Like most Cal Poly students peacefully studying in the bowels of Robert E. Kennedy Library, Michael Toole didn’t think he had anything to fear besides doing poorly on a test.
He’d been on the second floor overlooking the entrance for a couple hours that afternoon last February, and had already gone to the bathroom and returned to all his belongings safely resting as when he left.
After another trip, though, everything changed.
“When I came back, everything was gone,” Toole recalled. “My laptop, my backpack, my headphones – everything.”
Stunned, he looked around in disbelief.
“At first, I thought one of my friends was playing a joke on me,” he said. “Then I freaked out and started looking around all over the place, asking everyone, ‘Did you see anything?’ But no one saw anything.”
With a midterm minutes away, Toole panicked.
“I went down to the exit and saw someone with the same brand of backpack, and yelled at him to take it off,” he said. “But it was someone else’s. I scared the hell out of him, but I was so mad. I was just shocked. It was awful.”
After filling out a police report later in the day, he perused Craigslist for MacBooks being sold under suspicious circumstances. About 45 minutes after the theft, Toole said, a laptop identical to his was posted for sale in San Luis Obispo, without any specifics accompanying it.
Authorities obtained a warrant to search the house of the suspect, a Cuesta College student who’d previously been incarcerated for theft. They found two other laptops that had been recently stolen from the library, but not his. Now, Toole assumes it was already sold by the time police were able to get the warrant.
“You don’t think anyone’s going to steal your stuff because it’s Cal Poly,” said Toole, now a microbiology senior. “I think most students are way clueless and don’t think anything of it.”
Maybe they should.
From 2007 to 2008, according to data provided by University Police Department Records Manager Fred Mills, on-campus theft of office equipment (including computers) tripled (from seven incidents to 21), while thievery of TVs, radios, stereos and other electronics (including iPods and DVD players) increased 56 percent (from nine to 14). The value of the office equipment stolen rose from $5,950 to $21,414 (or 260 percent).
The increase reflects a nationwide trend. Over the past two years, the number of reported laptop thefts rose from 73,700 to nearly 109,000 (about 48 percent), according to the FBI’s National Crime Information Center, which placed the increase in reported phone robberies at 33 percent over the same period. Theft of iPods and other digital music players rose 91 percent.
Most Cal Poly students aren’t adequately prepared, according to Ryan Matteson, Cal Poly’s technical security officer.
“It’s like getting ready for an earthquake,” he said. “Most people don’t have the supplies on hand to deal with an earthquake – except for the two weeks after they’ve experienced an earthquake. Then, they’ll go out and they’ll buy the stuff to be ready for the next one.”
A majority of freshmen now bring laptops to Cal Poly, Matteson said, showing a definite shift to portable devices. Six hundred students on campus used iPhones in the fall quarter – 500 more than in the spring, he added.
University Police Chief Bill Watton said students lack awareness.
“They’re not as in tune as they should be,” he said. “This is a very safe campus and a very safe place, and typically far more so than where our students come from – whether it be the L.A. area or the Bay Area.”
One way you can protect yourself is with simple locks. They’re becoming less simple though.
At Best Buy in San Luis Obispo, only one security option is for sale in a sea of watt adapters and mouses. A Defcon Cable Lock – utilizing a six-and-a-half-foot long cable – can be had for $39.99. Ironically, though, as if the paranoia of laptop theft weren’t enough of a concern, a key isn’t included for that price tag, as the packaging for the lock (which must be opened with one of 10,000 possible number combinations) reads, “Requires no keys, which can be lost or stolen.”
Outside of Week of Welcome, supervisor Matt McCormack said, the lock isn’t a big seller, in spite of laptops outselling desktop computers five or six to one.
Naturally, the increased prevalence is directly correlated to increased incidence of theft, said University Police Detective John Edds, a computer forensic examiner.
“When all of us rode horses, there were people who stole horses,” he pointed out. “And then we got cars, and you know what? The incidence of horse theft probably decreased and incidence of car theft probably increased.”
The smaller devices get, the easier they’ll be stolen, Edds added.
When he went to college, “a computer was something that occupied the whole desk,” he said. “I didn’t have a cell phone, unless it was a cumbersome item, and only a few people had ‘the brick’ – I think that’s what it was lovingly referred to – but now, when a teenager gets old enough, parents are giving cell phones to them right then.”
McCormack knows that too well, having seen so many students wander about Best Buy.
“It’s not their money they’re spending,” he said. “I don’t really think (students) are educated (about the likelihood of theft).”
He said he couldn’t recall being asked about laptop security in more than a year.
Being careful not to leave your electronics unattended is a given. But there’s an increasing spectrum of products also meant to thwart such theft.
The most common is Computrace LoJack for Laptops, made by Absolute Software.
LoJack (the name being the opposite of “hijack”), widely alluded to as the Kleenex-to-tissues of tracking software, comes premium or standard, with the premium version providing remote deletion of sensitive files.
