by Dian Schaffhauser
Laptop theft in schools is rampant. The Racine Unified School District in Wisconsin reported dozens of computers stolen from its schools this fall. In Northern California, three custodians were arrested in connection with a series of thefts at the Oakland Unified School District, involving computers and other electronics. A library aid for the Del Olmo Elementary School in Los Angeles was arrested in September for the theft of five computers at her school.
So when staff at a middle school in the Los Angeles Unified School District (LAUSD) discovered the disappearance of 32 notebook computers in early October, it didn't generate much attention. That wasn't because the school doesn't care about the loss. It was simply because the district has an efficient process in place to follow for reporting the missing equipment, including the use of a secret weapon to help in its recovery.
A Secret Weapon in Laptop Recovery
According to Joe Oliver, director of instructional technology for LAUSD, when a computer is stolen in the district, the school files a report with instructional support services, as well as with the district's own police department. That department acts as a liaison with the city police department to file a report; plus, it puts into action its secret weapon: Absolute Software's Computrace.
When a school or district purchases a license for Computrace, it actives a hibernating agent already embedded into the computer's BIOS. According to David Hawks, business development manager for the education industry division of Absolute, about 70 million notebook computers have the agent in the BIOS, including laptops from Dell, HP, Lenovo, Toshiba, and several other manufacturers.
The agent contacts the Absolute data center to say it's activated, and it creates a small application on the machine's hard drive, explained Hawks. From that point forward, every 24.5 hours, the application sends a small update to the data center, to maintain a current profile of hardware, software, and licensing for the computer, including the IP address that's being used to send the update from. When a theft of a particular computer is reported, he said, a flag goes up in the system that the computer has been stolen. The next time contact is made with the data center through the Internet, the computer is told, "instead of every 24.5 hours, we want you to report back every 15 minutes."
The data center uses a set of forensic tools to begin recording historical data, including IP address information and keystroke logging. Unless the user is sophisticated enough to use an IP address anonymizer, that IP address can be used to track the computer to a specific Internet service provider. Absolute's recovery services team, made up of retired and former police officers, works with local law enforcement agents to accumulate the facts necessary to obtain a subpoena. That, in turn, can be used to find out from an ISP what customer is using a particular IP address and where that Internet access is originating from.Continued...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment