AROUND THE WORLD IN 80 GIGS: WHAT REALLY HAPPENS WHEN A DEVICE IS STOLEN?

[Music] my name's Richard I'm with absolute software how many people know absolutely quite a few awesome if I said LoJack for laptops or coffee trace ring a bell that's absolutely along many other things so before we get started happy pi day hope everybody has pi today I got an argument with my fiancee this morning about the fact that I do not believe chicken pot pie counts hi they serve further closer better ok so before we get started some disclaimers this broadcast property policy I always wanted to say that but seriously the pains and stress during this discussion do not necessarily reflect that of mine flare so please don't fire me okay thank you and then I have some trigger

warnings in all cases where required PII has been redacted even for the guilty try not to maintain some case files I'm going to discuss do contain references to drugs pornography prostitution and child pornography so if that's sensitive to you I would suggest maybe you remove yourself or just plug your ears just when I buddy get upset I'll try to keep 30 minutes but I have 53 slides and I highly doubt I'm going to keep it to 30 minutes because I'd like to give had a bunch of slag here I did ask for permission before we started if I could give away some slag so they said it was okay just stuff I have left over from

RSA so I'm happy to give it out I know it's the one o'clock talks a lot of people might fall asleep after lunch I know I do so I'll just whip these little squids out yeah no big deal okay so what am I going to talk about today what's the problem with stolen devices stolen devices continues to be a huge problem for enterprises today we don't think it is I mean the commoditization of devices to make things incredibly cheap but there's a lot of data on those devices and I'll talk about that in a minute I'm going to share some case style files with you guys about how devices are typically stolen and at least those are

reported to our investigations team what are the implications to you and your company when a device is stolen were the people behind our investigations team what do we typically do during an investigation and then I'll share seven case seven or eight case studies and I'm going to read the case files I've slightly added them so I'm just going to read from these so I want to get to those because some of them are pretty involved in depth and some are pretty remarkable some of the ways these devices get used after the stolen and I'll briefly touch on the difficulties in dealing with law enforcement when it comes to dealing with stolen devices hopefully we'll time for QA and hope

they have time to whip some t-shirts I couldn't find a t-shirt can on short notice so I'll just have to deal with my crappy throw in there so thefts of laptops mobile devices happen every single day in the enterprise it's obvious that you know my first laptop was five six thousand dollars I mean how many people remember when laptops were that expensive right they were pretty pricey devices and and I think it was drilled home to us then and 15 years ago that if you lost that laptop it was your butt Brett by the way someone asked me but that is not dick bud start but anyways but today laptops being effectively worthless as far as the value the

hardware people don't really care that much about the value the device anymore it you know throw it in their bag leave it in their car how many people leave laptops in their car be honest did I do it and I shouldn't do it I know better the users don't really care there's no real intrinsic value in the hardware and then because laptops and mobile devices have become such a commodity law enforcement does care about really finding stolen devices in stolen devices are everywhere they end up on on shops they end up in Craigslist and I put the Craigslist picture up they're just getting stuff hooded hacker doing criminal enterprise on Craigslist but um I can tell you that my laptop

that's stolen once from the office and it's a 17 phone calls to get the RCPD come in and take a look in the only reason they did is because I made it clear there was some pretty sensitive data on that needed some additional investigation and they came but for most people they don't care but you take a look on Craigslist I found that device on Craigslist six months later because I had a special search for two had a special hardware configuration I had ripped out the DVD Drive and put a second hard drive in it so not many of those show up for sale on Craigslist so when you want to came up - quickly happens when the laptop stolen

well typically you know piece try and just make quick buck snatch and grab you know they want to sell it quickly for pennies on the dollar and Craigslist or pawn it off of the local pawn shop so that doesn't happen as much as it used to but then again doesn't always happen that way and that's what we're going to get to power device is typically stolen so for us in our investigations team number one by a mile is people leaving it in their cars and someone's seeing it and then either stealing the car or stealing without breaking in and stealing the laptop people do watch you take your laptop bag out of your car and

put it in the trunk and then you walk away listen let me take much effort to break into a car probar some elbow grease so you can be in a couple seconds these guys can break into cars as fast as you can snap your finger and then be gone snatching grab still happens I can tell you of a time I was the BPL downtown here sitting there just doing some studying and I watched from the other side of the room as if you'd snatched a laptop off the table and made a bowl for it and down the stairs and how and I think the security guard clothesline them at the door but the fact that it

