some stories:

Maloney was absorbed in his work when suddenly a hooded person yanked the laptop from Maloney's hands and ran out the door. Maloney tried to grab his computer, but he stumbled across a few chairs and landed on the floor as the perpetrator dashed to a vehicle waiting a quarter block away.

[...]

Two weeks before Maloney's robbery, on a Sunday afternoon, a man had been followed out of the Starbucks on the corner of Fulton Street and Masonic Avenue and was assaulted by two suspects in broad daylight. According to the police report, the suspects dragged the victim 15 feet along the pavement, kicking him in the face before stealing his computer.

In early February a women had her laptop snatched while sitting in Ali's Café. She pursued the perpetrator out the door, only to be blindsided by a second accomplice. Ali described the assault as "a football tackle" so severe it left the victim's eyeglasses in the branches of a nearby tree. In the most recent laptop robbery, on March 16 in a café on the 900 block of Valencia Street, police say the victim was actually stabbed.

It's obvious why these thefts are occurring. Laptops are valuable, easy to steal, and easy to fence. If we want to "solve" this problem, we need to modify at least one of those characteristics. Some Internet cafes are providing locking cables for their patrons, in an attempt to make them harder to steal. But that will only mean that the muggers will follow their victims out of the cafes. Laptops will become less valuable over time, but that really isn't a good solution. The only thing left is to make them harder to fence.

This isn't an easy problem. There are a bunch of companies that make solutions that help people recover stolen laptops. There are programs that "phone home" if a laptop is stolen. There are programs that hide a serial number on the hard drive somewhere. There are non-removable tags users can affix to their computers with ID information. But until this kind of thing becomes common, the crimes will continue.

Reminds me of the problem of bicycle thefts.

Posted on March 31, 2006 at 1:06 PM • 67 Comments

Comments

greygeekMarch 31, 2006 1:31 PM

Tattoos?

Perhaps if laptop owners began applying permanent conspicuous and ideosyncratic "tattoos" on their plastic tops, they would become a little harder to fence?

I've long suspected that the conspicuous company property tag on mine might help a bit this way, though it would be way too easy to remove.

Glauber RibeiroMarch 31, 2006 1:39 PM

How about making use of the system password and/or hard-disk encryption? At least your data should be safe.

JustinMarch 31, 2006 1:49 PM

Interesting quandary--company laptops aren't such a problem for the individual, since they're easily replaced with a police report. But I suspect most laptops stolen from Starbucks are personal possessions on which the user is writing their novel or the next killer app. BIOS passwords and encrypted hard disks don't get your manuscript back.

So instead, you use a collaborative online word processor (I know of one amateur novelist who writes them as drafts in gmail), keeping your data on someone else's server where the company can shut down, be hacked, or suddenly lock you out of your free account unless you subscribe.

Pick your poison: theft by thug, or theft by dodgy startup. Which one are you willing to risk?

Alexandre Carmel-VeilleuxMarch 31, 2006 1:52 PM

I would like to see an epoxy-bonded large and conspicuous lexan film provided with the laptop. Apply one coat to the underside, stick a photo of yourself and a card with contact information, apply a second coat and stick the lexan tag with laptop serial number. Once cured, good luck removing it with anything else then a power sander.

NoCryptoMarch 31, 2006 1:53 PM

@Glauber

Having hard disk encryption won't work if the perp snatches the laptop out from under your fingers while you are logged in. Most hard disk encryption only actually "works" when the computer is fully shutdown.

Nicholas WeaverMarch 31, 2006 2:08 PM

Laptop encryption won't make a difference. Ithink the standard MO is to wipe the disk and sell it on ebay/craigslist. There was a big fence of the kind busted here in the bay area a few months back.

Also, I think from that incident it was shown how there is at least two layers: the thieves and those who recondition/sell the stolen laptops.

Also, they don't bother with the power supply. My dad had someone walk into his industrial building and steel his laptop off his desk. They didn't bother with the power supply or anything else, just grabbed the notebook and the camera.

TomMarch 31, 2006 2:09 PM

@Justin:
If only there were some way to make copies of irreplaceable files--give them backing, as it were--and store them apart from the laptop.

@NoCrypto:
I imagine most thieves would immediately shut the laptop, which should at least trigger a display lockout.

NickMarch 31, 2006 2:12 PM

Now made even easier thanks to Apple's Magsafe connector! ;)

The annoying thing about getting indelible identifying tags accepted is that they're a cost to the consumer, but little percieved benefit - an individual's laptop isn't less likely to be stolen because it has a tag, because the thief won't know that until he's already stolen it. Only with wide use does it become a practical technology.

Isn't it quite possible to make laptops harder to fence as it is by filing a police report and sending the laptop's serial number to local pawn shops, though?

MithrandirMarch 31, 2006 2:13 PM

This isn't all that new. I (almost) had something similar happen in Cleveland in 1999. I was riding the light rail to the airport, and reading The Onion on my Palm III. The train stopped, and a thug made a grab for the device. Fortunately, that model had a plastic face cover that came off easily, and the thug grabbed that, which separated from the device itself. He tossed it back into the train as the doors closed, not having any use for a worthless piece of plastic.

As for the data-loss thing, the solution is the same as always: backups. Honestly, it's stupid to keep important data only on a laptop. Laptop hard disks are extremely failure-prone.

Mike MarshMarch 31, 2006 2:15 PM

What you need is a BIOS password. If the password is entered incorrectly, the laptop sprays the user with squid ink. Identification of the thief (or his fence) by the police is then easy.

Dewey SasserMarch 31, 2006 2:16 PM

@Alexandre:

"Once cured, good luck removing it with anything else then a power sander."

My personal laptop is currently worth about $500 on eBay. The cost of a replacement case for it: $100 new, $36 on eBay.

Theft is deterred when the profit isn't worth the risk. Maybe forcing a case switch would do it. Maybe.

Grant GouldMarch 31, 2006 2:22 PM

I worried about this sort of thing ever since I started doing occasional work outdoors by a scenic pond (functionally equivalent to a mugger, as far as the laptop is concerned). So I bought a security cable from a local computer store and loop it through a belt-loop. Now the laptop can't fall far from my lap. I imagine that would inconvenience a thief as well.

Joe PattersonMarch 31, 2006 2:35 PM

"Reminds me of the problem of bicycle thefts."

I recall hearing about a european community that had an interesting solution to bicycle theft. They bought a whole lot of bicycles and left them about for public transportation. Sure you could steal them, but no one has any reason to buy them.

So one end solution would be truly ubiquitous computing. But that doesn't address the current problem.

Richard SchwartzMarch 31, 2006 2:49 PM

Dell used to sell about 50 different color cover plates and wrist rests for some of their Inspiron models. I had the very bright yellow ones. That, plus a couple of stickers that my younger daughter decided I needed affixed to the top cover made my old laptop pretty distinctive. My new one, though, is a plain black ThinkPad. Maybe my daughter will give it a paint job.

Bruce SchneierMarch 31, 2006 3:02 PM

"Theft is deterred when the profit isn't worth the risk. Maybe forcing a case switch would do it. Maybe."

Remember: You don't have to outrun the bear, you just have to outrun the people you're with.

You don't have to make your laptop unprofitable steal, you just have to make it less profitable than someone else's laptop. I would think a beat-up-looking of custom-painted or otherwise weird laptop would be less of a target. It's a good idea.

Bruce SchneierMarch 31, 2006 3:04 PM

"Having hard disk encryption won't work if the perp snatches the laptop out from under your fingers while you are logged in. Most hard disk encryption only actually 'works' when the computer is fully shutdown."

This isn't about the data. It's about the physical machine. Hard drive encryption doesn't matter, unless it renders the machine unusable. And even that won't help until enough of us use it so that the thief no longer believes he can steal a resellable product.

qyvMarch 31, 2006 3:12 PM

Easy solution: after you get your laptop set up on the table, set a 9mm down beside it. Now that's a deterrent.

