Stolen laptop recovery using remote access and wireless network SSIDs

For stolen laptop recovery -- it is not uncommon to locate lost devices by leveraging their connectivity. For example, Apple's new MobileME device locator service uses the iPhone's internal GPS to display a lost or stolen iPhone's geo-location. Absolute Software's Computrace LoJack for Laptops uses a little agent embedded in your computer's BIOS to report back to a monitoring center for positioning and recovery purposes. Computrace Mobile uses GPS to track BlackBerry and Windows Mobile handsets on a Google map, displaying their current and historical locations to within about 33 feet.

Your situation is unusual in that you're leveraging a Windows service previously installed on your stolen laptop to enable remote desktop access. Many laptops could potentially be accessed using remote access services like Remote Desktop Protocol (RDP), virtual network computing (VNC), or Telnet. The catch, of course, is that expert criminals will probably disable these ordinary remote access services, or even wipe your laptop hard disk or smart phone ROM clean. Services like the aforementioned LoJack are deeply embedded to prevent these evasions.

Secure your mobile devices For more tips on securing mobile devices from head-to-toe, download Lisa's eBook on mobile security: Protecting Mobile Devices, Data Integrity and Your Corporate Network.

Nonetheless, I'm sure that more than a few users could find themselves in your shoes. Given remote access to a stolen device, start with ipconfig to obtain the laptop's current public IP address (or trace route to the closest public-facing IP address -- probably on an upstream broadband router). Next, use domain name system (DNS) and whois to look up that public IP address and see who owns it. You can probably identify and contact the Internet Service Provider this way -- if they won't help you directly, law enforcement might.

In your case, you were also able to see several nearby wireless network names (SSIDs). Unfortunately, most of those SSIDs were incredibly common. For example, "linksys" is used by about half of home APs. "hpsetup" is another very popular SSID, as are the default SSIDs used by most residential wireless vendors.

However, you were able to see one relatively unique name, which we searched for on WIGLE.net. WIGLE is a community database of SSIDs and AP MAC addresses, maintained by Wi-Fi enthusiasts who drive around periodically scanning for wireless APs using tools like NetStumbler. We used WIGLE to map that nearby AP's approximate latitude/longitude, which gave you a hint as to your laptop's whereabouts.

WIGLE isn't very precise or necessarily current. Those GPS coordinates just tell you where someone was when they overhead the SSID; this is why you'll see SSIDs lined up along streets and highways. Furthermore, you won't see newly-configured SSIDs until someone happens to scan the area and upload their findings to WIGLE. Nonetheless, WIGLE can be accessed for free and might be worth a look.

Another way to locate your laptop is Skyhook, a commercial locationing service that uses a hybrid of GPS, cellular tower triangulation, and Wi-Fi positioning. Mobile devices like the Apple iPhone and Dell Mini determine their location by supplying current (GPS, cellular and Wi-Fi) readings to Skyhook. Skyhook compares those readings to a database of reference readings, including over 100 million Wi-Fi "fingerprints," which it maintains for targeted coverage areas. To request the location of any Wi-Fi enabled Windows XP/Vista or Mac OS X laptop, use a browser on that laptop to launch Loki, a free Java Script browser plug-in. Since your laptop appears to be in a populous urban area monitored by Skyhook and you still have RDP access, you can probably run Loki on the laptop to plot its current location on a map with pretty good accuracy.

Once you have an approximate location, you can visit it to refine your search. If you're very close, you might even use a free tool like HeatMapper to pinpoint the AP's location. But note that your laptop's location could easily be hundreds of feet from a neighboring AP. Although you could remotely reconfigure your laptop to beacon an ad hoc mode SSID, doing so could disconnect your laptop from the Internet and disable your remote access to it.