happens and then internal theft continues to be a massive issue especially in schools and hospitals and wine schools and hospitals as opposed to the enterprise certainly internal theft does happen in enterprise but in schools and hospitals is a there's a very large disparity in the types of employees that you have including the income levels of those people and a lot of people find it for me talking to investigations team and some post-mortem recovery a lot of these people feel slighted by the fact that it's people they work with and make a lot more money than them and they feel kind of now bitter and though often steal devices for that reason I mean I'll talk about a case where someone

just felt like they were entitled to device after they retired - they stole what are the implications of a device being stolen well storage is almost free these days it's as cheap as it's ever been I remember when I was in high school the first one gigabyte hard drive key it was a long time ago but I mean it was $1,000 back and it was a lot of money and I remember saying how could you ever fill up a gigabyte worth of data I think I have like it's in I have like a 12 terabyte array at home stores all my 4k media so but storage has become so cheap these days that we literally store everything on

our devices personal and professional how many people have personal information or photos on their work laptop be honest a lot of people and I have a feeling that a lot of people aren't putting their hands up because they'd only get in trouble that's okay I do you know the the abundance of free and cheap cloud storage means devices and data is going to sync across your personal device to professional device that happens all the time think about the Sony hack all the days that was stolen excellent rated from a Sony hack how much embarrassing emails and compromising information was found in that attack so if you don't have precautions on your device to make sure

that the information I if heaven forbid it was stolen by someone who knew enough to get into it and Culver looking for compromising information would you be able to protect the information on the devices that were stolen and then mandatory breach notification seat on the u.s. like virtually every state and us has a unique breach notification law it's insane I mean so you have to know every law in every state see basically what you do is you find the one that has the most a native and difficult data breach notification law and that's the one you follow but in Canada this year I mean there's Nooh breach notification rules and Security's administration just published this this was on the CBC

yesterday or the day before I remember but this is coming I mean when a laptop is stolen if you can't prove or verify but the data on that machine has been sufficiently protected through full disk encryption and other technologies and you're probably going to trigger a breach notification so you better make sure you have now I thought this tweet last month and I saved it just because I thought it was interesting and I don't know if I'd necessarily think it's biggest problem and I think today but it certainly is more important than people realize Asset Management is info sex most serious technical problem and second place isn't even close now if you think philosophically why that's the case it's

probably because if you don't have a good handle on the devices themselves you can't protect them if you have ten thousand devices in your infrastructure and you don't know that a thousand of them you have no idea the security posture of those devices but people agree that ite asset management is still an interesting problem to be dealt with in the enterprise ok I see a few notes you get a t-shirt so on the top of our investigations team Bob the dog here is not on our investigations team it just what I saw but we have 50 people with an average of 20 years of experience each their ex-fbi ex-military DHS police government employees and a lot of these

employees we bring in they're retired they want something new to do and they have these these in-depth tight networks of connections and law enforcement makes investigating some of these stolen devices a little easier I'll go into that a little bit but we also have some correct forensic professionals health care professionals especially when it comes to electronic pH I private health information and then we have some privacy experts as well so how does an investigation work well if you're familiar with confit race you know computation is a release in Windows it's a biased level agent that that's implanted in the BIOS from the factory is collaborative effort with a lot of OEM manufacturers that allows you to

track a stolen device when it's reported so if a device is stolen and you purchase the product the agent will call and say am i stolen why not stolen and if we have a flag in our system saying the device is in stolen it will wake up and it will call home and we'll start monitoring the device we'll be able to monitor information like local IPE routable IP the MAC address of the device if it's a mobile device we'll be able to report the phone number that's reporting in the ESN of the device all the basic hardware info and and basic hardware info is important only because it allows us to determine if the thief has changing the hardware

out and that happens a lot the stolen device they'll swap out the hard drive and put in a new hard drive and reinstall windows and think that's enough of course because the agent exists in the BIOS we can then re put the agent back in the windows and continue to monitor the device we'll be able to determine what versions of Windows are running what applications are running on the device this just as allows to collect as much information it's possible to provide it to law enforcement and then if if we make a connection to the device and we are unable to determine where the devices are who's stolen it we can deploy a forensic tool kits as the

device that allows now if you keystroke monitoring screen captures and you'll see why that's important in a couple of slides so our investigations team because they are typically will have a lot of experience dealing with and being law enforcement officers they will start to create a dossier of information and that dossier will include all this information we've already collected they'll modern the device for well and try and determine who the person is who has the device and and that's largely because law enforcement is often overworked and under utilized or under resourced they don't have the time to do all the detective work so if we can provide them a full file of all this information and just give them a file