Seriously, though, the solution is to take the same steps you'd take to prevent any other mugging: Sit with your back to the wall, away from the door. Pay attention to your surroundings. When you leave, put the laptop in a carry case and sling it over your head. And learn a martial art (also useful against those terrorists with the sharpened credit cards!) Better yet, leave the laptop at home with the rest of your valuables, and get the coffee to go....

Harry AltonMarch 31, 2006 3:19 PM

In the UK it is reported that the most common mugging actually occurs amongst school teenagers, usually under 16. For their latest hi-tech mobile phone. Done by other teenagers.

ArikMarch 31, 2006 3:22 PM


I have a BIOS password and a HD password. This computer would be nearly impossible to operate withoug going back to IBM for a BIOS reflash.

The only missing piece of the puzzle is a way you can submit the computer's serial number with the police report so that the laptop manufacturers would call the police if the machine shows up in a lab.

Or maybe there are gray-market companies that would reflash a laptop for you - for a fee, no questions asked...

-- Arik

John HarrisonMarch 31, 2006 3:57 PM

Here is an effective way of personalizing your laptop. I'm guessing that if you put a picture of your kids on it nobody would bother to steal it if there was another one nearby without the art.

Mary RMarch 31, 2006 4:04 PM

That is one of the reasons I thought that the idea of giving students (around here they wanted to start with 4th graders!) laptops to carry back and forth to school was ridiculous. Why give a kid a $1000 target for thieves? You'd never let a child wear a diamond necklace worth that much.

dkMarch 31, 2006 4:11 PM

@Joe Patterson

That European city has a problem with white bicycles clogging its canals!

DMarch 31, 2006 4:17 PM

These thieves aren't concerned with your data or corporate secrets. If they have the slightest bit of paranoia, they'll boot off a live CD and blank the HDD before selling the unit.

Chances are, though, they don't even care about that and are looking to sell it for a quick buck.

Sean TierneyMarch 31, 2006 4:25 PM

you're right - to solve it you need to make the theft economically unviable which is difficult because laptops are expensive and portable. the "phone home" technology you mentioned for recovering stolen laptops is effective. i ran a live field test and wrote up the results in an article for Law Office Computing and they allowed me to republish on my blog here-> http://www.scrollinondubs.com/index.cfm/2005/10/...

there's a couple companies that offer the service and the one I ended up using will guarantee each protected machine up to $1k if they can't recover it in 60 days. the real cost is the data both from a loss standpoint as well as being comprimised. mitigate those two things via a periodic automated backup along w/ running an encrypted HD and you've done the best you can short of handcuffing it to your wrist when you're in public.

sean

Pat CahalanMarch 31, 2006 4:48 PM

@ Arik

> I have a BIOS password and a HD password. This computer would be nearly
> impossible to operate without going back to IBM for a BIOS reflash.

Are you certain there isn't a CMOS jumper on the motherboard?

Ronald PottolMarch 31, 2006 5:03 PM

If everyone set their hardware passwords so that the machine would not boot with out it, thefts would stop. It used to be that you could reset them with a wire from one pin on the parrell port to another (for one example I know of), but now pretty much have to send it to the maker to have done (or so I found a few years ago trying to get a machine bought at auction going).

If you cannot boot, you cannot sell the machine, and people will stop stealing them (I doubt the parts market will be enough to keep thefts going).

Chauncy GrovesnorMarch 31, 2006 6:00 PM

Apparently, any solution would have to be implemented in hardware and couldn't have an integral override. Don't some car radios have a device in them that renders them useless if they're stolen? Is that effective? What if the user had to type a password to boot the computer? Then if he was unable to enter that password, the laptop would have to be reactivated with a device he kept at home, or the IT department kept under lock and key.

grMarch 31, 2006 6:30 PM

As an employee for a Very Large Financial Institution, corporate policy requires me to lock down my laptop at all times...

... which speaks to another potential motive for this: data theft.

My employer's default OS build for laptops also includes hard disk encryption, so that even if the laptop is stolen, the potentially sensitive data on it/access afforded it (think "steal credit card numbers") can not be. But that model falls flat on its face if it's taken out of my hands, while not screen-locked and data is stolen switching the laptop off.

Things get even more scary if I was connected to the VPN at the time. (I do backups. For many things. Including customer data.)

WheelaaahMarch 31, 2006 7:17 PM

Some things that would help reduce theft:

- Computers you truly can't use unless you're the owner. No cheap hacks around the security like working around the CMOS password, swapping out the harddrive, etc. Hard, because you don't want failure modes where the laptop becomes useless as a brick to its rightful owner.

- Computers that are physically identifiable -- engraved S/N, cases that make it evident you opened them.

Who would invest in stuff like that? Individuals can get inconspicuous backpacks, locks, or neon blue paint, and just generally be careful (outrun their fellow campers but not the bear). Maybe corporations that lose a lot to theft? Insurers who can't force their policyholders to follow good security practice, but can charge lower premiums to insure computers with certain features?

More scary ideas:

- MAC or CPUID snooping. Widely distributed programs would grab a MAC (or CPUID if there was one), then check on the Internet to see whether the computer was listed somewhere as stolen, with users able to opt out of the check. Even if you wipe the hard drive clean, if someone later installs snoopy software and the software has unimpeded access to the IDs, stolen computers would be found. Scary for privacy, but not as scary as this:

- Computers that prove their identity over the network. Like, an RSA key buried in hardware, inaccessible to software, and signed by AMD/Intel. You'd have to prove your identity to, say, buy DRMed music online, at which time the sellers would check whether your computer was stolen. Unrelated to the law-enforcement potential, the RIAA would love it, even though -- or maybe precisely because -- it sounds like something out of the Book of Revelation.

Aaron LuchkoMarch 31, 2006 7:23 PM

Why not stick a GPS unit inside the laptop that communicates via the cellphone network?

When your laptop is stolen you call special number and enter your code, a signal is then sent to the laptop to call the police and start broadcasting it's location. Within 5 minutes of having it stolen your laptop is now a flashing beacon giving its location (and well as the location of the thief) to the cops.

In addition to possibly getting you back your laptop it makes laptop thiefs extremely paranoid once they find out this can happen. I have two concerns though, one is the size and power requirements of this device though I figure they can put GPS in cellphones so the whole system can't be too bad. The bigger risk is the thiefs carrying around a GPS or cell phone jammer which kinda makes this system useless.

WheelaaahMarch 31, 2006 7:35 PM

Aaron: Excellent! Forget "software LoJak", just put in an actual bona fide LoJak!

I can imagine this being really useful for high-value equipment -- laptops with sensitive information, small-but-expensive equipment like solid-state disks or line cards, etc.

JMMMarch 31, 2006 8:56 PM

The problem with most of the given solutions is that they aren't obvious to the attacker. Sure, they don't get their money, but you don't keep your laptop. They're only useful if they become ubiquitious.
Instead, apply a sticker, hopefully made like "waranty void" stickers, that says "this laptop protected by Impressive Sounding, Inc". Put it on the /top/ of the case, where it's nice and visible. The attackers rip off the guy at the next table, who they figure will be less risk.
Alternatively, add some duct tape to your machine. The attackers will rip off one that appears to have higher value.
Trackers are nice for recovery, but it's a lot cheaper and better to be a less attractive target.

another_bruceMarch 31, 2006 9:34 PM

san francisco is the city that just voted to prohibit law-abiding citizens from owning guns.
they brought this on themselves, as far as i'm concerned.
just come up to oregon and try to snatch my laptop. i would be amused.

PainterApril 1, 2006 2:43 AM

Slap a coat of latex house paint on it.
Cover it with stickers and paint over them.
Scratch it up to give it a junked look.
If you want the mil-spec job, camo it in drab greens and tans. For the stealth look, use some flat black and stencil some numbers on it. It may look totally unfit for resale, but that's the whole point.

MartinApril 1, 2006 3:18 AM

How about combining a lock with a 120 dB alarm built-in to the laptop? Locking the laptop to a belt hoop or something similar arms the system. Unlocking with the correct key disarms it. If the laptop is forcibly removed while locked, the alarm goes off and keeps on howling until it is unlocked. (This would not prevent thieves who threaten people to unlock their laptops first though.)

