Remember that guy who stole a Berkley professor's laptop with super confidential data? Well, this other blog also mentioned the event (and only mentioned it, omitting insightful comments as opposed to what is typical for own blog) and yet has received far more comments on the issue than mine. Anyway, some of the comments there are interesting, so to save you the need to read through all of them (they become highly repetitive after a while), I'll summarize the main points here.

First of all, there seems to be an issue with the actual video file itself. I have been unable to actually view the original webcast stream from Berkley, but some of the comments mention that it might have been edited somehow. Some people have mentioned that if you look at the header of the video, it says the video's length should be 48:50. It is precisely after 48:50 that the professor begins his speech about the laptop being stolen (or so I'm told). This implies that maybe it's all a hoax. Someone took the webcast and dubbed on top of it, imitating the professor's voice (or not, 'cause who knows what that professor's voice sounds like, right?). Of course, this doesn't explain how the dubber managed to get his edited video hosted on Berkly's web servers, which was why I wanted to actually view the original webcast myself, but Berkly has some licensing issue where they don't allow you to view the video except in RealPlayer. Anyway, for the sake of the rest of this post, let's assume that the professor really did make this speech after his class.

The general consensus is that the professor is bluffing. First of all, the Microsoft Windows remark. People install the same copy of Windows XP on multiple machines all the time. I bet if you live use WinXP at home on two or more computers, it's the same copy installed on all of them. In fact, you may not even have paid for your copy, so maybe it's the same copy on your computer as it is on hundreds of thousands (if not millions) of different people's computers all over the world. In the professor's case, the University of Berkley probably purchased a mass license from Microsoft (as in purchasing 100 copies for a discounted price) and gave them to all their professors, meaning the professor had a legal copy of WinXP on his laptop, and his laptop was the only one to use the particular CD Key he received.

Presumably what happened was after the laptop was stolen, the professor bought a new laptop, and installed WinXP on it, using the same CD key. When he tried to activate WinXP, he got a warning saying the key was already in use. I've never had this happen to me, but from what I heard all you have to do is call a 1-800 number to talk to a technical support person at Microsoft, and just tell them "I reformatted my computer" or something and they'll click a button that'll allow you to re-use your CD key. Quite frankly, Microsoft doesn't care at all about 2 copies of WinXP using the same CD key. They care about when the same key is being used in millions of copies of WinXP, and they don't care too much about the people using the illegal copies, but rather they care about the source that sold the illegal copies in the first place. So at best, the professor is exaggerating about how much trouble the student is in, at worst, he's lying outright.

The second issue with the Microsoft statement is, why bring it up at all? Microsoft detecting the a CD key being reused is the weakest technique they have of catching the laptop thief, especially compared to the mentions of FBI agents and transponders. It would be like saying "FURTHERMORE, the thief is in big trouble, because I now REALIZE that the laptop has been stolen, and I have informed my entire FAMILY, who will all be AIDING me in my search. We WILL find you."

As for the transponder statement, I had already mentioned I was skeptical of it in the previous post, but that was because I assume it was some sort of specially crafted hardware transponder. Some of the commenters pointed out that it may have been a software transponder, and pointed to examples of such software: Trackion and Computrace. I read up on how a software transponder works, and it looks like all it does is regularly contacts a security firm, sending as much information as it can about its own physical location, and the security firm then forwards that data to local law enforcement agencies, giving them the paper work needed for a warrant, and stuff like that. The problem with this is that the laptop (and thus the software) probably has no idea where it is in the physical world, unless it has a GPS device installed in it (which is very expensive both in initial cost for the hardware, and in terms of the monthly subscription fees as of 2005). All the software can do without GPS is just send a signal to the security firm, and then the security firm can get the address of the ISP the that the laptop is connected to. From there, the cops can give the ISP a warrant, and get the home address of the person paying the bills for the ISP. However, if the laptop was connected to a public WiFi, like a library or a StarBucks, then the cops can show up at said establishments, but probably won't find much. Furthermore, the thief could just reformat the harddrive, and the transponder is gone. Or run the laptop with networking disabled, so the software can't contact the security firm at all.

As for the FBI statement, if the professor really did have FBI and federal marshal backing, he probably could get an FBI agent or marshal to show up in the class, show his badge, and make the announcement, instead of having the professor make the announcement itself. And if the data really were so critical that the FBI were involved, you'd think the professor could cancel his engagements this afternoon and next week. Like the Microsoft thing, this is probably another exaggeration.