right and say what really believe this is the person this is where they live this is their email address this is what they've done on the device police are much more likely to help you because you've done most of the work already with that information it usually allows law enforcement enough information to be able to get a subpoena from the ISP for subscriber information so whether mobile or home internet connection that allows us to verify exactly where that device is because will often get I seen IP information it'll be like a block it could be a street block that belongs to this IP block but we won't know exactly which one it belongs to until we could

subpoena that data but what happens if the device never comes online again well we're not magicians were effectively hosed right usually what happens in cases like this is people just don't feel right about it or or they think that maybe someone's paying attention to what they're doing or they're just little skittish stop and just toss it in the garbage and since you've ever seen from again um what happens is the hard drives a place like I said we have the ability to put the agent back on the device what else can we do so we have other technologies that we call device threes or basically that's a last resort for us because what it does is basically

effectively locks the device at the BIOS level puts up a screen and says this device has been reported stolen it is a property this company please call us at one eight hundred but once that happens the device will never be able to connect to the internet again until it's unlocked and we won't be able to do any continued any continuous monitoring after that remote data wipe in some cases that's important where the company doesn't really care about getting the device back we just want to know for sure that the data on the device has been deleted we can remotely encrypt the device on the data to protect it from being seen by anybody else going forward we can

also use forensic especially in health care to determine what data's been touched by the person who has the laptop did they view all this information we can probably tell them what's happening okay it made to the case that he's good because these are the important ones so I'm going to read from these so I apologize that I'm reading a bunch of stuff but I want to make sure I get all the details so case study one is a government official this was this laptop was stolen from the office of the New York City commissioner's personal desk while he was away on vacation I won't disclose the agency here for obvious reasons although if you were do some

googling you could probably figure it out yourself there was an investigation already being conducted by the city of New York's Department investigation which are staffed with New York City detectives and they were initially unaware that Compu trace was installed on the device the laptop began connecting after the theft three months after it was stolen soon after we then started collecting forensic intelligence the investigator we inside was able to identify a female user in Brooklyn and pass this thing full along to the detectives the investigator provided info to the detectives that included some addresses seeing screen captures here and here because these people mostly so stup they will literally put their home address in their full name and then this

one's even better I'll get to this one in a second the suspect was also seen logging into a city of New York payroll site implying the suspect with a current or former city employee you stole your boss's laptop and then you used it to login for your payroll okay one of the detectives informed us that the suspect was previously interviewed in conjunction with the theft and denied any knowledge of the laptop or how it ended stolen the suspect was identified as the commissioners executive assistant and was set to retire a search warrant was obtained and delayed due to unforeseen circumstances the laptop and stopped all connections to the Internet police then surveil the suspects residence and

determine the suspect went away on vacation two weeks later another search warrant was obtained and executed the woman was positively identified as the commissioners Executive Assistant arrested and charged with grand larceny criminal possession of stolen property and they considered charging her computer tampering charges because we had screenshots showing her reading her boss's personal and professional emails while she had the device she pled guilty I don't know if she lost her retirement or not but how stupid can you be you're that close to retiring just decide the speed of your boss's MacBook or 500 bucks worth it probably not this one's kind of interesting because we still don't really know what happened a laptop was reported reported missing from a

school and reported to us the same day the file was then assigned to one of our investigators in a pack because post SEP connections showed it was now connecting in Vietnam it took a few months before succession sufficient Intel was collected on the person using the device and then we deployed device freeze within a couple days the person sent an email and informed us that the laptop was assigned to him by his company which was a major manufacturing come his IT department had been before informed and as well as the laptop manufacturer the computer vendors Account Manager from Australia was initially uncooperative due to lack of awareness of our product and it required the intervention of our

alliance manager with that specific device manufacturer to smooth out the kinks from the exchange with the manufacturer we then identified another laptop that was reported missing from the same school district that was also in session of the same manufacturing company so two laptops went missing we don't know where they went they were sold to another company a legitimate manufacturer I won't name names obviously both laptops were apparently among a batch of a supposedly brand-new or refurbished laptops purchased by the company the vendor then agreed to provide new laptops to the company and the company agreed to send the laptops back to us after we guaranteed the device would be properly deleted we were never able to get a

