The dreaded moment you hope never happens—someone has stolen your laptop. You could have private information, pictures, or even private information belonging to the company you work for, all lost forever. It can cause you pain, money, or even a job.
There are paid services that will track your laptop, such as Computrace LoJack. However, that company is notorious for not getting the job done. Besides, who wants to spend money, when it can be done for free? Not me.
In this Power Byte, I'm going to show you how to make sure your computer can be recovered (in most instances) if it is ever lost or stolen. This will be done using a keylogger and some intelligent sleuthing. I will be using Windows; if you use Mac or Linux, you can use some of the techniques provided in this article, in tandem with some of the free loggers for those platforms, such as LKL.
Step 1 Getting the Software
We're going to be using the FREE Keylogger made by Smithy.
- Download Steel Keylogger by Smithy here.
- Go to the directory that you downloaded Steel to, and extract the archive (right-click > extract here).
- Put the Steel.exe in a private directory that a thief would not think to look under. Try to put it in a hidden folder, or obscure directory, for example:
C:\WINDOWS
Then make a folder inside of that called "steel" and throw steel.exe inside of it. You'll end up with:
C:\WINDOWS\steel\steel.exe
Step 2 Setup and Configuration
Now we're on to edit the preferences to optimize it for our needs. I recommend having a separate email JUST for steel, as it will be filled with logs and images.
1. Run steel.exe by double clicking on it.
2. Go to Options > Preferences.
3. Click Startup and Exit.
4. Click the check boxes for Start in Hidden Mode and Run at System Startup (All Users).
5. Check Hide for when Exit is pressed.
6. Click Security and check Password Protect Unhide, and set your choice of password
7. Click Email and edit the credentials to fit yours. Make sure SSL is enabled. This will ensure that the logs are sent to your email, and your password can't be packet-sniffed.
8. If you want Images sent—I recommend this—check the box and in the drop down, select Every Hour.
9. Go to the Logging tab, and choose if you want a key combo to unhide Steel, or to type a password and cut it to reveal Steel. The choice is all yours.
10. Check Enable Screen Capturing.
11. Set the image quality and interval to what you desire.
12. Click the Save Settings button.
Whenever you are in a place where your laptop is in danger of being stolen, make sure you activate Steel, and you will be protected.
What Can I Do with This Information?
Most of the time, people who steal laptops will log on to personal sites, such as Facebook, or Twitter. You can use this to figure out exactly who the person is, where they live, etc.
The tables have suddenly turned. This is perfect information for law enforcement to use to get your laptop back home.
What if the Thief Doesn't Log On to Personal Websites?
Easy.
- Log onto your Gmail account that contains all of the logs.
- Scroll to the bottom and find the link that says Details.
- Take a screen shot of the page, and give the IP addresses with their log-in times to law enforcement as soon as possible. This IP is the address of your thief, if they so much as turn your computer on, Gmail will log the IP for you. Thanks Google!
Downfalls
- By the off-chance your attacker is smart, they could choose not to connect to the internet.
- Your attacker could reinstall the OS before getting on the internet.
Some ways to defeat this: you could create a guest account for the attacker to use as a "honey-pot" to lure them in. Chances are, if the attacker opens it, and has no way in, they will format the hard drive.
If they open it and can USE it, they probably will, thus, increasing your chances of getting your sweet laptop back in your arms.
I hope this was an informative Power Byte, and more importantly, I hope this doesn't happen to any of you. Submit questions below or start a discussion in the Power Byte forum!
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
28 Comments
wow very nice! How does the keylogger behave with software like avg or malwarebytes? do they get along or does it get flagged?
Computers can get really expensive if you pay for yearly subscriptions. lowjack sub + anti-virus sub + online backup sub can equal to a lot of money per year for peace of mind. The more free options available like this really help keep costs down at least for individuals.
It doesn't get flagged by anything on virustotal.com! That's actually one of the best parts about Steel. It's because it's not commercial software, and not many people have heard about it, so it just plays well with anti-virus software.