The professor says he can tell if a copy has been made of the data. That is very, very, very highly likely to be a lie. Assuming no strange hardware hacks have been made, the thief could use a screwdriver to open the laptop case, remove the harddrive, ghost it (meaning make an exact duplicate of it onto another harddrive), and put the drive back into the laptop. The contents of the harddrive would never be modified by a ghosting process, so there is no way, using only software, that the professor could determine that the data had been copied. If the professor were using hardware, it's conceivable that behind the plate that covers the laptop, the air pressure is set to a very specific value. When the thief unscrews the plate, the air pressure will change to be equal to the air pressure of the room, and the unprepared thief will not have known what the original air pressure was, and thus could not restore it to its original value. Or there could have been a vial of liquid mercury inside, so that when it's open, the viable cracks and the mercury is spilled all over the place. Or two chemicals are stored in separate pouches, so that when the plate is opened, the seal breaks, the chemicals mix and become corrosive and melt the harddrive. Etcetera. However, as you can imagine, if the laptop had this kind of security installed on it, it would probably also have been stored more security (perhaps inside a briefcase with a fingerprint reader and combination, or inside a vault or safe), and your typical student would not have been able to steal it so easily. Then again, theoretically speaking, there is nothing the professor could do to guarantee that he can tell if the data has been copied. To do so, he would have to gather some information off the laptop (for example, read in the air pressure). A very prepared thief could do exactly what the professor done would have, and thus know what information the professor expects. The thief can then take steps to make sure that that information will report whatever it should have reported after the ghosting process is complete.

Finally, there's the issue of the whole announcement itself. If the data is so valuable that the FBI is involved, and that the professor is so sure the thief will get caught, he wouldn't have made the announcement at all. The FBI would immediately just track down the student and arrest the student. By making the announcement, he was basically helping the student. Now the student knows about the transponder, knows that there may be valuable data on the laptop other than the exam, and so on. You could argue that the professor wants to give the student a chance to come forward and confess, but if the FBI's involved, they probably won't give a damn if the kid confesses or not. Basically, if true, this announcement will make the thief freak out and destroy the laptop (incinerate it or something), this lowering the chances of getting the laptop back, not increase the chances.

Let's say I stole the laptop, and then I heard the professor's announcement; here's what I'd do.

1. Pray that I wore gloves when I stole the laptop, so there's no fingerprints or anything at the scene of the crime.
2. Take the harddrive out of the laptop and ghost it.
3. Go out of town and bury the laptop somewhere secret in a waterproof container.
4. Make a copy of the ghost image. The original one will be called "intact_copy.ghost", and the copy will be called "working_copy.ghost".
5. Mount "working_copy.ghost" into VirtualPC with networking disabled, and poke around to see what useful information's on there.
6. Write a batch file which deletes and shreds the two ghost files, shreds the swap file, and clears the VirtualPC most recently mounted history, and then shreds (the batch file) itself.
7. Wait it out.

If I ever get the slightest feeling that the professor wasn't bluffing, and that some law enforcers really are going to visit my house, I run the batch file so that all evidence that I ever had any data are gone forever. Shredding my swap file might fuck up my WinXP machine, but I can always reinstall it later. The important thing is that the cops can now confiscate my computer, run whatever tests they want on it, and there will be absolutely no trace of me ever looking at any data on there. If the cops do show up, I'll never go near the laptop again.

If after a year or a couple of years, depending on how paranoid I am, nothing happens, I go pick up the laptop again, and shred it's harddrive. If there was any useful data on it, I already have two copies of the data on my home computer in "intact_copy.ghost" and "working_copy.ghost", so I don't need that data on my laptop anymore, and I want to destroy as much evidence as possible, hence the shredding. Now I'm just using this as a new free laptop.

I'd want to change the laptop as much as possible so it's not recognizable. I'd look for any laptop mods I could buy and apply to it. Maybe I could even just paint the case a different color. I've painted my mouse before to give it a Pucca design, so I wouldn't even need to do a "good job" of painting the laptop, as in painting it without making it look like it's painted. I'd just paint it with a Pokemon design or something, and show off that it's painted, rather than try to hide the fact that it's painted. Hardware wise, my first priority would be to change the WiFi card, because it probably has an identifiable MAC address. I'd sell the WiFi card on eBay and buy a new WiFi card. Next, I might buy a new harddrive, but it's probably not really necessary.