definitive answer as to how they end up resold by the vendor but it's just spected that the laptops were sent back for warranty repair or return and the vendor resold crazy let's Anthrop okay the district attorney's office of a county in Texas reported several laptops stolen to their local sheriff's office and the devices began connecting online about two weeks later notes in the case file indicated to contact an employee of the DA's office the employee advised us that a former employer of that IT department was suspected of taking the laptops but they didn't really have any proof one laptop made a few connections and then it went quiet the laptop then became active very briefly four months

later and we were able to determine then as a laptop's hard drive had been swapped out less was reinstalled contact was made with the assigned detective to brief him on these updates and he asked about the other laptop that was stolen if we had any information on we didn't know there was another laptop stolen because it hadn't been reported to us yet a lookup revealed that this computer was not reported stolen to us yet and a check of our systems revealed that that computer was calling in from the exact same IP address as the one we were monitoring but here's where it gets interesting the DA's office couldn't find any record of the second devices

serial number in their their absolute tracking system because we provide obviously a portal for people to track all their assets it didn't exist in their system but they bought it so what happened we then checked our systems again and learn that the device was in the customers console of the suspects new employer so what the suspect did was deactivated it from our system and then reactivated it under a new employer which was another state agency in Texas he stole the laptop turned off think that he had access to do so but then turned it back on on another company okay after numerous phone calls and emails of law enforcement it was determined that moving this computer to the correct

account back to the DA's office would tip our hand so it was determined that since both were calling from the same IP address the original computer would be the continued target of the investigation we would just ignore the second device right now we then supplied connection laws to law enforcement order to subpoena t ISP the information from the ISP came back rather quickly and it showed the address of the suspect was the same address as the ex-employee of the DA's office both computers continued to connect from the same ip address when the detective arrived the suspects initial story was at both devices were given to him as a parting gift I want to work for this DA's office

because if your parting gift is to free laptops anybody ever got a free laptop and they're employed after they quit that wasn't part of maybe your termination package or your resignation package of course not suspect arrived at the sheriff's office and turned over three devices that belong to the DA's office another device that wasn't reported stolen the person gave a confession to the detective charges are pending okay so now we get to the really difficult stuff and this stuff is really hard to talk about but it's important that people know that sometimes these devices get used in this way so in December a vehicle was stolen and in that vehicle was a laptop along to a

state agency in California it was also stolen it came online two weeks later we deployed forensic tools to the device and we determined that that there were some suspicious images being justly inferred a Child Exploitation they weren't exactly child pornography but we continue to watch the suspect and things got worse and he continued to view more and more awful images and we then detected our Boston spot detective was notified and involved another detective in their Sex Crimes Division a report was prepared and sent to the National Center for Missing and Exploited Children along with a hundred plus images and once we got those images we don't record anymore images because we don't need to anymore we'll just

keystroke log and watch for connection logs we don't want to subject our employees to this any more than anybody else right the detective from the DOJ Internet crimes against children Task Force then took over the case she sent warrants to the ISP for subscriber records the information returned from the ISP confirmed the suspect and the address that we already had a search warrant was executed on the residence but no one answered the door the door was then kicked in and taken completely off the hinges the suspect was found inside along with what they said was tons of computers and thumb drives everything was seized the stolen computer was also there the suspect was uncooperative until we showed him pictures of himself

I mean how that changes there is everything it was initially arrested for receiving stolen property because then they can arrest and while they work out the other charges the investigation can use in the detective predicts many child pornography charges will be forthcoming so this is what they they seized from this guy three CDs full of child porn lots of memory sticks two desktops 11 stolen laptops so not only this guy like a kiddie porn freak but he's like kleptomaniac do anyways it just boggles my mind this stuff happens so I've redacted a lot of stuff on this screen capture this is some of our key caps just because some of the stuff is really vile and I don't think anybody needs to

be subjected to it but this is what the guy was doing on this laptop if you think that some devices are being stolen out of your your environments aren't being used for awful things they probably are

this one is interesting because the sky was even more stupid a laptop computer protected and managed by absolute was reported stolen from a California School District the computer did not connect to the internet for another five months when the user in the location of the computer was identified and we deployed our forensic tools in the information gathered identified that the unauthorized user was an employee of the school district an investigative summary report was generated and submitted some local law enforce further investigation by the assigned detective then confirmed that the user was an employee of the school district confirming our findings a few weeks later that the assigned detective acted on the information given to them and attended the IP address of

the suspect when the employee was confronted by the detective and asked about stole a laptop he then gave it a detective a different stolen laptop okay he just thought this was why would you just admit any madam it turned out that that computer was initially produced by the employee was a different laptop that was stolen that had not yet been reported as such upon further investigation in questioning by the detective the employee retrieved the originally sought laptop from a nearby garbage can with a suspect that recently disposed of further investigation by the detective revealed the employee was in possession of six total items belonging to the School District the detective recovered two MacBooks two projectors

one Dell laptop one iPad that had not been reported stolen either following the recovery the hard drives of the recovered computers were examined with forensic software by the school district the des Germans of how the devices were used acted with that it was discovered the computers contained pornographic images requiring further investigation by local Internet crimes against children Task Force that of Education is proceeding but the employee has been suspended pending termination so here's how we identified this guy he was using the stolen laptop to buy things on PayPal on eBay put a shipping address in there his real phone number he was posting on Facebook he was reading his Yahoo email and the worst part about this guy was he was a teacher

school it's awful stuff okay drugs is a little more cheery than job how much this computer was stolen from a theft from an automobile again stop leaving cars in your laptop stop leaving cards your laptop I guess I need another drink

it appeared online a couple weeks later forensic tools showed several names addresses and identifications and it soon became obvious that this was a fraud and a stolen identity case our investigator that was assigned had a very good idea of the possible identity of the suspect they want him to collect as much information as possible to the local police so that police could determine the actual identity of the suspect from multiple names and addresses if this person was entering online and it turned out the suspect was well known to police it was already the subject of an investigation by multiple police departments and government agencies the information we provided resulted in more investigation and culminated in a high-risk SWAT team

warrant takedown the computer was recovered and as a result of this recovery four people were arrested and charged with possession stolen property possession of heroin for the purpose of trafficking possession of firearms by convicted felons identity theft and fraud they seized hundreds of checks hundreds of fake IDs ten grand worth of heroin and four guns so this person was committing identity theft logging into turbo tax filing fake tax returns manufacturing fake IDs on the computer of course changing their address on the US Postal Service to their new address I swear I could write a book for criminals and how to not be stupid why would you ever do this like if you're going to steal laptops um if

there's any criminals watching online listen just pawn the stuff up where take the cash go buy a legit laptop and then use that it's not rocket science okay pimpin ain't easy this one's a quick one but it's kind of interesting in that residential beany happen I thought you had a case office when because it's rather fresh but the local police department had no interest in investigating the work just for tax they just didn't care our investigator then used his contacts in the local state police to get things rolling which did happen we then were able to deploy forensic tables where we some screen captures and key captures and found out to this person with operating aver rather large prostitution

ring on Craigslist using the stolen laptop okay for you but the state police asked us not to continue to investigate they had enough information for us and they are currently working on a sting operation to be able to arrest this person turns out that this laptop was not soldier being stolen by the person's spouse at their place of business and gave it to their spouse to use for this prostitution okay my last one right now is the Nigerian prince this one's kind of interesting just because there's some really cool screen captures we were able to keep a hold up here this laptop was stolen at the airport in Atlanta in 2015 not too long later pops up in Nigeria

turns out it's being used by someone in a massive international identity fraud and spearfishing ring and I got some cool screenshots here that will talk about that they were targeting the CEO see hello CFOs of some major major large international companies we then handed our be tossing after the Secret Service and Airport they are now taken care of it but you can see here that this person and I know it's hard to see if rejecters aren't the greatest but this person would create a rather large tax file over here you can see they've managed to capture all this information from this person they already know how much credit they have on their credit card their

name their address their phone number all this information they end up and I got a screenshot that will show it end up going into this person's online banking account and requesting and credit increased change of address shipping their card somewhere else so they can start using it another one here this is part of their targeted spearfishing campaign so this is their dossier they keep of all their targets so they'll identify a bunch of targets including their position in their rank and how they can get a hold of them and they'll they'll use their email systems to be able to send out these spear phishing attacks and a lot of these were used for you know money

transfer scans hard to see but again same thing this is another batch file of targeted people they were going to send spear target spearfishing messages to just another picture of dossey's they were keeping hold of and then here they are on this person's account looking at their credit card balance and then changing the account balances a committee even more fraud so that's all I have for case studies but let's talk a little bit about dealing with law enforcement so like I said law enforcement really doesn't have the time and resources to deal with stolen devices we just and to them it's just a five hundred dollar laptop in Canada at Steph hundred five thousand dollars it's not really a big deal they