PainterApril 1, 2006 3:19 AM

So, I go go to the 3rd Annual Nigerian EMail Conference. We're out at the cyberdisco partying with some geeks from Hong Kong. Then what happens? Four guys in a Toyota pickup with a machine gun mounted in bed show up as we were leaving to go back to the hotel. They just wanted our laptops. They looked at mine and said keep that one, we can't use it. Everyone laughed at my ugly laptop. I had the last laugh at the conference this year.

nbk2000April 1, 2006 3:24 AM

[quote='Bruce Schneier']
This isn't about the data.
[/quote]

Maybe it is.

San Francisco is a very technology oriented city, with a lot of .com's competing in a highly profitable and cut-throat field.

Could someone steal a competetiors laptops from their CIO when he stops at Starbucks for lunch? Grab it while they're using it and you've bypassed all the disk-encryption and BIOS passwords in the world. Also avoids tedious hacking of their network.

Plug in an external USB hard drive and copy all files over for later analysis, ditching the laptop in the bay.

Sure, most of them are just criminals stealing high-value items for quick cash gain, but there could be alternate reasons for a few.

KieranApril 1, 2006 3:36 AM

I would have thought the easiest and most sure-fire way to disable a stolen laptop permenantly would be to include in the hardware a pager that would kill the machine after receiving a kill-code. If the laptop is stolen, the manufacturer starts paging it's kill code every hour for a day, every day for a month, every week for a year.

Plus, hey, yu've got a pager on your laptop. Maybe that's good for something.

It's worth also thinking of some way of restoring a recovered laptop to life that couldn't b ued to circumvent the original protection.

HaraldApril 1, 2006 9:51 AM

"Reminds me of the problem of bicycle thefts."

That's depressing, because the solution to bicycle thefts has been that everyone accepts that they're going to have to replace their bike every 1-2 years.

I don't want to accept that I'm going to have my laptop stolen every 1-2 years!

TimApril 1, 2006 10:52 AM

I have seen a product that attaches to luggage or a briefcase, with another piece that you carry. Then, when you get a certain distance from the bag, the device you are carrying sounds an alarm.

What if the alarm-sounding piece is loud and attached to your laptop, and the other piece is in your pocket? Now, when some thug steals your laptop, it starts making a God-awful noise when they get about 20 feet away from you. Should make for a fun get-away in a small car...especially if you can get the alarm to be about 120 db...

Content is KingApril 1, 2006 10:58 AM

"This isn't about the data. It's about the physical machine. Hard drive encryption doesn't matter, unless it renders the machine unusable."

Encrypting the data might not prevent the theft, but to me, it is all about the data. Keeping the bad guys out of my data, and having a backup of it so I retain it, is more important than the replacement cost of the hardware.

Still, your point is well taken, and I'll be shopping for a bumper sticker this afternoon.

dreApril 1, 2006 2:12 PM

if you don't want your laptop (or bicycle, car, firearm, cell phone, purse, wallet, or any other personal item) stolen: do two things.

1) don't make yourself a target. up the hill in pacific heights or in the marina, you're a little safer than western addition. don't flash your laptop or other high priced item in public. put your laptop in a shitty cheap backpack instead of a fancy leather laptop case. i used to carry around two phones... a high priced one that i could flash around in the marina... and a cheap custom covered throwaway phone for use in the mission. now i just use my pdaphone and rarely flash it. it's insured against theft for $5 per month. my very expensive laptop is left at home or in the car, where rent or car insurance cover theft costs.

