Tuesday, February 17, 2015

Laptop Theft and a Honeypot Account

As someone who drinks a lot of coffee, I have to get up and use the bathroom pretty frequently. When working in the library on campus, there is always the possibility of theft, should I choose to leave my laptop and other stuff out where I was working.
If my laptop were stolen, I would be dealing with two main consequences: The thief having more than enough of my personal information for identity theft, and the loss of my janky souped up laptop which I've grown emotionally attached to. (Data loss is not a concern)

Prey comes with the option to use a guest account as a honeypot. I was concerned if using this added any additional security risks, but I think anyone who can break out of the guest account's NTFS permissions could easily take my drive out and copy my data anyway. The real concern is my lack of full-drive encryption, because I haven't yet implemented a system that works across multiple operating systems.

One problem I noticed on Windows 8 is that the user-switching is shockingly unintuitive. If I was the last person to use my account, it only shows my login window and a tiny arrow (no text) that will go to the user select window. A honeypot is no good if my ideal dumb thief doesn't see it, so I changed my user picture to display the text "click arrow for guest account".
An easy target!

Here's where the fun project starts- I wanted to be notified whenever somebody logs into my guest account, whether prey thinks my laptop is stolen or not. Perhaps someone who's not a thief decides to snoop through the laptop while it's unattended?

My original idea was to run a script on startup that posted any useful information to my PHP server. It is easy to send HTTP requests with wget and a batch script. The server can be configured to send an email when the query matches my criteria.

Problems to solve: 1) Protect the email-triggering link from the rest of the web and 2) Have this work if internet connectivity comes some time after login.