got more important things to do so what are you going to do I mean you have to persist could you put a monetary value on the data on your laptop what would be if you had to put a dollar value on your laptop line forget the hardware you probably have sensitive financial information in some cases you might have intellectual property you can have source code all the stuff's worth a lot of money so if you can frame a discussion with law enforcement making them understand its value the laptop goes far beyond the value of the hardware they may be a little more willing to understand but one thing I'll have to say is you know if you don't

have a relationship with local law enforcement already when if you're the IT asset management people you probably should start because if you build a relationship with them before something bad happens they're more likely to listen to you if you just call them out of blue say hey my laptop is stolen I don't care it's just another laptop they'll say go down to the Downtown Eastside and go see if you can find it at the market that's probably where it's going to end up or check Craigslist and let us know if you find something but hey don't go and get it yourself because that's dangerous let's be pragmatic here right so make sure you discuss the value

of data on the laptop of the potential implications of that data getting out in the open um so what are your options encrypt your devices encrypt your devices encrypt your devices that's the single piece of advice that I can give you guys take home it's full disk encryption of your devices ok share their ways around some of that stuff listen to the average Steve I'm not going to get around like a full disk encryption it's just not technically savvy obviously MDM and icam tools can help we have a good one but educate your users make them part of the solution there's a really cool kind of concept out there now they call people centered security which kind of flips the

security model around it's people more involved instead of just the technology if you educate your users and say look you're carrying around a lot of very sensitive potentially embarrassing or you know damaging information to our company forwarding them out there especially to our competitors they may treat the laptop a little a little more care last spot leaving laptops in your cars okay I promise I'll stop doing it well it's 40 minutes to add 45 for questions so I'm going to wrap it up how many people remember the wrap it up box wrap it up okay so here's my contact information I love 3-channel LinkedIn so don't hesitate to reach out to me on LinkedIn and now I got time for Q&A in slag so I

got a ton of swag so just come up and help yourself if you want something I shot glasses I got t-shirts they're all one size so don't get upset don't have your size it's just what I had and I got tons of these little laptops grease these charging squid things I'm not going to throw these because they have like pointy ends and I'm not responsible for someone's eye getting both questions or just stretching are you actually going to stop putting your laptop in your car probably not well it's hard right because I have this bag right it's got my laptop and it's heavy you know I got a rental car and I'm going somewhere else I don't want to drag it around the

mall wherever but listen I should know better so it's again it's like anything else you have to just teach yourself new habits yes so when laptop would be stolen and it would be yes reported stolen would they immediately start doing the forensic investigation on every single stolen laptop and then try and figure out what was wrong so like I imagined sandy Bachman in stolen is every single one case investigated forensically to try and find something like you know heroin drug rings or whatever like no so so a lot of these cases are usually rather easy to determine where they ended up but I mean it's only like very very small fraction end up in these in

depth deep investigations where we found more things than either we need to be concerned about or we need to like get like serious law enforcement involved beyond like the local police department the vast majority of these cases just simple theft cases and then we can just track it down to specific IP blocking and usually pretty quickly we can determine what happened not very helpful deploying the forensic tools there's a lot of pops this far down the chain of steps that will take so no it doesn't happen very on you mentioned the BIOS works with Windows to install your toolkit how well does it handle well OSX do you guys have copy trace for that or

Linux and other operating systems on the vales so we do have product for the Mac and hopefully we have a product for Linux but obviously because Apple is very very like tight when it comes to access to the EFI that we can come post post okay we don't have an EFI level piece for the Mac but we do have an agent that deploys on the Mac itself it's rather stealthy obviously cell phones we have some and iPads we also have another tracking tool as well but Linux it doesn't really matter because it's a blast level agent right so if it's a Linux laptop if you put Linux on it the agent still exists in the blast

we just have to check and make sure it send me a note I'll find it if we have a Linux each

manufacturers well so we've been doing this like 20 plus years right the way it works with the OEMs is they just allow us to with this lightweight agent into the blast that allows us to then add more functionality to it as it's required I mean bias space is very limited right so you're not going to be able to deploy a full forensic tool kit inside the blast and then really don't need to most as I was wondering how do you deal with cases when a laptop is unknowingly purchased viable abiding citizen and when you started doing your investigation and you start looking at personal details of somebody who's done nothing wrong how do you deal with legal