2) pursue robbers. work hard to find or stress the importance of your lost device. if you are a witness to a robbery, observe things in detail. provide a report to law enforcement. help out if you can, safety permitting. note that a firearm does not make you safer, 90% of robberies where the victim has a firearm - the assaliant ends up neither hurt nor dead - but instead ends up stealing the victim's firearm right out of his/her hands. many firearms are stolen from homes and cars. but yet people don't report these thefts (like bicycles). even when they do report them, they don't have permits or records of purchase. law enforcement needs many details to properly track down criminals who commit burglary or robbery. even if they can't find your stolen property, they have the data. that data can aid in crime prevention. it can later put your assaliant behind bars, or into a program to aid in kleptomania, or other mental health and life issues. over 80% of all crimes are comitted under the influence of drugs or alcohol. many are addicts and steal to get money to buy drugs. education of safe and kind drug use, and not abuse, will also aid in prevention of these and other types of crime.

supachupaApril 2, 2006 7:13 AM

Laptops are disposable. Just make sure you're insured and who cares if someone steals it: assuming you're both encrypting your hard drive and backing up, you won't lose much and they won't gain much... in fact, you'll be able to get a free upgrade after you get your insurance claim.
These are just the car stereos of this decade.

qwertyApril 2, 2006 6:03 PM

Why not paint it green, add a plastic fake hand crank and maybe a name brand logo sticker or two removed from a well known toy product and a custom small sticker on the back which says something like: approximate retail value: $39.99.

Even better: Why not convince government(s) to sell the $100 laptop in the future to people?

Also: people should try using Linux LiveCDs more often when on the go.

Filias CupioApril 2, 2006 6:32 PM

another_bruce and dre:

Could we please not turn this into a gun control debate?

Everyone else: please restrain yourselves from countering either another_bruce or dre's arguments.

Richard BraakmanApril 3, 2006 3:55 AM

The problem with all the solutions that make the laptop less resellable is that they make the laptop less resellable. This decreases its value to the owner as well as to any potential thief. So it becomes a question of weighing the potential loss to theft against the sure loss of the laptop's resale value.

MozApril 3, 2006 5:05 AM

As with bikes, the only solution that works is the trashmo one - have a shitty looking bike to lock up when you are in town, and only ride the good ones when you're not going to be leaving them unattended for long. A similar and nearly as good solution is to ride something odd and hard to sell, but that doesn't always work (I've had a blatantly unique bike stolen and never seen again).

The "security label" solution can work, but it's not very reliable. Few people bother to check that the laptop hasn't been reported stolen even if the serial number is intact (I have severely embarassed one retailer this way). The idea that they'll ring a number on the laptop at their own expense in order to find out if they're about to offer a criminal cash just seems ... unlikely. Even if it works, you will find out that the plod have your laptop and it's now owned by your insurer. Useful.

ATNApril 3, 2006 5:56 AM

Just a small note for the people who are encrypting their IDE hard disk by the standard IDE password/encryption method.
NOT speaking here of people encrypting partitions - that is another problem.
You should check that your IDE disks are frozen (by the IDE freeze disk command) after you have left the BIOS and started your operating system. It seems obvious, but some BIOS forget to freeze the IDE disks password, so anybody stealing your laptop when it is powered on, can just put a new password, or disable the password subsystem, before powering off (these commands does not need to have the old password - just the disk unlocked).

If you do not know what I am talking about, either read the IDE specs, or forget about this comment.

PerfDaveApril 3, 2006 6:24 AM

I'm sure I've read about proximity locks, using Bluetooth or similar. If my laptop shut itself down when it moved out of range of my person (or at least something on my person such as a keyfob), I'd be pretty happy (from the perspective of BIOS passwords or disk encryption). If it also triggered a very loud alarm, I'd be even happier.

Garick HamlinApril 3, 2006 8:30 AM

In regaurds to proximity locks...

There is a modified blackberry platform that is a bluetooth smartcard reader tha one can wear around his neck on lanard like a normal ID badge.

This can function like a proximity lock from what I understand...

Garick

Ian RingroseApril 3, 2006 8:57 AM

The problem is how to stop people buying stolen lap tops.

What if every CPU had a serial number that could not be change, and every month Microsoft included a check for stolen laptops as part of windows update, so that just stop working if you installed the windows update.

What it worked if only 20% of CPUs had this serial number?

What if 5% of laptops had built in tracking devices and you could not tell from the outside of the laptop if it had a tracking device?

What if Dell made having a tracking device fitted to a laptop a “no cost��? option, so that people that did not mind being tracked could have one? Would the fat that no one wanted to steal Dell laptops put up the price that EVERONE was willing to pay for a Del laptop enough to cover the cost?

How match as a lap top owner are you willing to pay me, to have a tracking device in my lap top, so as to make it more risk for someone to steal your laptop (they don’t know if it has a tracking device after all)

PaeniteoApril 3, 2006 10:14 AM

@Ian Ringrose:
The Pentium III in fact *had* a serial number, readable by software - it was/is usually disabled for privacy concerns.
I have no idea about the more recent CPUs, though TPM will have similar (and vastly expanded) capabilities to identify the PC again.

ramonApril 3, 2006 10:35 AM

A few weeks ago I was typing on my notebook (has a sleek aluminium case) in the train, on a seat near the doors. Train stopped, a young man came in through the door and tried to grab it off my lap.

I somehow felt alarmed a split second before, so I held it firmly and we both pulled at it until someone else from behind pulled my arms off, so the thief could run outside with it. I followed him, grabbed his jacket, we both fell and the struggle continued on the platform.

Finally three men ran away, but they dropped my 'book on the floor. It is still completely functional (I guess the motion sensor switched the harddisk to a safe state), but the case is heavily scratched. I left it so as it looks less attracting.

Nobody had helped me, the numerous surveillance cameras had not captured anything, and the police never found the guys.

I use AES homedir-encryption, the screenlock kicks in after two minutes, and I regularly backup my data with rsync to a server. But still I feel lucky that I don't need to buy and configure a new notebook.

I now use USB pendrives to make backups on the way too. I thought about locking the 'book to my belt or the seat, but that is probably too inconvenient in practice, and I am not sure if it might provoke even more violence.

I wish there was an option that the motion sensor trigger the screenlock. Maybe one could build alarms and other countermeasures on that.

JapanmanApril 3, 2006 4:34 PM

laptop tags don't work. The only way to get your laptop back is to use a laptop tracking device like lojack for laptops. (www.lojackforlaptops.com) Even the whole epoxy thing explained above, while interesting is not really going to help you. If your laptop gets stolen the tracking software can be used to find the machine and bust the crook. A friend of mine bought it for her son when he went to school and lucky for him cause when the notebook got stolen from his dorm it was the only thing that got it back for him.

Brent WilsonApril 3, 2006 5:14 PM

It is obviously because San Fransisco Banned Handguns completely. Even before then you probably couldn't carry them legally. Also all the other crazy laws in california that make it impossible to defend yourself.

I mean a criminal can be almost 100% sure that the person he grabs the laptop from won't be armed and won't fight back most likely.

The criminal doesn't care about the law and might carry a gun anyway. Then he knows he can jack a laptop from a lawabiding citizen with no risk to his life.

AnonymousApril 3, 2006 5:16 PM

yeah and the lojak thing isn't going to work unless it's just some junkie wanting a free laptop to use them selves.

Most likely they will just replace the whole hard drive or format it before using it on the internet or even turning it on.

Sometime's they just sell them in bulk to people who refurbish or resell on liquidation sites with a formatted or new hard drive.

devil himselfApril 3, 2006 10:23 PM

... or solution 4:

People stop believing that in a world of vast inequity we have a God-given right to flaunce about the world being spoonfed while farmers starve.

You don't even have to leave your cosy world of Capitalism to take part. In fact, what you need is to buy in further.

Insure your laptop.

Encrypt your data.

Backup your data.

Learn how to take a fall, how to protect yourself, and how to let go of something when that is the less risky option and you have prepared for just this situation.

File an insurance claim.

Sorry, but idiocy begets idiocy. You people need to realise that you are sharing the same world as this: http://www.tomdispatch.com/index.mhtml?pid=68077

satan

John HarrisonApril 7, 2006 11:08 PM

This seems applicable:
http://ialertu.com/

Saw it on /. today. Other computers have the motion sensor but I've only seen it used for little hacks like this on the Mac.

dogOctober 25, 2006 9:03 AM

this company

www.cats-eye.net

have fitted GPS into laptops in the UK and worked with the Police in sting ops. Apparently, the laptop is still fully functional and the GPS either runs off the laptop battery or its own rechargeable.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..