Adeona - Open source laptop tracking

Adeona blipped across my radar earlier this week and I've had it running on my MacBook ever since. Adeona is a free, Open Source (GPL 2.0) laptop tracking tool designed to aid you in recovery should your precious ever get stolen.

In its current version, it's not difficult to remove or disable, but on MacOS X, the fact that it's installed and running is not obvious to the user. On OS X, it can capture a snapshot from the iSight if equipped. This means that periodically, the iSight's LED comes on for a moment. This captured image is uploaded along with the location information.

One thing that males Adeona stick out from the competition (aside from its price tag) is that the location update information is securely stored on the OpenDHT network, a free, distributed hash table service. This means that no one can use Adeona or the data it generates to track you surreptitiously without having the retrieval file and the password you chose. Centralized commercial services often have the ability to track you, or their centralized information may become compromised. Adeona has no such risks.

You COULD potentially install Adeona on someone else's laptop, but if you're looking for software to help you spy on someone, there are a lot more efficient and feasible options out there. Adeona will get you an IP address and traceroute output. With the help of an ISP, this will help with a police investigation. If you have iSight photographs enabled, you might even get a clear photo of whomever is using your laptop to really seal the deal.

Once you install Adeona and select your password, a periodic schedule is started to gather and upload information to OpenDHT. It's that simple. Install and go. Whenever the laptop has Internet access, it will send periodic updates. You should copy the configuration file to a USB Key or have it backed up in a place that doesn't travel with the laptop, as this file is needed to get the location data from OpenDHT once you believe your laptop has been stolen.

If you wish to retrieve those updates, download Adeona to another computer and use the Adeona-retrieve tool. You can use the retrieval tool on the laptop Adeona's installed on, but if it's stolen you won't have that luxury. Load the configuration file and enter your Adeona password. It's that simple.

Adeona will grind for a while, as locating and retrieving data from OpenDHT can take a while. Once it's done, though, you'll get a text file and optionally a graphic from the iSight camera. Here's my fugly mug and a pixelized Adeona status file (click to enlarge)

HiR Reading Room: No Tech Hacking

Johnny Long has been around as an info-sec writer and presenter for a while. In No Tech Hacking, he takes the reader through some of his twisted adventures, flippantly poking fun at some of the "security" he's encountered along the way.

When it comes to penetration testing and security awareness in general, there's a pretty massive human element that's simply ripe for the picking. There's also a lot of low-tech stuff that can be leveraged to your advantage. For many, the obvious first move on taking over a network is enumerating your target with ping sweeps and port scanners. If you want to get into a building, you might brush up on your lock-picking skills or reach for a brick to throw into a window. While these techniques have some kind of merit (not always good), it's often more effective to go low-tech (or No Tech!) as much as you can.

Johnny covers his low-tech tricks in detail and often with photos and screen shots. It's more than just social engineering and tailgating to get your mark. It's about thinking through info-sec problems with a different mindset than you're probably used to. Profile your targets and pay attention to seemingly useless details.

From bypassing locks to using exposed information via the Internet, people watching to vehicle profiling: there's a lot of low-tech information contained in this book, and you're almost guaranteed to learn something you hadn't thought of before.

No Tech Hacking closes with some sage advice to would-be no-tech victims. It was an entertaining and informative read. I hope I can see Johnny speak one of these days. He won't be talking at DefCon this year, but maybe he'll be there.

Surveillance with old CCTV Cameras

It seems that most of the time I go dumpster diving, I find a CCTV (Closed-Circuit Television) camera or two. Or three. I've picked up quite a few, and left many, many more to rot in the landfill. Some have worked well. Others haven't. We're going to have some fun with them. As more and more companies go high-tech with snazzy digital recording systems, you can often find older CCTV cameras on eBay and Craigslist for cheap. Or in dumpsters for free.

The Broken Ones
There are always broken ones. You can get them for cheap or free as mentioned above. Surf eBay for "Parts only" when looking at CCTV cameras and you'll find a suitable one. The easiest thing to do is to make it look like a real CCTV to give would-be bad-guys the impression that they're being recorded. While this is much akin to security through obscurity, making a fake camera out of one that used to work is a lot more convincing than this:



Compare that piece of crap to my finished product at the end of this section.

First, take the old, broken CCTV apart and gut it to make room for a battery and LED. See the following photos.







Then, drill a hole in the front plate for the LED.



For the next part, I taped a low-brightness 1.7v red LED to a AA battery. Let's face it, this whole fake camera idea is pretty shifty. There's no point in putting a whole lot of finesse into it. LEDs like this one usually drain between 10 and 20 mA, so a plain old AA battery without a resistor should keep this LED lit up for more than a week.



Then, tape the battery/LED down inside the chasm left in the camera and re-assemble it so that the LED sticks out.





It looks real because it IS REAL (well, it used to be!)


Hang it up somewhere and hook all the cables up. They don't have to be actually hooked up to anything on the other end, just tuck them into the ceiling or run them to a wall plate. No one could tell this isn't real by just looking.





The working ones
Although these cameras all have BNC connectors on the back, the signal they put out is typical composite NTSC -- The same thing most VCRs put out. You need a BNC-to-RCA adapter (shown left) and then an RCA video cable and a monitor to view it on. This can be an RFU-adapter hooked up to a TV, or in my case a portable DVD player with A/V inputs. You could just as easily get a video capture card or USB adapter to record the video straight to your hard drive if you felt so inclined.

First, hook up the RCA adapter, RCA cable, and power cables to the camera and mount it somewhere.

Then, hook the other end of the RCA cable up, and enjoy your working CCTV system!