After installation, the software contacts the company’s monitoring center when the computer is connected to the Internet. For protection from criminal disablement, the agent is partially pre-installed in the basic input/output systems by some computer manufacturers so it can survive hard-drive reformats and replacements by re-installing itself.
The standard LoJack starts at $39.99 – $20 less than premium. Both require subscription after the initial purchase. Absolute Software recovers three out of four missing computers, a company spokesperson wrote in an e-mail interview.
“It can be very valuable,” said Cal Poly alumnus Stan Trevena, technology director for the Modesto City School District.
Thanks to previously installed tracking software, Modesto was able to recover a computer with the addresses, birth dates and Social Security numbers of the district’s 3,500 employees that was stolen last February.
Now, according to Trevena, Computrace is installed on all the district’s computers, which are likely to be remotely “bricked” (deactivated) if stolen because the monetary loss of a computer itself can pale in comparison to the loss of information it contains.
In July 2006, for instance, Cal Poly physics professor John Mottmann’s laptop, with names and Social Security numbers of more than 3,000 students, was stolen from his home.
To aid recovery efforts last year, Watton said, Cal Poly implemented a free service of registering personal property, much like that used for bicycle registration. Such information could be used in accordance with LoJack, with which Edds said he could remember “at least two favorable incidents” of investigation assistance.
Of course, LoJack – while widely seen as practical – isn’t without its drawbacks. There could be more affordable options, Matteson said.
Adeona, named after the Roman goddess of safe returns, is touted by its creators as the first open-source tracking system that doesn’t rely on a third party. The service is free, requiring only downloading and installing a small software client.
Because Adeona is independent, Matteson pointed out, it’s less invasive than LoJack.
Through monitoring IP addresses and local network topology, the client continually checks the laptop’s location before using cryptographic mechanisms (which ensure access only for the computer’s legitimate user) to communicate its location.
Tracking software has already surfaced in the hand-held world. GadgetTrak, a computer security firm, has found a niche marketing GadgetTrak Mobile Security, which, for $24.95, remotely provides smart-phone access including: microphone activation to spy on the unsuspecting thief, siren activation that can be stopped only by removing the battery, calls, Google-map location, locking and either recovery or wiping of sensitive information. Computrace is available for Windows Mobile devices and is in beta testing for BlackBerry devices, according to the company spokesperson.
A more direct, “better approach” for protecting all devices, in Trevena’s eyes, would be biometrics, which demand a person to scan themselves to gain access.
“We need to get rid of this tracking stuff and go in that direction,” said Trevena, who accesses his Hewlett-Packard with a finger scanner. “I can set my biometrics so only I can get on.”
Biometrics, though, ultimately aren’t efficient, according to Roger Grimes, Info World’s security adviser and a Foundstone Ultimate Hacking instructor. The occasionally overly sensitive technology, Grimes said, could demand users scan themselves more than necessary, leading to dialed-down recognition standards more easily bypassed.
“Suppose somebody does compromise your biometrics, which are scarily easy to fake,” Grimes said. “What would you do? They’ve got your fingerprint. It’s you. There’s no turning back. They’re good. They’re just not a panacea.”
Grimes is testing Adeona, which he called a “whole lot more sophisticated.”
Cal Poly doesn’t specifically recommend any software, Matteson said, choosing to focus instead on emphasizing common-sense theft prevention and copying sensitive information.
Edds, who said “convenience has always been diametrically opposed to security,” suggests constant vigilance over such items, even packing them up instead of leaving them unattended.
“Primarily with college students in dorms, it’s the No. 1 security issue,” said Josh Ernstrom, manager at Mac Superstore in San Luis Obispo.
Perhaps just knowing what devices can do can help.
In April 2008, Kait Duplaga garnered international attention when she recovered her laptop stolen from her apartment in White Plains, N.Y. by using Back to My Mac to remotely access her stolen computer and utilize PhotoBooth to take a snapshot of the unknowing thief while he was surfing the Web.
Although it resulted in his arrest and the recovery of her property, retrieving peace of mind wouldn’t be so easy.
“College-age people are extremely naive about protecting their electronics,” Duplaga wrote in an e-mail interview. “I don’t know how many times I have walked into a Starbucks and have seen at least two laptops sitting unattended along with their cell phones and bags. I’m half-tempted to snatch their items and move them to another area of the store.”
She recommends using a physical lock, protecting passwords, backing up information on an external hard drive away from the computer and investing in insurance.
“It’s going to be a bigger issue. It’s going to get bigger and bigger,” Matteson said of prevention strategies. “What I encourage people to do is to sort of imagine what that would be like (to be a victim). You start to realize what you want to do to prevent that from happening.”
Some don’t have to simply imagine.
“It was brutal,” Toole said of having his laptop stolen.
He now uses LoJack, but relies more on common sense.
“In the library, there are so many people in and out, if someone walks by all confident and picks up your stuff and walks off, if the people around don’t know you, they won’t think anything of it,” Toole said. “Now, I always take my laptop with me, even if it’s an inconvenience.”