I will definitely try this and feature your post in my blog. Very informative! -- digitalbuddy.blogspot.com
Thanks a lot! I hope you find that this helps you out.
This is great! I didn't realize that there were simple keyloggers like this. Seems like something everyone should set up on their laptop before going on any trip where the computer may "disappear."
Indeed ^_^. This is another reason I think people should get into programming. I have a keylogger on my computer written in python that only turns on when I leave my computer unattended for a few minutes, or, hit a special macro key that I binded it to.
I have a small script also, that allows me to SSH into my laptop and change the password and lock everything down, as well as set a BIOS password so the OS can't be formatted. Though, it could be averted by removing the hard drive...
Do you use TrueCrypt at all? I need to start using it. Pretty awesome tool.
Yeah, I do. All my sensitive documents and pictures are in True Crypt containers, so no one could even know my identity if they took it. Only thing they could use is my programs and watch my movies.
I wouldn't put my entire HDD through encrpytion, because that will drastically decrease the lifespan of it, due to 3 times more read/write cycles everytime you access a file.
Seriously, you're recommending people remove their password? I'd rather lose the laptop than leave all my files, etc exposed to anyone.
Anyone who would usually even know what to do with that information would easily know how to remove your password anyways. If they can carve files to get out a social security number, they can break a Windows password. Anything that sensitive should not be on a computer at ALL, every piece of software on a computer has an exploit, there is always a way in, so to leave anything too personal on there at all is just bad practice.I like Bryan's solution below.
Choosing how to project data is tough. Even with password protection or keyloggers a thief can simply read the contents through a usb hard drive reader or simply format the drive, install an OS, and resell it. Going with probabilities, one would stand a higher chance of getting a laptop recovered if the thief is tricked into logging into the system normally and trigger the keylogger.
Either way, just make sure your data is safely backed up online or in a media devide frequently and change your passwords if your computer/laptop ever gets stolen.
Set up a separate non-admin account that does not have a password. Seriously.
anyone can get software that will remove a windows password. i have a disk just for that.
A better option than removing your password would be to set up a limited guest account without a password. That way the attacker would log-in there (easiest point of entry), triggering your anti-theft measures without granting them access to your personal files.
having problems with the e-mail feature. keeps saying "Operation has timed out." or some kind of smtp error. help?
You can try to use SMTP via one of the other email services. Try hotmail, or yahoo :).
If I try to use a Gmail account, what do the server and port have to be set to?
Yes, you need to enter your email address and password for it to email them to yourself.
The server is just gmail and the port is the default one. They're pre built-in. But if you still need them for some reason:
smtp.gmail.com:587
okay. and are the "Email Address" and "Password" options under "SMTP Settings" important?
i get an "the smtp server required a secure connection or the client was not authenticated" error, any idea?
I'm going to throw a video in this a little later to show people how to do it :). You have to enter your username for the email sending the logs, the password, then the email that SENDS the logs. Which I would just use the same email you use to send the logs, to receive them.
Nice try Steel.
If I stole a laptop, I would remove the HDD. Then I would hook that HDD up to my computer via SATA > USB connector. I would then assign my rights to all files on that HDD. I would then have full access to your stolen laptop information with out ever booting the OS. Steel is now negated.
There is ALWAYS another way.
No way. That was mentioned prior with slaving a hard drive.
A thief wouldn't likely do that first-off. You might, because you read this article. But I'm willing to be you would turn the laptop on, you're likely only stating a way around it because the method being used was told to you. Like I said above, use TrueCrypt. Beat that with your SATA to USB bridge :p.
If you want to get creative, circumvent the protection on my computer :). You're reply just sounded like you were trying to state something that is some crazy secret or hidden knowledge, that there is always another way. Everyone knows that.
My laptop contains a small block of C4 cleverly rigged to go off if you open the case in any way, except for a secret way that only I know! Beat that, Joe!
Prey Project . com offers a free tracking solution for almost any mobile device.
Make your laptop Theft Proof: Don't lose possession of it! Problem solved before it exists!
everytime i restart or shutdown my laptop the (run at system startup) check is remove and must i recheck it again any help
Share Your Thoughts