and privacy implications of that well they have done something wrong though they purchased a stolen laptop I mean okay they didn't understand that's what they were doing but what happens then usually is our investigations team will contact that person either by deploying a device freeze with an 800 number and when someone who unknowingly purchases stolen device is walked out of the blast and says this device has been reported stolen belongs to this company you need to call us this number they're calling right away because they think it's a mistake or something's wrong so in most cases they're they're pretty cooperative as far as getting the laptop back I mean everybody does something by accident they didn't mean to purchase that they

thought it was legitimate but at the end of the day it's still a stolen device it still belongs to the person that was stolen from so I mean we can't really do anything like get them a new laptop or something that ends up being them working with police to try and determine who they bought it from where they got it from and then trying to recover their losses some other way yes so how do you can you not just reload the BIOS like I said like I mean there are hacks to do that so except for the agent is provided as part of the BIOS so even if I read a little bio so here don't go there

because we provide the agent to the manufacturer at the factory and they integrate it into the blast itself when the blast is flashed on the device the agent is there so you know if if you have that skill then you're probably pretty good thief already so really matter Hey I had a question yeah I'm just well just actually just to clarify from that last question that he was talking about reflashing violence which i think is essentially what the manufacturer would do serious thing at that point if they reflashing a fresh pie was your product will either anymore well no because my ass has the agent inside when you go to Asus or a sir or HP or Intel or Dell or

whatever you download a new version of the BIOS well it's an update version original version the agent is inside that package sure right so we provide if you could flash your own oh sure and open source because I mean how many people have the ability to write their own by us flashing right if you have that level of skill you're probably in the wrong industry sure I think there are open source ones but anyway my question was um you talked about forming a relationship with local law enforcement and that just maybe kind of curious because like yes they're busy this was a minor thing so what's your recommendation as someone who works those agencies or this part of one or

was part of want to miss the start of your talk I don't know exactly but you know what does that look like forming really strict a local department like you just kind of checking in me like how's everyone doing wow he brings doughnuts over what's happened in the past as some companies have done this is they just call up their local stolen property unit or or they may have a contact or they know someone who knows someone I mean networking is really important right and they'll say look we're about to buy ten thousand laptops what do you think our best course of action is to protect these devices and great minds maybe yeah right but you just you know

you just want to start building that relationship with them and getting yourself known to them I mean as humans we all have we're guilty of leaning towards people we already have relationships right so if you can get ahead of that game and start to build that relationship with local law enforcement they're more willing to chat with you in the future all right so for Apple they have like find my phone and I guess find my macbook yeah how does that compare with what you're talking about well they're all largely very similar right but I mean I don't know too much going to have whether the Find My iPhone contacts is an agent that's persisting apples bias

or not it may I'm not an expert on that but you know it offers a similar amount of functionality but as far as working we have the ability when we deploy that forensic toolkit for ambitious additional investigation we can capture screen captures in logs so we can gather really in-depth level of information on the thief yes you have a microphone you have my god sorry sorry course yeah my name is Julian I am from Nigeria and from Lagos Nigeria and I came here eight years ago and some of the challenges we we face as Nigerians who are that expat of Mumbai trying to develop as he said in this industry to be able to go back

to help with a law enforcement or some sort of deterrent systems whereby people can actually stay away from crime to be able to do something legitimate my question is especially when you brought up the case oh you did brother I think it's so important that I'd like to learn a little bit more about how your solutions or any other solutions how they could help them evolve well actually try to do legitimate business with international communities and whatnot how what sort of advice you have Rose we need to use go back to help educate the public and also those words were actually community's crime to stop or at least to reduce the rate at which they do it which is affected a lot about

yes sir I mean that's kind of the $64,000 question when it comes to cyber crime in in Africa and Asia in places like that or Eastern Europe I mean I don't have the answer I mean the real problem is it's the risk versus reward ratio for these people in these places is so low it's so hard to catch people in these places law enforcement in many places they're either you have some level of corruption or they they just don't have the resources or they don't have the skillset or the abilities to do this so the technical professional and places like that the best piece of information I can give you is just use your knowledge to educate everybody around

you and then hopefully they'll take that message and share with other people I mean this is still very much a human problem and not a technology problem and until we can get a handle on catching these people who are literally launching millions of emails an hour trying to reel in fish I mean I don't think we're going to solve the problem many times so I don't really have any good advice for you other than use the skills you already have to be able to educate those people around you and that means other technical professionals and then regular people around you too I mean I spent a lot of my time trying to talk to for

normal people what are some of the things make you need to be more secure yes so I'm just curious where are you put your hand up hey hey just curious so you're basically adding a backdoor into I knew someone was going to ask this any computer is there any oversight on how you can access people's computers or are you ever concerned about someone getting into your network and then just signing to access other people's computers of course we're concerned about who wouldn't be right this is a very powerful tool with a lot of sufficient capabilities and if we're not careful on how that's deployed and managed yes bad things can happen obviously nothing that we know has happened but again you know

you can call it a backdoor we just call easy theft technology I mean the it's fee it's the intention that matters here right I mean we're not randomly going out there and snooping on people we don't have the ability to do so I mean it doesn't matter that the code exists on your laptop or not it's dormant until you purchase the product and enact

you had a question that was the question okay good is the they already asked the question I did but but this is kind of a little bit related on the BIOS is that Asian that you got there only for absolutes or do other no we're the only one who has it the only one yeah your solution it's our patented technology that we put out and there's others don't also have their own agents on the OEM not that I know of not as far as like anti fast technology well you speaking to my chronic al will you keep missing hard drive no if the hard drive is ripped out and replaced another we don't know what happened to

our hard drive we're just monitoring the machine itself so yes if someone were to steal a hard drive and machine at school of all sensitive data well maybe you should superglue the next one or something I don't know right there I have you been identifying any brand that lands in Syria when Apple to Utah is very famous a lot of pickup lending jerk in Syria so have you be nice defying like a certain patent a certain brand that for I don't know which reason people love to ship it there and our use or anything I understand India internet is not available everywhere but he may be something that has just been identifying right well as far as a

specific country like Syria I mean I'm familiar with the hotel I would a truck thing that's the be the favorite truck of terrorists worldwide but he's also to pick up trucks because they're struck right I mean they end up in places like Egypt Syria wherever but as far as which specific devices I would guess I don't have any specific information I would have to be able to go dig through our telemetry and find out but I would suspect that they're probably very platform agnostic when it comes to hardware just grab whatever laptops they can get shipping them I mean I I don't know if there's any dude a laptop or a brand of choice when it

comes to Syria I got for a couple more questions and then I'm going to give away some swag Heather I wonder you has there been any challenges where the wrong person got caught because they bought a stolen or was given the stolen laptop well that depends what you mean by caught well because obviously we do catch them right can you track down someone with a laptop but that person already was handed the laptop maybe second or third hand already right from originally still though I think that's very similar to the question that was already asked and that you know at the end of the day it's still a stolen device and it belongs to the person who legitimately purchased it

I mean it sucks that someone else has gotten ripped off by buying a laptop on someone who stole others or someone else who bought it off it passed down the chain but at the end of the day our job is to return the laptop to its rightful owner whether that be an individual or a corporation so did they wrongly get caught no because they're obviously they are in possession of a piece of stolen property and the original owner wants it back hi I was just wondering where are you right here oh hey is your software is it installed by default on like a favor Lots opposite its installed on millions of laptops but it's not installed it's a piece of

Dharma code in the BIOS and until you purchase the product no message doesn't activate so like if you would like to buy a laptop from like like a circus or like a MacBook you would be involved like oh you keep using the word installed but it's not installed it's just there as a piece of doorman code until you purchase the product from us and then it's turned on so the code is on the is on the physical device when it's not correct oh so the bottom line is if you don't want it there don't buy a vice that has it

got it can i oh okay so if you wanted to avoid this dormant piece of software and like for example I'm thinking the NSA you could you know come into this organization say I'm taking over all of the secret codes and activating all the devices and I'm going to you know access everyone who has the doctor is there a way of avoiding that how can I get rid of this but I mean these questions are starting to get a little silly but what I'll say is is um if your DNS a you've got some serious chops and the guy in charge of tailored access the NSA said listen I don't need to blow zero-days I

don't need to waste time with all these complex state-sponsored you know special fancy attacks because 99 of a higher devices don't have they're not patched properly they have things miss configured or miss installed people just manage the devices properly they can find a hundred ways of the device why do they need to attack the BIOS I think you need advice the other way but what's to stop someone from the NSA or any other agency following you around until you leave your laptop in your car and it all takes to that and they've got what they needed so I mean we have to be realistic when it comes to the capabilities some of these agencies we make it easy for these agencies to

spy on us okay anything else okay I got four minutes give away some swag so I got lots of stuff here please just come take it all cuz I don't want to take it back to the office okay thank you for listening I appreciate it